Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HzrtZs84-8udZ7Ff_MNwWRvpqZU.roa
File:                     HzrtZs84-8udZ7Ff_MNwWRvpqZU.roa (raw, json)
Hash identifier:          Z9FQnJF8T4Xv4CYrR7JNxDbWlLPIU/Fd3vJALPduL5w=
Subject key identifier:   1F:3A:ED:66:CF:38:FB:CB:9D:67:B1:5F:FC:C3:70:59:1B:E9:A9:95
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018AF0E1C07AAAA7A802D63ADC9D46A92327
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HzrtZs84-8udZ7Ff_MNwWRvpqZU.roa
Signing time:             Mon 02 Oct 2023 14:54:01 +0000
ROA not before:           Mon 02 Oct 2023 14:54:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35196
IP address blocks:        185.5.248.0/23 maxlen: 23
                          185.5.250.0/23 maxlen: 23
                          185.5.248.0/22 maxlen: 22
                          185.5.250.0/24 maxlen: 24
                          185.87.48.0/22 maxlen: 22
                          185.87.50.0/24 maxlen: 24
                          185.87.48.0/24 maxlen: 24
                          185.87.49.0/24 maxlen: 24
                          185.87.51.0/24 maxlen: 24
                          185.117.152.0/22 maxlen: 22
                          45.89.67.0/24 maxlen: 24
                          45.89.65.0/24 maxlen: 24
                          45.89.66.0/24 maxlen: 24
                          91.217.80.0/24 maxlen: 24
                          45.9.73.184/32 maxlen: 32
                          45.9.73.179/32 maxlen: 32
                          94.142.136.0/21 maxlen: 21
                          94.142.139.0/24 maxlen: 24
                          94.142.143.0/24 maxlen: 24
                          185.87.48.18/32 maxlen: 32
                          185.125.218.0/23 maxlen: 23
                          185.125.216.0/22 maxlen: 22
                          94.142.136.67/32 maxlen: 32
                          185.105.116.0/24 maxlen: 24
                          185.105.117.0/24 maxlen: 24
                          185.58.206.0/24 maxlen: 24
                          185.58.204.0/22 maxlen: 22
                          185.125.229.0/24 maxlen: 24
                          185.125.231.0/24 maxlen: 24
                          185.125.228.0/22 maxlen: 22
                          185.125.228.0/24 maxlen: 24
                          185.125.230.0/24 maxlen: 24
                          45.9.73.236/32 maxlen: 32
                          194.67.192.0/19 maxlen: 19
                          194.67.196.0/22 maxlen: 22
                          194.67.194.0/23 maxlen: 23
                          193.124.176.0/20 maxlen: 20
                          45.128.176.0/24 maxlen: 24
                          45.128.178.0/24 maxlen: 24
                          45.128.177.0/24 maxlen: 24
                          45.128.179.0/24 maxlen: 24
                          195.47.250.0/24 maxlen: 24
                          194.67.203.0/24 maxlen: 24
                          194.67.200.0/21 maxlen: 21
                          194.67.202.0/24 maxlen: 24
                          194.67.204.0/22 maxlen: 22
                          194.67.208.0/20 maxlen: 20
                          2a0a:9300:1000::/48 maxlen: 48
                          2a0a:9301:1::/48 maxlen: 48
                          2a0a:9301::/48 maxlen: 48
                          2a0a:9301:2::/48 maxlen: 48
                          2a0a:9302::/32 maxlen: 32
                          2a09:5302:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:32:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f0:e1:c0:7a:aa:a7:a8:02:d6:3a:dc:9d:46:a9:23:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Oct  2 14:54:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1f3aed66cf38fbcb9d67b15ffcc370591be9a995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:01:44:ef:cf:c3:93:6b:42:ce:ba:67:bb:68:
                    36:3b:72:a2:11:db:ca:ca:46:d7:48:80:31:13:de:
                    3c:8e:66:ec:cd:40:30:1c:26:1e:6e:0d:9e:d6:63:
                    00:2a:63:f5:99:c9:9d:0a:31:0c:e6:b4:4a:52:e8:
                    9a:62:14:ca:96:34:f4:03:2e:1f:bb:d3:54:59:af:
                    b3:95:55:71:f8:c2:11:16:45:7a:34:6d:27:5f:9b:
                    e8:e8:d6:d4:b7:d3:d2:0b:58:5f:c5:29:f5:58:91:
                    5d:cb:5a:5f:53:39:9c:d6:3e:0f:3e:86:2b:98:ed:
                    46:91:9e:b3:ed:a6:1c:39:7b:43:f4:34:f4:dc:4d:
                    96:31:1e:de:25:ad:a6:6b:18:d4:c6:20:d4:b1:18:
                    38:24:bf:bd:98:96:43:ef:d5:44:b2:08:79:46:c5:
                    06:46:c4:48:c3:35:a1:8e:54:7c:39:66:68:34:30:
                    c0:96:ad:d5:70:a3:9e:dd:2f:d5:bf:6b:03:2c:0b:
                    64:32:9a:4c:50:4f:76:2e:cd:2d:d0:c2:c5:54:4c:
                    2a:4e:55:c4:96:b8:9b:3a:0c:e2:bf:d6:23:a4:d9:
                    05:e4:36:c2:dd:f4:52:37:d9:4e:11:e6:48:03:73:
                    00:06:70:c1:12:f3:80:d6:19:82:cb:90:fb:38:9e:
                    03:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:3A:ED:66:CF:38:FB:CB:9D:67:B1:5F:FC:C3:70:59:1B:E9:A9:95
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HzrtZs84-8udZ7Ff_MNwWRvpqZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.73.179/32
                  45.9.73.184/32
                  45.9.73.236/32
                  45.89.65.0-45.89.67.255
                  45.128.176.0/22
                  91.217.80.0/24
                  94.142.136.0/21
                  185.5.248.0/22
                  185.58.204.0/22
                  185.87.48.0/22
                  185.105.116.0/23
                  185.117.152.0/22
                  185.125.216.0/22
                  185.125.228.0/22
                  193.124.176.0/20
                  194.67.192.0/19
                  195.47.250.0/24
                IPv6:
                  2a09:5302:ffff::/48
                  2a0a:9300:1000::/48
                  2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9302::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:24:d6:93:f4:90:4f:01:45:b4:fd:da:99:09:85:a5:75:9a:
         b3:ba:09:39:9b:c2:b8:28:f8:13:41:b6:8b:0d:c5:fb:54:5d:
         37:20:4a:2e:ab:d6:77:58:7f:81:f7:0e:48:bf:24:d4:6b:96:
         0d:03:b2:cb:57:49:69:dd:d5:b1:36:48:23:80:d3:2b:eb:40:
         88:a0:f8:1e:b8:d3:6a:da:26:48:a0:f4:8e:4d:fb:15:1a:4a:
         ad:10:18:d8:84:9c:b0:d7:b5:f9:d8:68:90:82:b0:a9:3d:fc:
         f5:3f:3d:46:fa:bc:23:57:b9:54:d7:89:bc:fa:29:e7:57:5e:
         1d:a3:eb:77:80:50:8c:5a:08:2f:7d:2b:40:1b:83:cd:5a:29:
         ba:61:29:d2:41:5e:11:74:53:a0:2c:a2:94:f7:ce:08:4b:48:
         41:1a:8a:a4:b4:db:25:bd:7e:0c:8e:c5:c6:d1:56:12:2c:3b:
         b1:b8:b4:e4:4c:87:e6:a3:37:af:6e:c0:51:86:ea:5a:21:4b:
         79:4a:2b:55:d8:99:25:5e:96:94:ac:7e:8a:34:f3:19:30:6a:
         76:2c:e0:b4:66:5a:04:2a:c9:6d:8d:58:79:78:ad:76:ce:18:
         e1:07:4a:bc:7c:6e:f2:46:e4:4c:4e:b3:08:87:b7:58:b3:c2:
         3f:84:29:41
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgISAYrw4cB6qqeoAtY63J1GqSMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMxMDAyMTQ1NDAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjNhZWQ2NmNmMzhmYmNiOWQ2N2IxNWZmY2MzNzA1OTFiZTlhOTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgFE78/Dk2tCzrpnu2g2O3KiEdvK
ykbXSIAxE948jmbszUAwHCYebg2e1mMAKmP1mcmdCjEM5rRKUuiaYhTKljT0Ay4f
u9NUWa+zlVVx+MIRFkV6NG0nX5vo6NbUt9PSC1hfxSn1WJFdy1pfUzmc1j4PPoYr
mO1GkZ6z7aYcOXtD9DT03E2WMR7eJa2maxjUxiDUsRg4JL+9mJZD79VEsgh5RsUG
RsRIwzWhjlR8OWZoNDDAlq3VcKOe3S/Vv2sDLAtkMppMUE92Ls0t0MLFVEwqTlXE
lribOgziv9YjpNkF5DbC3fRSN9lOEeZIA3MABnDBEvOA1hmCy5D7OJ4DNQIDAQAB
o4ICqjCCAqYwHQYDVR0OBBYEFB867WbPOPvLnWexX/zDcFkb6amVMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSHpydFpzODQtOHVkWjdGZl9NTndXUnZwcVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG/BggrBgEFBQcBBwEB/wSBrzCBrDB3BAIAATBxAwUALQlJ
swMFAC0JSbgDBQAtCUnsMAwDBAAtWUEDBAItWUADBAItgLADBABb2VADBANejogD
BAK5BfgDBAK5OswDBAK5VzADBAG5aXQDBAK5dZgDBAK5fdgDBAK5feQDBATBfLAD
BAXCQ8ADBADDL/owMQQCAAIwKwMHACoJUwL//wMHACoKkwAQADAQAwUAKgqTAQMH
ACoKkwEAAgMFACoKkwIwDQYJKoZIhvcNAQELBQADggEBAI4k1pP0kE8BRbT92pkJ
haV1mrO6CTmbwrgo+BNBtosNxftUXTcgSi6r1ndYf4H3Dki/JNRrlg0DsstXSWnd
1bE2SCOA0yvrQIig+B6402raJkig9I5N+xUaSq0QGNiEnLDXtfnYaJCCsKk9/PU/
PUb6vCNXuVTXibz6KedXXh2j63eAUIxaCC99K0Abg81aKbphKdJBXhF0U6AsopT3
zghLSEEaiqS02yW9fgyOxcbRVhIsO7G4tORMh+ajN69uwFGG6lohS3lKK1XYmSVe
lpSsfoo08xkwanYs4LRmWgQqyW2NWHl4rXbOGOEHSrx8bvJG5ExOswiHt1izwj+E
KUE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:10 2024 by rpki-client on console-ams.rpki-client.org