Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QSDpHtdiOCpeEzDFjrmN6a22S1U.roa
File:                     QSDpHtdiOCpeEzDFjrmN6a22S1U.roa (raw, json)
Hash identifier:          P+AI6uqF2YUX92si4SYacHCQS7vmlQtIIH3Up87Hjmo=
Subject key identifier:   41:20:E9:1E:D7:62:38:2A:5E:13:30:C5:8E:B9:8D:E9:AD:B6:4B:55
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01891BCDAC6334BE67B71017014477FA1FB4
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QSDpHtdiOCpeEzDFjrmN6a22S1U.roa
Signing time:             Mon 03 Jul 2023 12:50:11 +0000
ROA not before:           Mon 03 Jul 2023 12:50:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        84.32.63.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          88.216.208.0/24 maxlen: 24
                          84.32.217.0/24 maxlen: 24
                          84.32.218.0/24 maxlen: 24
                          84.32.15.0/24 maxlen: 24
                          84.32.24.0/24 maxlen: 24
                          84.32.32.0/24 maxlen: 24
                          84.32.174.0/23 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          84.32.151.0/24 maxlen: 24
                          84.32.152.0/24 maxlen: 24
                          84.32.149.0/24 maxlen: 24
                          88.216.41.0/24 maxlen: 24
                          84.32.154.0/24 maxlen: 24
                          84.32.156.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 07 Jul 2023 06:30:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:1b:cd:ac:63:34:be:67:b7:10:17:01:44:77:fa:1f:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul  3 12:50:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4120e91ed762382a5e1330c58eb98de9adb64b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5e:8c:a7:a5:46:fb:86:5d:3f:96:d2:02:c7:
                    ba:2c:ef:fe:32:38:43:59:b6:b2:35:8d:63:93:52:
                    bb:82:25:f9:8f:52:a1:1b:79:de:58:50:ca:60:5e:
                    80:32:34:bc:52:5a:6f:5b:39:33:94:91:a7:8e:e6:
                    7d:3d:b1:fb:4a:3d:fe:bc:9b:4e:3d:39:18:68:22:
                    d2:94:56:fe:cc:86:88:34:58:86:63:72:c0:20:05:
                    3b:ca:0d:18:dc:64:71:f6:af:2b:fd:93:d1:82:6d:
                    6d:d0:2d:18:ab:85:d8:34:b9:4a:c0:80:34:0b:e2:
                    23:ed:0a:d4:c2:8c:61:85:cb:cf:11:fd:44:a6:20:
                    f5:61:5c:e4:25:25:48:c2:37:b3:f4:a1:75:1f:02:
                    c8:17:30:ca:09:30:c8:19:02:db:16:db:6e:4f:f6:
                    bc:e8:ce:fe:33:45:8a:9f:7b:f0:4e:d7:d6:ac:51:
                    e0:47:94:69:96:9f:1e:92:0e:ab:9e:f1:6d:2e:61:
                    e4:18:3f:dd:2c:de:99:73:71:74:05:81:6b:a0:f8:
                    41:9e:d2:e4:88:c3:fe:07:7e:4a:d9:25:8f:ff:6b:
                    b9:4f:06:87:f1:d0:94:62:e5:6b:8c:a6:fa:d4:6a:
                    b5:20:4f:6d:a6:a8:3d:ca:a2:90:9f:d8:55:92:f8:
                    1e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:20:E9:1E:D7:62:38:2A:5E:13:30:C5:8E:B9:8D:E9:AD:B6:4B:55
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/QSDpHtdiOCpeEzDFjrmN6a22S1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.15.0/24
                  84.32.24.0/24
                  84.32.32.0/24
                  84.32.63.0/24
                  84.32.149.0/24
                  84.32.151.0-84.32.152.255
                  84.32.154.0/24
                  84.32.156.0/24
                  84.32.174.0/23
                  84.32.217.0-84.32.218.255
                  88.216.34.0/24
                  88.216.41.0/24
                  88.216.186.0/24
                  88.216.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:d7:da:dd:dd:ee:71:77:cb:1f:d1:c8:63:0d:b7:6d:d2:70:
         bb:84:f9:5d:2b:f1:95:81:fc:80:53:3d:bd:ec:c9:ef:3d:c0:
         78:38:cf:31:1a:73:a2:82:53:80:62:9c:61:26:63:6f:dc:ca:
         38:61:84:d8:f5:08:b9:20:e9:b3:77:c8:af:a8:e3:49:5f:87:
         c6:40:81:f8:67:c2:c1:21:76:a6:74:76:3b:5b:e7:fc:ad:9c:
         ff:8e:fb:98:17:bf:9d:de:60:3d:63:e5:6a:fd:17:cb:06:6a:
         fb:b1:37:40:1c:54:18:7b:9d:a1:f4:82:b1:8a:2d:67:d3:01:
         35:a4:98:e6:b0:64:27:79:01:9f:2f:56:4f:0d:48:c3:ba:d9:
         bf:64:d7:66:2f:0b:30:19:e2:1c:13:62:f7:ea:b1:84:87:c4:
         0b:32:77:3b:55:00:2a:1e:c4:f2:84:09:73:49:81:44:fb:85:
         e9:52:f6:ba:70:32:65:ae:62:be:d7:b9:d8:3f:5b:ee:4d:93:
         40:97:7d:98:ec:4f:bf:35:6f:d9:b4:15:64:af:af:de:9a:09:
         79:aa:1b:1e:56:34:bb:a5:cf:71:a6:2f:ed:76:3f:bf:71:27:
         2e:d6:42:df:26:6f:36:85:55:e4:5e:cf:c4:af:d7:b4:de:0f:
         29:5a:65:74
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYkbzaxjNL5ntxAXAUR3+h+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNzAzMTI1MDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTIwZTkxZWQ3NjIzODJhNWUxMzMwYzU4ZWI5OGRlOWFkYjY0YjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF6Mp6VG+4ZdP5bSAse6LO/+MjhD
WbayNY1jk1K7giX5j1KhG3neWFDKYF6AMjS8UlpvWzkzlJGnjuZ9PbH7Sj3+vJtO
PTkYaCLSlFb+zIaINFiGY3LAIAU7yg0Y3GRx9q8r/ZPRgm1t0C0Yq4XYNLlKwIA0
C+Ij7QrUwoxhhcvPEf1EpiD1YVzkJSVIwjez9KF1HwLIFzDKCTDIGQLbFttuT/a8
6M7+M0WKn3vwTtfWrFHgR5Rplp8ekg6rnvFtLmHkGD/dLN6Zc3F0BYFroPhBntLk
iMP+B35K2SWP/2u5TwaH8dCUYuVrjKb61Gq1IE9tpqg9yqKQn9hVkvgeuQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFEEg6R7XYjgqXhMwxY65jemttktVMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUVNEcEh0ZGlPQ3BlRXpERmpybU42YTIyUzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQAVCAPAwQA
VCAYAwQAVCAgAwQAVCA/AwQAVCCVMAwDBABUIJcDBABUIJgDBABUIJoDBABUIJwD
BAFUIK4wDAMEAFQg2QMEAFQg2gMEAFjYIgMEAFjYKQMEAFjYugMEAFjY0DANBgkq
hkiG9w0BAQsFAAOCAQEAXtfa3d3ucXfLH9HIYw23bdJwu4T5XSvxlYH8gFM9vezJ
7z3AeDjPMRpzooJTgGKcYSZjb9zKOGGE2PUIuSDps3fIr6jjSV+HxkCB+GfCwSF2
pnR2O1vn/K2c/477mBe/nd5gPWPlav0XywZq+7E3QBxUGHudofSCsYotZ9MBNaSY
5rBkJ3kBny9WTw1Iw7rZv2TXZi8LMBniHBNi9+qxhIfECzJ3O1UAKh7E8oQJc0mB
RPuF6VL2unAyZa5ivte52D9b7k2TQJd9mOxPvzVv2bQVZK+v3poJeaobHlY0u6XP
caYv7XY/v3EnLtZC3yZvNoVV5F7PxK/XtN4PKVpldA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:27 2024 by rpki-client on console-ams.rpki-client.org