Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/DEiQS3hjwskrzbAdCjmovSvn52I.roa
File:                     DEiQS3hjwskrzbAdCjmovSvn52I.roa (raw, json)
Hash identifier:          lL9NAzie8mGoRtaaIsPsHMR1XjvM4SDN6KnqUVQ3GN0=
Subject key identifier:   0C:48:90:4B:78:63:C2:C9:2B:CD:B0:1D:0A:39:A8:BD:2B:E7:E7:62
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       01856F5DCD4718F74517331B2D14D91E342B
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/DEiQS3hjwskrzbAdCjmovSvn52I.roa
Signing time:             Sun 01 Jan 2023 22:04:55 +0000
ROA not before:           Sun 01 Jan 2023 22:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39855
IP address blocks:        212.124.68.0/22 maxlen: 24
                          212.124.72.0/22 maxlen: 24
                          212.124.76.0/22 maxlen: 24
                          212.124.86.0/24 maxlen: 24
                          212.124.92.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 12 Jan 2023 11:54:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:5d:cd:47:18:f7:45:17:33:1b:2d:14:d9:1e:34:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Jan  1 22:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0c48904b7863c2c92bcdb01d0a39a8bd2be7e762
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d8:0b:47:c9:28:51:75:c5:23:3d:fa:b6:c5:
                    e6:d3:a2:9f:ef:02:99:37:b0:c9:d4:bd:d9:52:de:
                    dc:30:58:e4:cb:ab:c5:8c:1d:e4:1b:e6:e9:b0:00:
                    a3:e7:46:f9:88:df:ef:0c:52:88:a2:6a:79:48:ae:
                    49:39:96:68:6e:80:52:c3:52:56:fd:9b:dd:87:75:
                    49:51:8b:ff:4d:b8:63:1d:f7:c3:b9:f4:d1:75:71:
                    b7:d3:23:a7:92:d8:2a:81:3a:8a:aa:c5:a5:9a:66:
                    2d:1f:4a:7d:90:2d:88:a0:e4:87:31:37:5b:4a:34:
                    89:3d:56:d2:61:bc:8e:12:54:1c:3c:29:ac:e2:22:
                    1e:4e:d8:1e:72:0c:a3:bb:c4:8b:04:e0:8b:02:eb:
                    c2:e0:89:46:bb:cd:56:48:86:dd:8a:3d:b0:27:6d:
                    00:9b:37:a6:62:93:1a:8c:d9:13:de:79:23:73:4a:
                    0e:fc:d3:31:1e:95:a4:9b:e9:60:91:6e:6f:84:7c:
                    e4:99:69:1d:10:bd:19:a3:2f:4d:dc:db:51:3b:79:
                    8b:b7:46:18:7a:68:cc:6f:2d:e5:2c:d4:a0:f0:58:
                    aa:2a:b0:94:a1:98:a3:0b:f1:29:a0:53:4b:37:8c:
                    90:e5:9b:2d:5c:6e:d7:54:d5:aa:dd:99:ef:28:07:
                    5c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:48:90:4B:78:63:C2:C9:2B:CD:B0:1D:0A:39:A8:BD:2B:E7:E7:62
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/DEiQS3hjwskrzbAdCjmovSvn52I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.68.0-212.124.79.255
                  212.124.86.0/24
                  212.124.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:ed:24:99:4e:0e:67:07:02:18:76:f7:d6:65:0f:b4:f9:47:
         a8:f8:3d:e7:c4:aa:b3:75:3b:0a:2b:5e:7c:be:31:9e:ec:61:
         c0:eb:9f:44:31:68:47:62:32:fc:ab:1e:42:b1:84:3b:c3:a1:
         84:0f:9e:da:66:92:39:70:a4:ed:d8:90:26:f0:2a:e8:74:e3:
         f2:81:c6:9e:f3:35:c6:7d:08:41:e5:6d:74:39:32:05:96:21:
         99:8f:bf:b1:e9:d1:7e:7b:7c:34:3e:ee:0d:46:78:0f:24:b9:
         8c:99:e1:b1:a0:14:c8:57:97:aa:23:38:05:7b:c5:2f:cf:e8:
         bd:b0:d0:1e:32:c5:a3:f1:1f:f9:54:39:e0:26:82:68:90:ec:
         5c:46:bc:5c:31:c3:d1:22:3c:eb:b2:80:93:a4:78:98:f4:bb:
         5a:94:a4:31:74:ed:e7:1f:15:47:f0:90:b1:5c:71:20:37:bb:
         44:81:d4:ae:8d:15:73:01:2e:50:f2:2d:02:52:0a:ef:c2:68:
         14:22:bc:b0:1a:e5:61:0a:7a:d2:0b:50:7f:42:49:e9:1c:6f:
         1d:88:7d:9d:e2:14:72:e5:68:3f:cb:a1:37:87:dd:55:61:2b:
         fc:0b:e4:8a:90:24:50:64:ef:e6:bd:de:e0:b9:a0:1d:6e:61:
         ce:bb:52:eb
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVvXc1HGPdFFzMbLRTZHjQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjMwMTAxMjIwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQ4OTA0Yjc4NjNjMmM5MmJjZGIwMWQwYTM5YThiZDJiZTdlNzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9gLR8koUXXFIz36tsXm06Kf7wKZ
N7DJ1L3ZUt7cMFjky6vFjB3kG+bpsACj50b5iN/vDFKIomp5SK5JOZZoboBSw1JW
/Zvdh3VJUYv/TbhjHffDufTRdXG30yOnktgqgTqKqsWlmmYtH0p9kC2IoOSHMTdb
SjSJPVbSYbyOElQcPCms4iIeTtgecgyju8SLBOCLAuvC4IlGu81WSIbdij2wJ20A
mzemYpMajNkT3nkjc0oO/NMxHpWkm+lgkW5vhHzkmWkdEL0Zoy9N3NtRO3mLt0YY
emjMby3lLNSg8FiqKrCUoZijC/EpoFNLN4yQ5ZstXG7XVNWq3ZnvKAdcJwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAxIkEt4Y8LJK82wHQo5qL0r5+diMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvREVpUVMzaGp3c2tyemJBZENqbW92U3ZuNTJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBALUfEQD
BATUfEADBADUfFYDBADUfFwwDQYJKoZIhvcNAQELBQADggEBAFHtJJlODmcHAhh2
99ZlD7T5R6j4PefEqrN1OworXny+MZ7sYcDrn0QxaEdiMvyrHkKxhDvDoYQPntpm
kjlwpO3YkCbwKuh04/KBxp7zNcZ9CEHlbXQ5MgWWIZmPv7Hp0X57fDQ+7g1GeA8k
uYyZ4bGgFMhXl6ojOAV7xS/P6L2w0B4yxaPxH/lUOeAmgmiQ7FxGvFwxw9EiPOuy
gJOkeJj0u1qUpDF07ecfFUfwkLFccSA3u0SB1K6NFXMBLlDyLQJSCu/CaBQivLAa
5WEKetILUH9CSekcbx2IfZ3iFHLlaD/LoTeH3VVhK/wL5IqQJFBk7+a93uC5oB1u
Yc67Uus=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:48 2024 by rpki-client on console-fra.rpki-client.org