Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/Qd3jztmkrdQlziFeX-RSqzsKcuc.roa
File:                     Qd3jztmkrdQlziFeX-RSqzsKcuc.roa (raw, json)
Hash identifier:          rcbGljvhfO1kiD2XL4BAtmGRrXlue0tVM2mxu5IOY6E=
Subject key identifier:   41:DD:E3:CE:D9:A4:AD:D4:25:CE:21:5E:5F:E4:52:AB:3B:0A:72:E7
Certificate issuer:       /CN=c17cc37f1ed81ac37b20faf0f42c41ab808f13c1
Certificate serial:       01856FC265B2AFBD71B5AD035A917743DCB1
Authority key identifier: C1:7C:C3:7F:1E:D8:1A:C3:7B:20:FA:F0:F4:2C:41:AB:80:8F:13:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wXzDfx7YGsN7IPrw9CxBq4CPE8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/Qd3jztmkrdQlziFeX-RSqzsKcuc.roa
Signing time:             Sun 01 Jan 2023 23:54:49 +0000
ROA not before:           Sun 01 Jan 2023 23:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     24634
IP address blocks:        194.126.136.0/21 maxlen: 24
                          193.188.135.0/24 maxlen: 24
                          193.188.136.0/24 maxlen: 24
                          185.7.128.0/22 maxlen: 24
                          194.126.0.0/19 maxlen: 24
                          212.36.192.0/19 maxlen: 24
                          2a00:1590::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:31:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:c2:65:b2:af:bd:71:b5:ad:03:5a:91:77:43:dc:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c17cc37f1ed81ac37b20faf0f42c41ab808f13c1
        Validity
            Not Before: Jan  1 23:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=41dde3ced9a4add425ce215e5fe452ab3b0a72e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:91:1e:1c:b0:b4:0e:4a:a4:17:44:8f:3c:31:
                    0f:bc:87:21:70:3c:85:10:07:bb:79:42:d9:1d:51:
                    7a:24:22:47:2c:a0:ce:e1:db:76:60:15:f0:70:f7:
                    54:22:7f:0e:8e:9b:25:85:8a:5a:86:9a:17:a5:a7:
                    ff:e5:71:40:f7:57:35:ae:9e:fa:58:98:1c:0a:46:
                    b7:0c:8f:83:a4:8d:1f:0d:a9:0b:00:12:5c:1e:d2:
                    c2:4c:7c:58:f6:3c:e1:ed:b4:3e:4a:11:86:c1:6b:
                    8d:96:0c:39:98:3b:05:c8:58:fb:ca:b9:ea:f9:85:
                    16:2e:34:58:ae:4d:d3:07:f1:97:2b:07:14:d2:d1:
                    73:71:94:72:b8:5b:d7:98:7c:87:eb:07:cb:e0:9f:
                    b6:26:62:ec:1a:64:3f:9d:78:9f:7f:9d:4c:b5:0d:
                    04:27:5b:ef:24:3c:d3:fe:f1:3d:e6:11:b7:f4:7b:
                    fb:b3:89:b3:74:b7:65:cb:5a:12:2f:90:7d:d6:35:
                    89:f6:6f:c2:f6:ad:9a:68:70:41:26:2d:ed:b8:35:
                    c1:04:df:eb:55:49:cd:35:90:4a:39:44:f5:7c:31:
                    c6:b0:f2:2d:d1:47:2d:45:bc:8e:56:a5:7c:fc:94:
                    1a:c6:d6:0e:f4:4c:41:d6:67:c0:b7:9d:4b:76:4c:
                    e6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DD:E3:CE:D9:A4:AD:D4:25:CE:21:5E:5F:E4:52:AB:3B:0A:72:E7
            X509v3 Authority Key Identifier:
                keyid:C1:7C:C3:7F:1E:D8:1A:C3:7B:20:FA:F0:F4:2C:41:AB:80:8F:13:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wXzDfx7YGsN7IPrw9CxBq4CPE8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/Qd3jztmkrdQlziFeX-RSqzsKcuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/wXzDfx7YGsN7IPrw9CxBq4CPE8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.128.0/22
                  193.188.135.0-193.188.136.255
                  194.126.0.0/19
                  194.126.136.0/21
                  212.36.192.0/19
                IPv6:
                  2a00:1590::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:be:9d:f5:bd:c3:88:4e:44:a1:93:97:4d:43:90:ab:f3:b2:
         b2:b6:37:29:59:64:df:c8:c4:18:b3:5c:50:05:29:33:cb:e8:
         1a:13:7e:9a:18:d9:bb:6c:1a:90:81:f8:d5:e7:90:06:35:a2:
         eb:44:18:ae:b1:ee:0a:9f:bf:f0:54:f6:8c:87:55:1c:df:43:
         28:18:b8:63:f4:a3:e8:f5:0e:82:e4:23:f2:18:be:df:83:90:
         ff:0d:9f:a3:3f:ca:68:45:8c:bd:a3:05:5a:a1:39:ae:49:08:
         a9:76:49:20:02:20:31:5c:b4:fb:2a:e9:47:9a:3d:97:ff:51:
         db:0b:be:25:f4:d6:a3:a4:da:ff:15:27:ca:f7:0d:9f:b4:30:
         f3:d1:7e:d2:27:1e:2f:70:28:d0:b9:96:45:0e:13:ae:9a:5d:
         a4:97:4a:01:21:51:13:a0:0b:5e:2e:77:8a:33:64:64:54:f0:
         60:4b:6c:01:41:94:66:ac:65:9c:3c:1c:90:ef:4e:37:a4:60:
         d9:43:4b:56:9f:f8:64:a5:70:34:07:cc:65:6e:0f:2f:73:eb:
         58:8f:63:78:f0:59:ba:b2:7a:0b:de:71:a4:91:17:37:c4:64:
         3a:ec:0e:57:ba:b6:49:5a:e2:3f:f3:78:97:dd:25:5d:ee:99:
         ce:1c:1d:cc
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYVvwmWyr71xta0DWpF3Q9yxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxN2NjMzdmMWVkODFhYzM3YjIwZmFmMGY0MmM0MWFiODA4
ZjEzYzEwHhcNMjMwMTAxMjM1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWRkZTNjZWQ5YTRhZGQ0MjVjZTIxNWU1ZmU0NTJhYjNiMGE3MmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5EeHLC0DkqkF0SPPDEPvIchcDyF
EAe7eULZHVF6JCJHLKDO4dt2YBXwcPdUIn8OjpslhYpahpoXpaf/5XFA91c1rp76
WJgcCka3DI+DpI0fDakLABJcHtLCTHxY9jzh7bQ+ShGGwWuNlgw5mDsFyFj7yrnq
+YUWLjRYrk3TB/GXKwcU0tFzcZRyuFvXmHyH6wfL4J+2JmLsGmQ/nXiff51MtQ0E
J1vvJDzT/vE95hG39Hv7s4mzdLdly1oSL5B91jWJ9m/C9q2aaHBBJi3tuDXBBN/r
VUnNNZBKOUT1fDHGsPIt0UctRbyOVqV8/JQaxtYO9ExB1mfAt51LdkzmdwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFEHd487ZpK3UJc4hXl/kUqs7CnLnMB8GA1UdIwQY
MBaAFMF8w38e2BrDeyD68PQsQauAjxPBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1h6RGZ4N1lHc043SVBydzlDeEJxNENQRThFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iMTBlMDYtMjU3Yy00OTk1LTg3OWQt
NmQwN2Q3ZjFhNzAxLzEvUWQzanp0bWtyZFFsemlGZVgtUlNxenNLY3VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iMTBlMDYtMjU3Yy00OTk1LTg3OWQtNmQwN2Q3ZjFhNzAx
LzEvd1h6RGZ4N1lHc043SVBydzlDeEJxNENQRThFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQCuQeAMAwD
BADBvIcDBADBvIgDBAXCfgADBAPCfogDBAXUJMAwDQQCAAIwBwMFACoAFZAwDQYJ
KoZIhvcNAQELBQADggEBAD++nfW9w4hORKGTl01DkKvzsrK2NylZZN/IxBizXFAF
KTPL6BoTfpoY2btsGpCB+NXnkAY1outEGK6x7gqfv/BU9oyHVRzfQygYuGP0o+j1
DoLkI/IYvt+DkP8Nn6M/ymhFjL2jBVqhOa5JCKl2SSACIDFctPsq6UeaPZf/UdsL
viX01qOk2v8VJ8r3DZ+0MPPRftInHi9wKNC5lkUOE66aXaSXSgEhUROgC14ud4oz
ZGRU8GBLbAFBlGasZZw8HJDvTjekYNlDS1af+GSlcDQHzGVuDy9z61iPY3jwWbqy
egvecaSRFzfEZDrsDle6tkla4j/zeJfdJV3umc4cHcw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:36 2024 by rpki-client on console-fra.rpki-client.org