Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QqUQbqjmJjfZGbGhdAiH6TlsUd4.roa
File:                     QqUQbqjmJjfZGbGhdAiH6TlsUd4.roa (raw, json)
Hash identifier:          gxb3x68DZ3tAPFtq7GHucs97PvDGNy5fSVkiVRCM64w=
Subject key identifier:   42:A5:10:6E:A8:E6:26:37:D9:19:B1:A1:74:08:87:E9:39:6C:51:DE
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0193F80CC04586B5865181022806402AA356
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QqUQbqjmJjfZGbGhdAiH6TlsUd4.roa
Signing time:             Tue 24 Dec 2024 09:43:25 +0000
ROA not before:           Tue 24 Dec 2024 09:43:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56971
IP address blocks:        46.8.64.0/24 maxlen: 24
                          46.8.224.0/24 maxlen: 24
                          46.8.225.0/24 maxlen: 24
                          46.8.226.0/24 maxlen: 24
                          46.8.227.0/24 maxlen: 24
                          46.8.228.0/24 maxlen: 24
                          46.8.229.0/24 maxlen: 24
                          46.8.230.0/24 maxlen: 24
                          46.8.231.0/24 maxlen: 24
                          46.8.236.0/24 maxlen: 24
                          46.8.237.0/24 maxlen: 24
                          46.8.238.0/24 maxlen: 32
                          95.182.101.0/24 maxlen: 24
                          109.248.160.0/22 maxlen: 24
                          188.130.154.0/24 maxlen: 24
                          188.130.206.0/24 maxlen: 32
                          188.130.207.0/24 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 13:49:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f8:0c:c0:45:86:b5:86:51:81:02:28:06:40:2a:a3:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Dec 24 09:43:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42a5106ea8e62637d919b1a1740887e9396c51de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:12:e5:db:63:ce:ca:82:db:f9:a1:fe:8c:aa:
                    ad:af:6c:89:bb:0b:e2:05:f2:5b:6b:7e:fa:3e:65:
                    a4:3c:bd:32:1d:ac:54:ff:08:06:c2:4b:c7:85:4c:
                    b3:ef:a6:2f:e9:50:f7:7d:36:27:11:c0:ba:64:a1:
                    77:45:e9:57:f0:5e:82:59:0c:94:3c:c4:a2:98:d1:
                    ea:50:64:f3:bc:f9:02:69:55:ba:30:8a:07:b2:61:
                    74:ff:46:e7:4e:88:52:d0:ff:a3:55:3c:01:3c:5c:
                    36:1c:8d:be:e3:aa:8f:cf:a2:f8:e1:9c:71:4c:e2:
                    e3:b4:7d:7a:00:54:9a:75:9f:b9:5a:3f:77:fe:bf:
                    91:86:d9:a7:2f:8c:40:e3:f0:20:1a:b1:09:a7:58:
                    67:32:67:b9:39:72:57:a6:48:d0:5b:ee:08:49:50:
                    e3:70:28:5a:c5:10:f1:70:d0:1d:df:27:0e:4a:87:
                    0b:d1:64:a0:11:fc:eb:86:d5:4d:e6:23:3e:06:1c:
                    a4:08:0e:c5:7b:ff:e3:6b:3f:5c:12:50:c4:3a:31:
                    80:8a:14:2c:a7:7c:ab:88:8b:1c:de:8f:fd:04:b2:
                    f3:18:ad:14:e5:97:6a:f6:3e:1b:e0:7c:55:4e:e2:
                    52:cd:0c:70:48:2e:ba:8b:cb:ae:a4:ef:03:37:e7:
                    3f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A5:10:6E:A8:E6:26:37:D9:19:B1:A1:74:08:87:E9:39:6C:51:DE
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QqUQbqjmJjfZGbGhdAiH6TlsUd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.64.0/24
                  46.8.224.0/21
                  46.8.236.0-46.8.238.255
                  95.182.101.0/24
                  109.248.160.0/22
                  188.130.154.0/24
                  188.130.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:18:2f:aa:f8:e0:e3:ea:0a:c0:87:b8:ac:a7:c2:a7:53:0e:
         48:76:eb:e1:34:d4:01:d9:58:ce:14:91:4b:6d:df:e4:13:0e:
         96:f2:94:b9:38:8a:2e:fd:4a:4d:26:08:58:e9:ce:62:9b:5e:
         32:12:a9:77:59:54:b7:b7:f7:b5:c9:d0:ef:64:59:61:42:67:
         71:49:4d:16:b4:27:a9:ff:5f:3f:cd:c2:93:63:cb:79:64:8c:
         b8:41:d4:aa:8c:b5:7d:de:00:dd:97:43:33:49:59:5b:b6:cd:
         5e:98:24:eb:dd:b8:9b:f1:8b:ef:01:09:23:41:0a:39:77:88:
         08:15:ca:0e:3b:12:a7:60:e1:99:30:b7:71:84:5d:37:6b:ab:
         7f:9c:7a:11:ad:f3:73:57:93:a9:5a:2f:0c:ec:d3:7e:64:7c:
         5b:8e:0f:69:85:c9:5d:33:35:a3:fc:3b:51:ae:ad:83:51:eb:
         75:f6:54:e3:b1:10:94:61:37:05:85:7e:51:47:67:f6:51:17:
         a0:97:96:7d:88:7d:83:38:32:ba:a8:1b:63:a3:2e:86:ee:da:
         5e:d1:6e:8b:8b:5e:aa:d9:d4:07:d9:a0:6f:5b:fe:25:67:0d:
         76:84:1f:42:88:ca:9e:bb:f5:cd:b6:96:9e:fe:42:c5:f9:5f:
         f9:e6:f3:9f
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZP4DMBFhrWGUYECKAZAKqNWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQxMjI0MDk0MzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmE1MTA2ZWE4ZTYyNjM3ZDkxOWIxYTE3NDA4ODdlOTM5NmM1MWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRLl22POyoLb+aH+jKqtr2yJuwvi
BfJba376PmWkPL0yHaxU/wgGwkvHhUyz76Yv6VD3fTYnEcC6ZKF3RelX8F6CWQyU
PMSimNHqUGTzvPkCaVW6MIoHsmF0/0bnTohS0P+jVTwBPFw2HI2+46qPz6L44Zxx
TOLjtH16AFSadZ+5Wj93/r+RhtmnL4xA4/AgGrEJp1hnMme5OXJXpkjQW+4ISVDj
cChaxRDxcNAd3ycOSocL0WSgEfzrhtVN5iM+BhykCA7Fe//jaz9cElDEOjGAihQs
p3yriIsc3o/9BLLzGK0U5Zdq9j4b4HxVTuJSzQxwSC66i8uupO8DN+c/RwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFEKlEG6o5iY32RmxoXQIh+k5bFHeMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvUXFVUWJxam1KamZaR2JHaGRBaUg2VGxzVWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALghAAwQD
LgjgMAwDBAIuCOwDBAAuCO4DBABftmUDBAJt+KADBAC8gpoDBAG8gs4wDQYJKoZI
hvcNAQELBQADggEBAE0YL6r44OPqCsCHuKynwqdTDkh26+E01AHZWM4UkUtt3+QT
DpbylLk4ii79Sk0mCFjpzmKbXjISqXdZVLe397XJ0O9kWWFCZ3FJTRa0J6n/Xz/N
wpNjy3lkjLhB1KqMtX3eAN2XQzNJWVu2zV6YJOvduJvxi+8BCSNBCjl3iAgVyg47
Eqdg4Zkwt3GEXTdrq3+cehGt83NXk6laLwzs035kfFuOD2mFyV0zNaP8O1GurYNR
63X2VOOxEJRhNwWFflFHZ/ZRF6CXln2IfYM4MrqoG2OjLobu2l7RbouLXqrZ1AfZ
oG9b/iVnDXaEH0KIyp679c22lp7+QsX5X/nm858=
-----END CERTIFICATE-----