Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/hs2-1x6nRvdOMAXzjT-xPOKRPuw.roa
File:                     hs2-1x6nRvdOMAXzjT-xPOKRPuw.roa (raw, json)
Hash identifier:          CroLCOkNJM24B2VBdQuNocADnHEaTJyuzZtqbAlFBj4=
Subject key identifier:   86:CD:BE:D7:1E:A7:46:F7:4E:30:05:F3:8D:3F:B1:3C:E2:91:3E:EC
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0187EB1E6F870DE6105C28D05F293879921B
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/hs2-1x6nRvdOMAXzjT-xPOKRPuw.roa
Signing time:             Fri 05 May 2023 08:54:13 +0000
ROA not before:           Fri 05 May 2023 08:54:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209408
IP address blocks:        45.66.224.0/22 maxlen: 22
                          81.29.145.0/24 maxlen: 24
                          2a09:6c40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 10 May 2023 15:31:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:eb:1e:6f:87:0d:e6:10:5c:28:d0:5f:29:38:79:92:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: May  5 08:54:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86cdbed71ea746f74e3005f38d3fb13ce2913eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:27:12:7d:20:1b:ed:d4:fc:b6:57:82:0e:af:
                    22:4c:40:9c:6e:0a:83:84:d7:ea:2a:54:51:da:16:
                    06:b4:d2:d2:63:d4:52:f5:cf:70:48:2e:bf:44:10:
                    e9:9f:57:b4:2d:9a:b7:2b:5f:7d:73:b2:11:ea:de:
                    54:d2:af:e7:73:ee:e8:d7:a6:e9:c3:08:d8:4b:17:
                    48:10:c9:47:e2:cc:f0:c4:2e:8b:b4:c0:eb:67:b8:
                    4b:ef:ea:c8:b8:d5:a1:86:6e:85:ec:7f:34:c4:74:
                    8d:09:7f:42:38:f4:b2:8e:20:68:cb:60:6a:4b:eb:
                    b5:8a:25:2a:a6:17:74:53:63:96:a0:27:7b:69:b9:
                    13:27:e3:0c:27:a6:2e:be:5c:a1:5f:6a:7d:00:17:
                    25:62:c2:1d:65:08:ee:8e:98:7e:57:c9:96:6a:87:
                    3f:5a:2f:82:1f:73:54:5e:15:62:64:14:a5:bf:38:
                    b1:46:4b:c4:67:84:ce:fa:b3:2b:21:0a:0e:4d:c3:
                    5f:bd:53:83:b0:7f:f6:52:37:d5:d4:19:c9:95:bd:
                    bc:66:f1:32:0e:d3:f4:fe:d5:0b:3b:64:fa:b2:ab:
                    17:9d:e2:22:d2:98:1a:9b:80:a7:c0:c8:1b:93:90:
                    44:2d:52:8e:e1:d0:2f:d5:dc:a1:da:2d:a8:03:dd:
                    55:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CD:BE:D7:1E:A7:46:F7:4E:30:05:F3:8D:3F:B1:3C:E2:91:3E:EC
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/hs2-1x6nRvdOMAXzjT-xPOKRPuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.224.0/22
                  81.29.145.0/24
                IPv6:
                  2a09:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:86:31:ca:9e:7b:9b:39:31:c0:bd:04:07:74:4a:8c:30:5d:
         26:a7:dc:90:fd:43:5c:b5:d7:51:64:5a:63:38:18:10:65:8c:
         c1:92:57:c1:b0:c2:01:a6:51:0a:ab:12:39:88:58:3e:b5:2b:
         ef:13:c5:3d:80:0d:9b:68:93:37:00:3a:a8:37:0b:17:c2:b8:
         dc:50:c2:89:97:4e:c2:2c:d2:b7:9a:8c:89:58:b5:94:8a:3f:
         a8:01:e3:07:8f:dd:f6:1b:df:54:10:3c:29:75:d3:59:49:e3:
         2b:3a:b1:a5:11:4f:2d:a3:b5:21:97:62:22:4e:3d:41:e5:73:
         07:7c:93:8e:92:0a:aa:fa:15:9e:c6:56:26:bc:2d:d9:79:68:
         3a:63:63:c2:f6:31:a0:a5:0f:d5:b6:31:77:05:e9:4e:e5:cb:
         be:07:54:20:bc:75:61:e6:a8:f2:92:ee:ef:db:85:6c:9f:eb:
         ee:3f:97:af:4b:12:38:b2:71:be:65:db:33:7a:79:8c:0f:61:
         4a:be:86:19:f9:9f:80:9c:ba:1f:1b:ac:fc:c0:91:5d:3f:2d:
         e9:c0:da:d0:88:da:f2:7a:9b:aa:91:83:17:fc:45:3e:d7:77:
         7f:98:c2:88:b6:9b:cc:36:f8:ae:40:f8:98:49:b3:e3:d4:82:
         f2:76:29:89
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYfrHm+HDeYQXCjQXyk4eZIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjMwNTA1MDg1NDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNkYmVkNzFlYTc0NmY3NGUzMDA1ZjM4ZDNmYjEzY2UyOTEzZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCcSfSAb7dT8tleCDq8iTECcbgqD
hNfqKlRR2hYGtNLSY9RS9c9wSC6/RBDpn1e0LZq3K199c7IR6t5U0q/nc+7o16bp
wwjYSxdIEMlH4szwxC6LtMDrZ7hL7+rIuNWhhm6F7H80xHSNCX9COPSyjiBoy2Bq
S+u1iiUqphd0U2OWoCd7abkTJ+MMJ6YuvlyhX2p9ABclYsIdZQjujph+V8mWaoc/
Wi+CH3NUXhViZBSlvzixRkvEZ4TO+rMrIQoOTcNfvVODsH/2UjfV1BnJlb28ZvEy
DtP0/tULO2T6sqsXneIi0pgam4CnwMgbk5BELVKO4dAv1dyh2i2oA91VFwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIbNvtcep0b3TjAF840/sTzikT7sMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvaHMyLTF4Nm5SdmRPTUFYempULXhQT0tSUHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLULgAwQA
UR2RMA0EAgACMAcDBQMqCWxAMA0GCSqGSIb3DQEBCwUAA4IBAQB4hjHKnnubOTHA
vQQHdEqMMF0mp9yQ/UNctddRZFpjOBgQZYzBklfBsMIBplEKqxI5iFg+tSvvE8U9
gA2baJM3ADqoNwsXwrjcUMKJl07CLNK3moyJWLWUij+oAeMHj932G99UEDwpddNZ
SeMrOrGlEU8to7Uhl2IiTj1B5XMHfJOOkgqq+hWexlYmvC3ZeWg6Y2PC9jGgpQ/V
tjF3BelO5cu+B1QgvHVh5qjyku7v24Vsn+vuP5evSxI4snG+ZdszenmMD2FKvoYZ
+Z+AnLofG6z8wJFdPy3pwNrQiNryepuqkYMX/EU+13d/mMKItpvMNviuQPiYSbPj
1ILydimJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:40 2024 by rpki-client on console-fra.rpki-client.org