Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QQOTwvbBndBPBjY6L67A6ihfBig.roa
File:                     QQOTwvbBndBPBjY6L67A6ihfBig.roa (raw, json)
Hash identifier:          hTYejGVFYNjyY3WB/C4PT+j0PuKU/exwwQD93UlZ5zc=
Subject key identifier:   41:03:93:C2:F6:C1:9D:D0:4F:06:36:3A:2F:AE:C0:EA:28:5F:06:28
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018DAC58C9DD2FF34D32B0B22284D109C594
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QQOTwvbBndBPBjY6L67A6ihfBig.roa
Signing time:             Thu 15 Feb 2024 10:38:36 +0000
ROA not before:           Thu 15 Feb 2024 10:38:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8342
IP address blocks:        147.45.117.0/24 maxlen: 24
                          147.45.118.0/24 maxlen: 24
                          147.45.119.0/24 maxlen: 24
                          147.45.120.0/22 maxlen: 22
                          147.45.205.0/24 maxlen: 24
                          193.233.60.0/24 maxlen: 24
                          193.233.62.0/24 maxlen: 24
                          193.233.124.0/22 maxlen: 22
                          193.233.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 07 Mar 2024 12:16:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:58:c9:dd:2f:f3:4d:32:b0:b2:22:84:d1:09:c5:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 15 10:38:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=410393c2f6c19dd04f06363a2faec0ea285f0628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7e:9e:ee:1d:24:44:3b:06:b1:c9:1c:fb:d1:
                    74:05:62:f0:11:f7:2d:b7:80:1c:c8:af:57:c3:d2:
                    e6:cf:7a:ee:ee:4d:f3:bf:78:a1:c5:0e:0f:93:7c:
                    97:f9:22:9d:02:c4:8a:43:57:36:b0:19:45:15:ca:
                    35:b3:ef:84:a4:e4:2e:16:2b:26:05:bc:cd:9e:a0:
                    6e:16:1d:e9:ea:55:0e:de:9d:4f:ea:ba:56:02:7f:
                    e7:1c:34:74:2c:84:1d:88:85:c8:a7:3d:81:b1:39:
                    6b:a8:20:a1:3c:65:47:4e:fb:93:e5:2e:b9:f2:f2:
                    7e:b0:d3:6f:93:5e:15:ea:ad:71:d7:fb:18:a7:39:
                    9a:50:3f:ee:59:63:c5:29:4d:51:ca:29:02:25:16:
                    ad:03:f6:74:6c:d7:02:97:2a:e8:68:cc:c3:e1:dc:
                    d6:26:da:87:31:91:cc:31:06:05:5c:4b:dc:3b:e6:
                    83:87:c0:12:15:35:91:49:6a:e4:bf:c3:8b:8c:0a:
                    6a:93:92:3c:a8:63:64:eb:0b:28:e0:97:e0:1d:36:
                    38:b7:33:03:d9:8a:ab:cb:39:2a:31:b9:a1:c7:f5:
                    ba:79:f3:7c:3e:e5:6a:00:35:8d:72:54:7a:a0:4a:
                    26:6a:ee:8a:3e:6a:7a:fb:3b:7f:6d:dc:bb:8d:8f:
                    35:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:03:93:C2:F6:C1:9D:D0:4F:06:36:3A:2F:AE:C0:EA:28:5F:06:28
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QQOTwvbBndBPBjY6L67A6ihfBig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.117.0-147.45.123.255
                  147.45.205.0/24
                  193.233.60.0/24
                  193.233.62.0/24
                  193.233.124.0/22
                  193.233.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:89:6d:7a:a4:43:d6:a3:f3:c2:87:d0:4d:4b:d9:90:ac:d9:
         9c:77:65:c4:3e:a8:d0:43:d9:fb:d9:f1:b8:f6:92:3a:14:07:
         12:e3:a9:1c:46:d6:fa:60:c2:bf:23:50:03:77:a4:48:8f:fd:
         52:27:ef:54:83:d0:08:73:7b:e8:11:27:1f:2d:ec:45:dc:49:
         c2:8a:91:8e:0e:1b:da:72:61:89:ed:df:b8:ba:a1:6b:13:21:
         74:c8:da:0c:c7:aa:7c:b5:93:8d:7c:e3:a9:cb:90:6e:e2:40:
         13:3c:8e:dc:11:c0:d8:19:62:8c:87:14:04:c9:e6:f9:31:de:
         d6:fa:e5:7a:47:20:ad:5b:58:f6:d8:8a:bf:6f:f2:b8:a9:a0:
         04:88:46:39:14:b4:d2:da:26:2c:35:7d:f3:b7:cc:31:93:46:
         52:fb:1c:9f:a6:31:6c:b8:52:ef:63:7f:47:18:a2:f0:8d:da:
         7e:18:01:4d:a2:84:c0:05:38:29:a9:98:28:ff:16:b2:ea:28:
         3b:8b:f1:7d:f9:1e:e3:83:03:77:d1:98:ff:16:e3:6a:91:13:
         55:2e:9a:65:55:aa:58:f6:38:98:d0:fb:08:12:a3:1d:64:e2:
         de:24:a7:cc:a8:ae:b8:3d:c5:cf:2f:66:72:2a:65:52:0c:95:
         33:a8:ac:c6
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY2sWMndL/NNMrCyIoTRCcWUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMjE1MTAzODM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTAzOTNjMmY2YzE5ZGQwNGYwNjM2M2EyZmFlYzBlYTI4NWYwNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm36e7h0kRDsGsckc+9F0BWLwEfct
t4AcyK9Xw9Lmz3ru7k3zv3ihxQ4Pk3yX+SKdAsSKQ1c2sBlFFco1s++EpOQuFism
BbzNnqBuFh3p6lUO3p1P6rpWAn/nHDR0LIQdiIXIpz2BsTlrqCChPGVHTvuT5S65
8vJ+sNNvk14V6q1x1/sYpzmaUD/uWWPFKU1RyikCJRatA/Z0bNcClyroaMzD4dzW
JtqHMZHMMQYFXEvcO+aDh8ASFTWRSWrkv8OLjApqk5I8qGNk6wso4JfgHTY4tzMD
2YqryzkqMbmhx/W6efN8PuVqADWNclR6oEomau6KPmp6+zt/bdy7jY81fQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFEEDk8L2wZ3QTwY2Oi+uwOooXwYoMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUVFPVHd2YkJuZEJQQmpZNkw2N0E2aWhmQmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBACTLXUD
BAKTLXgDBACTLc0DBADB6TwDBADB6T4DBALB6XwDBADB6aowDQYJKoZIhvcNAQEL
BQADggEBAJOJbXqkQ9aj88KH0E1L2ZCs2Zx3ZcQ+qNBD2fvZ8bj2kjoUBxLjqRxG
1vpgwr8jUAN3pEiP/VIn71SD0Ahze+gRJx8t7EXcScKKkY4OG9pyYYnt37i6oWsT
IXTI2gzHqny1k41846nLkG7iQBM8jtwRwNgZYoyHFATJ5vkx3tb65XpHIK1bWPbY
ir9v8ripoASIRjkUtNLaJiw1ffO3zDGTRlL7HJ+mMWy4Uu9jf0cYovCN2n4YAU2i
hMAFOCmpmCj/FrLqKDuL8X35HuODA3fRmP8W42qRE1UummVVqlj2OJjQ+wgSox1k
4t4kp8yorrg9xc8vZnIqZVIMlTOorMY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:32 2024 by rpki-client on console-ams.rpki-client.org