Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/e210b9-7a3f-410b-ba56-0724089289bb/1/X3qG-oftnyQGKLDKYmj2_QEHWkE.roa
File:                     X3qG-oftnyQGKLDKYmj2_QEHWkE.roa (raw, json)
Hash identifier:          RUD9gf2CqsXRKtpdcTd3kGLyWm61PpS/aoERRcwrWgY=
Subject key identifier:   5F:7A:86:FA:87:ED:9F:24:06:28:B0:CA:62:68:F6:FD:01:07:5A:41
Certificate issuer:       /CN=3fa40fcfa836bb0b5b3e129404cb31e85250b01f
Certificate serial:       01857155214D734279AEB48CD8D69F6A918B
Authority key identifier: 3F:A4:0F:CF:A8:36:BB:0B:5B:3E:12:94:04:CB:31:E8:52:50:B0:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P6QPz6g2uwtbPhKUBMsx6FJQsB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/e210b9-7a3f-410b-ba56-0724089289bb/1/X3qG-oftnyQGKLDKYmj2_QEHWkE.roa
Signing time:             Mon 02 Jan 2023 07:14:42 +0000
ROA not before:           Mon 02 Jan 2023 07:14:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30798
IP address blocks:        62.204.0.0/19 maxlen: 24
                          213.185.32.0/19 maxlen: 24
                          89.236.64.0/18 maxlen: 24
                          217.112.240.0/20 maxlen: 24
                          45.154.68.0/22 maxlen: 24
                          2001:40e8::/32 maxlen: 64

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:55:21:4d:73:42:79:ae:b4:8c:d8:d6:9f:6a:91:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fa40fcfa836bb0b5b3e129404cb31e85250b01f
        Validity
            Not Before: Jan  2 07:14:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f7a86fa87ed9f240628b0ca6268f6fd01075a41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:17:16:bb:2b:c2:d4:c1:21:f4:69:f0:fc:b7:
                    4a:9f:55:20:3b:e6:71:34:89:71:db:d6:16:82:80:
                    8c:0e:04:5f:79:c0:b8:ce:4a:f5:9f:d8:c9:e7:95:
                    79:72:bb:c5:45:d8:7a:c1:b8:60:7b:de:ed:c8:ec:
                    b7:81:e4:a9:45:3d:84:fc:6d:5c:a3:42:73:86:22:
                    ca:ac:bb:35:e5:a9:5f:70:34:72:88:d8:b6:d5:b6:
                    84:9f:87:ba:1e:30:67:ca:dc:aa:df:04:61:c7:d3:
                    9c:65:25:ef:0d:ad:98:71:5f:45:db:a2:71:17:f4:
                    69:21:c7:42:a3:78:17:0e:50:dc:b6:cc:51:5d:20:
                    9b:3f:c9:4f:ec:89:5f:6c:88:d5:3a:01:3a:24:d9:
                    b1:13:eb:7b:98:c3:4f:9b:58:09:4d:10:b6:81:fb:
                    8d:f6:d4:c2:f4:5d:32:f7:5e:b3:48:55:c5:0c:60:
                    bb:32:94:c1:54:94:ee:0f:3f:c7:61:2d:5b:a1:61:
                    5d:3a:0d:a5:59:41:80:74:13:18:1d:d6:bc:63:d7:
                    02:7e:76:e4:b7:73:44:14:44:d1:77:53:d8:4d:b6:
                    09:5f:28:2e:3e:eb:63:0d:84:94:98:66:ad:47:62:
                    eb:81:66:7e:ce:08:75:ed:fb:5f:4a:f9:b3:8c:88:
                    2e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:7A:86:FA:87:ED:9F:24:06:28:B0:CA:62:68:F6:FD:01:07:5A:41
            X509v3 Authority Key Identifier:
                keyid:3F:A4:0F:CF:A8:36:BB:0B:5B:3E:12:94:04:CB:31:E8:52:50:B0:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P6QPz6g2uwtbPhKUBMsx6FJQsB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e210b9-7a3f-410b-ba56-0724089289bb/1/X3qG-oftnyQGKLDKYmj2_QEHWkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e210b9-7a3f-410b-ba56-0724089289bb/1/P6QPz6g2uwtbPhKUBMsx6FJQsB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.68.0/22
                  62.204.0.0/19
                  89.236.64.0/18
                  213.185.32.0/19
                  217.112.240.0/20
                IPv6:
                  2001:40e8::/32

    Signature Algorithm: sha256WithRSAEncryption
         ce:75:b2:ab:d5:11:a2:bc:12:ba:2d:c3:47:a7:96:8b:cd:c2:
         34:48:37:41:50:4f:64:40:36:7d:79:1f:92:2d:88:04:2d:69:
         90:00:cc:d4:30:60:07:dc:ad:c8:95:23:3e:42:0d:72:8e:f5:
         34:31:42:16:7d:98:ea:0c:e1:66:8d:b3:6f:32:c0:80:2c:1a:
         db:40:bc:21:ce:c6:66:0a:e9:da:5b:11:8c:46:c5:b0:89:86:
         b9:35:d2:6f:7f:8d:24:79:cb:66:44:41:cd:d0:ca:8e:db:59:
         43:36:62:83:65:41:0c:13:af:a0:23:ea:63:a6:2e:51:fd:a2:
         d0:b9:70:8a:99:14:ef:9c:eb:15:38:fc:ed:34:d7:d9:37:24:
         6a:c9:99:45:ba:d0:6a:24:be:7e:13:d9:0b:16:af:92:6f:d2:
         a3:bf:bc:a0:92:95:48:76:1c:53:d9:b6:d6:63:73:27:32:1d:
         e3:41:ff:a9:3d:30:1d:12:f3:20:92:fd:bb:aa:2c:c7:93:1a:
         8b:37:2c:2d:33:22:fe:fd:a1:07:27:ed:91:42:bd:42:ae:3b:
         e4:33:f0:4a:4c:09:26:d9:7b:e3:2e:9b:b3:08:80:89:f5:3a:
         1a:65:ea:f7:af:f9:bc:19:76:0c:d9:13:33:82:c3:ae:83:79:
         ef:dd:72:b3
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVxVSFNc0J5rrSM2NafapGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmYTQwZmNmYTgzNmJiMGI1YjNlMTI5NDA0Y2IzMWU4NTI1
MGIwMWYwHhcNMjMwMTAyMDcxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjdhODZmYTg3ZWQ5ZjI0MDYyOGIwY2E2MjY4ZjZmZDAxMDc1YTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBcWuyvC1MEh9Gnw/LdKn1UgO+Zx
NIlx29YWgoCMDgRfecC4zkr1n9jJ55V5crvFRdh6wbhge97tyOy3geSpRT2E/G1c
o0JzhiLKrLs15alfcDRyiNi21baEn4e6HjBnytyq3wRhx9OcZSXvDa2YcV9F26Jx
F/RpIcdCo3gXDlDctsxRXSCbP8lP7IlfbIjVOgE6JNmxE+t7mMNPm1gJTRC2gfuN
9tTC9F0y916zSFXFDGC7MpTBVJTuDz/HYS1boWFdOg2lWUGAdBMYHda8Y9cCfnbk
t3NEFETRd1PYTbYJXyguPutjDYSUmGatR2LrgWZ+zgh17ftfSvmzjIgu+QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFF96hvqH7Z8kBiiwymJo9v0BB1pBMB8GA1UdIwQY
MBaAFD+kD8+oNrsLWz4SlATLMehSULAfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDZRUHo2ZzJ1d3RiUGhLVUJNc3g2RkpRc0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lMjEwYjktN2EzZi00MTBiLWJhNTYt
MDcyNDA4OTI4OWJiLzEvWDNxRy1vZnRueVFHS0xES1ltajJfUUVIV2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lMjEwYjktN2EzZi00MTBiLWJhNTYtMDcyNDA4OTI4OWJi
LzEvUDZRUHo2ZzJ1d3RiUGhLVUJNc3g2RkpRc0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCLZpEAwQF
PswAAwQGWexAAwQF1bkgAwQE2XDwMA0EAgACMAcDBQAgAUDoMA0GCSqGSIb3DQEB
CwUAA4IBAQDOdbKr1RGivBK6LcNHp5aLzcI0SDdBUE9kQDZ9eR+SLYgELWmQAMzU
MGAH3K3IlSM+Qg1yjvU0MUIWfZjqDOFmjbNvMsCALBrbQLwhzsZmCunaWxGMRsWw
iYa5NdJvf40kectmREHN0MqO21lDNmKDZUEME6+gI+pjpi5R/aLQuXCKmRTvnOsV
OPztNNfZNyRqyZlFutBqJL5+E9kLFq+Sb9Kjv7ygkpVIdhxT2bbWY3MnMh3jQf+p
PTAdEvMgkv27qizHkxqLNywtMyL+/aEHJ+2RQr1CrjvkM/BKTAkm2XvjLpuzCICJ
9ToaZer3r/m8GXYM2RMzgsOug3nv3XKz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:49 2024 by rpki-client on console-fra.rpki-client.org