Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/Hs2h-IYYHfzw5GIB1t-qX4fPfm4.roa
File:                     Hs2h-IYYHfzw5GIB1t-qX4fPfm4.roa (raw, json)
Hash identifier:          Le2weBkHAVnOuqjQrsOVfCe/UZSQrKxrbEc1hTReEZQ=
Subject key identifier:   1E:CD:A1:F8:86:18:1D:FC:F0:E4:62:01:D6:DF:AA:5F:87:CF:7E:6E
Certificate issuer:       /CN=34f47b73ee8fbedd25f41b3b17b2be08f5bf6563
Certificate serial:       01856CE6070A8C495DA0434860DE1E0DDA02
Authority key identifier: 34:F4:7B:73:EE:8F:BE:DD:25:F4:1B:3B:17:B2:BE:08:F5:BF:65:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/Hs2h-IYYHfzw5GIB1t-qX4fPfm4.roa
Signing time:             Sun 01 Jan 2023 10:34:52 +0000
ROA not before:           Sun 01 Jan 2023 10:34:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15830
IP address blocks:        185.117.176.0/22 maxlen: 32
                          217.15.32.0/20 maxlen: 32
                          88.84.64.0/19 maxlen: 32
                          217.149.144.0/20 maxlen: 32
                          95.142.0.0/20 maxlen: 32
                          2a02:2068::/29 maxlen: 128

Validation:               Failed, certificate revoked on Fri 22 Sep 2023 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:e6:07:0a:8c:49:5d:a0:43:48:60:de:1e:0d:da:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f47b73ee8fbedd25f41b3b17b2be08f5bf6563
        Validity
            Not Before: Jan  1 10:34:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1ecda1f886181dfcf0e46201d6dfaa5f87cf7e6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:98:bb:3c:08:8f:6a:0a:c0:9d:fa:d6:af:4e:
                    11:70:c8:40:06:46:f0:3b:50:df:54:e7:64:d3:25:
                    79:c3:47:76:cb:fd:f5:7b:51:bd:2a:82:53:e2:18:
                    b7:a4:9c:b0:d8:2f:1b:20:c8:6d:36:fe:06:fb:39:
                    f1:e8:d0:a0:30:6d:48:5c:ef:bc:20:05:ab:7a:91:
                    76:7b:39:46:42:4a:a2:65:14:e0:97:51:69:6b:71:
                    e6:d8:f6:26:e8:1c:89:b1:9d:f1:2a:96:6b:91:e6:
                    45:f3:05:09:11:19:f3:7c:d1:23:4f:90:a9:c6:85:
                    85:31:90:b8:73:48:9f:bf:71:6b:4b:d9:f1:e6:a8:
                    c2:1f:6f:b2:04:9f:65:da:15:75:9e:57:57:0f:54:
                    af:2b:55:b4:6a:47:eb:87:c1:55:c1:93:33:77:a6:
                    2c:23:c4:bc:6b:49:c3:55:4a:b6:32:39:5e:e0:ec:
                    46:78:18:6e:a0:88:d9:13:e4:e2:4e:17:b5:90:ed:
                    59:10:f5:61:fd:46:5f:4e:31:b5:88:9c:4e:ef:ee:
                    6b:d2:c7:9f:99:91:70:4c:52:f4:b9:11:db:16:e9:
                    d9:dd:33:82:9c:4b:59:ca:cb:b6:df:72:5c:39:f2:
                    9b:c9:f8:0f:fd:e6:4c:fc:d9:ce:41:08:fe:f4:39:
                    3a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CD:A1:F8:86:18:1D:FC:F0:E4:62:01:D6:DF:AA:5F:87:CF:7E:6E
            X509v3 Authority Key Identifier:
                keyid:34:F4:7B:73:EE:8F:BE:DD:25:F4:1B:3B:17:B2:BE:08:F5:BF:65:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/Hs2h-IYYHfzw5GIB1t-qX4fPfm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.64.0/19
                  95.142.0.0/20
                  185.117.176.0/22
                  217.15.32.0/20
                  217.149.144.0/20
                IPv6:
                  2a02:2068::/29

    Signature Algorithm: sha256WithRSAEncryption
         b8:5a:73:78:b9:d7:ad:8e:12:2b:04:0f:28:7d:92:92:6b:b2:
         88:3d:9e:02:de:aa:d6:91:44:4a:07:5b:21:7f:46:05:e0:ad:
         8e:f8:82:e5:36:5b:8f:5a:5f:96:9e:11:e9:78:30:39:04:98:
         48:26:ba:ed:6b:20:5f:f0:04:94:89:60:e5:cf:2a:90:ed:c8:
         07:96:bd:71:63:4f:e2:f3:b6:4f:cc:a2:b6:49:be:32:37:fd:
         bc:be:9c:09:5c:ce:eb:7a:f4:8d:6f:2c:e9:4f:3d:d4:03:84:
         32:85:1c:09:06:72:32:ed:f0:df:7f:2a:da:7e:b0:52:26:9c:
         89:ec:3f:d7:60:f8:97:92:24:be:23:22:e0:5d:e2:36:89:37:
         d8:ba:4f:a6:72:02:71:f0:d7:0e:27:eb:d2:b5:1f:cd:fb:95:
         e1:0b:54:50:6c:33:0a:91:97:16:7f:fc:90:7e:ac:90:a4:73:
         12:05:81:58:8f:f8:b0:70:3b:d5:30:1a:a5:62:8d:52:1e:9c:
         3f:67:07:36:ad:5f:82:02:b7:1f:9a:73:36:c9:43:95:57:4c:
         3f:a7:eb:e3:e0:5e:5a:f7:ea:90:ab:7b:73:7a:6e:53:2e:80:
         df:db:62:2e:f2:1b:c7:59:de:c6:da:dc:20:6d:1e:5b:55:74:
         21:aa:6a:c9
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVs5gcKjEldoENIYN4eDdoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjQ3YjczZWU4ZmJlZGQyNWY0MWIzYjE3YjJiZTA4ZjVi
ZjY1NjMwHhcNMjMwMTAxMTAzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWNkYTFmODg2MTgxZGZjZjBlNDYyMDFkNmRmYWE1Zjg3Y2Y3ZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZi7PAiPagrAnfrWr04RcMhABkbw
O1DfVOdk0yV5w0d2y/31e1G9KoJT4hi3pJyw2C8bIMhtNv4G+znx6NCgMG1IXO+8
IAWrepF2ezlGQkqiZRTgl1Fpa3Hm2PYm6ByJsZ3xKpZrkeZF8wUJERnzfNEjT5Cp
xoWFMZC4c0ifv3FrS9nx5qjCH2+yBJ9l2hV1nldXD1SvK1W0akfrh8FVwZMzd6Ys
I8S8a0nDVUq2Mjle4OxGeBhuoIjZE+TiThe1kO1ZEPVh/UZfTjG1iJxO7+5r0sef
mZFwTFL0uRHbFunZ3TOCnEtZysu233JcOfKbyfgP/eZM/NnOQQj+9Dk6EwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFB7NofiGGB388ORiAdbfql+Hz35uMB8GA1UdIwQY
MBaAFDT0e3Puj77dJfQbOxeyvgj1v2VjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBSN2MtNlB2dDBsOUJzN0Y3Sy1DUFdfWldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wZmM1YzktNGVjNi00ZGY2LTgyYzQt
ZDg3ZTQwNDdmODUzLzEvSHMyaC1JWVlIZnp3NUdJQjF0LXFYNGZQZm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wZmM1YzktNGVjNi00ZGY2LTgyYzQtZDg3ZTQwNDdmODUz
LzEvTlBSN2MtNlB2dDBsOUJzN0Y3Sy1DUFdfWldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFWFRAAwQE
X44AAwQCuXWwAwQE2Q8gAwQE2ZWQMA0EAgACMAcDBQMqAiBoMA0GCSqGSIb3DQEB
CwUAA4IBAQC4WnN4udetjhIrBA8ofZKSa7KIPZ4C3qrWkURKB1shf0YF4K2O+ILl
NluPWl+WnhHpeDA5BJhIJrrtayBf8ASUiWDlzyqQ7cgHlr1xY0/i87ZPzKK2Sb4y
N/28vpwJXM7revSNbyzpTz3UA4QyhRwJBnIy7fDffyrafrBSJpyJ7D/XYPiXkiS+
IyLgXeI2iTfYuk+mcgJx8NcOJ+vStR/N+5XhC1RQbDMKkZcWf/yQfqyQpHMSBYFY
j/iwcDvVMBqlYo1SHpw/Zwc2rV+CArcfmnM2yUOVV0w/p+vj4F5a9+qQq3tzem5T
LoDf22Iu8hvHWd7G2twgbR5bVXQhqmrJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:23 2024 by rpki-client on console-fra.rpki-client.org