Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/cf063f-9493-46f1-acd1-31c7fb4715f6/1/QNP0cXlLnEudt-d-GhkESt_aeYQ.roa
File:                     QNP0cXlLnEudt-d-GhkESt_aeYQ.roa (raw, json)
Hash identifier:          /EXkDspI0mvjwKWOece5JHIWxwxdMgMi8eLNp7lISPM=
Subject key identifier:   40:D3:F4:71:79:4B:9C:4B:9D:B7:E7:7E:1A:19:04:4A:DF:DA:79:84
Certificate issuer:       /CN=dc0bde1467895c6f3a47197eac58ca13ae4bb78d
Certificate serial:       01903506C58E0B6755CBC1AAE6F945351719
Authority key identifier: DC:0B:DE:14:67:89:5C:6F:3A:47:19:7E:AC:58:CA:13:AE:4B:B7:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AveFGeJXG86Rxl-rFjKE65Lt40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/cf063f-9493-46f1-acd1-31c7fb4715f6/1/QNP0cXlLnEudt-d-GhkESt_aeYQ.roa
Signing time:             Thu 20 Jun 2024 09:42:34 +0000
ROA not before:           Thu 20 Jun 2024 09:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49824
IP address blocks:        45.87.89.0/24 maxlen: 24
                          45.87.90.0/24 maxlen: 24
                          45.87.91.0/24 maxlen: 24
                          95.141.245.0/24 maxlen: 24
                          212.23.203.0/24 maxlen: 24
                          2a10:2f40::/48 maxlen: 48
                          2a10:2f40:1::/48 maxlen: 48
                          2a10:2f40:2::/48 maxlen: 48
                          2a10:2f40:3::/48 maxlen: 48
                          2a10:2f40:4::/48 maxlen: 48
                          2a10:2f40:5::/48 maxlen: 48
                          2a10:2f40:9::/48 maxlen: 48
                          2a10:2f40:a::/48 maxlen: 48
                          2a10:2f40:b::/48 maxlen: 48
                          2a10:2f40:c::/48 maxlen: 48
                          2a10:2f40:d::/48 maxlen: 48
                          2a10:2f40:1a::/48 maxlen: 48
                          2a14:7280::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 28 Jun 2024 12:49:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:06:c5:8e:0b:67:55:cb:c1:aa:e6:f9:45:35:17:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc0bde1467895c6f3a47197eac58ca13ae4bb78d
        Validity
            Not Before: Jun 20 09:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40d3f471794b9c4b9db7e77e1a19044adfda7984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:44:e0:dd:b6:8c:e6:ee:de:ed:3f:76:e3:1a:
                    c5:b6:55:23:e0:0e:37:cd:58:c4:05:d1:ad:4d:af:
                    03:66:26:1a:7d:a7:65:26:0f:2b:29:91:8d:27:24:
                    e1:6d:56:bc:e0:c8:98:b1:94:33:c6:c8:81:83:49:
                    0f:0d:1a:bb:b7:94:99:ca:93:a3:9a:fc:67:84:36:
                    e0:42:2d:71:a9:a3:f3:2f:c4:42:2a:a3:fc:14:86:
                    0c:5c:19:31:89:9f:32:f0:00:3a:ac:e4:75:80:ec:
                    86:a3:75:6c:32:70:eb:3d:35:f3:09:3a:77:46:f3:
                    03:46:bf:cb:a3:3b:8e:2e:f8:bb:87:ec:6b:e5:2a:
                    ad:83:c1:81:e7:fe:8b:f2:c0:f5:a3:cb:b8:2b:2e:
                    22:8f:10:44:23:ca:58:a8:59:d3:13:9c:39:98:08:
                    75:9b:1f:7b:8f:9f:02:43:28:8f:5a:5b:3c:ce:94:
                    e0:91:d3:85:18:cc:b7:2c:b6:1c:6e:b0:14:61:51:
                    38:7a:7b:de:43:f5:6e:d6:ef:11:3a:ff:2e:bc:6b:
                    33:85:e3:eb:c5:11:22:af:f0:37:2a:e2:1c:63:45:
                    94:f9:f6:72:09:9c:1b:e4:f1:3a:0b:7b:51:63:1c:
                    b7:31:26:41:a5:1e:e5:d0:c1:ad:1a:84:ce:57:ad:
                    4f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D3:F4:71:79:4B:9C:4B:9D:B7:E7:7E:1A:19:04:4A:DF:DA:79:84
            X509v3 Authority Key Identifier:
                keyid:DC:0B:DE:14:67:89:5C:6F:3A:47:19:7E:AC:58:CA:13:AE:4B:B7:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AveFGeJXG86Rxl-rFjKE65Lt40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/cf063f-9493-46f1-acd1-31c7fb4715f6/1/QNP0cXlLnEudt-d-GhkESt_aeYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/cf063f-9493-46f1-acd1-31c7fb4715f6/1/3AveFGeJXG86Rxl-rFjKE65Lt40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.89.0-45.87.91.255
                  95.141.245.0/24
                  212.23.203.0/24
                IPv6:
                  2a10:2f40::-2a10:2f40:5:ffff:ffff:ffff:ffff:ffff
                  2a10:2f40:9::-2a10:2f40:d:ffff:ffff:ffff:ffff:ffff
                  2a10:2f40:1a::/48
                  2a14:7280::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:ef:0c:72:85:61:c8:ee:11:cc:eb:dc:24:0b:d0:2c:d6:11:
         d7:5d:cd:dd:52:75:54:80:db:88:60:a8:6d:7f:db:13:b7:24:
         06:b8:92:94:42:f5:26:70:62:13:b8:bd:2b:09:11:2d:77:fe:
         7b:4a:2d:a0:ad:6a:d5:f8:de:e0:16:d9:33:d9:00:83:86:92:
         fa:4e:7c:1c:8b:71:db:73:f2:7d:0c:4b:bd:62:f7:53:ff:81:
         a3:bf:35:09:aa:cc:c5:94:bb:96:f8:d7:02:84:33:d3:e5:23:
         93:03:e3:18:5c:93:8a:b2:53:e5:12:eb:c1:d5:8a:c2:2f:0d:
         f0:44:fe:56:ca:39:6f:e9:57:d3:72:d1:44:e0:6b:cf:61:75:
         13:db:9d:13:87:53:43:ed:fd:63:dd:5c:c2:81:6d:d4:7e:fb:
         7c:13:99:ef:68:92:6d:8b:ed:d5:c3:a0:d4:2a:24:52:44:0f:
         e2:ff:23:db:c1:47:6e:b4:c3:7c:d5:0c:d1:4a:bd:c2:f6:f0:
         f7:b6:63:3a:82:dd:65:67:6d:ba:bd:66:99:1a:d9:82:e7:d9:
         15:1b:6b:e3:e4:8d:eb:1b:a3:d4:6e:8e:48:3e:a7:c2:c0:65:
         4d:16:f7:3f:50:aa:2d:dd:2e:55:17:90:5e:4a:12:7f:93:2d:
         8f:37:3e:eb
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZA1BsWOC2dVy8Gq5vlFNRcZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMGJkZTE0Njc4OTVjNmYzYTQ3MTk3ZWFjNThjYTEzYWU0
YmI3OGQwHhcNMjQwNjIwMDk0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGQzZjQ3MTc5NGI5YzRiOWRiN2U3N2UxYTE5MDQ0YWRmZGE3OTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkTg3baM5u7e7T924xrFtlUj4A43
zVjEBdGtTa8DZiYafadlJg8rKZGNJyThbVa84MiYsZQzxsiBg0kPDRq7t5SZypOj
mvxnhDbgQi1xqaPzL8RCKqP8FIYMXBkxiZ8y8AA6rOR1gOyGo3VsMnDrPTXzCTp3
RvMDRr/LozuOLvi7h+xr5Sqtg8GB5/6L8sD1o8u4Ky4ijxBEI8pYqFnTE5w5mAh1
mx97j58CQyiPWls8zpTgkdOFGMy3LLYcbrAUYVE4enveQ/Vu1u8ROv8uvGszhePr
xREir/A3KuIcY0WU+fZyCZwb5PE6C3tRYxy3MSZBpR7l0MGtGoTOV61PdwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFEDT9HF5S5xLnbfnfhoZBErf2nmEMB8GA1UdIwQY
MBaAFNwL3hRniVxvOkcZfqxYyhOuS7eNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0F2ZUZHZUpYRzg2UnhsLXJGaktFNjVMdDQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9jZjA2M2YtOTQ5My00NmYxLWFjZDEt
MzFjN2ZiNDcxNWY2LzEvUU5QMGNYbExuRXVkdC1kLUdoa0VTdF9hZVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9jZjA2M2YtOTQ5My00NmYxLWFjZDEtMzFjN2ZiNDcxNWY2
LzEvM0F2ZUZHZUpYRzg2UnhsLXJGaktFNjVMdDQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDAgBAIAATAaMAwDBAAtV1kD
BAItV1gDBABfjfUDBADUF8swPAQCAAIwNjAQAwUGKhAvQAMHASoQL0AABDASAwcA
KhAvQAAJAwcBKhAvQAAMAwcAKhAvQAAaAwUDKhRygDANBgkqhkiG9w0BAQsFAAOC
AQEAhu8McoVhyO4RzOvcJAvQLNYR113N3VJ1VIDbiGCobX/bE7ckBriSlEL1JnBi
E7i9KwkRLXf+e0otoK1q1fje4BbZM9kAg4aS+k58HItx23PyfQxLvWL3U/+Bo781
CarMxZS7lvjXAoQz0+UjkwPjGFyTirJT5RLrwdWKwi8N8ET+Vso5b+lX03LRROBr
z2F1E9udE4dTQ+39Y91cwoFt1H77fBOZ72iSbYvt1cOg1CokUkQP4v8j28FHbrTD
fNUM0Uq9wvbw97ZjOoLdZWdtur1mmRrZgufZFRtr4+SN6xuj1G6OSD6nwsBlTRb3
P1CqLd0uVReQXkoSf5Mtjzc+6w==
-----END CERTIFICATE-----
Generated at Fri Jun 28 18:19:05 2024 by rpki-client on console-fra.rpki-client.org