Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/QwIei67u6Y532ASlkDVGZDu5CtQ.roa
File:                     QwIei67u6Y532ASlkDVGZDu5CtQ.roa (raw, json)
Hash identifier:          hemBWhJyxwUj7S1Xfvf8ukUeM9pOk2cUHh9mVtIhPyg=
Subject key identifier:   43:02:1E:8B:AE:EE:E9:8E:77:D8:04:A5:90:35:46:64:3B:B9:0A:D4
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01898C5F0E1EF1B45C66A098418B0544A315
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/QwIei67u6Y532ASlkDVGZDu5CtQ.roa
Signing time:             Tue 25 Jul 2023 09:26:27 +0000
ROA not before:           Tue 25 Jul 2023 09:26:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207724
IP address blocks:        185.239.0.0/24 maxlen: 24
                          185.239.2.0/24 maxlen: 24
                          185.239.3.0/24 maxlen: 24
                          185.3.200.0/24 maxlen: 24
                          5.159.49.0/24 maxlen: 24
                          5.159.54.0/24 maxlen: 24
                          45.94.213.0/24 maxlen: 24
                          89.46.217.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 26 Jul 2023 12:44:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8c:5f:0e:1e:f1:b4:5c:66:a0:98:41:8b:05:44:a3:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jul 25 09:26:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=43021e8baeeee98e77d804a5903546643bb90ad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cf:cd:e0:8e:4e:91:01:71:91:7f:8e:72:4b:
                    70:c5:6e:60:85:51:38:a1:55:ae:60:d4:cc:bc:f8:
                    3a:fc:8e:41:b8:9d:02:23:55:80:0f:30:73:ba:b8:
                    33:71:6f:de:5b:32:28:12:24:40:4a:27:cc:71:dc:
                    4d:cb:87:2f:27:94:65:5e:12:01:40:d1:77:2d:f7:
                    ca:1c:bc:ae:83:10:e1:1c:c7:35:e4:b7:24:9c:16:
                    08:db:d7:e0:73:d6:9f:f8:b7:c2:22:36:e3:46:68:
                    a6:9c:7e:91:ae:e2:a1:59:9a:b5:41:c3:1d:0e:63:
                    53:b9:28:e2:fd:d8:60:8d:e7:75:01:cd:f8:26:4d:
                    fb:55:90:a6:6b:ef:7d:4d:36:25:1e:4a:b8:31:e7:
                    4e:21:15:e2:39:a9:44:1a:a1:dc:9e:60:29:3f:00:
                    78:72:0e:eb:d4:b2:5a:56:18:78:60:42:02:73:5c:
                    19:99:21:97:0c:97:8c:2f:c8:3e:07:c0:48:8c:f8:
                    4d:13:8c:dc:e3:b5:d4:5c:82:de:d0:91:19:08:87:
                    00:17:fe:76:5c:27:0b:0a:a7:93:51:e3:2e:ce:7f:
                    bf:8b:8a:36:e2:38:93:9e:e4:4f:37:01:e6:3d:04:
                    3e:c0:8c:08:df:9d:15:67:f2:17:1e:11:67:87:4d:
                    3e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:02:1E:8B:AE:EE:E9:8E:77:D8:04:A5:90:35:46:64:3B:B9:0A:D4
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/QwIei67u6Y532ASlkDVGZDu5CtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.49.0/24
                  5.159.54.0/24
                  45.94.213.0/24
                  89.46.217.0/24
                  185.3.200.0/24
                  185.239.0.0/24
                  185.239.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:94:bf:3b:04:38:9e:b3:b2:cd:e3:4f:ad:de:31:80:3b:8f:
         15:d9:f0:bf:53:22:17:f7:a0:4d:9a:ec:2d:e4:e5:42:02:ae:
         30:20:f4:21:0b:ca:7c:51:6f:0d:1e:a0:58:e1:09:09:9c:63:
         3c:8b:67:b1:95:da:f5:b2:24:93:c6:42:76:03:35:fd:18:26:
         82:22:61:8b:0c:bc:e1:80:61:6c:18:cf:b0:bf:0b:c6:ca:b6:
         14:63:25:f8:37:37:aa:f8:e0:b6:fd:ca:53:10:ab:bd:e5:23:
         04:64:63:eb:dd:02:40:7b:bf:bf:1b:40:f7:17:db:21:52:7b:
         b0:d4:e1:4c:94:ce:33:50:3e:f0:eb:87:8a:c8:7c:bc:23:99:
         4c:08:03:a5:b1:dd:6f:b0:74:e0:cd:74:4c:b8:c2:64:20:95:
         8b:99:3a:54:f6:87:d8:a1:9b:c2:7d:23:b9:fa:ef:94:ee:23:
         ca:19:bc:84:57:00:c8:9c:64:9d:56:b8:d7:b2:a8:1a:f9:76:
         a8:34:ca:a8:a7:30:98:f8:3f:34:ea:57:02:87:7f:d9:bb:b5:
         aa:94:32:36:0b:ec:3e:c9:60:6a:0b:26:ba:e8:4c:61:e8:d3:
         cd:e6:d9:fb:00:6b:d1:9d:75:14:52:50:b6:95:24:20:a4:99:
         ea:e5:c7:70
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYmMXw4e8bRcZqCYQYsFRKMVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjMwNzI1MDkyNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzAyMWU4YmFlZWVlOThlNzdkODA0YTU5MDM1NDY2NDNiYjkwYWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8/N4I5OkQFxkX+OcktwxW5ghVE4
oVWuYNTMvPg6/I5BuJ0CI1WADzBzurgzcW/eWzIoEiRASifMcdxNy4cvJ5RlXhIB
QNF3LffKHLyugxDhHMc15LcknBYI29fgc9af+LfCIjbjRmimnH6RruKhWZq1QcMd
DmNTuSji/dhgjed1Ac34Jk37VZCma+99TTYlHkq4MedOIRXiOalEGqHcnmApPwB4
cg7r1LJaVhh4YEICc1wZmSGXDJeML8g+B8BIjPhNE4zc47XUXILe0JEZCIcAF/52
XCcLCqeTUeMuzn+/i4o24jiTnuRPNwHmPQQ+wIwI350VZ/IXHhFnh00+zwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEMCHouu7umOd9gEpZA1RmQ7uQrUMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvUXdJZWk2N3U2WTUzMkFTbGtEVkdaRHU1Q3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQABZ8xAwQA
BZ82AwQALV7VAwQAWS7ZAwQAuQPIAwQAue8AAwQBue8CMA0GCSqGSIb3DQEBCwUA
A4IBAQAmlL87BDies7LN40+t3jGAO48V2fC/UyIX96BNmuwt5OVCAq4wIPQhC8p8
UW8NHqBY4QkJnGM8i2exldr1siSTxkJ2AzX9GCaCImGLDLzhgGFsGM+wvwvGyrYU
YyX4Nzeq+OC2/cpTEKu95SMEZGPr3QJAe7+/G0D3F9shUnuw1OFMlM4zUD7w64eK
yHy8I5lMCAOlsd1vsHTgzXRMuMJkIJWLmTpU9ofYoZvCfSO5+u+U7iPKGbyEVwDI
nGSdVrjXsqga+XaoNMqopzCY+D806lcCh3/Zu7WqlDI2C+w+yWBqCya66Exh6NPN
5tn7AGvRnXUUUlC2lSQgpJnq5cdw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:49 2024 by rpki-client on console-ams.rpki-client.org