Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/e7a2f1-2e10-4ebe-91b3-0cef512f5009/1/q0O1OFXdscRh8xLAMmBI76nUeqs.roa
File:                     q0O1OFXdscRh8xLAMmBI76nUeqs.roa (raw, json)
Hash identifier:          I3nLyT8tEVWI1NlZnn7tYv/UDeLKEjrpDCZP1CEzUOU=
Subject key identifier:   AB:43:B5:38:55:DD:B1:C4:61:F3:12:C0:32:60:48:EF:A9:D4:7A:AB
Certificate issuer:       /CN=8ec4a67dbed7444ddd27e800fb6c21013a5b11c6
Certificate serial:       01864AE5F9F00EDA60A5C1B240F59612C28B
Authority key identifier: 8E:C4:A6:7D:BE:D7:44:4D:DD:27:E8:00:FB:6C:21:01:3A:5B:11:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jsSmfb7XRE3dJ-gA-2whATpbEcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/e7a2f1-2e10-4ebe-91b3-0cef512f5009/1/q0O1OFXdscRh8xLAMmBI76nUeqs.roa
Signing time:             Mon 13 Feb 2023 13:10:31 +0000
ROA not before:           Mon 13 Feb 2023 13:10:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30742
IP address blocks:        185.115.80.0/22 maxlen: 22
                          176.118.180.0/22 maxlen: 24
                          82.198.192.0/19 maxlen: 24
                          80.245.132.0/22 maxlen: 22
                          185.48.224.0/22 maxlen: 22
                          80.245.136.0/21 maxlen: 21
                          185.43.24.0/22 maxlen: 22
                          2a03:9980::/29 maxlen: 32
                          2a01:9b60::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 21 Nov 2023 10:37:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:4a:e5:f9:f0:0e:da:60:a5:c1:b2:40:f5:96:12:c2:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ec4a67dbed7444ddd27e800fb6c21013a5b11c6
        Validity
            Not Before: Feb 13 13:10:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ab43b53855ddb1c461f312c0326048efa9d47aab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2f:d0:ab:00:a3:80:4d:54:4b:c5:af:93:2a:
                    1a:34:1c:82:42:08:70:10:b2:cc:5d:24:21:b9:96:
                    e4:59:f9:f4:ca:a7:42:d8:08:4a:86:db:4c:af:e7:
                    b4:f8:fe:b7:2b:9d:6c:fd:28:22:01:f9:e7:38:2b:
                    5b:45:47:83:cd:74:ac:25:c3:1f:a2:21:4d:ab:2f:
                    3b:21:91:b6:29:57:b4:ff:e7:42:ab:45:5f:3f:e8:
                    ec:61:b4:42:e7:48:42:6c:03:d2:d1:f6:c4:b2:88:
                    f5:8e:21:48:1a:d0:d9:fb:e3:fe:fa:7b:98:7d:50:
                    f5:fc:3b:7b:d9:c4:a8:8e:11:82:de:30:ee:1b:16:
                    35:a8:03:de:07:a9:4e:a4:0d:be:87:68:00:7e:6c:
                    d9:92:4e:59:35:5a:4a:db:bd:78:5f:43:61:99:ec:
                    c6:01:b7:5d:ca:17:25:2a:9a:28:7f:d0:ef:87:76:
                    5c:a5:0b:78:8a:88:4b:66:b9:d5:f0:ea:06:50:22:
                    ca:53:8b:71:5d:39:1a:c6:a4:66:86:1c:a6:d4:33:
                    34:f2:12:c7:ff:79:87:ea:7e:50:03:ab:89:71:3f:
                    e5:b4:33:75:e6:20:d7:1c:f8:d0:00:bc:28:c3:04:
                    a4:d0:8e:0c:9a:18:25:c2:74:ec:92:b0:42:de:a5:
                    ad:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:43:B5:38:55:DD:B1:C4:61:F3:12:C0:32:60:48:EF:A9:D4:7A:AB
            X509v3 Authority Key Identifier:
                keyid:8E:C4:A6:7D:BE:D7:44:4D:DD:27:E8:00:FB:6C:21:01:3A:5B:11:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jsSmfb7XRE3dJ-gA-2whATpbEcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/e7a2f1-2e10-4ebe-91b3-0cef512f5009/1/q0O1OFXdscRh8xLAMmBI76nUeqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/e7a2f1-2e10-4ebe-91b3-0cef512f5009/1/jsSmfb7XRE3dJ-gA-2whATpbEcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.132.0-80.245.143.255
                  82.198.192.0/19
                  176.118.180.0/22
                  185.43.24.0/22
                  185.48.224.0/22
                  185.115.80.0/22
                IPv6:
                  2a01:9b60::/32
                  2a03:9980::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:f0:c1:ef:40:30:1a:e8:4a:c6:8b:aa:0a:20:e3:7c:e1:d7:
         b7:7f:87:5b:f0:6a:25:27:91:ca:42:2e:ad:c5:75:f4:27:40:
         ba:25:94:d1:56:88:ad:3b:81:59:bd:1b:dc:24:8a:12:ac:cf:
         13:96:c5:c9:a4:6c:c3:c2:49:c8:1c:92:9f:63:75:69:7d:3d:
         a2:31:0e:a8:09:35:51:cd:fa:21:ef:0d:25:78:f6:e5:a6:51:
         11:0c:74:e4:43:a6:cd:98:47:92:d4:5f:a0:1e:55:bf:47:01:
         fa:cf:5e:c4:40:bb:21:ae:59:da:2f:3c:de:52:cd:f3:db:aa:
         7f:e0:25:c4:52:1b:de:e5:f7:fe:92:3b:54:d9:f2:a4:db:60:
         b7:a0:4b:aa:a9:24:1b:ce:27:55:15:ed:b2:e9:6c:ad:e3:81:
         c3:0e:85:d1:84:f3:48:ef:23:9f:fd:e8:0c:3e:af:7e:b6:ef:
         7e:5c:ac:48:a7:76:e9:1b:16:27:43:b5:42:ff:7c:b1:5c:f6:
         44:a9:3f:09:9c:38:e0:e6:de:08:52:30:7a:60:26:a5:14:7f:
         73:bd:24:bc:03:7a:ff:4e:56:2e:2a:cf:9a:80:c2:2e:d3:36:
         01:65:18:e8:0d:88:c9:c8:65:4d:49:de:b9:93:d7:88:92:f7:
         7a:b6:9e:7a
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYZK5fnwDtpgpcGyQPWWEsKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYzRhNjdkYmVkNzQ0NGRkZDI3ZTgwMGZiNmMyMTAxM2E1
YjExYzYwHhcNMjMwMjEzMTMxMDMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQzYjUzODU1ZGRiMWM0NjFmMzEyYzAzMjYwNDhlZmE5ZDQ3YWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS/QqwCjgE1US8WvkyoaNByCQghw
ELLMXSQhuZbkWfn0yqdC2AhKhttMr+e0+P63K51s/SgiAfnnOCtbRUeDzXSsJcMf
oiFNqy87IZG2KVe0/+dCq0VfP+jsYbRC50hCbAPS0fbEsoj1jiFIGtDZ++P++nuY
fVD1/Dt72cSojhGC3jDuGxY1qAPeB6lOpA2+h2gAfmzZkk5ZNVpK2714X0NhmezG
AbddyhclKpoof9Dvh3ZcpQt4iohLZrnV8OoGUCLKU4txXTkaxqRmhhym1DM08hLH
/3mH6n5QA6uJcT/ltDN15iDXHPjQALwowwSk0I4MmhglwnTskrBC3qWtgQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFKtDtThV3bHEYfMSwDJgSO+p1HqrMB8GA1UdIwQY
MBaAFI7Epn2+10RN3SfoAPtsIQE6WxHGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanNTbWZiN1hSRTNkSi1nQS0yd2hBVHBiRWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9lN2EyZjEtMmUxMC00ZWJlLTkxYjMt
MGNlZjUxMmY1MDA5LzEvcTBPMU9GWGRzY1JoOHhMQU1tQkk3Nm5VZXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9lN2EyZjEtMmUxMC00ZWJlLTkxYjMtMGNlZjUxMmY1MDA5
LzEvanNTbWZiN1hSRTNkSi1nQS0yd2hBVHBiRWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAyBAIAATAsMAwDBAJQ9YQD
BARQ9YADBAVSxsADBAKwdrQDBAK5KxgDBAK5MOADBAK5c1AwFAQCAAIwDgMFACoB
m2ADBQMqA5mAMA0GCSqGSIb3DQEBCwUAA4IBAQBW8MHvQDAa6ErGi6oKION84de3
f4db8GolJ5HKQi6txXX0J0C6JZTRVoitO4FZvRvcJIoSrM8TlsXJpGzDwknIHJKf
Y3VpfT2iMQ6oCTVRzfoh7w0lePblplERDHTkQ6bNmEeS1F+gHlW/RwH6z17EQLsh
rlnaLzzeUs3z26p/4CXEUhve5ff+kjtU2fKk22C3oEuqqSQbzidVFe2y6Wyt44HD
DoXRhPNI7yOf/egMPq9+tu9+XKxIp3bpGxYnQ7VC/3yxXPZEqT8JnDjg5t4IUjB6
YCalFH9zvSS8A3r/TlYuKs+agMIu0zYBZRjoDYjJyGVNSd65k9eIkvd6tp56
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:41 2024 by rpki-client on console-fra.rpki-client.org