Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qfh0GTy6lf5rVgzc3WnS1WTQbgQ.roa
File:                     qfh0GTy6lf5rVgzc3WnS1WTQbgQ.roa (raw, json)
Hash identifier:          +u/5CJkd4oZMDUtuBTmIWHKqWd7ZDWYf11Tn6U4yuss=
Subject key identifier:   A9:F8:74:19:3C:BA:95:FE:6B:56:0C:DC:DD:69:D2:D5:64:D0:6E:04
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C8256595649E4B7218C6E9224568010E5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qfh0GTy6lf5rVgzc3WnS1WTQbgQ.roa
Signing time:             Tue 19 Dec 2023 13:49:06 +0000
ROA not before:           Tue 19 Dec 2023 13:49:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 21 Dec 2023 10:20:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:82:56:59:56:49:e4:b7:21:8c:6e:92:24:56:80:10:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 19 13:49:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a9f874193cba95fe6b560cdcdd69d2d564d06e04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b8:f0:ad:b5:ff:ed:bf:7d:60:0e:26:94:9b:
                    c2:42:54:4d:51:49:7c:97:bf:55:52:3e:70:1d:df:
                    33:b4:40:06:f7:b6:4a:1c:2c:48:8d:0a:cd:bb:6d:
                    96:8b:da:b7:9a:2d:bc:d8:01:f0:3d:a1:bd:0c:3c:
                    b0:8e:0a:ce:1d:26:39:49:09:70:39:12:b7:49:a5:
                    ee:46:47:58:ff:b3:95:b8:b5:4e:ae:67:00:3c:4e:
                    78:4a:89:93:af:1e:b9:15:18:4c:2b:44:96:e6:29:
                    d8:3b:87:03:63:b7:b6:55:a8:f7:40:b8:ba:27:2b:
                    0b:fa:a0:33:b5:81:b5:fe:f3:d1:62:27:4d:87:00:
                    ea:5b:e6:4a:3d:fe:7e:ed:1d:05:77:f7:27:2a:06:
                    57:25:b6:f6:8d:8c:c6:73:9c:21:35:cd:23:78:d3:
                    03:ae:f4:d0:1d:5f:df:f9:38:42:44:46:de:39:36:
                    ab:52:46:48:dc:d2:a6:27:52:80:2a:83:7f:dd:f9:
                    61:56:94:bc:2a:cb:d4:ad:fb:bc:0b:59:83:a7:ee:
                    16:a6:83:0a:cc:0b:2d:d6:83:53:7b:6e:0d:aa:a2:
                    7c:25:de:47:64:0e:45:3e:eb:30:0f:8d:fc:e2:9f:
                    5d:11:69:ee:58:05:be:e8:61:07:bb:eb:95:28:99:
                    8b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F8:74:19:3C:BA:95:FE:6B:56:0C:DC:DD:69:D2:D5:64:D0:6E:04
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qfh0GTy6lf5rVgzc3WnS1WTQbgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.126.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:c1:22:38:80:81:fc:8a:6f:be:d4:4a:f9:66:13:d4:f0:f5:
         05:72:19:2f:3e:41:57:41:15:e2:42:32:bb:c9:b8:77:8b:40:
         c4:87:61:31:d5:91:ac:2c:ad:f0:06:38:98:f2:2e:e7:08:ea:
         6c:42:c1:a3:62:dd:8a:7f:96:2b:20:0b:42:0e:28:5f:c5:59:
         21:b1:c0:c5:6b:a5:32:27:df:20:ef:b5:c1:78:d4:f0:39:80:
         2a:55:5d:93:3f:ff:c0:cb:e0:1c:5f:fd:27:d0:c0:1d:d8:bf:
         bc:29:46:38:8c:33:4a:4d:14:e3:a3:b1:64:9b:1d:73:d0:a1:
         79:8a:c8:1d:8d:82:8b:1e:94:8e:7a:f8:86:f7:d9:10:da:93:
         63:b3:f0:52:6a:d0:c2:42:8a:70:50:a1:66:23:84:d7:40:4f:
         d7:6a:20:6e:a0:b0:df:66:b7:cc:89:16:9f:16:ff:54:4c:5c:
         90:9a:37:47:a6:ad:71:d1:8f:f5:3e:a6:57:a1:f2:cc:7c:94:
         a0:c6:ac:c2:d9:ac:6b:66:1b:c7:98:c7:3a:39:82:de:cf:99:
         22:5d:b5:29:8d:96:97:c7:f4:56:43:84:e2:0c:fe:de:eb:f8:
         6d:bc:9f:58:e7:bd:3c:f5:36:6c:e9:55:e2:e7:3c:89:4a:a2:
         b8:0a:7d:91
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYyCVllWSeS3IYxukiRWgBDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjE5MTM0OTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWY4NzQxOTNjYmE5NWZlNmI1NjBjZGNkZDY5ZDJkNTY0ZDA2ZTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrjwrbX/7b99YA4mlJvCQlRNUUl8
l79VUj5wHd8ztEAG97ZKHCxIjQrNu22Wi9q3mi282AHwPaG9DDywjgrOHSY5SQlw
ORK3SaXuRkdY/7OVuLVOrmcAPE54SomTrx65FRhMK0SW5inYO4cDY7e2Vaj3QLi6
JysL+qAztYG1/vPRYidNhwDqW+ZKPf5+7R0Fd/cnKgZXJbb2jYzGc5whNc0jeNMD
rvTQHV/f+ThCREbeOTarUkZI3NKmJ1KAKoN/3flhVpS8KsvUrfu8C1mDp+4WpoMK
zAst1oNTe24NqqJ8Jd5HZA5FPuswD4384p9dEWnuWAW+6GEHu+uVKJmL4wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKn4dBk8upX+a1YM3N1p0tVk0G4EMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcWZoMEdUeTZsZjVyVmd6YzNXblMxV1RRYmdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQA
Uah+AwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBADvBIjiAgfyKb77USvlmE9Tw9QVyGS8+QVdBFeJC
MrvJuHeLQMSHYTHVkawsrfAGOJjyLucI6mxCwaNi3Yp/lisgC0IOKF/FWSGxwMVr
pTIn3yDvtcF41PA5gCpVXZM//8DL4Bxf/SfQwB3Yv7wpRjiMM0pNFOOjsWSbHXPQ
oXmKyB2NgoselI56+Ib32RDak2Oz8FJq0MJCinBQoWYjhNdAT9dqIG6gsN9mt8yJ
Fp8W/1RMXJCaN0emrXHRj/U+pleh8sx8lKDGrMLZrGtmG8eYxzo5gt7PmSJdtSmN
lpfH9FZDhOIM/t7r+G28n1jnvTz1NmzpVeLnPIlKorgKfZE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org