Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Qzn-irVgSPNsYBThkRix2BmLdoQ.roa
File:                     Qzn-irVgSPNsYBThkRix2BmLdoQ.roa (raw, json)
Hash identifier:          ou+V9obaMrnCSF2xbgUhdMN7uy8Z6VFwNekScseBSnw=
Subject key identifier:   43:39:FE:8A:B5:60:48:F3:6C:60:14:E1:91:18:B1:D8:19:8B:76:84
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018EA51698B04FC2249D5E85ED83C82D38CC
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Qzn-irVgSPNsYBThkRix2BmLdoQ.roa
Signing time:             Wed 03 Apr 2024 17:51:45 +0000
ROA not before:           Wed 03 Apr 2024 17:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     265770
IP address blocks:        5.253.228.0/22 maxlen: 22
                          45.15.244.0/22 maxlen: 22
                          45.91.84.0/22 maxlen: 22
                          45.128.20.0/22 maxlen: 22
                          45.151.196.0/22 maxlen: 22
                          89.32.126.0/24 maxlen: 24
                          89.40.35.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 30 May 2024 15:50:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a5:16:98:b0:4f:c2:24:9d:5e:85:ed:83:c8:2d:38:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Apr  3 17:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4339fe8ab56048f36c6014e19118b1d8198b7684
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e0:d3:25:4c:01:a6:e6:07:89:60:61:c3:08:
                    bf:3a:70:a4:7d:5f:01:3a:a2:1b:d4:bd:80:84:e7:
                    1c:2a:56:59:bb:f2:e0:7f:3c:02:40:95:2b:c5:f6:
                    ab:de:a9:e4:4d:30:81:16:ae:27:46:91:ae:a6:e9:
                    73:2a:be:e1:a2:ee:80:f5:02:11:9f:3e:5e:5a:c2:
                    a6:b1:ff:22:0c:53:bb:e6:d8:17:8c:1e:5a:bd:11:
                    71:1a:20:f2:70:e6:ad:64:88:b8:f2:2b:92:8d:cb:
                    a9:c5:13:ec:ec:5a:5c:05:c5:d4:94:17:ac:91:a0:
                    dc:38:53:2f:8e:fe:9d:84:89:3a:ff:11:55:ce:12:
                    af:39:41:03:ec:80:c7:fa:7e:b0:6f:e8:7b:1c:f8:
                    f6:98:3a:19:28:2f:1e:36:5f:45:e5:4c:a1:3e:ac:
                    ce:84:e6:fc:80:22:ef:ab:12:d1:9b:ce:70:f1:16:
                    1f:e1:50:77:45:c5:ab:6f:b5:c1:54:f7:00:da:4a:
                    70:f9:04:72:ec:7d:4f:af:78:e2:11:b3:57:f1:37:
                    82:d1:6c:32:36:3d:23:aa:35:31:5d:32:d9:f8:1a:
                    ee:af:a8:9a:ea:9e:04:f8:f6:8b:a1:c1:99:88:12:
                    b2:db:a5:f3:cd:fe:1d:ed:db:3b:73:0b:1f:cc:08:
                    dd:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:39:FE:8A:B5:60:48:F3:6C:60:14:E1:91:18:B1:D8:19:8B:76:84
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Qzn-irVgSPNsYBThkRix2BmLdoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.228.0/22
                  45.15.244.0/22
                  45.91.84.0/22
                  45.128.20.0/22
                  45.151.196.0/22
                  89.32.126.0/24
                  89.40.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:28:9c:6a:b9:22:7e:54:3e:cc:1b:88:a2:86:cc:82:83:f5:
         3d:01:10:9e:91:f5:c4:08:0a:90:58:c2:6a:6a:c7:62:d1:aa:
         e6:a5:f8:0a:64:5d:01:08:10:ac:df:cf:83:6f:d8:9c:ee:1c:
         3b:b8:f2:09:57:32:8c:3c:4a:02:84:33:ed:f4:42:fa:d1:c8:
         72:f6:cb:1a:0e:c2:cf:26:b2:e7:6a:16:8b:c1:9c:b2:9a:e6:
         73:c1:fe:61:25:4f:da:b0:4a:77:82:fb:4e:e3:b3:32:0a:83:
         0f:5b:04:d7:55:62:ca:42:a1:9c:69:13:61:2b:f5:59:25:a9:
         71:f2:cd:ae:e6:cb:e0:eb:83:88:ba:04:87:a6:b4:44:e4:25:
         40:52:05:f6:ad:9e:52:85:ff:fd:5c:b9:0f:7b:f1:0a:ef:8e:
         cc:66:dc:54:90:5d:8a:aa:64:e8:c6:5f:2c:d7:a7:d2:7d:33:
         43:fc:64:bd:12:ee:e8:83:6c:5c:c2:8f:04:0f:25:c6:c3:cc:
         c7:32:9d:24:12:e0:ea:b1:98:d3:15:17:8e:9c:f1:4e:c9:96:
         af:5b:19:54:1d:ca:9a:94:e5:fe:32:a7:9a:0e:b6:57:88:7e:
         53:79:ea:58:27:b4:ca:97:15:c4:60:9f:0f:33:a8:00:69:ce:
         a7:de:e5:e1
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY6lFpiwT8IknV6F7YPILTjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNDAzMTc1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM5ZmU4YWI1NjA0OGYzNmM2MDE0ZTE5MTE4YjFkODE5OGI3Njg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+DTJUwBpuYHiWBhwwi/OnCkfV8B
OqIb1L2AhOccKlZZu/LgfzwCQJUrxfar3qnkTTCBFq4nRpGupulzKr7hou6A9QIR
nz5eWsKmsf8iDFO75tgXjB5avRFxGiDycOatZIi48iuSjcupxRPs7FpcBcXUlBes
kaDcOFMvjv6dhIk6/xFVzhKvOUED7IDH+n6wb+h7HPj2mDoZKC8eNl9F5UyhPqzO
hOb8gCLvqxLRm85w8RYf4VB3RcWrb7XBVPcA2kpw+QRy7H1Pr3jiEbNX8TeC0Wwy
Nj0jqjUxXTLZ+Brur6ia6p4E+PaLocGZiBKy26Xzzf4d7ds7cwsfzAjdJQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEM5/oq1YEjzbGAU4ZEYsdgZi3aEMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUXpuLWlyVmdTUE5zWUJUaGtSaXgyQm1MZG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCBf3kAwQC
LQ/0AwQCLVtUAwQCLYAUAwQCLZfEAwQAWSB+AwQAWSgjMA0GCSqGSIb3DQEBCwUA
A4IBAQCeKJxquSJ+VD7MG4iihsyCg/U9ARCekfXECAqQWMJqasdi0armpfgKZF0B
CBCs38+Db9ic7hw7uPIJVzKMPEoChDPt9EL60chy9ssaDsLPJrLnahaLwZyymuZz
wf5hJU/asEp3gvtO47MyCoMPWwTXVWLKQqGcaRNhK/VZJalx8s2u5svg64OIugSH
prRE5CVAUgX2rZ5Shf/9XLkPe/EK747MZtxUkF2KqmToxl8s16fSfTND/GS9Eu7o
g2xcwo8EDyXGw8zHMp0kEuDqsZjTFReOnPFOyZavWxlUHcqalOX+MqeaDrZXiH5T
eepYJ7TKlxXEYJ8PM6gAac6n3uXh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org