Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QM2LtCLvY9wpvQBeq_GezmUBPHY.roa
File:                     QM2LtCLvY9wpvQBeq_GezmUBPHY.roa (raw, json)
Hash identifier:          eXMwFxeGM8CNkVDhlhp/WAfSw/STWYgVW76ztxDpjqE=
Subject key identifier:   40:CD:8B:B4:22:EF:63:DC:29:BD:00:5E:AB:F1:9E:CE:65:01:3C:76
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01870ECFB795193FFFFE98A69ED567D0BBE0
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QM2LtCLvY9wpvQBeq_GezmUBPHY.roa
Signing time:             Thu 23 Mar 2023 14:11:46 +0000
ROA not before:           Thu 23 Mar 2023 14:11:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16125
IP address blocks:        84.32.57.0/24 maxlen: 24
                          84.32.176.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          84.32.215.0/24 maxlen: 24
                          84.32.214.0/24 maxlen: 24
                          88.216.129.0/24 maxlen: 24
                          88.216.236.0/22 maxlen: 24
                          84.32.24.0/24 maxlen: 24
                          88.216.134.0/23 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          84.32.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 06:30:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0e:cf:b7:95:19:3f:ff:fe:98:a6:9e:d5:67:d0:bb:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 23 14:11:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40cd8bb422ef63dc29bd005eabf19ece65013c76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:23:39:14:70:6c:7c:36:5e:17:87:7c:9a:b3:
                    0c:6b:0b:96:2d:06:51:ae:db:ac:5a:95:42:41:d5:
                    74:3f:97:06:95:ac:8e:8a:28:6a:51:32:fb:fe:84:
                    de:70:9d:cf:5f:e3:3c:0e:09:d5:90:10:f5:3a:f9:
                    1b:5c:bb:a0:b8:b9:e3:a6:7b:fd:67:86:2c:2e:55:
                    96:10:f8:40:51:77:8d:02:22:c8:ae:e2:22:8a:58:
                    2f:3d:d4:b0:03:23:22:bc:ce:df:a7:19:ba:96:5d:
                    50:09:9f:14:ef:af:d7:80:e5:1f:a1:bc:37:ad:aa:
                    b1:c6:45:83:35:ad:6f:b8:a5:40:17:d9:d9:c1:cc:
                    b5:d4:ae:cb:f3:db:15:57:33:6c:7c:53:bb:ae:5d:
                    59:3a:a8:c3:33:f0:19:c4:97:61:e3:c1:c2:84:9e:
                    dc:33:32:b2:f5:ae:62:aa:42:a2:02:6d:59:3c:1d:
                    ee:3b:b0:f7:83:e4:a3:1e:57:54:a3:2c:07:34:29:
                    e0:aa:dc:70:e2:f9:6a:4b:e9:b1:5b:79:97:81:de:
                    7f:8a:d5:8b:28:1e:dd:fc:4d:bb:1e:2e:d3:6d:8d:
                    0d:f6:b9:de:b2:42:0e:2a:ef:ce:ff:a0:1e:2b:e2:
                    58:76:40:81:6a:9b:5f:b5:25:3f:3c:00:2c:e0:15:
                    0e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CD:8B:B4:22:EF:63:DC:29:BD:00:5E:AB:F1:9E:CE:65:01:3C:76
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QM2LtCLvY9wpvQBeq_GezmUBPHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/24
                  84.32.57.0/24
                  84.32.176.0/24
                  84.32.214.0/23
                  84.32.248.0/24
                  88.216.32.0/24
                  88.216.129.0/24
                  88.216.134.0/23
                  88.216.186.0/24
                  88.216.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:32:ee:a8:54:0a:50:df:d8:6a:bf:f6:7c:05:8b:48:c9:dc:
         6f:1b:7a:6a:5f:06:7c:f0:73:27:ca:a1:cc:c1:93:51:e1:b1:
         f4:68:c5:31:ab:b7:e2:f1:51:c6:e3:30:18:78:a2:29:19:08:
         75:cf:73:d2:d0:95:d4:0c:4a:41:00:d2:71:d6:00:4a:84:88:
         04:7e:a1:54:b7:4c:a3:c4:6b:42:ff:cd:e5:cc:59:36:85:ad:
         c0:74:ae:ba:2e:7a:4c:d3:35:3b:b4:22:f6:44:19:d2:c3:15:
         60:15:3e:74:88:74:7b:ab:67:7b:c4:5e:5d:4c:4f:7c:bd:eb:
         bc:79:86:3c:7f:a9:ed:28:5a:e4:d4:ca:3a:75:d4:ba:7e:08:
         ab:c9:65:de:8a:f1:86:4a:c3:7b:3b:93:65:ca:7e:75:f6:51:
         d8:00:a1:db:90:9b:bc:78:22:39:d8:95:d6:50:8c:7e:66:cd:
         8d:2c:f3:d2:4c:29:b1:5f:53:3e:67:6e:19:97:fb:0f:1d:ea:
         9b:68:aa:f0:b6:5b:58:c4:8e:69:86:0e:29:a7:41:a9:9e:72:
         0c:be:f1:78:3c:c2:1d:8f:03:c8:f6:3d:41:03:2c:60:d9:aa:
         0c:bc:74:a1:37:c7:4c:94:93:40:5b:7a:db:4f:5d:cf:3e:e5:
         a0:f5:10:4a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYcOz7eVGT///pimntVn0LvgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMzIzMTQxMTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGNkOGJiNDIyZWY2M2RjMjliZDAwNWVhYmYxOWVjZTY1MDEzYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSM5FHBsfDZeF4d8mrMMawuWLQZR
rtusWpVCQdV0P5cGlayOiihqUTL7/oTecJ3PX+M8DgnVkBD1OvkbXLuguLnjpnv9
Z4YsLlWWEPhAUXeNAiLIruIiilgvPdSwAyMivM7fpxm6ll1QCZ8U76/XgOUfobw3
raqxxkWDNa1vuKVAF9nZwcy11K7L89sVVzNsfFO7rl1ZOqjDM/AZxJdh48HChJ7c
MzKy9a5iqkKiAm1ZPB3uO7D3g+SjHldUoywHNCngqtxw4vlqS+mxW3mXgd5/itWL
KB7d/E27Hi7TbY0N9rneskIOKu/O/6AeK+JYdkCBaptftSU/PAAs4BUOOQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFEDNi7Qi72PcKb0AXqvxns5lATx2MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUU0yTHRDTHZZOXdwdlFCZXFfR2V6bVVCUEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVCAYAwQA
VCA5AwQAVCCwAwQBVCDWAwQAVCD4AwQAWNggAwQAWNiBAwQBWNiGAwQAWNi6AwQC
WNjsMA0GCSqGSIb3DQEBCwUAA4IBAQAWMu6oVApQ39hqv/Z8BYtIydxvG3pqXwZ8
8HMnyqHMwZNR4bH0aMUxq7fi8VHG4zAYeKIpGQh1z3PS0JXUDEpBANJx1gBKhIgE
fqFUt0yjxGtC/83lzFk2ha3AdK66LnpM0zU7tCL2RBnSwxVgFT50iHR7q2d7xF5d
TE98veu8eYY8f6ntKFrk1Mo6ddS6fgiryWXeivGGSsN7O5Nlyn519lHYAKHbkJu8
eCI52JXWUIx+Zs2NLPPSTCmxX1M+Z24Zl/sPHeqbaKrwtltYxI5phg4pp0GpnnIM
vvF4PMIdjwPI9j1BAyxg2aoMvHShN8dMlJNAW3rbT13PPuWg9RBK
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:27 2024 by rpki-client on console-ams.rpki-client.org