Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HPb8-HENlyjcPoJSJPIw3kxRk5I.roa
File:                     HPb8-HENlyjcPoJSJPIw3kxRk5I.roa (raw, json)
Hash identifier:          XryvIcuHXaco/Q0oQ6QtcfNHjIphZXYFXihc6ZRW684=
Subject key identifier:   1C:F6:FC:F8:71:0D:97:28:DC:3E:82:52:24:F2:30:DE:4C:51:93:92
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01875C74AB24DF10825F84C6305CEE6FD1C3
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HPb8-HENlyjcPoJSJPIw3kxRk5I.roa
Signing time:             Fri 07 Apr 2023 16:02:42 +0000
ROA not before:           Fri 07 Apr 2023 16:02:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204997
IP address blocks:        45.144.64.0/24 maxlen: 24
                          45.144.66.0/24 maxlen: 24
                          45.144.65.0/24 maxlen: 24
                          45.144.67.0/24 maxlen: 24
                          185.255.132.0/24 maxlen: 24
                          185.255.134.0/24 maxlen: 24
                          185.255.133.0/24 maxlen: 24
                          185.255.135.0/24 maxlen: 24
                          185.252.146.0/24 maxlen: 24
                          185.252.147.0/24 maxlen: 24
                          185.195.24.0/24 maxlen: 24
                          185.195.27.0/24 maxlen: 24
                          185.195.25.0/24 maxlen: 24
                          185.195.26.0/24 maxlen: 24
                          185.204.0.0/24 maxlen: 24
                          185.204.2.0/24 maxlen: 24
                          185.204.3.0/24 maxlen: 24
                          139.28.223.0/24 maxlen: 24
                          139.28.222.0/24 maxlen: 24
                          91.217.81.0/24 maxlen: 24
                          185.180.231.0/24 maxlen: 24
                          185.180.230.0/24 maxlen: 24
                          195.66.114.0/24 maxlen: 24
                          185.244.172.0/24 maxlen: 24
                          185.244.173.0/24 maxlen: 24
                          185.139.69.0/24 maxlen: 24
                          185.139.71.0/24 maxlen: 24
                          185.139.68.0/24 maxlen: 24
                          185.139.70.0/24 maxlen: 24
                          193.109.78.0/24 maxlen: 24
                          193.109.79.0/24 maxlen: 24
                          185.212.148.0/24 maxlen: 24
                          185.188.183.0/24 maxlen: 24
                          185.188.182.0/24 maxlen: 24
                          185.17.3.0/24 maxlen: 24
                          147.78.64.0/24 maxlen: 24
                          147.78.66.0/24 maxlen: 24
                          147.78.65.0/24 maxlen: 24
                          147.78.67.0/24 maxlen: 24
                          46.17.104.0/24 maxlen: 24
                          185.104.249.0/24 maxlen: 24
                          2a04:5200:fff2::/48 maxlen: 48
                          2a04:5200:ff00::/48 maxlen: 48
                          2a04:5200:fff9::/48 maxlen: 48
                          2a04:5200:fff3::/48 maxlen: 48
                          2a04:5200:fff6::/48 maxlen: 48
                          2a04:5200:fff7::/48 maxlen: 48
                          2a04:5200:fff4::/48 maxlen: 48
                          2a04:5200:fff8::/48 maxlen: 48
                          2a04:5200:fff1::/48 maxlen: 48
                          2a04:5200:fff5::/48 maxlen: 48
                          2a04:5200:ff10::/48 maxlen: 48
                          2a04:5200:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:32:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5c:74:ab:24:df:10:82:5f:84:c6:30:5c:ee:6f:d1:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Apr  7 16:02:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1cf6fcf8710d9728dc3e825224f230de4c519392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9e:19:37:49:6c:eb:03:ce:98:c4:f5:50:b0:
                    e8:10:57:61:47:5e:3f:ee:7a:49:7e:1c:80:6c:37:
                    4a:9b:04:14:26:36:9e:4a:45:a6:f8:95:27:b2:9e:
                    fe:33:00:5a:8e:e1:af:8a:14:9d:0a:f3:51:59:5d:
                    2e:5e:24:23:9e:f9:05:38:30:95:ce:8e:4d:57:9e:
                    f9:14:d2:f8:b7:04:f5:17:c8:15:48:b6:8a:3f:58:
                    47:94:cb:a1:8c:11:eb:52:07:67:25:4e:13:ac:f8:
                    b1:e8:68:ca:bf:b9:e8:f6:28:4b:df:ab:50:d1:75:
                    39:41:d3:99:cc:19:00:02:19:0e:15:2c:c9:04:11:
                    73:26:8d:bd:af:46:07:a8:f9:d7:64:ab:49:b5:e1:
                    d9:c5:c7:24:de:32:0b:43:51:81:d6:e3:6d:3e:a0:
                    3c:fd:04:49:4b:84:9c:86:d4:48:b2:d0:64:38:9f:
                    ba:c2:2b:90:ae:83:93:01:69:e8:2e:d4:31:b6:4c:
                    26:c1:a4:ad:6e:7d:3a:1a:be:d6:4f:1b:f0:80:c7:
                    06:2e:ba:2e:66:2f:1d:ab:50:5a:cf:5b:11:52:a2:
                    cc:21:ca:17:a2:54:56:df:a2:58:75:80:51:2a:d6:
                    78:67:30:80:33:65:71:db:9d:0a:51:61:c7:c8:7b:
                    ab:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:F6:FC:F8:71:0D:97:28:DC:3E:82:52:24:F2:30:DE:4C:51:93:92
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HPb8-HENlyjcPoJSJPIw3kxRk5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.64.0/22
                  46.17.104.0/24
                  91.217.81.0/24
                  139.28.222.0/23
                  147.78.64.0/22
                  185.17.3.0/24
                  185.104.249.0/24
                  185.139.68.0/22
                  185.180.230.0/23
                  185.188.182.0/23
                  185.195.24.0/22
                  185.204.0.0/24
                  185.204.2.0/23
                  185.212.148.0/24
                  185.244.172.0/23
                  185.252.146.0/23
                  185.255.132.0/22
                  193.109.78.0/23
                  195.66.114.0/24
                IPv6:
                  2a04:5200:ff00::/48
                  2a04:5200:ff10::/48
                  2a04:5200:fff1::-2a04:5200:fff9:ffff:ffff:ffff:ffff:ffff
                  2a04:5200:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:e7:b8:2f:08:8d:f1:92:af:08:8b:93:28:06:01:c2:e2:9e:
         7c:31:06:3e:6d:2d:a1:4b:6a:d9:e8:57:38:9d:b9:fc:e7:95:
         bc:f3:02:88:54:43:d0:bb:e4:55:2d:f5:da:f3:c2:4b:98:cf:
         a8:45:08:89:bc:c3:54:e2:ee:66:a9:9a:68:62:a8:00:8f:3e:
         eb:97:9e:c0:3d:d1:5f:c4:bf:92:98:d2:7c:7c:e3:7f:72:ad:
         11:e9:a4:c2:ac:37:61:33:57:08:5c:66:6a:53:57:92:09:41:
         01:12:05:e2:e5:34:eb:46:bb:a2:a7:85:2f:ca:b3:98:2f:88:
         79:6f:4a:16:17:87:92:6a:ae:57:5d:07:0a:8a:a9:fb:10:1f:
         12:6c:f2:f3:1b:03:e5:14:09:d9:e5:c0:32:42:d9:50:c1:9a:
         82:90:47:85:ec:42:23:78:02:9e:3c:96:7d:8e:bf:56:ca:f9:
         15:dc:15:ca:89:30:a8:b5:9f:d0:ec:35:c5:f5:8f:91:dd:95:
         f5:8f:0e:03:2d:30:01:57:0d:5d:74:f3:5a:15:74:e9:0b:ac:
         a5:dc:bf:01:38:0c:a3:8f:07:07:03:da:ab:30:b6:f1:07:6c:
         82:c0:05:20:5d:e3:64:31:4c:cf:cf:c6:bc:37:0d:93:19:80:
         56:b2:e7:6a
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYdcdKsk3xCCX4TGMFzub9HDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwNDA3MTYwMjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2Y2ZmNmODcxMGQ5NzI4ZGMzZTgyNTIyNGYyMzBkZTRjNTE5MzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhp4ZN0ls6wPOmMT1ULDoEFdhR14/
7npJfhyAbDdKmwQUJjaeSkWm+JUnsp7+MwBajuGvihSdCvNRWV0uXiQjnvkFODCV
zo5NV575FNL4twT1F8gVSLaKP1hHlMuhjBHrUgdnJU4TrPix6GjKv7no9ihL36tQ
0XU5QdOZzBkAAhkOFSzJBBFzJo29r0YHqPnXZKtJteHZxcck3jILQ1GB1uNtPqA8
/QRJS4SchtRIstBkOJ+6wiuQroOTAWnoLtQxtkwmwaStbn06Gr7WTxvwgMcGLrou
Zi8dq1Baz1sRUqLMIcoXolRW36JYdYBRKtZ4ZzCAM2Vx250KUWHHyHurgQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFBz2/PhxDZco3D6CUiTyMN5MUZOSMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSFBiOC1IRU5seWpjUG9KU0pQSXcza3hSazVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHEBggrBgEFBQcBBwEB/wSBtDCBsTB4BAIAATByAwQCLZBA
AwQALhFoAwQAW9lRAwQBixzeAwQCk05AAwQAuREDAwQAuWj5AwQCuYtEAwQBubTm
AwQBuby2AwQCucMYAwQAucwAAwQBucwCAwQAudSUAwQBufSsAwQBufySAwQCuf+E
AwQBwW1OAwQAw0JyMDUEAgACMC8DBwAqBFIA/wADBwAqBFIA/xAwEgMHACoEUgD/
8QMHASoEUgD/+AMHACoEUgD//zANBgkqhkiG9w0BAQsFAAOCAQEAtOe4LwiN8ZKv
CIuTKAYBwuKefDEGPm0toUtq2ehXOJ25/OeVvPMCiFRD0LvkVS312vPCS5jPqEUI
ibzDVOLuZqmaaGKoAI8+65eewD3RX8S/kpjSfHzjf3KtEemkwqw3YTNXCFxmalNX
kglBARIF4uU060a7oqeFL8qzmC+IeW9KFheHkmquV10HCoqp+xAfEmzy8xsD5RQJ
2eXAMkLZUMGagpBHhexCI3gCnjyWfY6/Vsr5FdwVyokwqLWf0Ow1xfWPkd2V9Y8O
Ay0wAVcNXXTzWhV06Quspdy/ATgMo48HBwPaqzC28QdsgsAFIF3jZDFMz8/GvDcN
kxmAVrLnag==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:09 2024 by rpki-client on console-ams.rpki-client.org