Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/QzHe1A7vDrqgA4qs4DHulfRDI8Q.roa
File:                     QzHe1A7vDrqgA4qs4DHulfRDI8Q.roa (raw, json)
Hash identifier:          XL+O+X+epdcL1/7ItAnULkdF1pWKmrruk1zr1AlcGQk=
Subject key identifier:   43:31:DE:D4:0E:EF:0E:BA:A0:03:8A:AC:E0:31:EE:95:F4:43:23:C4
Certificate issuer:       /CN=c66a5f2b468db35eb562bd37e1f36ecea813ccac
Certificate serial:       01856FDDD9A5B66B51743CA3C992973B7300
Authority key identifier: C6:6A:5F:2B:46:8D:B3:5E:B5:62:BD:37:E1:F3:6E:CE:A8:13:CC:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmpfK0aNs161Yr034fNuzqgTzKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/QzHe1A7vDrqgA4qs4DHulfRDI8Q.roa
Signing time:             Mon 02 Jan 2023 00:24:48 +0000
ROA not before:           Mon 02 Jan 2023 00:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41670
IP address blocks:        185.110.204.0/22 maxlen: 22
                          89.248.240.0/20 maxlen: 20
                          2a01:168::/29 maxlen: 29
                          2a01:168::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:dd:d9:a5:b6:6b:51:74:3c:a3:c9:92:97:3b:73:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66a5f2b468db35eb562bd37e1f36ecea813ccac
        Validity
            Not Before: Jan  2 00:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4331ded40eef0ebaa0038aace031ee95f44323c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:59:c4:91:6c:32:f1:35:17:0f:55:d0:a9:43:
                    88:e3:53:41:d2:e8:65:5e:ec:4f:6f:2e:a3:28:18:
                    96:d0:5e:66:81:44:46:11:ac:26:d8:b6:8d:a2:03:
                    e3:7b:1b:94:b6:7d:34:02:4d:7c:4f:10:1c:14:0b:
                    95:4e:5d:80:88:e1:17:e7:6a:56:09:12:81:b7:5d:
                    69:73:15:d7:b1:0d:11:56:01:6a:b9:9f:ff:fc:47:
                    4b:19:8a:b9:e2:be:e8:36:a3:ae:79:df:31:b8:c1:
                    25:70:0f:64:09:27:96:50:c1:8b:bf:7e:e9:97:3c:
                    3b:10:08:98:63:3c:10:78:8b:3c:b2:b5:88:4d:b4:
                    64:76:61:49:0c:ad:2c:91:45:08:ab:cd:bd:87:76:
                    96:d9:43:37:1b:47:02:25:ed:b6:79:98:a4:34:ba:
                    a2:b4:42:25:20:34:9d:84:61:c3:f8:5d:0a:a0:1a:
                    e7:e5:7a:57:d8:bf:87:c8:0b:75:73:4a:9a:9c:8d:
                    bb:49:fa:e2:3a:83:8f:a1:7b:cf:31:89:98:08:0c:
                    8a:40:b0:ed:c7:d0:15:61:21:a0:7d:c2:1a:8f:c0:
                    a7:13:59:c5:2a:17:20:fd:a0:93:14:39:73:e8:ef:
                    96:1f:fc:7c:d3:9d:71:df:15:39:36:ef:17:e2:29:
                    7a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:31:DE:D4:0E:EF:0E:BA:A0:03:8A:AC:E0:31:EE:95:F4:43:23:C4
            X509v3 Authority Key Identifier:
                keyid:C6:6A:5F:2B:46:8D:B3:5E:B5:62:BD:37:E1:F3:6E:CE:A8:13:CC:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmpfK0aNs161Yr034fNuzqgTzKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/QzHe1A7vDrqgA4qs4DHulfRDI8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/xmpfK0aNs161Yr034fNuzqgTzKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.248.240.0/20
                  185.110.204.0/22
                IPv6:
                  2a01:168::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:33:63:83:f0:b4:00:68:60:cb:46:7d:f9:7b:d7:7b:27:12:
         b2:53:b9:9d:1e:a5:8f:11:63:35:e3:35:c0:a5:0e:09:4e:18:
         33:b2:1d:ee:7e:b5:00:51:10:97:80:2e:75:b0:17:f2:de:08:
         12:6a:3a:59:91:5c:a6:b7:f4:2d:19:1f:bd:f7:28:36:1c:38:
         a2:50:fc:4c:64:d3:2f:ee:fb:eb:44:a5:30:64:a3:ee:fe:35:
         ec:44:f3:91:75:0f:0c:a7:da:18:9a:c4:9b:09:70:89:18:cc:
         9b:4c:27:2c:ee:f6:f6:67:10:cb:f7:07:76:92:14:23:58:a3:
         03:a9:a6:4b:d0:4e:6c:7b:f6:56:44:02:f6:0d:0f:96:ff:fc:
         38:b4:46:d7:27:a2:0b:aa:88:3b:71:1e:e3:fc:87:92:3f:d2:
         85:ca:fd:4f:82:4f:d4:96:c4:13:f3:a6:49:13:03:9f:3e:e2:
         a5:c7:62:c2:aa:aa:eb:cb:58:d6:b9:a9:b2:14:89:4e:87:8b:
         72:8f:41:26:8a:aa:2a:45:75:34:38:d0:ca:d9:af:42:d3:f3:
         14:0d:5e:bd:de:4a:81:a2:ad:18:5f:c7:c3:db:13:c2:0d:f6:
         75:af:d9:27:b1:35:b1:68:41:ad:69:ba:34:2c:b2:38:2d:b4:
         62:48:f1:e7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVv3dmltmtRdDyjyZKXO3MAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmE1ZjJiNDY4ZGIzNWViNTYyYmQzN2UxZjM2ZWNlYTgx
M2NjYWMwHhcNMjMwMTAyMDAyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzMxZGVkNDBlZWYwZWJhYTAwMzhhYWNlMDMxZWU5NWY0NDMyM2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1nEkWwy8TUXD1XQqUOI41NB0uhl
XuxPby6jKBiW0F5mgURGEawm2LaNogPjexuUtn00Ak18TxAcFAuVTl2AiOEX52pW
CRKBt11pcxXXsQ0RVgFquZ///EdLGYq54r7oNqOued8xuMElcA9kCSeWUMGLv37p
lzw7EAiYYzwQeIs8srWITbRkdmFJDK0skUUIq829h3aW2UM3G0cCJe22eZikNLqi
tEIlIDSdhGHD+F0KoBrn5XpX2L+HyAt1c0qanI27SfriOoOPoXvPMYmYCAyKQLDt
x9AVYSGgfcIaj8CnE1nFKhcg/aCTFDlz6O+WH/x8051x3xU5Nu8X4il6NQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEMx3tQO7w66oAOKrOAx7pX0QyPEMB8GA1UdIwQY
MBaAFMZqXytGjbNetWK9N+Hzbs6oE8ysMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1wZkswYU5zMTYxWXIwMzRmTnV6cWdUekt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS81MzFhNGMtNjUyMS00ZWY5LTg4Nzgt
MzFmNGNjMTJkNjIwLzEvUXpIZTFBN3ZEcnFnQTRxczRESHVsZlJESThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS81MzFhNGMtNjUyMS00ZWY5LTg4NzgtMzFmNGNjMTJkNjIw
LzEveG1wZkswYU5zMTYxWXIwMzRmTnV6cWdUekt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEWfjwAwQC
uW7MMA0EAgACMAcDBQMqAQFoMA0GCSqGSIb3DQEBCwUAA4IBAQBRM2OD8LQAaGDL
Rn35e9d7JxKyU7mdHqWPEWM14zXApQ4JThgzsh3ufrUAURCXgC51sBfy3ggSajpZ
kVymt/QtGR+99yg2HDiiUPxMZNMv7vvrRKUwZKPu/jXsRPORdQ8Mp9oYmsSbCXCJ
GMybTCcs7vb2ZxDL9wd2khQjWKMDqaZL0E5se/ZWRAL2DQ+W//w4tEbXJ6ILqog7
cR7j/IeSP9KFyv1Pgk/UlsQT86ZJEwOfPuKlx2LCqqrry1jWuamyFIlOh4tyj0Em
iqoqRXU0ONDK2a9C0/MUDV693kqBoq0YX8fD2xPCDfZ1r9knsTWxaEGtabo0LLI4
LbRiSPHn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:28 2024 by rpki-client on console-fra.rpki-client.org