Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f6a124-7f01-4e40-b796-cca52b626fca/1/q8TnKvl2-0NmgulkUY-gI2kvsQ4.roa
File:                     q8TnKvl2-0NmgulkUY-gI2kvsQ4.roa (raw, json)
Hash identifier:          Y3JtoZWzs7cko2Mw08lRNVYNfeeMALhHremORHjuocc=
Subject key identifier:   AB:C4:E7:2A:F9:76:FB:43:66:82:E9:64:51:8F:A0:23:69:2F:B1:0E
Certificate issuer:       /CN=d794e81d72f59c65a0d18144a1b2607983536b4a
Certificate serial:       018570399B28ED84F114B89CA6DF6477459F
Authority key identifier: D7:94:E8:1D:72:F5:9C:65:A0:D1:81:44:A1:B2:60:79:83:53:6B:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/15ToHXL1nGWg0YFEobJgeYNTa0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f6a124-7f01-4e40-b796-cca52b626fca/1/q8TnKvl2-0NmgulkUY-gI2kvsQ4.roa
Signing time:             Mon 02 Jan 2023 02:05:01 +0000
ROA not before:           Mon 02 Jan 2023 02:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50616
IP address blocks:        185.156.12.0/22 maxlen: 23
                          31.22.48.0/22 maxlen: 23
                          31.22.56.0/22 maxlen: 23
                          31.22.52.0/22 maxlen: 23
                          31.22.60.0/22 maxlen: 23
                          109.234.232.0/22 maxlen: 23
                          109.234.236.0/22 maxlen: 23

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:34:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:39:9b:28:ed:84:f1:14:b8:9c:a6:df:64:77:45:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d794e81d72f59c65a0d18144a1b2607983536b4a
        Validity
            Not Before: Jan  2 02:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=abc4e72af976fb436682e964518fa023692fb10e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:67:40:d5:59:94:d2:c8:72:9a:ee:46:e2:50:
                    25:e8:95:4b:22:5a:c8:fa:5b:bd:ca:83:dc:07:af:
                    7e:27:16:d0:68:e6:d9:9c:09:b1:f5:2c:c2:bc:07:
                    cd:72:29:ee:54:81:a0:78:a6:72:6d:be:a8:a1:7d:
                    b3:f3:48:43:f9:e9:20:c5:0d:7c:84:8e:14:14:86:
                    8c:e2:f8:6c:2d:81:d3:c2:9f:bd:ac:aa:f3:c1:c1:
                    64:cf:b9:8c:3e:4a:ac:2b:65:72:6f:3c:a0:ef:f6:
                    94:e8:e6:8f:7a:bb:37:86:4b:6b:22:0f:5c:85:c8:
                    5d:6e:84:b1:dd:96:08:61:bb:bd:a1:7b:6e:63:69:
                    4d:e2:ce:cc:06:a5:7a:26:a8:91:46:12:9e:f2:30:
                    ba:dc:4a:67:a4:9e:f9:8f:20:43:a8:17:ca:32:08:
                    f7:ab:57:91:16:56:3c:26:dc:e7:49:a8:1b:09:4e:
                    e0:ae:fa:ee:b7:1a:b1:78:1a:0a:d4:ad:25:13:51:
                    44:b2:df:c5:0f:b8:92:73:82:59:a1:79:74:af:01:
                    de:61:2a:44:4e:25:60:40:c9:c4:dd:87:87:b6:4c:
                    57:ed:93:7b:05:33:3c:df:c9:d0:b4:06:d7:81:b4:
                    07:ed:6f:c1:d1:a6:03:44:ea:b8:57:e1:5b:31:77:
                    84:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:C4:E7:2A:F9:76:FB:43:66:82:E9:64:51:8F:A0:23:69:2F:B1:0E
            X509v3 Authority Key Identifier:
                keyid:D7:94:E8:1D:72:F5:9C:65:A0:D1:81:44:A1:B2:60:79:83:53:6B:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/15ToHXL1nGWg0YFEobJgeYNTa0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f6a124-7f01-4e40-b796-cca52b626fca/1/q8TnKvl2-0NmgulkUY-gI2kvsQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f6a124-7f01-4e40-b796-cca52b626fca/1/15ToHXL1nGWg0YFEobJgeYNTa0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.48.0/20
                  109.234.232.0/21
                  185.156.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:86:5b:ca:b3:d8:20:cf:d3:87:69:db:53:76:3e:eb:13:56:
         58:ed:19:dc:a7:8e:63:22:41:17:c0:cb:1c:bf:f4:3d:1c:e9:
         2d:cb:92:bb:a7:7f:d0:02:ed:77:6a:8c:1c:90:fe:a5:11:c6:
         8e:c9:79:56:13:f6:07:9d:91:f4:aa:03:59:5c:8f:62:ad:42:
         a3:ff:47:42:ff:fa:65:f0:ef:aa:61:e9:cd:1a:b9:06:a4:6d:
         b4:a9:d1:d7:c6:4f:42:e6:23:12:28:91:0c:40:03:e7:af:f9:
         e9:eb:55:1e:c5:09:0e:04:bb:60:48:9b:aa:da:b3:bc:3d:23:
         67:80:1c:b6:ba:de:f3:a9:2f:e7:ef:5c:8b:93:44:b0:c5:40:
         70:e4:46:76:9a:78:b8:83:24:16:93:4e:d5:13:f8:1e:35:79:
         16:86:56:5d:1a:67:46:ea:89:0f:3e:f4:11:ee:e0:82:3d:d0:
         7c:55:76:e0:3b:ce:f1:0f:f0:d7:6e:cf:54:52:97:4f:2c:b9:
         21:c1:22:65:42:7b:e2:9f:c4:59:1b:b6:76:ed:36:3f:05:cd:
         1f:a8:03:36:7f:95:15:fc:a6:11:2b:83:77:29:8f:55:50:ad:
         b1:e5:1f:4e:39:1e:86:2e:93:ff:1d:42:09:04:1f:73:47:cd:
         a3:35:c3:29
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVwOZso7YTxFLicpt9kd0WfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OTRlODFkNzJmNTljNjVhMGQxODE0NGExYjI2MDc5ODM1
MzZiNGEwHhcNMjMwMTAyMDIwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmM0ZTcyYWY5NzZmYjQzNjY4MmU5NjQ1MThmYTAyMzY5MmZiMTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGdA1VmU0shymu5G4lAl6JVLIlrI
+lu9yoPcB69+JxbQaObZnAmx9SzCvAfNcinuVIGgeKZybb6ooX2z80hD+ekgxQ18
hI4UFIaM4vhsLYHTwp+9rKrzwcFkz7mMPkqsK2Vybzyg7/aU6OaPers3hktrIg9c
hchdboSx3ZYIYbu9oXtuY2lN4s7MBqV6JqiRRhKe8jC63EpnpJ75jyBDqBfKMgj3
q1eRFlY8JtznSagbCU7grvrutxqxeBoK1K0lE1FEst/FD7iSc4JZoXl0rwHeYSpE
TiVgQMnE3YeHtkxX7ZN7BTM838nQtAbXgbQH7W/B0aYDROq4V+FbMXeEnQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKvE5yr5dvtDZoLpZFGPoCNpL7EOMB8GA1UdIwQY
MBaAFNeU6B1y9ZxloNGBRKGyYHmDU2tKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTVUb0hYTDFuR1dnMFlGRW9iSmdlWU5UYTBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mNmExMjQtN2YwMS00ZTQwLWI3OTYt
Y2NhNTJiNjI2ZmNhLzEvcThUbkt2bDItME5tZ3Vsa1VZLWdJMmt2c1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mNmExMjQtN2YwMS00ZTQwLWI3OTYtY2NhNTJiNjI2ZmNh
LzEvMTVUb0hYTDFuR1dnMFlGRW9iSmdlWU5UYTBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEHxYwAwQD
beroAwQCuZwMMA0GCSqGSIb3DQEBCwUAA4IBAQCUhlvKs9ggz9OHadtTdj7rE1ZY
7Rncp45jIkEXwMscv/Q9HOkty5K7p3/QAu13aowckP6lEcaOyXlWE/YHnZH0qgNZ
XI9irUKj/0dC//pl8O+qYenNGrkGpG20qdHXxk9C5iMSKJEMQAPnr/np61UexQkO
BLtgSJuq2rO8PSNngBy2ut7zqS/n71yLk0SwxUBw5EZ2mni4gyQWk07VE/geNXkW
hlZdGmdG6okPPvQR7uCCPdB8VXbgO87xD/DXbs9UUpdPLLkhwSJlQnvin8RZG7Z2
7TY/Bc0fqAM2f5UV/KYRK4N3KY9VUK2x5R9OOR6GLpP/HUIJBB9zR82jNcMp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:05 2024 by rpki-client on console-fra.rpki-client.org