Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/PQ78yBwW-pPUSQRBswG3zmPMLYI.roa
File:                     PQ78yBwW-pPUSQRBswG3zmPMLYI.roa (raw, json)
Hash identifier:          JnHIB0TGusC2F/b75CO6YsV+D/D3H69IlD0gjXvp3Cg=
Subject key identifier:   3D:0E:FC:C8:1C:16:FA:93:D4:49:04:41:B3:01:B7:CE:63:CC:2D:82
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       019083DA8BF314E9ABC52097015B989E3D40
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/PQ78yBwW-pPUSQRBswG3zmPMLYI.roa
Signing time:             Fri 05 Jul 2024 17:04:16 +0000
ROA not before:           Fri 05 Jul 2024 17:04:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12679
IP address blocks:        45.134.13.0/24 maxlen: 24
                          45.134.14.0/24 maxlen: 24
                          185.192.21.0/24 maxlen: 24
                          185.192.22.0/24 maxlen: 24
                          185.192.23.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.228.0/24 maxlen: 24
                          2a07:500::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a07:505::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 10 Sep 2024 05:16:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:83:da:8b:f3:14:e9:ab:c5:20:97:01:5b:98:9e:3d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Jul  5 17:04:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d0efcc81c16fa93d4490441b301b7ce63cc2d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:86:e0:77:7b:18:3a:6b:d9:bc:fc:16:57:d8:
                    e3:ea:e6:11:26:7f:d5:c2:62:2a:39:ab:24:60:f9:
                    86:63:01:d8:c0:bb:77:2d:21:c7:87:4c:9d:23:8f:
                    f3:5c:66:9f:10:8c:3d:90:f6:6e:ae:bc:1b:d9:01:
                    ee:94:7e:86:fd:15:33:65:e5:2b:27:d6:98:d9:8d:
                    72:d8:0f:80:82:41:dd:7b:30:00:e5:c9:af:83:a0:
                    c5:81:b0:9a:e3:b0:be:f0:b8:6c:21:68:be:3a:30:
                    6b:c3:4b:11:8f:21:94:03:36:7a:65:60:a0:06:23:
                    a4:c5:82:e5:2b:d0:e7:41:19:af:d8:d2:88:29:06:
                    78:fb:97:84:54:d8:85:7f:ec:56:9c:af:60:1d:11:
                    19:07:22:59:07:c3:1a:4c:63:9d:25:0c:61:dd:fe:
                    dd:f1:d3:e9:d6:c1:ce:88:da:30:22:8f:7f:28:6d:
                    7b:f1:1e:79:bc:c4:74:5b:b8:0a:12:0f:64:16:51:
                    de:bb:c4:ec:74:84:a6:87:0d:4d:f1:51:dd:8d:4b:
                    79:fa:fe:52:4f:be:5b:bb:55:f4:ac:97:62:ca:60:
                    3f:ae:aa:93:e7:14:82:be:f7:16:73:3f:d9:e1:e0:
                    25:d1:6e:b0:75:28:40:ad:b4:bc:79:68:8e:bf:12:
                    07:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:0E:FC:C8:1C:16:FA:93:D4:49:04:41:B3:01:B7:CE:63:CC:2D:82
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/PQ78yBwW-pPUSQRBswG3zmPMLYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.13.0-45.134.14.255
                  185.192.21.0-185.192.23.255
                  212.8.224.0-212.8.228.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:80:47:9c:4f:3f:67:97:ed:7f:58:a6:7e:cc:ec:c7:6c:5d:
         59:b5:46:5d:26:65:21:f1:be:91:dc:96:4f:14:b2:42:81:1b:
         eb:0d:37:68:0a:57:f2:b4:bf:af:1f:f5:35:2d:a4:f6:7c:99:
         44:0a:1c:70:3a:79:0b:de:b4:a5:54:10:0b:99:bf:a3:3b:79:
         5d:74:a3:fe:d1:cf:20:0a:5f:ff:e9:13:49:75:c8:f8:de:3c:
         96:3c:f1:f6:71:5b:8f:61:82:04:3d:74:26:9b:eb:47:fd:1d:
         31:cb:6b:ad:bb:eb:a9:62:6c:79:a8:91:cb:e6:ca:1c:0f:38:
         85:ec:f8:58:29:d8:79:97:e9:02:31:d3:8b:25:fd:2c:2c:a1:
         eb:61:62:0b:28:24:7e:bc:e5:5b:d9:2c:df:a7:b7:7b:ef:54:
         c5:f1:17:cf:8c:56:f3:bf:6d:4a:7e:e0:c0:85:9f:5c:e5:c6:
         73:70:19:4d:86:fb:1c:68:a4:83:b6:97:9c:4a:7c:c5:16:08:
         aa:e4:94:a2:dd:d6:cf:59:65:a7:15:e4:92:cc:61:d5:1a:2a:
         19:d5:ae:41:78:16:58:c5:9b:f5:bd:58:9f:e6:26:89:aa:69:
         a0:dd:8d:56:4d:2c:97:22:43:4f:fb:2f:40:fe:86:4c:14:d4:
         88:13:a9:48
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZCD2ovzFOmrxSCXAVuYnj1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjQwNzA1MTcwNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDBlZmNjODFjMTZmYTkzZDQ0OTA0NDFiMzAxYjdjZTYzY2MyZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2obgd3sYOmvZvPwWV9jj6uYRJn/V
wmIqOaskYPmGYwHYwLt3LSHHh0ydI4/zXGafEIw9kPZurrwb2QHulH6G/RUzZeUr
J9aY2Y1y2A+AgkHdezAA5cmvg6DFgbCa47C+8LhsIWi+OjBrw0sRjyGUAzZ6ZWCg
BiOkxYLlK9DnQRmv2NKIKQZ4+5eEVNiFf+xWnK9gHREZByJZB8MaTGOdJQxh3f7d
8dPp1sHOiNowIo9/KG178R55vMR0W7gKEg9kFlHeu8TsdISmhw1N8VHdjUt5+v5S
T75bu1X0rJdiymA/rqqT5xSCvvcWcz/Z4eAl0W6wdShArbS8eWiOvxIHSwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFD0O/MgcFvqT1EkEQbMBt85jzC2CMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEvUFE3OHlCd1ctcFBVU1FSQnN3RzN6bVBNTFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqMAwDBAAthg0D
BAAthg4wDAMEALnAFQMEA7nAEDAMAwQF1AjgAwQA1AjkMBQEAgACMA4DBQMqBwUA
AwUDKg58QDANBgkqhkiG9w0BAQsFAAOCAQEAdIBHnE8/Z5ftf1imfszsx2xdWbVG
XSZlIfG+kdyWTxSyQoEb6w03aApX8rS/rx/1NS2k9nyZRAoccDp5C960pVQQC5m/
ozt5XXSj/tHPIApf/+kTSXXI+N48ljzx9nFbj2GCBD10JpvrR/0dMctrrbvrqWJs
eaiRy+bKHA84hez4WCnYeZfpAjHTiyX9LCyh62FiCygkfrzlW9ks36e3e+9UxfEX
z4xW879tSn7gwIWfXOXGc3AZTYb7HGikg7aXnEp8xRYIquSUot3Wz1llpxXkksxh
1RoqGdWuQXgWWMWb9b1Yn+YmiappoN2NVk0slyJDT/svQP6GTBTUiBOpSA==
-----END CERTIFICATE-----
Generated at Tue Sep 10 07:06:41 2024 by rpki-client on console-ams.rpki-client.org