Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/hMoA0qMREg0QanbErQkWWkfHdTI.roa
File:                     hMoA0qMREg0QanbErQkWWkfHdTI.roa (raw, json)
Hash identifier:          2EkORE6Jh50GMvgZDahc8AzOt7cIU6WmBppEmqcnejI=
Subject key identifier:   84:CA:00:D2:A3:11:12:0D:10:6A:76:C4:AD:09:16:5A:47:C7:75:32
Certificate issuer:       /CN=dc02b18f588a50b9274fe3469ff8bd4a1649d74d
Certificate serial:       01856DDD56C7D62FF2349AF7B3BEB0F41F0A
Authority key identifier: DC:02:B1:8F:58:8A:50:B9:27:4F:E3:46:9F:F8:BD:4A:16:49:D7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/hMoA0qMREg0QanbErQkWWkfHdTI.roa
Signing time:             Sun 01 Jan 2023 15:05:00 +0000
ROA not before:           Sun 01 Jan 2023 15:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56484
IP address blocks:        93.187.39.0/24 maxlen: 24
                          185.52.116.0/24 maxlen: 24
                          185.52.116.0/22 maxlen: 24
                          185.52.117.0/24 maxlen: 24
                          185.52.118.0/24 maxlen: 24
                          185.52.119.0/24 maxlen: 24
                          93.187.37.0/24 maxlen: 24
                          93.187.38.0/24 maxlen: 24
                          93.187.34.0/24 maxlen: 24
                          93.187.35.0/24 maxlen: 24
                          93.187.36.0/24 maxlen: 24
                          93.187.32.0/21 maxlen: 24
                          93.187.32.0/24 maxlen: 24
                          93.187.33.0/24 maxlen: 24
                          2a00:dd00:6::/48 maxlen: 48
                          2a00:dd00:7::/48 maxlen: 48
                          2a00:dd00:5::/48 maxlen: 48
                          2a00:dd00::/32 maxlen: 48
                          2a00:dd00:4::/48 maxlen: 48
                          2a00:dd00:3::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 31 Jul 2023 11:33:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:dd:56:c7:d6:2f:f2:34:9a:f7:b3:be:b0:f4:1f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc02b18f588a50b9274fe3469ff8bd4a1649d74d
        Validity
            Not Before: Jan  1 15:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=84ca00d2a311120d106a76c4ad09165a47c77532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:44:8f:74:07:bc:92:63:f1:7d:04:6a:c1:23:
                    5d:99:54:bc:05:61:cb:78:5e:ba:99:0b:c5:42:27:
                    18:5b:24:40:9b:e7:8a:20:3e:6b:ef:4d:cf:b8:b8:
                    63:a9:04:4f:2f:25:e1:25:35:59:5b:77:ee:66:d0:
                    b5:c7:1c:54:76:3f:23:1e:29:5a:19:f8:73:fe:3e:
                    8a:8f:fc:e9:e2:f5:a2:19:4b:c6:a2:18:a4:e8:ee:
                    af:02:52:fe:d4:72:fb:06:26:ba:83:7d:89:b8:e3:
                    4e:2d:2d:0d:25:18:63:a1:50:e7:1b:0f:9f:92:d4:
                    0a:99:cc:de:22:32:c0:04:df:e1:6e:93:3e:09:f8:
                    dd:c1:7e:d7:a3:b5:f3:35:2e:46:83:6e:e0:62:a3:
                    05:54:43:57:c2:ec:67:b4:25:ba:91:44:f0:2c:d5:
                    6a:ba:90:eb:0e:66:18:bb:3e:8e:2f:5d:c6:3e:fc:
                    a4:80:e5:bb:45:89:32:04:34:61:05:64:ce:32:f3:
                    ae:15:d4:98:f3:6b:01:48:f9:3c:d4:f0:92:9d:77:
                    e5:55:65:91:e8:a8:f8:a4:20:ed:0e:3d:77:f7:6a:
                    2d:90:4f:ce:ee:b3:99:a7:68:af:a7:f2:9d:2a:00:
                    d0:a5:ba:57:99:2e:4b:3f:42:c1:03:f6:0e:3c:b1:
                    f2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CA:00:D2:A3:11:12:0D:10:6A:76:C4:AD:09:16:5A:47:C7:75:32
            X509v3 Authority Key Identifier:
                keyid:DC:02:B1:8F:58:8A:50:B9:27:4F:E3:46:9F:F8:BD:4A:16:49:D7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/hMoA0qMREg0QanbErQkWWkfHdTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/3AKxj1iKULknT-NGn_i9ShZJ100.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.32.0/21
                  185.52.116.0/22
                IPv6:
                  2a00:dd00::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:1e:4f:ef:a0:1c:4f:4d:29:40:cf:fe:c2:19:a5:48:39:74:
         93:cf:ae:06:24:f8:2b:16:bb:35:bd:4d:9c:60:09:da:e0:73:
         0a:df:bb:14:6d:19:08:38:55:c9:22:53:58:e4:90:4d:bc:13:
         3e:c5:5b:59:b2:f6:4f:ec:58:dc:48:6a:5e:45:1f:b7:a4:c7:
         bc:11:c4:11:5c:06:70:cc:11:5e:9a:04:0e:b2:c9:47:aa:4b:
         37:f0:cd:6a:b1:54:ac:fc:0f:6a:ee:57:16:c5:28:a5:8d:c9:
         08:9b:ad:db:03:0c:20:d3:bf:d4:70:a8:ff:aa:c6:4d:50:c9:
         16:c4:a7:10:f7:a9:c4:d3:db:60:f4:93:8c:0e:4c:b7:76:79:
         79:3e:0d:05:77:7c:9f:be:8a:2f:b1:db:cb:19:17:e0:15:8e:
         42:8e:4d:06:2f:74:64:81:d0:35:7b:d5:19:0d:6f:fc:f2:6a:
         f0:fa:ff:9c:73:22:69:a5:06:e1:bb:ee:5d:c8:c1:cc:3f:70:
         e1:bb:aa:9e:c8:d4:65:ae:d7:33:ed:0b:cf:31:5d:92:45:d1:
         d5:f1:56:fb:90:7e:75:96:c3:a2:03:62:62:b1:8d:c3:de:6e:
         ab:3b:6c:b2:d9:68:2f:2e:ae:67:cc:43:34:23:1c:6c:eb:0e:
         88:74:40:d9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVt3VbH1i/yNJr3s76w9B8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDJiMThmNTg4YTUwYjkyNzRmZTM0NjlmZjhiZDRhMTY0
OWQ3NGQwHhcNMjMwMTAxMTUwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGNhMDBkMmEzMTExMjBkMTA2YTc2YzRhZDA5MTY1YTQ3Yzc3NTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkSPdAe8kmPxfQRqwSNdmVS8BWHL
eF66mQvFQicYWyRAm+eKID5r703PuLhjqQRPLyXhJTVZW3fuZtC1xxxUdj8jHila
Gfhz/j6Kj/zp4vWiGUvGohik6O6vAlL+1HL7Bia6g32JuONOLS0NJRhjoVDnGw+f
ktQKmczeIjLABN/hbpM+CfjdwX7Xo7XzNS5Gg27gYqMFVENXwuxntCW6kUTwLNVq
upDrDmYYuz6OL13GPvykgOW7RYkyBDRhBWTOMvOuFdSY82sBSPk81PCSnXflVWWR
6Kj4pCDtDj1392otkE/O7rOZp2ivp/KdKgDQpbpXmS5LP0LBA/YOPLHyxwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFITKANKjERINEGp2xK0JFlpHx3UyMB8GA1UdIwQY
MBaAFNwCsY9YilC5J0/jRp/4vUoWSddNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FLeGoxaUtVTGtuVC1OR25faTlTaFpKMTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jODYxYzgtYzg5YS00MDQzLWEwMmQt
NjY0ZjA0ZDJhNjhkLzEvaE1vQTBxTVJFZzBRYW5iRXJRa1dXa2ZIZFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jODYxYzgtYzg5YS00MDQzLWEwMmQtNjY0ZjA0ZDJhNjhk
LzEvM0FLeGoxaUtVTGtuVC1OR25faTlTaFpKMTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXbsgAwQC
uTR0MA0EAgACMAcDBQAqAN0AMA0GCSqGSIb3DQEBCwUAA4IBAQBfHk/voBxPTSlA
z/7CGaVIOXSTz64GJPgrFrs1vU2cYAna4HMK37sUbRkIOFXJIlNY5JBNvBM+xVtZ
svZP7FjcSGpeRR+3pMe8EcQRXAZwzBFemgQOsslHqks38M1qsVSs/A9q7lcWxSil
jckIm63bAwwg07/UcKj/qsZNUMkWxKcQ96nE09tg9JOMDky3dnl5Pg0Fd3yfvoov
sdvLGRfgFY5Cjk0GL3RkgdA1e9UZDW/88mrw+v+ccyJppQbhu+5dyMHMP3Dhu6qe
yNRlrtcz7QvPMV2SRdHV8Vb7kH51lsOiA2JisY3D3m6rO2yy2WgvLq5nzEM0Ixxs
6w6IdEDZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:42 2024 by rpki-client on console-ams.rpki-client.org