Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/QdlUplVUfinPTbT2OAX0sPwX3EA.roa
File:                     QdlUplVUfinPTbT2OAX0sPwX3EA.roa (raw, json)
Hash identifier:          PTrOw77SGCku+YmCUq+CDc6SAVsSJF1TQHM5qOjHwIs=
Subject key identifier:   41:D9:54:A6:55:54:7E:29:CF:4D:B4:F6:38:05:F4:B0:FC:17:DC:40
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018E2C8B4B990CBEEB7BA6677510B72A42D2
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/QdlUplVUfinPTbT2OAX0sPwX3EA.roa
Signing time:             Mon 11 Mar 2024 08:05:10 +0000
ROA not before:           Mon 11 Mar 2024 08:05:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        45.85.247.0/24 maxlen: 24
                          62.68.64.0/24 maxlen: 24
                          91.229.5.0/24 maxlen: 24
                          185.198.155.0/24 maxlen: 24
                          193.110.161.0/24 maxlen: 24
                          193.201.202.0/24 maxlen: 24
                          194.55.128.0/24 maxlen: 24
                          195.60.170.0/24 maxlen: 24
                          195.64.107.0/24 maxlen: 24
                          195.64.113.0/24 maxlen: 24
                          217.8.116.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 21 Aug 2024 17:26:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2c:8b:4b:99:0c:be:eb:7b:a6:67:75:10:b7:2a:42:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Mar 11 08:05:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41d954a655547e29cf4db4f63805f4b0fc17dc40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:21:4a:93:bc:9d:b7:c9:e2:c2:89:02:86:d8:
                    bd:93:f6:a3:a1:97:de:04:cd:7b:d3:ab:52:8d:fb:
                    fe:15:6d:82:bd:19:a6:f1:79:88:ef:87:f8:92:32:
                    68:2d:89:8a:02:c9:ee:c0:30:e6:b6:6f:e5:b9:e3:
                    ba:2f:56:ed:17:bd:e6:71:a9:e6:c8:2e:a7:98:8e:
                    bb:57:93:11:28:e1:86:a8:c6:58:d4:39:32:5c:a9:
                    ec:dd:d1:c2:47:52:c2:dc:aa:2e:f5:47:bf:cf:75:
                    e5:c4:a9:f4:e4:2e:37:e8:59:c9:40:50:16:7c:2b:
                    aa:17:0d:a0:a3:3f:b8:8a:59:37:c7:1f:e5:1c:57:
                    11:b9:8c:bf:99:e0:0c:a2:8f:3e:83:db:ec:23:80:
                    1a:f5:de:be:f9:7d:34:5c:a4:f5:c0:93:a8:b0:36:
                    3d:8d:35:d9:0f:f0:da:75:b9:73:66:ef:20:56:ee:
                    09:70:58:5e:8b:5f:48:0e:cf:56:4d:ba:79:f8:07:
                    f2:11:b5:9d:fa:c0:74:12:f6:52:db:a6:4a:47:4f:
                    1b:87:91:f7:de:cd:11:5f:86:64:79:00:0a:5b:5a:
                    8d:dc:c8:b0:58:60:90:39:10:e7:dc:0c:11:ee:c5:
                    12:81:07:b1:2b:c5:f0:57:7a:dc:b6:7b:93:45:b9:
                    0f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D9:54:A6:55:54:7E:29:CF:4D:B4:F6:38:05:F4:B0:FC:17:DC:40
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/QdlUplVUfinPTbT2OAX0sPwX3EA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.247.0/24
                  62.68.64.0/24
                  91.229.5.0/24
                  185.198.155.0/24
                  193.110.161.0/24
                  193.201.202.0/24
                  194.55.128.0/24
                  195.60.170.0/24
                  195.64.107.0/24
                  195.64.113.0/24
                  217.8.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:7c:f1:98:af:4c:2a:17:8d:08:a8:32:73:54:30:31:36:83:
         ab:2b:ac:9a:26:19:8e:73:34:7f:97:56:58:7b:e9:b6:68:35:
         af:7f:8f:95:61:f7:59:a0:13:44:76:58:92:74:13:d4:4b:be:
         48:bc:fc:d9:5c:8c:8d:86:7f:15:5f:a4:2c:86:41:8e:f7:53:
         8d:d0:85:04:94:28:0c:c6:e2:ce:75:2d:1c:5d:0a:e4:60:66:
         1f:2b:1d:4e:94:12:2c:91:1b:a6:3e:0e:75:ff:a5:fd:90:0b:
         4d:65:7e:00:29:81:dc:b0:df:95:c3:0f:0e:b8:d0:d7:23:67:
         24:10:a5:da:30:40:b7:c5:7c:c6:34:59:c6:7a:11:31:7b:dd:
         b2:9b:0c:b6:38:23:ad:72:37:19:45:24:91:30:57:7a:66:a7:
         3b:15:12:21:84:f3:38:d9:b2:8c:4c:89:f2:a5:b5:50:3d:ef:
         b4:f6:43:98:1b:fe:ea:78:77:0e:73:bd:9d:dc:0b:df:8d:d8:
         c1:78:09:69:5a:ae:80:0b:0d:95:d8:90:40:2f:30:ed:f0:82:
         f5:e0:0c:5e:f7:1e:98:2c:0a:af:ea:3c:b0:16:c1:80:a6:e0:
         ff:38:1f:46:21:21:72:c1:e5:8c:63:e4:6f:3f:79:19:89:f6:
         2a:42:28:61
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY4si0uZDL7re6ZndRC3KkLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMzExMDgwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ5NTRhNjU1NTQ3ZTI5Y2Y0ZGI0ZjYzODA1ZjRiMGZjMTdkYzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSFKk7ydt8niwokChti9k/ajoZfe
BM1706tSjfv+FW2CvRmm8XmI74f4kjJoLYmKAsnuwDDmtm/lueO6L1btF73mcanm
yC6nmI67V5MRKOGGqMZY1DkyXKns3dHCR1LC3Kou9Ue/z3XlxKn05C436FnJQFAW
fCuqFw2goz+4ilk3xx/lHFcRuYy/meAMoo8+g9vsI4Aa9d6++X00XKT1wJOosDY9
jTXZD/DadblzZu8gVu4JcFhei19IDs9WTbp5+AfyEbWd+sB0EvZS26ZKR08bh5H3
3s0RX4ZkeQAKW1qN3MiwWGCQORDn3AwR7sUSgQexK8XwV3rctnuTRbkPMwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEHZVKZVVH4pz0209jgF9LD8F9xAMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvUWRsVXBsVlVmaW5QVGJUMk9BWDBzUHdYM0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALVX3AwQA
PkRAAwQAW+UFAwQAucabAwQAwW6hAwQAwcnKAwQAwjeAAwQAwzyqAwQAw0BrAwQA
w0BxAwQA2Qh0MA0GCSqGSIb3DQEBCwUAA4IBAQAlfPGYr0wqF40IqDJzVDAxNoOr
K6yaJhmOczR/l1ZYe+m2aDWvf4+VYfdZoBNEdliSdBPUS75IvPzZXIyNhn8VX6Qs
hkGO91ON0IUElCgMxuLOdS0cXQrkYGYfKx1OlBIskRumPg51/6X9kAtNZX4AKYHc
sN+Vww8OuNDXI2ckEKXaMEC3xXzGNFnGehExe92ymwy2OCOtcjcZRSSRMFd6Zqc7
FRIhhPM42bKMTInypbVQPe+09kOYG/7qeHcOc72d3AvfjdjBeAlpWq6ACw2V2JBA
LzDt8IL14Axe9x6YLAqv6jywFsGApuD/OB9GISFyweWMY+RvP3kZifYqQihh
-----END CERTIFICATE-----
Generated at Wed Aug 21 23:31:40 2024 by rpki-client on console-ams.rpki-client.org