Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QznF3dA5dbHiVeg8KzfphjyTGeQ.roa
File:                     QznF3dA5dbHiVeg8KzfphjyTGeQ.roa (raw, json)
Hash identifier:          h9h5n3ZKj4cc7gz8/0r/fkuX88yV9S0AusAEEaxns9E=
Subject key identifier:   43:39:C5:DD:D0:39:75:B1:E2:55:E8:3C:2B:37:E9:86:3C:93:19:E4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018B1DD3AACB27E2ED7C0480DF06F531D34A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QznF3dA5dbHiVeg8KzfphjyTGeQ.roa
Signing time:             Wed 11 Oct 2023 08:21:32 +0000
ROA not before:           Wed 11 Oct 2023 08:21:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.176.0/22 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.167.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 12 Oct 2023 07:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1d:d3:aa:cb:27:e2:ed:7c:04:80:df:06:f5:31:d3:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 11 08:21:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4339c5ddd03975b1e255e83c2b37e9863c9319e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:06:eb:b3:a9:0c:aa:f4:c0:bd:ad:6e:c6:e0:
                    d0:d8:54:48:d5:cd:0c:55:16:77:c9:5b:1e:25:6f:
                    af:53:2a:7d:81:a3:d8:d0:6a:26:c6:2c:34:25:f9:
                    fc:b0:8a:d7:52:37:00:4e:30:b9:14:dc:0b:46:45:
                    8d:6f:eb:8f:80:bd:15:0d:52:6b:52:03:3c:1c:e4:
                    0e:36:2c:13:a6:b5:c9:8e:65:c9:e8:11:d5:89:9f:
                    e6:3f:b7:45:16:19:24:ff:e1:78:ad:d4:3c:7d:5b:
                    d9:15:e6:11:bf:7c:53:c1:c0:e4:40:e6:31:6c:9c:
                    20:14:12:cb:98:66:75:d8:78:00:fb:9e:50:e4:15:
                    e7:27:62:e6:6a:4c:c1:b5:c3:c9:e1:ec:16:72:60:
                    73:23:5a:74:41:60:e7:49:f1:d0:36:c1:f8:c0:a2:
                    9c:84:80:56:11:ca:2c:d0:23:dc:fe:ca:85:32:41:
                    08:a3:be:8e:44:bf:9c:cf:19:29:90:6d:cb:13:11:
                    54:38:b1:f1:ba:a3:a8:36:7b:b5:b7:e3:e2:ae:1f:
                    2f:97:ba:b1:70:a7:ca:c9:7b:dc:69:a5:7a:76:59:
                    24:f6:3f:b8:98:9e:ab:63:72:4e:ac:4d:64:8a:b0:
                    f7:09:a1:a4:67:18:05:f7:9f:56:a3:57:fa:63:d3:
                    a0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:39:C5:DD:D0:39:75:B1:E2:55:E8:3C:2B:37:E9:86:3C:93:19:E4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QznF3dA5dbHiVeg8KzfphjyTGeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.155.255
                  89.213.167.0/24
                  89.213.176.0/21
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:91:48:e6:bb:91:49:c8:d0:5a:98:f9:bf:cc:5c:8a:9b:cd:
         63:0a:00:05:84:b1:03:c7:0f:19:0a:12:e8:ed:70:80:42:b0:
         c9:4d:58:0c:ba:30:e9:4b:1a:f5:57:c5:a1:f9:eb:36:94:a5:
         90:b6:12:a3:fe:1b:de:db:7e:cc:70:ad:22:51:fe:f9:97:ca:
         b5:43:1b:6d:4a:51:45:a1:97:5f:a3:f3:3f:38:16:d6:c9:67:
         7d:31:3f:1a:f0:8f:24:9a:9c:15:ef:bb:eb:3c:d0:30:8c:d8:
         23:b8:30:0a:38:6e:a3:03:c8:4a:41:45:8f:ff:68:a9:6d:6f:
         9f:20:7b:11:1a:08:dd:85:a7:62:0a:5b:f7:3a:af:c6:ff:c0:
         bc:d3:a3:14:ee:18:fc:c7:17:76:fe:4b:55:3b:e8:90:4c:40:
         ea:24:69:18:d0:3a:5d:e6:25:cc:e7:3b:b4:d0:db:9f:b8:d8:
         8b:70:e8:c8:bc:38:2f:94:f2:8b:9f:c7:bc:31:cc:79:c4:65:
         22:a0:91:e1:50:80:6c:3a:db:77:9e:99:64:03:c3:3b:95:d0:
         da:8e:98:79:39:26:33:90:b1:3b:23:d4:58:a7:99:ab:70:32:
         97:11:ee:bb:c3:be:a0:a4:9f:f9:f9:fa:45:97:72:51:15:1c:
         c7:c9:37:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYsd06rLJ+LtfASA3wb1MdNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDExMDgyMTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM5YzVkZGQwMzk3NWIxZTI1NWU4M2MyYjM3ZTk4NjNjOTMxOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwbrs6kMqvTAva1uxuDQ2FRI1c0M
VRZ3yVseJW+vUyp9gaPY0Gomxiw0Jfn8sIrXUjcATjC5FNwLRkWNb+uPgL0VDVJr
UgM8HOQONiwTprXJjmXJ6BHViZ/mP7dFFhkk/+F4rdQ8fVvZFeYRv3xTwcDkQOYx
bJwgFBLLmGZ12HgA+55Q5BXnJ2LmakzBtcPJ4ewWcmBzI1p0QWDnSfHQNsH4wKKc
hIBWEcos0CPc/sqFMkEIo76ORL+czxkpkG3LExFUOLHxuqOoNnu1t+Pirh8vl7qx
cKfKyXvcaaV6dlkk9j+4mJ6rY3JOrE1kirD3CaGkZxgF959Wo1f6Y9OgdwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEM5xd3QOXWx4lXoPCs36YY8kxnkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUXpuRjNkQTVkYkhpVmVnOEt6ZnBoanlUR2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQA
Uah7AwQCUpmIMAwDBAJZ1ZQDBAJZ1ZgDBABZ1acDBANZ1bADBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAH2RSOa7kUnI0FqY+b/MXIqbzWMKAAWEsQPHDxkK
EujtcIBCsMlNWAy6MOlLGvVXxaH56zaUpZC2EqP+G97bfsxwrSJR/vmXyrVDG21K
UUWhl1+j8z84FtbJZ30xPxrwjySanBXvu+s80DCM2CO4MAo4bqMDyEpBRY//aKlt
b58gexEaCN2Fp2IKW/c6r8b/wLzToxTuGPzHF3b+S1U76JBMQOokaRjQOl3mJczn
O7TQ25+42Itw6Mi8OC+U8oufx7wxzHnEZSKgkeFQgGw623eemWQDwzuV0NqOmHk5
JjOQsTsj1FinmatwMpcR7rvDvqCkn/n5+kWXclEVHMfJNx0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org