Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QmTGhVa8oCJg2yGlxSVQx0K0AQY.roa
File:                     QmTGhVa8oCJg2yGlxSVQx0K0AQY.roa (raw, json)
Hash identifier:          q71xinXyoihk5s7nAFr+wXbmMGL2y8H4DxcmPB3jxiA=
Subject key identifier:   42:64:C6:85:56:BC:A0:22:60:DB:21:A5:C5:25:50:C7:42:B4:01:06
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018755944B0B67BE73EF649CEA51727E64A6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QmTGhVa8oCJg2yGlxSVQx0K0AQY.roa
Signing time:             Thu 06 Apr 2023 07:59:54 +0000
ROA not before:           Thu 06 Apr 2023 07:59:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.245.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 11 Apr 2023 12:54:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:55:94:4b:0b:67:be:73:ef:64:9c:ea:51:72:7e:64:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  6 07:59:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4264c68556bca02260db21a5c52550c742b40106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e9:a0:2d:90:fa:1a:85:fd:09:c3:19:4d:be:
                    2c:8c:40:b2:18:c0:e3:3e:51:95:94:37:61:2d:dc:
                    04:6f:eb:09:d4:56:5a:48:28:58:dd:f8:1b:3c:8b:
                    60:20:a3:f0:d8:fc:6a:44:d7:60:60:00:a3:0e:0a:
                    f8:29:09:fc:6f:a5:08:68:60:c5:ba:72:81:4b:b2:
                    79:d3:d7:85:a1:50:b7:ca:69:b3:84:19:cb:6b:28:
                    cb:d7:8b:14:5a:42:d0:aa:3b:6e:91:01:aa:9c:41:
                    3b:5a:8f:54:af:b1:6b:66:9a:c6:64:a9:14:29:02:
                    71:4e:16:32:ba:ec:66:77:9d:4c:8d:8d:23:ed:c0:
                    14:7c:d7:1b:9c:ef:99:89:df:92:0f:6f:1c:57:82:
                    5e:e1:ee:f1:f5:5c:ec:ed:60:5b:15:27:7c:6d:e1:
                    95:8e:e4:4c:16:e2:75:0c:51:9a:45:5c:15:62:7a:
                    01:89:49:d0:8d:60:d6:43:33:de:e1:35:81:7f:4d:
                    19:76:f2:a6:85:af:95:1f:8c:ef:3b:49:02:99:f8:
                    a1:81:33:7b:21:6a:59:69:10:de:49:95:2b:78:b7:
                    d0:0b:3a:8b:87:e4:35:58:13:24:57:bc:55:fa:f9:
                    0f:06:2f:3a:3c:c1:dd:58:f6:07:66:00:51:d5:0c:
                    20:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:64:C6:85:56:BC:A0:22:60:DB:21:A5:C5:25:50:C7:42:B4:01:06
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QmTGhVa8oCJg2yGlxSVQx0K0AQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.251.0/24
                  82.152.255.0/24
                  82.153.64.0/24
                  82.153.70.0/23
                  82.153.210.0/24
                  82.153.222.0/24
                  82.153.245.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:51:0d:41:35:74:70:e7:6f:d9:c6:b6:ca:f1:e0:53:bd:cc:
         58:40:e3:06:39:2d:a8:0c:1a:9a:d5:c8:f0:39:41:95:b3:a8:
         50:9a:ea:64:29:5d:eb:b4:af:d5:eb:78:25:f7:26:bc:0b:58:
         42:4d:b0:98:90:01:f0:e7:05:0f:de:e3:d4:4e:a4:f1:35:6f:
         6c:8a:43:26:68:c0:56:0e:1b:e9:f0:d7:02:44:07:99:49:a8:
         bc:0d:69:68:3e:23:b3:f0:af:5b:0b:59:9a:9b:03:e9:f7:10:
         4a:0b:c2:66:98:22:a8:13:b6:8a:c8:9e:78:69:da:13:4f:81:
         b9:ff:d4:76:04:03:37:3a:72:87:65:15:92:a2:74:1c:9e:a7:
         af:02:2e:ea:95:5c:1b:e2:8b:a1:80:e8:ad:85:f7:df:b4:fd:
         94:9e:30:10:5c:39:91:81:ed:78:c3:f7:82:f4:47:7a:4c:f7:
         68:df:ea:02:5a:78:86:c1:57:26:96:21:49:94:12:a5:6b:f8:
         2d:e4:a0:87:3f:49:bf:3a:e6:b6:5a:f7:23:fe:0d:44:03:46:
         dd:9f:6b:7a:97:b9:78:82:be:b0:0f:28:98:e9:0e:7a:c2:0b:
         e4:5b:a8:9b:41:ce:47:60:2c:44:ee:68:42:13:8d:45:1a:0f:
         c8:f1:38:88
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYdVlEsLZ75z72Sc6lFyfmSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDA2MDc1OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY0YzY4NTU2YmNhMDIyNjBkYjIxYTVjNTI1NTBjNzQyYjQwMTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OmgLZD6GoX9CcMZTb4sjECyGMDj
PlGVlDdhLdwEb+sJ1FZaSChY3fgbPItgIKPw2PxqRNdgYACjDgr4KQn8b6UIaGDF
unKBS7J509eFoVC3ymmzhBnLayjL14sUWkLQqjtukQGqnEE7Wo9Ur7FrZprGZKkU
KQJxThYyuuxmd51MjY0j7cAUfNcbnO+Zid+SD28cV4Je4e7x9Vzs7WBbFSd8beGV
juRMFuJ1DFGaRVwVYnoBiUnQjWDWQzPe4TWBf00ZdvKmha+VH4zvO0kCmfihgTN7
IWpZaRDeSZUreLfQCzqLh+Q1WBMkV7xV+vkPBi86PMHdWPYHZgBR1QwgUwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFEJkxoVWvKAiYNshpcUlUMdCtAEGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUW1UR2hWYThvQ0pnMnlHbHhTVlF4MEswQVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAUah3AwQA
Uah7AwQAUpj7AwQAUpj/AwQAUplAAwQBUplGAwQAUpnSAwQAUpneAwQAUpn1AwQB
Upn4MA0GCSqGSIb3DQEBCwUAA4IBAQAYUQ1BNXRw52/ZxrbK8eBTvcxYQOMGOS2o
DBqa1cjwOUGVs6hQmupkKV3rtK/V63gl9ya8C1hCTbCYkAHw5wUP3uPUTqTxNW9s
ikMmaMBWDhvp8NcCRAeZSai8DWloPiOz8K9bC1mamwPp9xBKC8JmmCKoE7aKyJ54
adoTT4G5/9R2BAM3OnKHZRWSonQcnqevAi7qlVwb4ouhgOithffftP2UnjAQXDmR
ge14w/eC9Ed6TPdo3+oCWniGwVcmliFJlBKla/gt5KCHP0m/Oua2Wvcj/g1EA0bd
n2t6l7l4gr6wDyiY6Q56wgvkW6ibQc5HYCxE7mhCE41FGg/I8TiI
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:23 2024 by rpki-client on console-ams.rpki-client.org