Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/qKmQh_Z_WQMqMZRzwyBauKbnpkk.roa
File:                     qKmQh_Z_WQMqMZRzwyBauKbnpkk.roa (raw, json)
Hash identifier:          z9GsuaJTnozceT72h/9HXBC4Vv1P3t1w5aPrR5rKihw=
Subject key identifier:   A8:A9:90:87:F6:7F:59:03:2A:31:94:73:C3:20:5A:B8:A6:E7:A6:49
Certificate issuer:       /CN=08bf59899b7aca30a3c7d5db93b212d98709c89b
Certificate serial:       01856B935CA5331C919F40A11E4D709550FD
Authority key identifier: 08:BF:59:89:9B:7A:CA:30:A3:C7:D5:DB:93:B2:12:D9:87:09:C8:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/qKmQh_Z_WQMqMZRzwyBauKbnpkk.roa
Signing time:             Sun 01 Jan 2023 04:24:57 +0000
ROA not before:           Sun 01 Jan 2023 04:24:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58308
IP address blocks:        91.109.120.0/21 maxlen: 21
                          185.144.152.0/22 maxlen: 22
                          2a01:66c0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:93:5c:a5:33:1c:91:9f:40:a1:1e:4d:70:95:50:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08bf59899b7aca30a3c7d5db93b212d98709c89b
        Validity
            Not Before: Jan  1 04:24:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8a99087f67f59032a319473c3205ab8a6e7a649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4a:86:9d:48:7b:21:71:96:72:ee:1d:35:55:
                    58:ba:b0:c2:10:ae:86:da:a4:bd:6d:34:68:5d:51:
                    d5:59:43:6d:8a:9c:5c:ab:26:7d:8e:46:3b:46:fe:
                    66:8c:dc:28:9d:01:13:dc:37:e9:2f:8e:8a:b2:69:
                    da:50:a7:52:1b:a9:7f:23:50:33:d3:67:d1:c4:f1:
                    0f:63:bc:63:89:bc:bc:00:b9:6e:ed:0b:9f:05:be:
                    e4:dc:61:bc:f9:88:7b:00:55:1f:c9:43:db:f6:41:
                    eb:cc:98:b1:53:d1:6c:1d:56:0d:c8:e9:fd:5e:36:
                    8d:69:e5:5f:de:ed:70:07:58:80:c1:ff:93:67:67:
                    a7:f7:68:48:be:f6:71:fb:10:be:09:b1:7f:78:64:
                    84:7a:bb:e6:0f:7c:94:7f:87:19:41:6a:4c:ab:c1:
                    49:2b:e7:a8:c8:f9:07:42:c1:11:52:6f:58:f6:40:
                    b4:a5:7e:cd:ca:6a:60:a6:b3:69:0f:2f:63:ba:18:
                    c3:9e:6a:9f:72:1a:f3:3a:6e:45:38:ce:19:ce:b0:
                    32:19:bb:aa:fa:16:85:0f:5b:42:5f:f3:19:f3:15:
                    5e:24:fb:23:ea:cb:9f:77:2c:ef:4d:c3:3a:71:89:
                    e5:a0:d5:02:54:0a:d5:22:39:0d:62:53:f5:9c:8b:
                    ea:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A9:90:87:F6:7F:59:03:2A:31:94:73:C3:20:5A:B8:A6:E7:A6:49
            X509v3 Authority Key Identifier:
                keyid:08:BF:59:89:9B:7A:CA:30:A3:C7:D5:DB:93:B2:12:D9:87:09:C8:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/qKmQh_Z_WQMqMZRzwyBauKbnpkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.120.0/21
                  185.144.152.0/22
                IPv6:
                  2a01:66c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:78:05:e8:50:b6:4e:48:71:4d:38:0f:a4:dd:2e:13:68:05:
         18:1c:28:c3:b7:4a:25:38:c6:1f:b0:7d:05:df:f9:21:5c:39:
         42:70:d4:a1:bd:4e:63:00:57:1b:16:64:55:d5:ef:e6:16:be:
         de:6e:62:63:eb:68:c6:c5:bd:2d:f4:81:67:2e:8e:c4:a5:98:
         d5:59:fb:48:ed:96:bd:32:3c:ec:c3:ff:9c:e5:e1:02:0e:8d:
         4a:df:b9:ad:4d:38:6c:64:db:17:f4:9a:f7:ce:2d:3f:31:dc:
         03:b1:4d:43:65:14:fd:18:ba:f4:b0:2c:49:cd:05:35:9c:7c:
         6b:19:ee:6b:fa:3f:8e:3d:95:a8:71:6d:f4:fa:ca:85:7c:9c:
         f3:ef:02:4e:ff:bf:f1:3f:ae:49:86:66:df:37:a7:16:67:9c:
         cc:3e:61:39:42:1e:35:79:6a:53:c0:61:36:5e:58:7f:68:dc:
         1f:06:50:aa:3b:ae:ac:f1:cc:a5:3e:cd:d0:e1:e9:29:41:db:
         c9:3c:53:de:7f:8a:92:60:d8:e7:95:50:c9:d1:d0:77:6d:9b:
         cb:35:1d:36:df:98:d0:0e:05:b8:28:eb:e6:29:e9:b6:ea:2f:
         62:85:16:ab:d6:9f:76:b4:62:7c:51:10:b0:ba:bf:ed:d5:d1:
         72:d7:bd:27
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVrk1ylMxyRn0ChHk1wlVD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YmY1OTg5OWI3YWNhMzBhM2M3ZDVkYjkzYjIxMmQ5ODcw
OWM4OWIwHhcNMjMwMTAxMDQyNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE5OTA4N2Y2N2Y1OTAzMmEzMTk0NzNjMzIwNWFiOGE2ZTdhNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0qGnUh7IXGWcu4dNVVYurDCEK6G
2qS9bTRoXVHVWUNtipxcqyZ9jkY7Rv5mjNwonQET3DfpL46KsmnaUKdSG6l/I1Az
02fRxPEPY7xjiby8ALlu7QufBb7k3GG8+Yh7AFUfyUPb9kHrzJixU9FsHVYNyOn9
XjaNaeVf3u1wB1iAwf+TZ2en92hIvvZx+xC+CbF/eGSEervmD3yUf4cZQWpMq8FJ
K+eoyPkHQsERUm9Y9kC0pX7NympgprNpDy9juhjDnmqfchrzOm5FOM4ZzrAyGbuq
+haFD1tCX/MZ8xVeJPsj6sufdyzvTcM6cYnloNUCVArVIjkNYlP1nIvqjwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKipkIf2f1kDKjGUc8MgWrim56ZJMB8GA1UdIwQY
MBaAFAi/WYmbesowo8fV25OyEtmHCcibMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0w5WmladDZ5akNqeDlYYms3SVMyWWNKeUpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jZTE2NzctZDkyNy00NGM2LWE5MDkt
M2IyYjUxYTVlM2RhLzEvcUttUWhfWl9XUU1xTVpSend5QmF1S2JucGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jZTE2NzctZDkyNy00NGM2LWE5MDktM2IyYjUxYTVlM2Rh
LzEvQ0w5WmladDZ5akNqeDlYYms3SVMyWWNKeUpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDW214AwQC
uZCYMA0EAgACMAcDBQAqAWbAMA0GCSqGSIb3DQEBCwUAA4IBAQBkeAXoULZOSHFN
OA+k3S4TaAUYHCjDt0olOMYfsH0F3/khXDlCcNShvU5jAFcbFmRV1e/mFr7ebmJj
62jGxb0t9IFnLo7EpZjVWftI7Za9Mjzsw/+c5eECDo1K37mtTThsZNsX9Jr3zi0/
MdwDsU1DZRT9GLr0sCxJzQU1nHxrGe5r+j+OPZWocW30+sqFfJzz7wJO/7/xP65J
hmbfN6cWZ5zMPmE5Qh41eWpTwGE2Xlh/aNwfBlCqO66s8cylPs3Q4ekpQdvJPFPe
f4qSYNjnlVDJ0dB3bZvLNR0235jQDgW4KOvmKem26i9ihRar1p92tGJ8URCwur/t
1dFy170n
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:13 2024 by rpki-client on console-fra.rpki-client.org