Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/1yxTIaqjAaMLxN8Ta4tBKrVBSz8.roa
File:                     1yxTIaqjAaMLxN8Ta4tBKrVBSz8.roa (raw, json)
Hash identifier:          LztKSYDnznd38OgXm2zH68MswcPKnUtvUrBiOpXZGnk=
Subject key identifier:   D7:2C:53:21:AA:A3:01:A3:0B:C4:DF:13:6B:8B:41:2A:B5:41:4B:3F
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       01856F5DC32CC45F8235108674FBBF8154CE
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/1yxTIaqjAaMLxN8Ta4tBKrVBSz8.roa
Signing time:             Sun 01 Jan 2023 22:04:53 +0000
ROA not before:           Sun 01 Jan 2023 22:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8447
IP address blocks:        212.183.0.0/17 maxlen: 17
                          80.75.56.0/21 maxlen: 21
                          192.164.128.0/19 maxlen: 19
                          178.188.0.0/14 maxlen: 14
                          93.82.0.0/15 maxlen: 15
                          213.33.63.0/24 maxlen: 24
                          188.45.0.0/16 maxlen: 16
                          193.187.212.0/22 maxlen: 22
                          192.164.64.0/21 maxlen: 21
                          193.187.216.0/21 maxlen: 21
                          193.187.224.0/20 maxlen: 20
                          192.164.80.0/20 maxlen: 20
                          91.112.0.0/14 maxlen: 14
                          193.187.240.0/22 maxlen: 22
                          192.164.96.0/19 maxlen: 19
                          213.33.0.0/17 maxlen: 17
                          80.75.34.0/24 maxlen: 24
                          80.75.32.0/19 maxlen: 19
                          192.164.224.0/19 maxlen: 19
                          88.116.0.0/15 maxlen: 15
                          93.111.0.0/16 maxlen: 16
                          195.3.64.0/18 maxlen: 18
                          188.20.0.0/14 maxlen: 14
                          89.144.192.0/18 maxlen: 18
                          46.74.0.0/15 maxlen: 15
                          194.48.124.0/22 maxlen: 22
                          194.48.128.0/21 maxlen: 21
                          194.48.136.0/22 maxlen: 22
                          194.48.136.0/24 maxlen: 24
                          192.164.208.0/20 maxlen: 20
                          176.66.0.0/18 maxlen: 18
                          80.240.224.0/20 maxlen: 20
                          192.164.0.0/19 maxlen: 19
                          88.116.217.0/24 maxlen: 24
                          192.164.32.0/22 maxlen: 22
                          192.164.40.0/21 maxlen: 21
                          192.164.39.0/24 maxlen: 24
                          176.66.128.0/17 maxlen: 17
                          192.164.48.0/20 maxlen: 20
                          92.248.0.0/17 maxlen: 17
                          84.20.160.0/19 maxlen: 19
                          80.120.0.0/14 maxlen: 14
                          46.206.0.0/15 maxlen: 15
                          62.46.0.0/15 maxlen: 15
                          2001:4bb8::/29 maxlen: 29
                          2001:890::/29 maxlen: 29
                          2001:870::/29 maxlen: 29
                          2001:850::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 22 Aug 2023 07:38:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:5d:c3:2c:c4:5f:82:35:10:86:74:fb:bf:81:54:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 22:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d72c5321aaa301a30bc4df136b8b412ab5414b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a0:8a:7e:e5:bc:1d:2f:5c:1d:99:c2:89:29:
                    c2:cb:73:fe:7d:af:de:67:17:a6:21:71:2d:30:9d:
                    3f:d2:5b:0b:5f:e8:aa:d8:f0:da:55:e1:b3:5b:88:
                    f8:e1:0d:13:82:90:56:d6:66:6d:22:c1:b3:17:fd:
                    6f:85:a1:01:fd:53:c5:eb:e9:1e:19:01:54:1c:3e:
                    63:a2:31:fe:22:49:cb:b2:b8:88:29:e3:70:e5:b9:
                    8f:68:95:a2:37:7b:71:5e:38:bd:bb:be:23:9d:d7:
                    cc:99:68:2e:8a:2b:ab:a3:7f:61:27:29:1e:69:17:
                    3c:f5:8c:7d:cf:5d:10:dc:0c:2c:63:03:62:f1:a6:
                    c1:56:e2:fa:e6:42:29:e3:b8:44:82:76:a2:fb:17:
                    a7:6a:a7:12:d1:d3:e0:d1:58:1b:7a:5b:64:2f:30:
                    55:12:a1:07:81:0c:58:d1:7c:2a:7a:a8:22:22:ed:
                    83:53:21:0a:3c:25:1f:b9:fc:7d:eb:a2:9f:4d:91:
                    81:d2:1c:3e:58:2e:e1:af:2e:cb:79:41:f3:2b:65:
                    99:43:43:ba:51:98:11:6f:b0:a5:bb:42:62:e3:1c:
                    96:f8:84:f0:16:94:af:1e:44:57:cb:84:6e:79:95:
                    00:c0:8a:f8:24:2d:34:c6:88:6d:52:bd:7c:e9:a5:
                    dd:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:2C:53:21:AA:A3:01:A3:0B:C4:DF:13:6B:8B:41:2A:B5:41:4B:3F
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/1yxTIaqjAaMLxN8Ta4tBKrVBSz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.74.0.0/15
                  46.206.0.0/15
                  62.46.0.0/15
                  80.75.32.0/19
                  80.120.0.0/14
                  80.240.224.0/20
                  84.20.160.0/19
                  88.116.0.0/15
                  89.144.192.0/18
                  91.112.0.0/14
                  92.248.0.0/17
                  93.82.0.0/15
                  93.111.0.0/16
                  176.66.0.0/18
                  176.66.128.0/17
                  178.188.0.0/14
                  188.20.0.0/14
                  188.45.0.0/16
                  192.164.0.0-192.164.35.255
                  192.164.39.0-192.164.71.255
                  192.164.80.0-192.164.159.255
                  192.164.208.0-192.164.255.255
                  193.187.212.0-193.187.243.255
                  194.48.124.0-194.48.139.255
                  195.3.64.0/18
                  212.183.0.0/17
                  213.33.0.0/17
                IPv6:
                  2001:850::/29
                  2001:870::/29
                  2001:890::/29
                  2001:4bb8::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:9a:92:5c:d7:95:1a:68:7c:47:90:18:af:19:95:47:de:2a:
         dc:68:dd:46:4a:98:f2:50:7d:44:9c:b5:7b:97:e9:3b:f0:ad:
         96:5d:34:be:b6:fd:48:ba:42:27:4a:d0:af:30:23:5b:5d:52:
         7a:5b:7d:ff:e7:1c:0d:ea:b4:7e:15:ad:7f:76:00:d7:90:d2:
         ff:a7:b7:83:82:ed:b3:58:5f:d1:06:fb:05:78:4e:0b:24:42:
         79:85:15:2d:07:d3:d6:23:32:0c:e4:e7:71:9b:15:74:3e:61:
         10:d7:32:f9:97:bf:3c:85:97:2e:ef:20:19:00:c9:6e:46:f9:
         fd:eb:26:d3:e0:b9:19:c1:80:0e:b7:93:ae:66:de:ba:88:88:
         a7:bb:88:f6:43:44:3f:f4:e0:d1:e2:f2:07:1f:db:e8:c5:e2:
         f5:b8:18:ba:20:8b:7b:da:6b:30:08:25:9b:3c:9b:5b:a6:b8:
         c4:8a:5c:b6:dc:18:ab:19:7c:6e:68:2a:15:fe:51:70:63:2a:
         2b:52:bb:95:f6:c5:46:eb:c7:1d:d1:3a:18:41:0a:c2:99:22:
         34:e6:b8:6c:3b:c2:b6:5d:a8:d6:cf:d1:4c:65:a7:44:52:7a:
         d2:d0:e3:d1:73:6b:96:70:2f:08:fc:ea:0c:6e:fa:0e:2a:46:
         53:54:cd:9a
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgISAYVvXcMsxF+CNRCGdPu/gVTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjMwMTAxMjIwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzJjNTMyMWFhYTMwMWEzMGJjNGRmMTM2YjhiNDEyYWI1NDE0YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKCKfuW8HS9cHZnCiSnCy3P+fa/e
ZxemIXEtMJ0/0lsLX+iq2PDaVeGzW4j44Q0TgpBW1mZtIsGzF/1vhaEB/VPF6+ke
GQFUHD5jojH+IknLsriIKeNw5bmPaJWiN3txXji9u74jndfMmWguiiuro39hJyke
aRc89Yx9z10Q3AwsYwNi8abBVuL65kIp47hEgnai+xenaqcS0dPg0VgbeltkLzBV
EqEHgQxY0XwqeqgiIu2DUyEKPCUfufx966KfTZGB0hw+WC7hry7LeUHzK2WZQ0O6
UZgRb7Clu0Ji4xyW+ITwFpSvHkRXy4RueZUAwIr4JC00xohtUr186aXdqwIDAQAB
o4IC8jCCAu4wHQYDVR0OBBYEFNcsUyGqowGjC8TfE2uLQSq1QUs/MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvMXl4VElhcWpBYU1MeE44VGE0dEJLclZCU3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBgYIKwYBBQUHAQcBAf8EgfYwgfMwgcwEAgABMIHFAwMB
LkoDAwEuzgMDAT4uAwQFUEsgAwMCUHgDBARQ8OADBAVUFKADAwFYdAMEBlmQwAMD
AltwAwQHXPgAAwMBXVIDAwBdbwMEBrBCAAMEB7BCgAMDArK8AwMCvBQDAwC8LTAL
AwMCwKQDBALApCAwDAMEAMCkJwMEA8CkQDAMAwQEwKRQAwQFwKSAMAsDBATApNAD
AwDApDAMAwQCwbvUAwQCwbvwMAwDBALCMHwDBALCMIgDBAbDA0ADBAfUtwADBAfV
IQAwIgQCAAIwHAMFAyABCFADBQMgAQhwAwUDIAEIkAMFAyABS7gwDQYJKoZIhvcN
AQELBQADggEBAMCaklzXlRpofEeQGK8ZlUfeKtxo3UZKmPJQfUSctXuX6TvwrZZd
NL62/Ui6QidK0K8wI1tdUnpbff/nHA3qtH4VrX92ANeQ0v+nt4OC7bNYX9EG+wV4
TgskQnmFFS0H09YjMgzk53GbFXQ+YRDXMvmXvzyFly7vIBkAyW5G+f3rJtPguRnB
gA63k65m3rqIiKe7iPZDRD/04NHi8gcf2+jF4vW4GLogi3vaazAIJZs8m1umuMSK
XLbcGKsZfG5oKhX+UXBjKitSu5X2xUbrxx3ROhhBCsKZIjTmuGw7wrZdqNbP0Uxl
p0RSetLQ49Fza5ZwLwj86gxu+g4qRlNUzZo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:38 2024 by rpki-client on console-fra.rpki-client.org