Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3QKS4pcSIYsMyE-PfkhZSY-a9-8.roa
File:                     3QKS4pcSIYsMyE-PfkhZSY-a9-8.roa (raw, json)
Hash identifier:          x1HHTTroGf+8LuctOP+pBGeeyxRJas6KBqC61GI0WO0=
Subject key identifier:   DD:02:92:E2:97:12:21:8B:0C:C8:4F:8F:7E:48:59:49:8F:9A:F7:EF
Certificate issuer:       /CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
Certificate serial:       01856C65E53D5AAE5AA18E9C760598220F87
Authority key identifier: DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3QKS4pcSIYsMyE-PfkhZSY-a9-8.roa
Signing time:             Sun 01 Jan 2023 08:14:55 +0000
ROA not before:           Sun 01 Jan 2023 08:14:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58331
IP address blocks:        193.242.195.0/24 maxlen: 24
                          193.242.194.0/24 maxlen: 24
                          185.75.205.0/24 maxlen: 24
                          185.75.206.0/24 maxlen: 24
                          185.75.207.0/24 maxlen: 24
                          2a05:5445::/32 maxlen: 32
                          2a05:5441::/32 maxlen: 32
                          2a05:5444::/32 maxlen: 32
                          2a05:5442::/32 maxlen: 32
                          2a05:5447::/32 maxlen: 32
                          2a05:5446::/32 maxlen: 32
                          2a05:5440::/32 maxlen: 32
                          2a05:5443::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:65:e5:3d:5a:ae:5a:a1:8e:9c:76:05:98:22:0f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
        Validity
            Not Before: Jan  1 08:14:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd0292e29712218b0cc84f8f7e4859498f9af7ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fd:22:35:bf:84:96:66:1d:b5:83:c4:d5:f6:
                    6f:28:77:cc:05:e2:2f:5d:5d:6d:7c:58:c7:4a:28:
                    cd:75:c2:a3:be:fa:75:fb:40:7a:51:fc:a4:bb:5b:
                    21:b2:e0:59:58:7e:fc:d7:51:05:2d:3f:ad:43:72:
                    76:54:17:03:b7:88:37:73:8b:f7:eb:cc:6e:1a:58:
                    c8:dd:7a:79:45:53:32:07:b0:4c:98:c9:ef:c4:e7:
                    9c:61:81:61:86:65:70:08:c3:40:88:50:af:65:f1:
                    5b:d0:94:67:ae:b9:d0:c5:55:00:d9:53:0f:52:27:
                    37:d9:d2:da:1e:f9:01:a9:eb:81:aa:e1:ab:20:30:
                    d1:29:bb:70:86:0f:53:ba:66:14:40:68:48:eb:4d:
                    cb:47:f5:5a:80:da:56:f0:bb:78:d7:d2:5a:9f:4c:
                    f9:94:0f:5b:57:59:fd:9d:8b:1b:58:02:29:51:84:
                    9e:0e:d6:b8:98:57:00:f9:ef:50:fa:ba:93:36:72:
                    91:93:44:fe:e2:f3:51:41:92:6c:57:1c:f4:89:55:
                    20:4d:02:42:d8:70:51:ed:dd:12:5f:55:f6:9d:a3:
                    41:76:25:d9:cf:d8:e1:76:c9:ce:84:28:be:af:f0:
                    e1:b4:29:0e:92:5c:68:3d:49:57:41:65:8f:be:da:
                    33:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:02:92:E2:97:12:21:8B:0C:C8:4F:8F:7E:48:59:49:8F:9A:F7:EF
            X509v3 Authority Key Identifier:
                keyid:DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3QKS4pcSIYsMyE-PfkhZSY-a9-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.205.0-185.75.207.255
                  193.242.194.0/23
                IPv6:
                  2a05:5440::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:49:24:b3:11:e2:35:b1:84:2c:5c:3f:d6:7b:43:8d:9c:7e:
         72:c9:02:ee:9f:f2:9e:1a:ec:ce:e3:f2:73:fd:77:e1:9b:bd:
         86:15:14:a8:94:05:a6:e5:4e:83:ee:3b:6d:ad:bd:78:e1:a8:
         0c:20:44:87:8e:97:e4:c6:53:fd:49:aa:3d:7a:63:e5:80:eb:
         54:1c:aa:97:ab:02:83:8c:9f:6d:6b:80:ec:97:ef:a6:25:cb:
         4b:80:7b:f7:3a:fc:47:06:c6:0b:95:41:84:0c:6c:0c:84:11:
         76:a9:94:9f:fa:49:c6:1e:4d:13:e4:61:71:2d:30:ba:4c:d7:
         2d:bd:e4:1e:fa:69:49:5f:e9:24:e3:49:52:2a:1a:c1:1b:ed:
         60:8a:18:31:d4:fb:27:56:53:3d:e1:d5:99:85:61:83:e4:e8:
         03:c9:a2:95:ca:33:de:01:6f:04:de:16:91:86:88:dc:98:04:
         52:e2:22:19:19:1e:bf:6e:e1:1e:fa:a5:37:08:ed:2f:9d:5b:
         98:b2:f3:2e:e7:77:53:d4:a2:f5:fb:0e:cf:32:2a:94:59:1a:
         54:a2:ee:dd:bb:e2:13:20:9e:1f:59:80:66:a9:d1:ef:fd:f7:
         07:8e:45:bb:23:d4:3f:42:6c:f3:56:ca:c1:ae:a2:49:86:16:
         26:dc:20:4e
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYVsZeU9Wq5aoY6cdgWYIg+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMjdiOTM5OTM0YTJjYzIwNmZmYmE2YmNlOWM5MGZkY2Jh
MzljNzEwHhcNMjMwMTAxMDgxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDAyOTJlMjk3MTIyMThiMGNjODRmOGY3ZTQ4NTk0OThmOWFmN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP0iNb+ElmYdtYPE1fZvKHfMBeIv
XV1tfFjHSijNdcKjvvp1+0B6Ufyku1shsuBZWH7811EFLT+tQ3J2VBcDt4g3c4v3
68xuGljI3Xp5RVMyB7BMmMnvxOecYYFhhmVwCMNAiFCvZfFb0JRnrrnQxVUA2VMP
Uic32dLaHvkBqeuBquGrIDDRKbtwhg9TumYUQGhI603LR/VagNpW8Lt419Jan0z5
lA9bV1n9nYsbWAIpUYSeDta4mFcA+e9Q+rqTNnKRk0T+4vNRQZJsVxz0iVUgTQJC
2HBR7d0SX1X2naNBdiXZz9jhdsnOhCi+r/DhtCkOklxoPUlXQWWPvtozQQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFN0CkuKXEiGLDMhPj35IWUmPmvfvMB8GA1UdIwQY
MBaAFN8nuTmTSizCBv+6a86ckP3Lo5xxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0Njgt
NmVkNTRkM2ZlNGY0LzEvM1FLUzRwY1NJWXNNeUUtUGZraFpTWS1hOS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0NjgtNmVkNTRkM2ZlNGY0
LzEvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAC5S80D
BAS5S8ADBAHB8sIwDQQCAAIwBwMFAyoFVEAwDQYJKoZIhvcNAQELBQADggEBAKBJ
JLMR4jWxhCxcP9Z7Q42cfnLJAu6f8p4a7M7j8nP9d+GbvYYVFKiUBablToPuO22t
vXjhqAwgRIeOl+TGU/1Jqj16Y+WA61QcqperAoOMn21rgOyX76Yly0uAe/c6/EcG
xguVQYQMbAyEEXaplJ/6ScYeTRPkYXEtMLpM1y295B76aUlf6STjSVIqGsEb7WCK
GDHU+ydWUz3h1ZmFYYPk6APJopXKM94BbwTeFpGGiNyYBFLiIhkZHr9u4R76pTcI
7S+dW5iy8y7nd1PUovX7Ds8yKpRZGlSi7t274hMgnh9ZgGap0e/99weORbsj1D9C
bPNWysGuokmGFibcIE4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:47 2024 by rpki-client on console-ams.rpki-client.org