Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/51ba0b-69c6-4ed9-82c7-429307f24320/1/hl4FsORveN4noMbuzq123JFmn0s.roa
File:                     hl4FsORveN4noMbuzq123JFmn0s.roa (raw, json)
Hash identifier:          5qFzMwKX3LL5iJTW7UiCEIDuXiALcyrmRn2S2iiI03Y=
Subject key identifier:   86:5E:05:B0:E4:6F:78:DE:27:A0:C6:EE:CE:AD:76:DC:91:66:9F:4B
Certificate issuer:       /CN=78a4c4eaef6fe1705698b00e61915677a2fb8d5b
Certificate serial:       0189DEE37D61B886BBD8727DFADAF883167E
Authority key identifier: 78:A4:C4:EA:EF:6F:E1:70:56:98:B0:0E:61:91:56:77:A2:FB:8D:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eKTE6u9v4XBWmLAOYZFWd6L7jVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/51ba0b-69c6-4ed9-82c7-429307f24320/1/hl4FsORveN4noMbuzq123JFmn0s.roa
Signing time:             Thu 10 Aug 2023 09:59:57 +0000
ROA not before:           Thu 10 Aug 2023 09:59:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51978
IP address blocks:        194.182.192.0/19 maxlen: 19
                          82.180.64.0/18 maxlen: 18
                          194.182.200.0/22 maxlen: 22
                          185.8.136.0/22 maxlen: 22
                          46.30.112.0/21 maxlen: 21
                          64.190.238.0/23 maxlen: 23
                          130.193.112.0/21 maxlen: 21
                          46.35.32.0/20 maxlen: 20
                          2a03:b580::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:30:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:de:e3:7d:61:b8:86:bb:d8:72:7d:fa:da:f8:83:16:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78a4c4eaef6fe1705698b00e61915677a2fb8d5b
        Validity
            Not Before: Aug 10 09:59:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=865e05b0e46f78de27a0c6eecead76dc91669f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d2:ca:5d:cf:f9:84:3d:c3:a9:fc:f3:00:a4:
                    b2:29:5f:29:5c:9f:00:6e:7e:ef:34:51:1c:30:f6:
                    63:9c:10:b4:e1:f0:e2:92:6a:48:70:45:be:16:d9:
                    ae:bb:9b:c2:0a:27:32:d2:1b:1f:c1:9b:a8:c8:58:
                    65:23:46:ef:fa:5a:de:58:b0:9f:cb:97:62:79:89:
                    72:34:19:58:29:f3:5e:d0:c6:4f:06:cd:a3:24:d0:
                    d9:f6:1e:ce:3c:e9:69:da:c9:68:a8:04:05:ff:70:
                    ba:d2:a3:c6:08:c0:6f:79:e6:94:9b:7b:b8:14:d6:
                    5a:8e:aa:32:95:66:f3:ef:24:16:6b:0b:cd:b8:78:
                    a8:06:bf:9a:85:2a:09:fd:2b:b0:e3:4f:df:f9:84:
                    63:c3:6d:e4:02:ce:7f:27:83:6f:3a:3b:5e:60:02:
                    5b:b4:6d:f2:52:6c:6d:09:4d:ce:28:44:d4:bb:a4:
                    12:bf:d3:7b:7c:13:99:06:f1:8f:ce:ed:6d:fb:0c:
                    63:f3:58:42:95:30:8f:ca:8c:08:40:f0:37:81:8d:
                    9c:9b:65:86:e6:3e:09:91:cd:a9:2d:50:ca:05:d7:
                    6a:48:c3:ff:8f:ec:7c:bd:7e:b8:dd:78:62:55:3b:
                    91:96:0a:ca:e1:65:bd:16:8c:e2:41:13:d8:c7:0c:
                    33:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:5E:05:B0:E4:6F:78:DE:27:A0:C6:EE:CE:AD:76:DC:91:66:9F:4B
            X509v3 Authority Key Identifier:
                keyid:78:A4:C4:EA:EF:6F:E1:70:56:98:B0:0E:61:91:56:77:A2:FB:8D:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eKTE6u9v4XBWmLAOYZFWd6L7jVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/51ba0b-69c6-4ed9-82c7-429307f24320/1/hl4FsORveN4noMbuzq123JFmn0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/51ba0b-69c6-4ed9-82c7-429307f24320/1/eKTE6u9v4XBWmLAOYZFWd6L7jVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.112.0/21
                  46.35.32.0/20
                  64.190.238.0/23
                  82.180.64.0/18
                  130.193.112.0/21
                  185.8.136.0/22
                  194.182.192.0/19
                IPv6:
                  2a03:b580::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:58:0f:70:ea:90:ec:3a:59:e3:ec:9f:ba:34:d6:2a:04:71:
         3d:57:2b:44:8b:20:f9:aa:95:65:9b:04:85:47:22:96:b9:5a:
         fe:c3:40:bc:ed:cb:79:cf:7a:d1:95:5e:4f:be:d1:bb:2f:0a:
         c1:9c:ec:ff:2b:30:d5:3b:b2:b6:1c:c2:05:3c:aa:d8:a3:28:
         4e:c6:65:2e:73:40:06:e4:70:97:32:d5:61:fd:80:77:2d:c9:
         d1:1f:72:52:79:77:69:52:4b:5c:5e:71:d6:48:18:ed:5b:99:
         18:bf:5c:2c:f7:97:4a:7f:93:12:8f:84:34:7a:c6:78:5e:48:
         f8:a7:5a:3e:1f:95:4b:ff:f8:1b:a6:d3:44:6f:e2:0d:c9:5f:
         0d:14:fe:07:ab:d9:ac:e0:68:28:e0:01:b1:f3:92:a8:3e:35:
         34:5d:45:15:e3:ce:ca:24:b4:93:9c:c3:63:6d:ae:f4:ee:c1:
         48:3e:65:0b:71:cd:4d:d3:73:82:e2:da:0f:0c:62:be:e6:2a:
         ec:db:e4:92:92:6f:67:ea:d5:1f:5f:4c:22:33:b4:21:6b:7a:
         4d:fb:1d:86:ad:6f:86:1f:a3:3f:0a:1d:25:48:d0:ec:93:fd:
         ea:56:86:dc:14:8a:ec:e8:8f:10:0a:f1:7c:51:fa:15:73:e0:
         45:f3:13:6e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYne431huIa72HJ9+tr4gxZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YTRjNGVhZWY2ZmUxNzA1Njk4YjAwZTYxOTE1Njc3YTJm
YjhkNWIwHhcNMjMwODEwMDk1OTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjVlMDViMGU0NmY3OGRlMjdhMGM2ZWVjZWFkNzZkYzkxNjY5ZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dLKXc/5hD3DqfzzAKSyKV8pXJ8A
bn7vNFEcMPZjnBC04fDikmpIcEW+Ftmuu5vCCicy0hsfwZuoyFhlI0bv+lreWLCf
y5dieYlyNBlYKfNe0MZPBs2jJNDZ9h7OPOlp2sloqAQF/3C60qPGCMBveeaUm3u4
FNZajqoylWbz7yQWawvNuHioBr+ahSoJ/Suw40/f+YRjw23kAs5/J4NvOjteYAJb
tG3yUmxtCU3OKETUu6QSv9N7fBOZBvGPzu1t+wxj81hClTCPyowIQPA3gY2cm2WG
5j4Jkc2pLVDKBddqSMP/j+x8vX643XhiVTuRlgrK4WW9FoziQRPYxwwzNwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFIZeBbDkb3jeJ6DG7s6tdtyRZp9LMB8GA1UdIwQY
MBaAFHikxOrvb+FwVpiwDmGRVnei+41bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUtURTZ1OXY0WEJXbUxBT1laRldkNkw3alZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi81MWJhMGItNjljNi00ZWQ5LTgyYzct
NDI5MzA3ZjI0MzIwLzEvaGw0RnNPUnZlTjRub01idXpxMTIzSkZtbjBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi81MWJhMGItNjljNi00ZWQ5LTgyYzctNDI5MzA3ZjI0MzIw
LzEvZUtURTZ1OXY0WEJXbUxBT1laRldkNkw3alZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDLh5wAwQE
LiMgAwQBQL7uAwQGUrRAAwQDgsFwAwQCuQiIAwQFwrbAMA0EAgACMAcDBQAqA7WA
MA0GCSqGSIb3DQEBCwUAA4IBAQAOWA9w6pDsOlnj7J+6NNYqBHE9VytEiyD5qpVl
mwSFRyKWuVr+w0C87ct5z3rRlV5PvtG7LwrBnOz/KzDVO7K2HMIFPKrYoyhOxmUu
c0AG5HCXMtVh/YB3LcnRH3JSeXdpUktcXnHWSBjtW5kYv1ws95dKf5MSj4Q0esZ4
Xkj4p1o+H5VL//gbptNEb+INyV8NFP4Hq9ms4Ggo4AGx85KoPjU0XUUV487KJLST
nMNjba707sFIPmULcc1N03OC4toPDGK+5irs2+SSkm9n6tUfX0wiM7Qha3pN+x2G
rW+GH6M/Ch0lSNDsk/3qVobcFIrs6I8QCvF8UfoVc+BF8xNu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:32 2024 by rpki-client on console-ams.rpki-client.org