Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/QP94gJzN54_UHUGjkFq2kgYqnAg.roa
File:                     QP94gJzN54_UHUGjkFq2kgYqnAg.roa (raw, json)
Hash identifier:          HtqPt4Vi7jEpBsIbS7+c3OA4k1ZtlexRPdIH/1N0baA=
Subject key identifier:   40:FF:78:80:9C:CD:E7:8F:D4:1D:41:A3:90:5A:B6:92:06:2A:9C:08
Certificate issuer:       /CN=5f7da568ad027b9e249c13e223d322769881a29f
Certificate serial:       0185719E6DBECF5C7BE790947A3D8610E464
Authority key identifier: 5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/QP94gJzN54_UHUGjkFq2kgYqnAg.roa
Signing time:             Mon 02 Jan 2023 08:34:46 +0000
ROA not before:           Mon 02 Jan 2023 08:34:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209541
IP address blocks:        147.78.232.0/22 maxlen: 22
                          147.78.233.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:9e:6d:be:cf:5c:7b:e7:90:94:7a:3d:86:10:e4:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f7da568ad027b9e249c13e223d322769881a29f
        Validity
            Not Before: Jan  2 08:34:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40ff78809ccde78fd41d41a3905ab692062a9c08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3d:ec:9c:bf:33:31:89:ce:9e:2e:a8:33:1f:
                    76:0b:27:91:74:c2:54:88:e4:68:f3:dc:0d:08:d6:
                    33:f4:9f:a2:72:b0:8e:3e:7d:03:6d:c2:1a:2a:80:
                    5b:24:59:80:bd:d1:bd:f9:56:db:e8:5f:2e:e2:89:
                    fa:c3:ad:b1:5b:29:d4:2a:88:0e:4a:0a:cc:1c:5d:
                    0c:44:bd:a8:70:b5:d8:7b:e9:39:5d:7c:9e:54:5e:
                    c5:5b:8c:5a:7a:21:79:1d:db:62:b3:1e:ea:8e:d8:
                    4f:2b:36:b9:d9:6c:fa:a5:3e:ba:90:c6:9f:43:d0:
                    d2:58:80:92:6b:6c:65:3f:9e:39:4a:14:77:fc:95:
                    4a:26:0e:16:69:2d:63:81:fb:0e:9d:68:e8:6f:17:
                    64:cb:e4:21:c2:7d:1c:a0:73:48:fa:a6:28:82:e0:
                    dd:e5:a8:85:2c:fd:d5:1d:e8:93:0d:6e:65:b5:a5:
                    ed:1f:c6:f9:08:73:d5:20:d5:e6:3b:3d:e8:ca:d4:
                    ee:7a:a1:fb:19:41:b0:2e:b3:88:d4:2f:81:0b:3e:
                    b4:16:08:39:c1:1f:cf:ce:40:e0:a9:79:e5:a4:5d:
                    57:29:9d:e9:f8:d0:bb:dc:a6:41:6a:7a:0f:97:48:
                    82:e7:cf:a1:8b:a2:10:c2:a8:95:86:aa:59:12:49:
                    75:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:FF:78:80:9C:CD:E7:8F:D4:1D:41:A3:90:5A:B6:92:06:2A:9C:08
            X509v3 Authority Key Identifier:
                keyid:5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/QP94gJzN54_UHUGjkFq2kgYqnAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:ea:2d:0e:a7:2c:84:68:0c:79:3b:3a:4c:1a:25:35:f6:51:
         f9:0f:5f:2e:5c:29:a0:39:d6:01:85:55:d3:96:3a:0c:f6:4a:
         56:c8:d1:d3:c1:67:37:2c:ca:e1:35:3c:db:a0:b5:3c:78:8c:
         5b:f3:72:70:f4:92:f6:f4:cb:75:34:15:1f:15:42:72:9f:50:
         af:36:73:fd:80:13:0f:52:2f:2a:93:83:4d:e0:7a:6f:a1:ac:
         74:5c:01:68:21:1d:d7:31:08:5a:26:3a:ba:98:57:ac:ed:7c:
         fd:ce:f5:aa:2a:de:4f:49:fc:0c:20:d2:b6:45:d3:00:7d:55:
         6d:3f:db:2c:8f:1d:f9:2f:a2:7f:e0:04:f1:b2:03:77:ee:68:
         57:ef:2e:9c:42:18:4c:f2:b6:56:26:a6:ec:bf:65:51:60:4e:
         fe:f9:cb:0e:17:1a:51:f6:d3:33:2d:99:21:fa:2b:7a:c4:0c:
         a3:87:6a:5a:c3:eb:76:a2:74:7b:ad:35:7a:68:95:86:f2:79:
         49:05:ba:c7:b9:b6:a9:bf:d5:c6:24:b5:65:51:89:f0:6f:2c:
         6a:1d:94:5c:0b:49:2b:fc:d7:05:c5:a4:19:24:4e:9e:1d:c3:
         35:b4:bb:e6:6e:e7:42:4a:6e:e2:6b:22:f4:c8:72:f2:fd:7c:
         3a:17:df:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxnm2+z1x755CUej2GEORkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2RhNTY4YWQwMjdiOWUyNDljMTNlMjIzZDMyMjc2OTg4
MWEyOWYwHhcNMjMwMTAyMDgzNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGZmNzg4MDljY2RlNzhmZDQxZDQxYTM5MDVhYjY5MjA2MmE5YzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoj3snL8zMYnOni6oMx92CyeRdMJU
iORo89wNCNYz9J+icrCOPn0DbcIaKoBbJFmAvdG9+Vbb6F8u4on6w62xWynUKogO
SgrMHF0MRL2ocLXYe+k5XXyeVF7FW4xaeiF5Hdtisx7qjthPKza52Wz6pT66kMaf
Q9DSWICSa2xlP545ShR3/JVKJg4WaS1jgfsOnWjobxdky+Qhwn0coHNI+qYoguDd
5aiFLP3VHeiTDW5ltaXtH8b5CHPVINXmOz3oytTueqH7GUGwLrOI1C+BCz60Fgg5
wR/PzkDgqXnlpF1XKZ3p+NC73KZBanoPl0iC58+hi6IQwqiVhqpZEkl1RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFED/eICczeeP1B1Bo5BatpIGKpwIMB8GA1UdIwQY
MBaAFF99pWitAnueJJwT4iPTInaYgaKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUt
Mzc1NzUzOWMyYWM5LzEvUVA5NGdKek41NF9VSFVHamtGcTJrZ1lxbkFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUtMzc1NzUzOWMyYWM5
LzEvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCk07oMA0G
CSqGSIb3DQEBCwUAA4IBAQCg6i0OpyyEaAx5OzpMGiU19lH5D18uXCmgOdYBhVXT
ljoM9kpWyNHTwWc3LMrhNTzboLU8eIxb83Jw9JL29Mt1NBUfFUJyn1CvNnP9gBMP
Ui8qk4NN4Hpvoax0XAFoIR3XMQhaJjq6mFes7Xz9zvWqKt5PSfwMINK2RdMAfVVt
P9ssjx35L6J/4ATxsgN37mhX7y6cQhhM8rZWJqbsv2VRYE7++csOFxpR9tMzLZkh
+it6xAyjh2paw+t2onR7rTV6aJWG8nlJBbrHubapv9XGJLVlUYnwbyxqHZRcC0kr
/NcFxaQZJE6eHcM1tLvmbudCSm7iayL0yHLy/Xw6F99x
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:50 2024 by rpki-client on console-ams.rpki-client.org