Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/Q0QgBfNz6AtCkIG9TB2WVGY298k.roa
File:                     Q0QgBfNz6AtCkIG9TB2WVGY298k.roa (raw, json)
Hash identifier:          besQuI8ylnr7187u7fgnuXP1MpScUowIF0eZ1lfWcZ0=
Subject key identifier:   43:44:20:05:F3:73:E8:0B:42:90:81:BD:4C:1D:96:54:66:36:F7:C9
Certificate issuer:       /CN=749ea3b1e58ba060b41fc2a078f6016264759664
Certificate serial:       01856D7895A39CF6A7F6DD93FDAE2ACBED4A
Authority key identifier: 74:9E:A3:B1:E5:8B:A0:60:B4:1F:C2:A0:78:F6:01:62:64:75:96:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJ6jseWLoGC0H8KgePYBYmR1lmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/Q0QgBfNz6AtCkIG9TB2WVGY298k.roa
Signing time:             Sun 01 Jan 2023 13:14:57 +0000
ROA not before:           Sun 01 Jan 2023 13:14:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59767
IP address blocks:        185.34.4.0/22 maxlen: 22
                          2a04:5d40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:78:95:a3:9c:f6:a7:f6:dd:93:fd:ae:2a:cb:ed:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749ea3b1e58ba060b41fc2a078f6016264759664
        Validity
            Not Before: Jan  1 13:14:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=43442005f373e80b429081bd4c1d96546636f7c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a0:85:fa:d5:30:8a:2f:bb:ec:ff:0d:a6:f3:
                    3b:e7:7f:12:00:d5:7d:86:49:d4:a1:e2:1c:93:0c:
                    8d:75:15:47:7e:b3:93:d2:da:1c:71:bb:ae:fc:90:
                    4c:35:2d:bb:5c:db:86:03:b9:5f:a0:d6:99:51:1e:
                    87:8f:d8:11:e4:0d:25:8d:27:13:b8:0d:39:66:29:
                    75:c2:01:ea:e4:38:88:3b:c9:b7:f5:ca:f4:b1:1c:
                    6b:bb:d1:78:4f:5d:c7:5f:30:19:b7:24:a1:f7:7c:
                    d0:a0:44:2e:73:61:1e:1b:bf:07:e6:8d:c1:a8:30:
                    d3:81:d3:47:a2:85:61:e2:2c:92:6c:0c:df:7b:5e:
                    4d:f3:e4:d7:a3:c8:f7:84:c3:f6:c1:20:00:ff:c0:
                    a4:e4:2e:d0:5a:b0:99:40:d8:9b:e0:c7:a1:24:a0:
                    10:fc:03:d9:5c:f4:70:a1:ae:af:36:ea:aa:87:44:
                    26:e8:e9:72:53:9b:3f:16:ed:84:b4:14:36:65:31:
                    87:ee:e8:88:97:7e:5f:eb:4d:59:9d:f5:2e:22:e1:
                    16:4e:a7:74:c3:87:af:32:1b:86:59:12:f7:3d:ea:
                    f4:06:cb:32:dc:91:38:fa:ef:67:d2:ae:a4:5f:37:
                    2e:14:33:0c:4a:38:88:ee:38:d1:33:8c:23:15:b7:
                    4f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:44:20:05:F3:73:E8:0B:42:90:81:BD:4C:1D:96:54:66:36:F7:C9
            X509v3 Authority Key Identifier:
                keyid:74:9E:A3:B1:E5:8B:A0:60:B4:1F:C2:A0:78:F6:01:62:64:75:96:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJ6jseWLoGC0H8KgePYBYmR1lmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/Q0QgBfNz6AtCkIG9TB2WVGY298k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/dJ6jseWLoGC0H8KgePYBYmR1lmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.4.0/22
                IPv6:
                  2a04:5d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:51:6c:2b:1a:d4:b9:07:6b:f5:90:b7:64:d1:6e:6f:79:6a:
         82:22:93:d8:bb:96:49:22:df:58:0e:c7:67:6a:20:6e:f4:a4:
         fa:e3:07:5b:ce:06:33:39:6a:38:ee:c9:0b:a0:09:63:10:5d:
         f2:4d:e6:30:b1:49:4e:38:e7:c1:8a:fd:39:0e:8f:4d:79:ac:
         08:7b:c3:fc:35:93:0b:2a:d1:99:08:22:26:98:04:53:2e:2c:
         ec:43:69:d9:73:c7:32:83:8f:a1:a0:86:d5:cb:05:61:f5:e6:
         d6:ad:23:39:5e:5c:63:12:32:63:37:46:5c:33:9c:80:2d:82:
         14:52:cb:e0:74:8d:50:96:6e:73:29:7e:a0:12:92:9e:38:ac:
         4f:95:22:6e:1e:96:51:86:8e:7e:a1:5a:e5:0b:26:e0:1c:df:
         69:b3:ae:c2:c4:48:24:15:db:1e:20:69:80:20:3e:a0:3a:4c:
         df:24:de:ea:3a:a2:16:dd:8d:bf:c2:b0:af:08:bf:94:d8:c3:
         fb:a4:59:15:30:bd:fd:58:d2:8c:5b:0a:c4:8a:72:3b:77:36:
         97:50:cf:7c:71:97:12:98:49:b5:45:cc:93:b3:3e:d1:69:a5:
         fb:0d:0f:a5:b2:e8:b1:b7:b7:f5:9a:72:de:5f:f7:a1:cf:1b:
         79:23:cf:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVteJWjnPan9t2T/a4qy+1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OWVhM2IxZTU4YmEwNjBiNDFmYzJhMDc4ZjYwMTYyNjQ3
NTk2NjQwHhcNMjMwMTAxMTMxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQ0MjAwNWYzNzNlODBiNDI5MDgxYmQ0YzFkOTY1NDY2MzZmN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aCF+tUwii+77P8NpvM7538SANV9
hknUoeIckwyNdRVHfrOT0toccbuu/JBMNS27XNuGA7lfoNaZUR6Hj9gR5A0ljScT
uA05Zil1wgHq5DiIO8m39cr0sRxru9F4T13HXzAZtySh93zQoEQuc2EeG78H5o3B
qDDTgdNHooVh4iySbAzfe15N8+TXo8j3hMP2wSAA/8Ck5C7QWrCZQNib4MehJKAQ
/APZXPRwoa6vNuqqh0Qm6OlyU5s/Fu2EtBQ2ZTGH7uiIl35f601ZnfUuIuEWTqd0
w4evMhuGWRL3Per0Bssy3JE4+u9n0q6kXzcuFDMMSjiI7jjRM4wjFbdPlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFENEIAXzc+gLQpCBvUwdllRmNvfJMB8GA1UdIwQY
MBaAFHSeo7Hli6BgtB/CoHj2AWJkdZZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEo2anNlV0xvR0MwSDhLZ2VQWUJZbVIxbG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy84NjI0NmEtZjAzMy00ZTQ4LWI3ZGQt
MmY0MjQyYTEzZDAwLzEvUTBRZ0JmTno2QXRDa0lHOVRCMldWR1kyOThrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy84NjI0NmEtZjAzMy00ZTQ4LWI3ZGQtMmY0MjQyYTEzZDAw
LzEvZEo2anNlV0xvR0MwSDhLZ2VQWUJZbVIxbG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSIEMA0E
AgACMAcDBQMqBF1AMA0GCSqGSIb3DQEBCwUAA4IBAQB6UWwrGtS5B2v1kLdk0W5v
eWqCIpPYu5ZJIt9YDsdnaiBu9KT64wdbzgYzOWo47skLoAljEF3yTeYwsUlOOOfB
iv05Do9NeawIe8P8NZMLKtGZCCImmARTLizsQ2nZc8cyg4+hoIbVywVh9ebWrSM5
XlxjEjJjN0ZcM5yALYIUUsvgdI1Qlm5zKX6gEpKeOKxPlSJuHpZRho5+oVrlCybg
HN9ps67CxEgkFdseIGmAID6gOkzfJN7qOqIW3Y2/wrCvCL+U2MP7pFkVML39WNKM
WwrEinI7dzaXUM98cZcSmEm1RcyTsz7RaaX7DQ+lsuixt7f1mnLeX/ehzxt5I89G
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:03 2024 by rpki-client on console-fra.rpki-client.org