Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/hFVwIVv79MiQPdjGpG0hbpzeI8A.roa
File:                     hFVwIVv79MiQPdjGpG0hbpzeI8A.roa (raw, json)
Hash identifier:          dsaoZ47bxZowG4zCBr1di86mqUEdfzH9MODhfUKGeAI=
Subject key identifier:   84:55:70:21:5B:FB:F4:C8:90:3D:D8:C6:A4:6D:21:6E:9C:DE:23:C0
Certificate issuer:       /CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
Certificate serial:       01856FF986CAF93D5256A77E5AE9B7300A51
Authority key identifier: 56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/hFVwIVv79MiQPdjGpG0hbpzeI8A.roa
Signing time:             Mon 02 Jan 2023 00:55:01 +0000
ROA not before:           Mon 02 Jan 2023 00:55:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8376
IP address blocks:        86.108.0.0/17 maxlen: 24
                          46.185.128.0/17 maxlen: 24
                          79.173.192.0/18 maxlen: 24
                          185.98.220.0/22 maxlen: 24
                          92.253.0.0/17 maxlen: 24
                          217.23.32.0/20 maxlen: 24
                          194.165.128.0/19 maxlen: 24
                          149.200.128.0/17 maxlen: 24
                          213.186.160.0/19 maxlen: 24
                          94.249.0.0/17 maxlen: 24
                          37.202.64.0/18 maxlen: 24
                          2a01:9700::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 11 Sep 2023 08:25:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:f9:86:ca:f9:3d:52:56:a7:7e:5a:e9:b7:30:0a:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
        Validity
            Not Before: Jan  2 00:55:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=845570215bfbf4c8903dd8c6a46d216e9cde23c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7a:dc:9f:c2:18:01:ca:91:cd:33:10:d7:1a:
                    fa:db:df:21:d0:f1:76:d3:81:32:3d:d6:96:d9:c4:
                    67:cd:b8:43:25:3d:2f:ec:b0:fc:4f:79:9b:bc:54:
                    4b:d6:8f:be:ab:d7:78:62:f0:50:65:a1:21:66:1f:
                    1f:bc:33:f7:82:20:ad:5e:dd:50:ea:17:8d:14:cc:
                    21:0e:a4:6d:cd:b2:4c:67:e8:d7:bf:66:0e:fc:ad:
                    06:52:98:17:aa:71:9d:5e:a0:cb:53:05:80:40:88:
                    21:8d:ee:cf:df:f2:c3:f2:bd:6e:8b:d1:d3:50:db:
                    4e:e5:69:09:36:dc:b3:07:e1:cd:32:6a:38:8c:53:
                    7f:54:15:a7:71:2c:c1:b2:77:47:5c:08:4a:c3:a7:
                    88:e1:1c:00:67:82:2c:dc:f3:21:18:48:11:b9:5f:
                    5a:eb:37:1c:6e:e0:2e:de:88:d0:7a:f1:9e:a1:00:
                    30:3f:ca:2b:c7:70:c2:bd:a9:83:b0:02:10:b7:3e:
                    2b:fe:25:f6:a0:d3:a0:8f:9c:2a:d9:33:11:9e:f2:
                    23:12:fc:d6:5c:f0:62:16:17:b9:f9:d1:9b:04:b8:
                    a2:0c:42:14:bf:42:34:78:d5:7e:e5:ee:5f:51:b3:
                    50:e4:96:4a:58:88:bf:0b:f4:15:3e:7c:ca:df:a9:
                    f9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:55:70:21:5B:FB:F4:C8:90:3D:D8:C6:A4:6D:21:6E:9C:DE:23:C0
            X509v3 Authority Key Identifier:
                keyid:56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/hFVwIVv79MiQPdjGpG0hbpzeI8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.64.0/18
                  46.185.128.0/17
                  79.173.192.0/18
                  86.108.0.0/17
                  92.253.0.0/17
                  94.249.0.0/17
                  149.200.128.0/17
                  185.98.220.0/22
                  194.165.128.0/19
                  213.186.160.0/19
                  217.23.32.0/20
                IPv6:
                  2a01:9700::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:9b:87:b7:8f:b9:69:b2:0d:7e:b8:7a:14:7e:60:85:6c:cf:
         15:1c:ed:34:73:4b:5a:48:d2:f3:d6:a1:64:b6:62:8f:36:4d:
         f5:74:76:2f:f2:88:fd:83:83:6e:3d:04:fe:84:2d:5c:04:44:
         d1:f9:a2:03:ff:9b:89:da:6d:d5:e8:4c:6c:56:36:3b:88:7b:
         92:38:98:16:e5:59:af:54:ba:0b:23:9c:25:65:77:0e:f4:ac:
         f0:30:b2:f8:de:ae:7f:3e:eb:af:0b:0e:f9:51:de:97:e7:b1:
         d3:01:16:d4:2b:a1:2b:97:6b:ce:7c:13:76:4c:58:ad:87:71:
         e1:32:b7:83:f6:c3:bb:a1:a6:4b:89:f6:bc:e5:07:c3:6d:4c:
         3f:be:24:37:53:ee:6a:39:97:c2:db:88:38:34:b2:7c:11:16:
         65:80:b6:2a:04:35:8b:70:3b:7e:91:5b:e5:c5:4f:44:02:07:
         a2:08:54:0d:97:07:09:52:e8:a0:4b:46:e8:dc:31:06:56:4e:
         17:8d:51:8f:1a:fe:16:db:80:9d:fd:b8:c6:c9:3b:d8:6b:54:
         9a:e4:9a:fe:74:ba:37:8c:0d:57:8e:66:a4:39:d5:3b:88:61:
         08:2b:4f:59:4c:df:a9:bc:d9:31:56:dc:05:a1:c6:b7:e7:98:
         96:97:79:b6
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVv+YbK+T1SVqd+Wum3MApRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZDBlM2IyOGYyYmUzM2VjNWE5ZDJjYTAwYWM2NDE1NTUz
NmNiYzYwHhcNMjMwMTAyMDA1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDU1NzAyMTViZmJmNGM4OTAzZGQ4YzZhNDZkMjE2ZTljZGUyM2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnrcn8IYAcqRzTMQ1xr6298h0PF2
04EyPdaW2cRnzbhDJT0v7LD8T3mbvFRL1o++q9d4YvBQZaEhZh8fvDP3giCtXt1Q
6heNFMwhDqRtzbJMZ+jXv2YO/K0GUpgXqnGdXqDLUwWAQIghje7P3/LD8r1ui9HT
UNtO5WkJNtyzB+HNMmo4jFN/VBWncSzBsndHXAhKw6eI4RwAZ4Is3PMhGEgRuV9a
6zccbuAu3ojQevGeoQAwP8orx3DCvamDsAIQtz4r/iX2oNOgj5wq2TMRnvIjEvzW
XPBiFhe5+dGbBLiiDEIUv0I0eNV+5e5fUbNQ5JZKWIi/C/QVPnzK36n5CQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFIRVcCFb+/TIkD3YxqRtIW6c3iPAMB8GA1UdIwQY
MBaAFFbQ47KPK+M+xanSygCsZBVVNsvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMt
OGI4ZDcyMTcyMDkwLzEvaEZWd0lWdjc5TWlRUGRqR3BHMGhicHplSThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMtOGI4ZDcyMTcyMDkw
LzEvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQGJcpAAwQH
LrmAAwQGT63AAwQHVmwAAwQHXP0AAwQHXvkAAwQHlciAAwQCuWLcAwQFwqWAAwQF
1bqgAwQE2RcgMA0EAgACMAcDBQAqAZcAMA0GCSqGSIb3DQEBCwUAA4IBAQAPm4e3
j7lpsg1+uHoUfmCFbM8VHO00c0taSNLz1qFktmKPNk31dHYv8oj9g4NuPQT+hC1c
BETR+aID/5uJ2m3V6ExsVjY7iHuSOJgW5VmvVLoLI5wlZXcO9KzwMLL43q5/Puuv
Cw75Ud6X57HTARbUK6Erl2vOfBN2TFith3HhMreD9sO7oaZLifa85QfDbUw/viQ3
U+5qOZfC24g4NLJ8ERZlgLYqBDWLcDt+kVvlxU9EAgeiCFQNlwcJUuigS0bo3DEG
Vk4XjVGPGv4W24Cd/bjGyTvYa1Sa5Jr+dLo3jA1XjmakOdU7iGEIK09ZTN+pvNkx
VtwFoca355iWl3m2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:44 2024 by rpki-client on console-ams.rpki-client.org