Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/QBY7xLj4tuxRyXGVMeKGDxyYYpA.roa
File:                     QBY7xLj4tuxRyXGVMeKGDxyYYpA.roa (raw, json)
Hash identifier:          k6FbC7ZxVAxZjgH7GwIwZdfcT/BkSii8OurDR5pMY8g=
Subject key identifier:   40:16:3B:C4:B8:F8:B6:EC:51:C9:71:95:31:E2:86:0F:1C:98:62:90
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       01870DC8F7345DB40FDB804D088A1E388B42
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/QBY7xLj4tuxRyXGVMeKGDxyYYpA.roa
Signing time:             Thu 23 Mar 2023 09:24:46 +0000
ROA not before:           Thu 23 Mar 2023 09:24:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        5.105.230.0/24 maxlen: 24
                          5.105.19.0/24 maxlen: 24
                          5.105.24.0/24 maxlen: 24
                          5.105.25.0/24 maxlen: 24
                          5.105.33.0/24 maxlen: 24
                          5.105.40.0/24 maxlen: 24
                          5.105.43.0/24 maxlen: 24
                          5.105.50.0/24 maxlen: 24
                          5.105.57.0/24 maxlen: 24
                          5.105.65.0/24 maxlen: 24
                          5.105.81.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 23 Mar 2023 12:28:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0d:c8:f7:34:5d:b4:0f:db:80:4d:08:8a:1e:38:8b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Mar 23 09:24:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40163bc4b8f8b6ec51c9719531e2860f1c986290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:0c:41:b8:84:ac:0a:40:d4:ec:3e:7e:0c:35:
                    00:c7:a4:12:db:28:46:b2:f1:95:5c:08:3f:e4:0e:
                    2d:dd:1b:dc:7d:ba:52:a7:8b:0d:fb:1f:1d:72:d6:
                    be:75:23:2c:0f:3f:ca:93:e6:a7:57:c1:2a:a7:99:
                    f8:fb:e3:36:37:ff:52:88:eb:41:0b:a3:d7:9b:5b:
                    67:93:99:75:c5:df:27:7d:3a:9a:d0:e5:be:4b:2b:
                    ff:57:41:f2:28:a6:13:00:c8:28:28:0d:bb:80:e5:
                    ed:dd:98:15:ac:bc:32:58:e4:a6:d3:f1:66:90:80:
                    75:c4:e3:de:b4:96:1c:58:86:51:67:0c:7e:5b:f7:
                    79:1e:76:07:d6:6d:b3:cc:34:aa:cd:c8:72:d1:af:
                    f1:03:9a:4f:bb:cb:2e:99:99:30:e3:9a:74:9d:bb:
                    8d:6b:b6:26:15:e0:d7:a7:d3:ce:c6:9c:9d:61:85:
                    7f:99:e4:84:57:71:52:87:0c:23:d0:de:77:db:e4:
                    7e:d3:b7:b5:b2:66:d4:42:f0:3d:9b:d1:c1:3e:eb:
                    01:15:59:78:22:87:d6:24:e2:71:91:64:1c:ed:af:
                    d7:e4:80:ad:c6:50:12:33:c3:af:92:41:12:a3:b8:
                    19:e6:04:82:28:42:ea:f5:77:b9:8e:89:0d:0e:fa:
                    b4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:16:3B:C4:B8:F8:B6:EC:51:C9:71:95:31:E2:86:0F:1C:98:62:90
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/QBY7xLj4tuxRyXGVMeKGDxyYYpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.19.0/24
                  5.105.24.0/23
                  5.105.33.0/24
                  5.105.40.0/24
                  5.105.43.0/24
                  5.105.50.0/24
                  5.105.57.0/24
                  5.105.65.0/24
                  5.105.81.0/24
                  5.105.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:c4:6a:72:a0:12:49:58:a5:c6:e1:9f:f9:7e:8f:42:8b:7e:
         4e:a0:d0:c1:1d:ae:4a:56:84:f8:f1:a2:d3:35:57:eb:5a:85:
         a4:1b:b7:c9:7f:f4:2b:e4:f5:bf:55:99:a9:e2:69:22:2e:d9:
         5c:01:b7:0f:5b:40:ff:92:59:28:e5:a4:93:66:84:46:c1:6f:
         ac:48:39:81:e9:58:ea:45:44:00:e3:55:eb:3b:92:90:88:1e:
         aa:05:51:93:28:eb:a4:bc:69:14:9a:83:90:1a:42:5e:fb:f9:
         91:a5:a5:9b:d9:ed:b9:c5:b7:49:9d:7f:d8:cd:09:a1:9a:53:
         61:8e:96:b6:9a:ea:11:2f:75:39:ed:25:31:0b:97:e8:3a:bf:
         36:d3:31:91:f3:2b:7d:5e:93:7d:09:15:51:ee:71:c0:9b:76:
         90:68:4a:9a:49:2e:39:1f:a2:91:51:4b:93:f7:e3:d8:db:38:
         a7:d3:b4:7c:0a:32:b3:27:08:fc:48:44:eb:f1:13:ec:e7:29:
         f7:7d:8d:82:66:bd:10:af:bc:01:a9:09:17:f6:52:dd:77:98:
         66:7e:99:e2:a5:42:c2:e6:17:6d:1a:fd:95:e0:15:59:5d:ee:
         5e:d2:2e:db:be:9f:09:be:46:0b:b3:cd:eb:10:38:2f:bd:8b:
         f7:51:aa:f8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYcNyPc0XbQP24BNCIoeOItCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMzIzMDkyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDE2M2JjNGI4ZjhiNmVjNTFjOTcxOTUzMWUyODYwZjFjOTg2MjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAxBuISsCkDU7D5+DDUAx6QS2yhG
svGVXAg/5A4t3RvcfbpSp4sN+x8dcta+dSMsDz/Kk+anV8Eqp5n4++M2N/9SiOtB
C6PXm1tnk5l1xd8nfTqa0OW+Syv/V0HyKKYTAMgoKA27gOXt3ZgVrLwyWOSm0/Fm
kIB1xOPetJYcWIZRZwx+W/d5HnYH1m2zzDSqzchy0a/xA5pPu8sumZkw45p0nbuN
a7YmFeDXp9POxpydYYV/meSEV3FShwwj0N532+R+07e1smbUQvA9m9HBPusBFVl4
IofWJOJxkWQc7a/X5ICtxlASM8OvkkESo7gZ5gSCKELq9Xe5jokNDvq0TQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFEAWO8S4+LbsUclxlTHihg8cmGKQMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvUUJZN3hMajR0dXhSeVhHVk1lS0dEeHlZWXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABWkTAwQB
BWkYAwQABWkhAwQABWkoAwQABWkrAwQABWkyAwQABWk5AwQABWlBAwQABWlRAwQA
BWnmMA0GCSqGSIb3DQEBCwUAA4IBAQC/xGpyoBJJWKXG4Z/5fo9Ci35OoNDBHa5K
VoT48aLTNVfrWoWkG7fJf/Qr5PW/VZmp4mkiLtlcAbcPW0D/klko5aSTZoRGwW+s
SDmB6VjqRUQA41XrO5KQiB6qBVGTKOukvGkUmoOQGkJe+/mRpaWb2e25xbdJnX/Y
zQmhmlNhjpa2muoRL3U57SUxC5foOr820zGR8yt9XpN9CRVR7nHAm3aQaEqaSS45
H6KRUUuT9+PY2zin07R8CjKzJwj8SETr8RPs5yn3fY2CZr0Qr7wBqQkX9lLdd5hm
fpnipULC5hdtGv2V4BVZXe5e0i7bvp8JvkYLs83rEDgvvYv3Uar4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:27 2024 by rpki-client on console-fra.rpki-client.org