Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/82af7c-8606-4f9b-a052-4f3bea9fb95c/1/hGMsHwYkYTzC8TcEZY9w3uEYy0c.roa
File:                     hGMsHwYkYTzC8TcEZY9w3uEYy0c.roa (raw, json)
Hash identifier:          1UvgF+BbQgvk7ek3bZWemeXFiioXV9NDCc1adVzvZyA=
Subject key identifier:   84:63:2C:1F:06:24:61:3C:C2:F1:37:04:65:8F:70:DE:E1:18:CB:47
Certificate issuer:       /CN=34962ec776462b76e63ae8155bb27b9d8c7e7fde
Certificate serial:       018572710CAD55F2E11DF59017F92C70EC35
Authority key identifier: 34:96:2E:C7:76:46:2B:76:E6:3A:E8:15:5B:B2:7B:9D:8C:7E:7F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJYux3ZGK3bmOugVW7J7nYx-f94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/82af7c-8606-4f9b-a052-4f3bea9fb95c/1/hGMsHwYkYTzC8TcEZY9w3uEYy0c.roa
Signing time:             Mon 02 Jan 2023 12:24:49 +0000
ROA not before:           Mon 02 Jan 2023 12:24:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197522
IP address blocks:        46.149.176.0/24 maxlen: 24
                          46.149.177.0/24 maxlen: 24
                          46.149.178.0/24 maxlen: 24
                          46.149.179.0/24 maxlen: 24
                          46.149.176.0/20 maxlen: 20
                          46.149.180.0/24 maxlen: 24
                          46.149.181.0/24 maxlen: 24
                          46.149.182.0/24 maxlen: 24
                          46.149.183.0/24 maxlen: 24
                          46.149.184.0/24 maxlen: 24
                          46.149.185.0/24 maxlen: 24
                          46.149.186.0/24 maxlen: 24
                          46.149.189.0/24 maxlen: 24
                          46.149.190.0/24 maxlen: 24
                          46.149.191.0/24 maxlen: 24
                          46.149.187.0/24 maxlen: 24
                          46.149.188.0/24 maxlen: 24
                          2.57.204.0/22 maxlen: 22
                          2.57.204.0/24 maxlen: 24
                          2.57.205.0/24 maxlen: 24
                          2.57.206.0/24 maxlen: 24
                          2.57.207.0/24 maxlen: 24
                          2a09:dc46::/32 maxlen: 32
                          2a09:dc47::/32 maxlen: 32
                          2a09:dc44::/32 maxlen: 32
                          2a09:dc45::/32 maxlen: 32
                          2a09:dc42::/32 maxlen: 32
                          2a09:dc41::/32 maxlen: 32
                          2a09:dc40::/32 maxlen: 32
                          2a09:dc43::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:71:0c:ad:55:f2:e1:1d:f5:90:17:f9:2c:70:ec:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34962ec776462b76e63ae8155bb27b9d8c7e7fde
        Validity
            Not Before: Jan  2 12:24:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=84632c1f0624613cc2f13704658f70dee118cb47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f7:4f:37:c2:47:43:b4:a7:e5:02:5e:ae:11:
                    0d:83:2b:96:73:0f:5d:ff:90:9b:0d:8a:77:e7:80:
                    bd:4f:f9:fb:39:4e:ae:2b:47:cb:f8:43:87:16:05:
                    17:5c:ef:5e:f8:ef:66:1b:38:9a:76:b2:6e:c2:34:
                    21:e2:f4:66:c0:fa:4b:5b:c7:6e:1c:a8:64:2f:b8:
                    3a:45:cb:1b:84:c4:41:2e:d0:f3:53:92:5d:d9:53:
                    b9:da:d6:9f:34:af:24:4f:27:06:e0:62:af:9d:4b:
                    f1:98:fc:58:c0:95:b1:89:c8:b3:54:5f:63:90:49:
                    70:0b:8e:4e:71:2f:a9:05:50:f1:85:86:a4:39:5e:
                    77:c7:a8:e0:88:22:fc:93:3a:b0:a8:74:ac:ad:08:
                    52:7c:88:da:6d:07:a6:86:ef:2b:89:42:7f:0b:a9:
                    bf:b7:90:09:f6:6d:af:f8:bc:f3:45:56:a8:35:6f:
                    e9:40:75:35:f2:7c:c4:9a:5a:58:05:75:36:41:d5:
                    5d:26:3a:cd:51:34:8f:cc:e5:40:e9:7e:f3:3e:1a:
                    bd:c3:58:9c:5b:3a:45:33:a5:33:f8:b6:89:43:83:
                    fd:a9:46:4b:6a:89:64:94:18:ba:e9:b3:1a:66:b1:
                    61:50:97:72:20:94:a8:0e:fe:ab:d7:08:1f:10:59:
                    c4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:63:2C:1F:06:24:61:3C:C2:F1:37:04:65:8F:70:DE:E1:18:CB:47
            X509v3 Authority Key Identifier:
                keyid:34:96:2E:C7:76:46:2B:76:E6:3A:E8:15:5B:B2:7B:9D:8C:7E:7F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJYux3ZGK3bmOugVW7J7nYx-f94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/82af7c-8606-4f9b-a052-4f3bea9fb95c/1/hGMsHwYkYTzC8TcEZY9w3uEYy0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/82af7c-8606-4f9b-a052-4f3bea9fb95c/1/NJYux3ZGK3bmOugVW7J7nYx-f94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.204.0/22
                  46.149.176.0/20
                IPv6:
                  2a09:dc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:c8:a6:6d:47:71:b7:0b:4f:17:ed:67:49:df:ad:35:b3:56:
         a6:0f:08:55:58:16:92:00:c9:b3:87:82:13:61:ec:37:90:5f:
         6d:3c:46:9a:1a:a8:2f:f2:92:79:af:f2:01:d2:b2:c9:cd:8e:
         34:78:e2:44:e8:63:8f:45:92:7b:24:09:26:1f:da:d1:e8:4b:
         c7:25:8e:a7:39:49:fa:d8:04:22:23:67:18:fe:71:19:83:8d:
         ff:00:e9:7c:fd:07:5c:ad:69:17:4a:86:e2:51:26:96:97:d4:
         3b:8b:8d:9c:b1:f0:02:54:3a:00:0e:2a:af:cf:13:53:b5:48:
         89:ca:7b:67:1e:54:4d:ba:ba:f1:a1:9e:f5:de:52:db:01:ef:
         fc:bf:e1:03:14:1b:09:d6:d4:2a:85:b3:6f:e8:2e:bc:a3:af:
         c1:ee:6d:fa:89:51:66:a8:95:4e:5d:b6:2c:5d:f1:38:8b:12:
         9b:35:bb:62:a4:63:42:5b:14:b7:bd:5b:91:53:41:e6:e9:44:
         39:05:47:7e:c1:41:23:11:d9:be:58:1a:1a:aa:61:09:b7:d9:
         e0:98:81:95:0b:c6:ea:0e:fc:0c:23:f1:2c:77:b1:8e:3c:e3:
         59:fe:32:89:5c:e2:0c:16:1b:20:da:c6:ec:c0:c3:b9:7e:c1:
         17:42:ed:2f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVycQytVfLhHfWQF/kscOw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OTYyZWM3NzY0NjJiNzZlNjNhZTgxNTViYjI3YjlkOGM3
ZTdmZGUwHhcNMjMwMTAyMTIyNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDYzMmMxZjA2MjQ2MTNjYzJmMTM3MDQ2NThmNzBkZWUxMThjYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vdPN8JHQ7Sn5QJerhENgyuWcw9d
/5CbDYp354C9T/n7OU6uK0fL+EOHFgUXXO9e+O9mGziadrJuwjQh4vRmwPpLW8du
HKhkL7g6RcsbhMRBLtDzU5Jd2VO52tafNK8kTycG4GKvnUvxmPxYwJWxicizVF9j
kElwC45OcS+pBVDxhYakOV53x6jgiCL8kzqwqHSsrQhSfIjabQemhu8riUJ/C6m/
t5AJ9m2v+LzzRVaoNW/pQHU18nzEmlpYBXU2QdVdJjrNUTSPzOVA6X7zPhq9w1ic
WzpFM6Uz+LaJQ4P9qUZLaolklBi66bMaZrFhUJdyIJSoDv6r1wgfEFnEAwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIRjLB8GJGE8wvE3BGWPcN7hGMtHMB8GA1UdIwQY
MBaAFDSWLsd2Rit25jroFVuye52Mfn/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkpZdXgzWkdLM2JtT3VnVlc3SjduWXgtZjk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84MmFmN2MtODYwNi00ZjliLWEwNTIt
NGYzYmVhOWZiOTVjLzEvaEdNc0h3WWtZVHpDOFRjRVpZOXczdUVZeTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84MmFmN2MtODYwNi00ZjliLWEwNTItNGYzYmVhOWZiOTVj
LzEvTkpZdXgzWkdLM2JtT3VnVlc3SjduWXgtZjk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCAjnMAwQE
LpWwMA0EAgACMAcDBQMqCdxAMA0GCSqGSIb3DQEBCwUAA4IBAQAjyKZtR3G3C08X
7WdJ3601s1amDwhVWBaSAMmzh4ITYew3kF9tPEaaGqgv8pJ5r/IB0rLJzY40eOJE
6GOPRZJ7JAkmH9rR6EvHJY6nOUn62AQiI2cY/nEZg43/AOl8/QdcrWkXSobiUSaW
l9Q7i42csfACVDoADiqvzxNTtUiJyntnHlRNurrxoZ713lLbAe/8v+EDFBsJ1tQq
hbNv6C68o6/B7m36iVFmqJVOXbYsXfE4ixKbNbtipGNCWxS3vVuRU0Hm6UQ5BUd+
wUEjEdm+WBoaqmEJt9ngmIGVC8bqDvwMI/Esd7GOPONZ/jKJXOIMFhsg2sbswMO5
fsEXQu0v
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:06 2024 by rpki-client on console-ams.rpki-client.org