Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/q3KjXpSZpqbs56U0lpbvLIn1WQM.roa
File:                     q3KjXpSZpqbs56U0lpbvLIn1WQM.roa (raw, json)
Hash identifier:          uUq+qc5uNu6myMaTHcBgNtRLZt2iCtaMEcCSqr2ZHWU=
Subject key identifier:   AB:72:A3:5E:94:99:A6:A6:EC:E7:A5:34:96:96:EF:2C:89:F5:59:03
Certificate issuer:       /CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Certificate serial:       01856FE7299A9FA8A3FDA36381604F87FE84
Authority key identifier: 9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/q3KjXpSZpqbs56U0lpbvLIn1WQM.roa
Signing time:             Mon 02 Jan 2023 00:34:58 +0000
ROA not before:           Mon 02 Jan 2023 00:34:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44712
IP address blocks:        185.91.204.0/22 maxlen: 22
                          151.249.104.0/21 maxlen: 21
                          2a01:a8c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:e7:29:9a:9f:a8:a3:fd:a3:63:81:60:4f:87:fe:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
        Validity
            Not Before: Jan  2 00:34:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ab72a35e9499a6a6ece7a5349696ef2c89f55903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a4:40:16:d3:b6:22:1e:d8:8f:d1:57:d2:11:
                    34:70:f0:b2:19:d7:fc:04:9a:14:fa:f7:e2:fa:61:
                    ba:94:3c:1f:0b:94:16:e6:e9:e6:04:df:76:e7:29:
                    6d:a9:5c:e0:0d:40:e5:9c:ee:b4:09:33:15:5b:c1:
                    46:df:52:f6:00:cc:16:1f:22:06:cc:27:d0:46:ae:
                    7a:22:0f:18:20:c7:a5:6c:3e:71:c7:c4:00:1a:d6:
                    d1:0c:52:d6:98:25:d1:37:38:83:6d:ec:22:da:07:
                    ea:a3:24:3f:6c:ea:ae:7c:fa:f5:47:0d:48:5a:79:
                    aa:e6:48:20:72:4a:7d:75:02:90:aa:7c:0b:bd:91:
                    9f:ac:be:74:5d:49:27:03:f8:ad:cc:43:e5:12:ba:
                    cf:c8:44:db:ed:32:0a:61:1b:ab:5a:8d:ee:b6:9a:
                    7b:8f:6e:00:47:04:9d:39:02:ae:64:b7:96:de:ee:
                    65:48:7f:d3:55:76:da:5a:59:9f:e5:b6:df:64:45:
                    ed:5f:a1:30:bd:7d:9f:e3:ef:42:1d:dd:74:29:21:
                    06:7a:40:09:d7:88:f3:e6:21:7a:77:dd:8e:6c:3e:
                    04:cb:0f:b4:76:63:5c:fb:1d:0e:e6:ca:8f:0a:3c:
                    e5:27:e0:fa:cb:56:92:7f:db:76:bf:a3:9f:ac:6b:
                    84:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:72:A3:5E:94:99:A6:A6:EC:E7:A5:34:96:96:EF:2C:89:F5:59:03
            X509v3 Authority Key Identifier:
                keyid:9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/q3KjXpSZpqbs56U0lpbvLIn1WQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.249.104.0/21
                  185.91.204.0/22
                IPv6:
                  2a01:a8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:69:df:5a:35:e1:da:b9:4e:a1:79:5e:3e:2f:e1:8e:53:83:
         07:e8:17:fa:0a:6b:97:48:b9:6a:2e:7a:ef:39:78:bf:00:7d:
         78:44:2e:81:e1:dc:41:56:08:0b:94:a6:55:97:54:a4:06:c9:
         7d:e3:b3:d2:bd:00:91:f0:0d:f4:b6:6f:32:99:8e:64:98:36:
         76:90:91:44:10:8b:71:e4:73:c1:ba:11:4b:02:16:4a:bc:73:
         ec:f2:33:66:4b:34:cf:e9:fc:6a:0a:fd:60:37:06:da:aa:85:
         a1:21:01:91:e2:0d:ae:b7:b4:85:5b:de:77:12:62:e2:23:19:
         40:4b:a0:c5:2a:6f:44:2e:87:45:09:02:f4:ea:0c:50:8f:21:
         32:b7:e1:cb:a1:0d:e3:b9:7c:7c:7a:d6:44:fc:55:2f:30:88:
         3c:8e:e0:ae:1b:84:c2:01:8e:fd:b6:89:8c:95:9a:8d:be:b4:
         89:bd:d5:7e:fc:0e:f4:c5:cb:90:03:18:c2:8f:67:e7:74:66:
         e3:c0:58:a3:cf:69:04:6c:e6:27:8f:71:c0:ed:1e:ff:cf:30:
         02:54:14:73:46:6b:75:ad:bc:15:91:36:cb:13:fc:b5:c3:0e:
         74:fd:fc:28:35:64:0a:29:1c:2e:a4:86:6b:f1:16:41:29:cc:
         44:ae:53:97
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVv5yman6ij/aNjgWBPh/6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWYwYmY5M2ZjNDM4MWZmZjdlN2FhODZiNDA3NmMwMzMy
NDJmZmEwHhcNMjMwMTAyMDAzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjcyYTM1ZTk0OTlhNmE2ZWNlN2E1MzQ5Njk2ZWYyYzg5ZjU1OTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6RAFtO2Ih7Yj9FX0hE0cPCyGdf8
BJoU+vfi+mG6lDwfC5QW5unmBN925yltqVzgDUDlnO60CTMVW8FG31L2AMwWHyIG
zCfQRq56Ig8YIMelbD5xx8QAGtbRDFLWmCXRNziDbewi2gfqoyQ/bOqufPr1Rw1I
Wnmq5kggckp9dQKQqnwLvZGfrL50XUknA/itzEPlErrPyETb7TIKYRurWo3utpp7
j24ARwSdOQKuZLeW3u5lSH/TVXbaWlmf5bbfZEXtX6EwvX2f4+9CHd10KSEGekAJ
14jz5iF6d92ObD4Eyw+0dmNc+x0O5sqPCjzlJ+D6y1aSf9t2v6OfrGuE8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKtyo16Umaam7OelNJaW7yyJ9VkDMB8GA1UdIwQY
MBaAFJ+vC/k/xDgf/356qGtAdsAzJC/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgt
ZjUyMGE3ZDcxZWY1LzEvcTNLalhwU1pwcWJzNTZVMGxwYnZMSW4xV1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgtZjUyMGE3ZDcxZWY1
LzEvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDl/loAwQC
uVvMMA0EAgACMAcDBQMqAajAMA0GCSqGSIb3DQEBCwUAA4IBAQAiad9aNeHauU6h
eV4+L+GOU4MH6Bf6CmuXSLlqLnrvOXi/AH14RC6B4dxBVggLlKZVl1SkBsl947PS
vQCR8A30tm8ymY5kmDZ2kJFEEItx5HPBuhFLAhZKvHPs8jNmSzTP6fxqCv1gNwba
qoWhIQGR4g2ut7SFW953EmLiIxlAS6DFKm9ELodFCQL06gxQjyEyt+HLoQ3juXx8
etZE/FUvMIg8juCuG4TCAY79tomMlZqNvrSJvdV+/A70xcuQAxjCj2fndGbjwFij
z2kEbOYnj3HA7R7/zzACVBRzRmt1rbwVkTbLE/y1ww50/fwoNWQKKRwupIZr8RZB
KcxErlOX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:29 2024 by rpki-client on console-fra.rpki-client.org