Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HQplsWtpUoIWIUpvZwWJc9PFXzs.roa
File:                     HQplsWtpUoIWIUpvZwWJc9PFXzs.roa (raw, json)
Hash identifier:          hjiNHg9JocaRKaFUZAMdP5z0UjyvhNu+500Tl/9bIuo=
Subject key identifier:   1D:0A:65:B1:6B:69:52:82:16:21:4A:6F:67:05:89:73:D3:C5:5F:3B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018EE1F61F02DB4F4445AA544627BF8E0F23
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HQplsWtpUoIWIUpvZwWJc9PFXzs.roa
Signing time:             Mon 15 Apr 2024 13:33:07 +0000
ROA not before:           Mon 15 Apr 2024 13:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202636
IP address blocks:        37.32.96.0/23 maxlen: 23
                          45.134.87.0/24 maxlen: 24
                          93.189.121.0/24 maxlen: 24
                          93.189.122.0/24 maxlen: 24
                          185.150.77.0/24 maxlen: 24
                          185.150.78.0/23 maxlen: 23
                          185.179.233.0/24 maxlen: 24
                          185.179.235.0/24 maxlen: 24
                          185.191.44.0/22 maxlen: 22
                          185.218.18.0/24 maxlen: 24
                          185.227.205.0/24 maxlen: 24
                          185.239.254.0/24 maxlen: 24
                          185.248.200.0/22 maxlen: 24
                          185.252.44.0/22 maxlen: 22
                          194.35.41.0/24 maxlen: 24
                          194.41.116.0/23 maxlen: 23
                          194.41.118.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Thu 02 May 2024 15:57:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:f6:1f:02:db:4f:44:45:aa:54:46:27:bf:8e:0f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 15 13:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d0a65b16b69528216214a6f67058973d3c55f3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4e:48:64:9a:d2:ab:0d:7f:8b:f2:f8:3a:95:
                    62:e9:d3:97:72:27:d9:9e:0b:6e:23:1c:8a:d1:73:
                    10:cc:59:89:9f:f1:3e:d4:be:39:ff:e3:d3:4d:f6:
                    f7:ad:5b:bd:2c:c4:4b:3f:9b:20:e5:bb:69:2e:4a:
                    d8:36:b9:ca:c2:8a:fa:75:a5:3f:b7:b8:d0:fd:7e:
                    80:33:55:fa:9e:50:3a:c4:96:a8:8d:ca:86:4f:b3:
                    ab:3d:af:7f:5d:0e:bf:f2:04:95:cc:ab:40:68:d4:
                    ff:7b:ec:63:b3:bf:49:8e:02:69:8b:10:ff:7d:4e:
                    2b:14:d2:b2:a4:a7:bf:f0:3b:ed:24:38:2d:e1:ab:
                    53:1c:84:14:bb:78:20:c1:bf:80:dd:f4:c8:2c:1c:
                    10:ea:21:0b:0d:1e:60:a7:df:05:ac:ed:eb:1c:93:
                    45:f1:90:99:9b:2b:9b:a4:38:32:78:89:86:f1:05:
                    95:c2:d8:38:ea:db:f6:89:47:f0:78:65:34:cf:08:
                    e8:c9:f9:5a:47:3a:68:40:d9:1b:29:3f:b2:16:f1:
                    e2:40:ef:21:7f:41:35:58:ac:55:99:26:3a:9f:ba:
                    01:9d:cb:d6:68:8f:57:60:52:07:f5:b1:c1:c6:8e:
                    f0:c0:d8:80:44:e3:2e:f2:5c:0a:40:81:aa:a6:26:
                    5c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:0A:65:B1:6B:69:52:82:16:21:4A:6F:67:05:89:73:D3:C5:5F:3B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HQplsWtpUoIWIUpvZwWJc9PFXzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.96.0/23
                  45.134.87.0/24
                  93.189.121.0-93.189.122.255
                  185.150.77.0-185.150.79.255
                  185.179.233.0/24
                  185.179.235.0/24
                  185.191.44.0/22
                  185.218.18.0/24
                  185.227.205.0/24
                  185.239.254.0/24
                  185.248.200.0/22
                  185.252.44.0/22
                  194.35.41.0/24
                  194.41.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:e6:b7:55:8d:75:b5:23:5a:08:8c:26:51:d8:3b:64:3e:a5:
         35:a1:e1:b8:c0:ee:52:9a:20:5e:81:a8:d9:21:77:33:0c:8b:
         20:66:01:28:57:ad:dc:7f:5f:bd:7b:20:b2:a1:92:46:2e:7a:
         8a:5c:c8:9f:61:1d:48:67:09:1d:97:75:59:62:74:ea:17:75:
         47:a8:78:26:cf:45:e3:19:58:e7:48:93:0b:ce:ad:e5:6c:41:
         9c:03:b6:fc:5e:22:82:c3:aa:c7:0e:da:64:ac:b9:ef:c0:82:
         c8:e9:b9:34:eb:27:0c:17:9c:3a:13:03:bb:a5:f1:bb:ab:fc:
         28:03:6e:d4:e4:5b:c0:08:10:f6:83:d4:86:23:e2:58:b1:45:
         43:fd:bd:20:2e:68:1c:58:bd:6b:aa:5b:08:37:9e:95:f4:05:
         f7:b8:72:42:3b:59:0e:31:a9:03:9f:f3:29:56:ab:b4:a0:97:
         78:35:ad:35:b1:30:16:cc:d6:df:2f:a5:71:7a:49:d5:65:a2:
         ad:36:20:24:84:1f:a7:59:fc:ef:2e:b7:e8:9f:1d:ae:95:f5:
         41:c0:94:3d:ea:35:70:60:44:f9:6c:34:2a:41:a1:53:5d:35:
         51:12:fa:19:4b:97:a2:b0:b6:92:8b:f6:2e:3e:29:cc:52:37:
         44:0b:3f:0a
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAY7h9h8C209ERapURie/jg8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNDE1MTMzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDBhNjViMTZiNjk1MjgyMTYyMTRhNmY2NzA1ODk3M2QzYzU1ZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU5IZJrSqw1/i/L4OpVi6dOXcifZ
ngtuIxyK0XMQzFmJn/E+1L45/+PTTfb3rVu9LMRLP5sg5btpLkrYNrnKwor6daU/
t7jQ/X6AM1X6nlA6xJaojcqGT7OrPa9/XQ6/8gSVzKtAaNT/e+xjs79JjgJpixD/
fU4rFNKypKe/8DvtJDgt4atTHIQUu3ggwb+A3fTILBwQ6iELDR5gp98FrO3rHJNF
8ZCZmyubpDgyeImG8QWVwtg46tv2iUfweGU0zwjoyflaRzpoQNkbKT+yFvHiQO8h
f0E1WKxVmSY6n7oBncvWaI9XYFIH9bHBxo7wwNiAROMu8lwKQIGqpiZcYwIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFB0KZbFraVKCFiFKb2cFiXPTxV87MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSFFwbHNXdHBVb0lXSVVwdlp3V0pjOVBGWHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQBJSBgAwQA
LYZXMAwDBABdvXkDBABdvXowDAMEALmWTQMEBLmWQAMEALmz6QMEALmz6wMEArm/
LAMEALnaEgMEALnjzQMEALnv/gMEArn4yAMEArn8LAMEAMIjKQMEAsIpdDANBgkq
hkiG9w0BAQsFAAOCAQEAg+a3VY11tSNaCIwmUdg7ZD6lNaHhuMDuUpogXoGo2SF3
MwyLIGYBKFet3H9fvXsgsqGSRi56ilzIn2EdSGcJHZd1WWJ06hd1R6h4Js9F4xlY
50iTC86t5WxBnAO2/F4igsOqxw7aZKy578CCyOm5NOsnDBecOhMDu6Xxu6v8KANu
1ORbwAgQ9oPUhiPiWLFFQ/29IC5oHFi9a6pbCDeelfQF97hyQjtZDjGpA5/zKVar
tKCXeDWtNbEwFszW3y+lcXpJ1WWirTYgJIQfp1n87y636J8drpX1QcCUPeo1cGBE
+Ww0KkGhU101URL6GUuXorC2kov2Lj4pzFI3RAs/Cg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:21 2024 by rpki-client on console-ams.rpki-client.org