Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/QMPk-W3Rs-C0RQvfy824p_jVG7A.roa
File:                     QMPk-W3Rs-C0RQvfy824p_jVG7A.roa (raw, json)
Hash identifier:          1KGUzG/JmxxAs+LFkN2VHpyGA4cMvK539dy/W/Dmzn4=
Subject key identifier:   40:C3:E4:F9:6D:D1:B3:E0:B4:45:0B:DF:CB:CD:B8:A7:F8:D5:1B:B0
Certificate issuer:       /CN=9803c40f77bc88faf209f31d361ebbab5caeac4a
Certificate serial:       01856B4A326CC370993EA66BDA745C60A795
Authority key identifier: 98:03:C4:0F:77:BC:88:FA:F2:09:F3:1D:36:1E:BB:AB:5C:AE:AC:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mAPED3e8iPryCfMdNh67q1yurEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/QMPk-W3Rs-C0RQvfy824p_jVG7A.roa
Signing time:             Sun 01 Jan 2023 03:05:02 +0000
ROA not before:           Sun 01 Jan 2023 03:05:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44358
IP address blocks:        185.150.42.0/24 maxlen: 24
                          194.0.3.0/24 maxlen: 24
                          194.0.20.0/24 maxlen: 24
                          194.0.19.0/24 maxlen: 24
                          194.0.18.0/24 maxlen: 24
                          2001:678:88::/48 maxlen: 48
                          2a07:ab42::/48 maxlen: 48
                          2001:678:6::/48 maxlen: 48
                          2001:678:19::/48 maxlen: 48
                          2001:678:8c::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:34:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:4a:32:6c:c3:70:99:3e:a6:6b:da:74:5c:60:a7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9803c40f77bc88faf209f31d361ebbab5caeac4a
        Validity
            Not Before: Jan  1 03:05:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40c3e4f96dd1b3e0b4450bdfcbcdb8a7f8d51bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:9c:2b:6c:e6:56:d8:69:29:b2:c2:7e:c3:02:
                    c5:a5:b9:9a:13:f6:71:6b:96:9e:d6:18:2c:53:ab:
                    81:78:34:9d:aa:7d:07:2d:39:4b:74:cf:2d:f4:6d:
                    a0:d5:a4:87:bb:10:c5:53:41:5b:98:89:8d:ec:e9:
                    4f:2e:63:aa:27:76:cd:57:9e:fc:31:84:3c:1d:44:
                    3c:4b:d7:91:bf:7c:df:a4:01:ed:d1:2e:b2:af:96:
                    a2:a3:b9:fb:6d:96:fa:13:b9:d8:14:17:57:db:08:
                    6b:d1:17:c7:08:16:c2:f4:de:ac:93:66:d1:8c:94:
                    d0:c9:4d:01:e5:ff:12:f9:68:99:c2:5f:f5:61:4a:
                    1b:c3:66:bb:a4:16:42:a1:6a:c3:4c:9e:fa:f2:62:
                    d3:77:98:96:58:73:fe:63:86:0e:f9:25:13:11:fd:
                    a3:94:47:05:71:b2:b4:e9:1a:07:32:cb:b1:4e:7d:
                    88:5e:97:3b:46:c7:f1:42:b6:cb:35:37:8f:39:ae:
                    86:e9:d2:4d:50:83:d7:bd:d5:e0:fc:38:56:85:6c:
                    fb:95:84:60:c4:5e:62:18:c5:6c:fb:eb:46:a4:92:
                    73:a8:77:fc:64:0c:af:58:87:15:a0:18:24:3f:7b:
                    52:b0:7f:be:55:6a:ed:5b:20:99:c0:3a:ff:96:7b:
                    3a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C3:E4:F9:6D:D1:B3:E0:B4:45:0B:DF:CB:CD:B8:A7:F8:D5:1B:B0
            X509v3 Authority Key Identifier:
                keyid:98:03:C4:0F:77:BC:88:FA:F2:09:F3:1D:36:1E:BB:AB:5C:AE:AC:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mAPED3e8iPryCfMdNh67q1yurEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/QMPk-W3Rs-C0RQvfy824p_jVG7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/mAPED3e8iPryCfMdNh67q1yurEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.42.0/24
                  194.0.3.0/24
                  194.0.18.0-194.0.20.255
                IPv6:
                  2001:678:6::/48
                  2001:678:19::/48
                  2001:678:88::/48
                  2001:678:8c::/48
                  2a07:ab42::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:fb:a8:29:f2:b4:c2:08:d3:3c:e4:d5:7f:dd:b4:e7:6b:b7:
         e9:25:9c:c3:2c:0d:bf:0f:fa:bc:fb:ee:05:fb:6b:30:2e:8c:
         8a:06:cf:60:50:20:e4:d0:0c:a8:7a:d3:ca:5d:35:bb:be:e1:
         81:2a:d3:29:0d:24:b9:a7:45:34:e1:50:ab:2a:71:f8:82:92:
         1f:64:55:ec:46:1e:a1:f7:8b:03:57:7a:da:e3:03:c8:e8:a6:
         8e:86:71:53:7a:9c:6e:ed:ce:33:d0:0c:b4:b2:89:de:c0:fc:
         2d:ff:a5:c9:9c:6e:52:af:30:f4:b9:b4:9e:12:1e:d9:8e:e8:
         bc:fa:34:b8:9b:4e:14:a5:69:71:5b:3d:74:a1:72:78:70:ff:
         12:09:66:90:fc:c1:13:bd:4d:de:c0:1a:ae:b6:aa:02:32:a7:
         e0:8b:d7:99:d7:77:a4:66:c4:7e:7e:5a:0a:74:b0:00:7e:43:
         ff:95:7c:82:0b:7a:a0:3b:91:5d:18:58:ec:9f:48:1d:bb:19:
         82:26:2e:ea:d1:37:33:d0:5f:ef:6b:3c:74:0a:e1:20:34:bc:
         20:d0:25:57:80:c0:de:af:d3:de:e4:95:85:8d:cb:f9:f9:8e:
         e9:44:51:c4:99:0c:96:06:88:b7:cc:89:7c:49:ee:55:4e:d8:
         87:f0:3e:68
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYVrSjJsw3CZPqZr2nRcYKeVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MDNjNDBmNzdiYzg4ZmFmMjA5ZjMxZDM2MWViYmFiNWNh
ZWFjNGEwHhcNMjMwMTAxMDMwNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGMzZTRmOTZkZDFiM2UwYjQ0NTBiZGZjYmNkYjhhN2Y4ZDUxYmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJwrbOZW2GkpssJ+wwLFpbmaE/Zx
a5ae1hgsU6uBeDSdqn0HLTlLdM8t9G2g1aSHuxDFU0FbmImN7OlPLmOqJ3bNV578
MYQ8HUQ8S9eRv3zfpAHt0S6yr5aio7n7bZb6E7nYFBdX2whr0RfHCBbC9N6sk2bR
jJTQyU0B5f8S+WiZwl/1YUobw2a7pBZCoWrDTJ768mLTd5iWWHP+Y4YO+SUTEf2j
lEcFcbK06RoHMsuxTn2IXpc7RsfxQrbLNTePOa6G6dJNUIPXvdXg/DhWhWz7lYRg
xF5iGMVs++tGpJJzqHf8ZAyvWIcVoBgkP3tSsH++VWrtWyCZwDr/lns6rQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFEDD5Plt0bPgtEUL38vNuKf41RuwMB8GA1UdIwQY
MBaAFJgDxA93vIj68gnzHTYeu6tcrqxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUFQRUQzZThpUHJ5Q2ZNZE5oNjdxMXl1ckVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iYWQ0YTAtM2U5Yi00NzY0LThhMjQt
ZjNhMjZmMDU1ZjRlLzEvUU1Qay1XM1JzLUMwUlF2Znk4MjRwX2pWRzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iYWQ0YTAtM2U5Yi00NzY0LThhMjQtZjNhMjZmMDU1ZjRl
LzEvbUFQRUQzZThpUHJ5Q2ZNZE5oNjdxMXl1ckVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzAgBAIAATAaAwQAuZYqAwQA
wgADMAwDBAHCABIDBADCABQwMwQCAAIwLQMHACABBngABgMHACABBngAGQMHACAB
BngAiAMHACABBngAjAMHACoHq0IAADANBgkqhkiG9w0BAQsFAAOCAQEArvuoKfK0
wgjTPOTVf92052u36SWcwywNvw/6vPvuBftrMC6MigbPYFAg5NAMqHrTyl01u77h
gSrTKQ0kuadFNOFQqypx+IKSH2RV7EYeofeLA1d62uMDyOimjoZxU3qcbu3OM9AM
tLKJ3sD8Lf+lyZxuUq8w9Lm0nhIe2Y7ovPo0uJtOFKVpcVs9dKFyeHD/EglmkPzB
E71N3sAarraqAjKn4IvXmdd3pGbEfn5aCnSwAH5D/5V8ggt6oDuRXRhY7J9IHbsZ
giYu6tE3M9Bf72s8dArhIDS8INAlV4DA3q/T3uSVhY3L+fmO6URRxJkMlgaIt8yJ
fEnuVU7Yh/A+aA==
-----END CERTIFICATE-----