Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QvDeqaVQw1QXlreKdz4Eos9QtIU.roa
File:                     QvDeqaVQw1QXlreKdz4Eos9QtIU.roa (raw, json)
Hash identifier:          mfku0vC+pwNNlul8X24p4BtRtG24jh6TOfX8JdT78bE=
Subject key identifier:   42:F0:DE:A9:A5:50:C3:54:17:96:B7:8A:77:3E:04:A2:CF:50:B4:85
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018E08143F3F2EEA42601D99BDBF3CB74415
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QvDeqaVQw1QXlreKdz4Eos9QtIU.roa
Signing time:             Mon 04 Mar 2024 06:08:48 +0000
ROA not before:           Mon 04 Mar 2024 06:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213035
IP address blocks:        37.46.150.0/24 maxlen: 24
                          45.144.226.0/24 maxlen: 24
                          185.121.121.0/24 maxlen: 24
                          185.121.122.0/23 maxlen: 24
                          185.239.243.0/24 maxlen: 24
                          193.239.164.0/23 maxlen: 24
                          220.158.198.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 09:06:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:08:14:3f:3f:2e:ea:42:60:1d:99:bd:bf:3c:b7:44:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  4 06:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42f0dea9a550c3541796b78a773e04a2cf50b485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ff:c7:3d:b5:9b:62:80:1a:d4:5b:11:ae:17:
                    ae:82:3a:d6:5f:2d:b7:dd:38:01:a9:8c:17:e7:53:
                    c3:24:16:f0:94:cc:c9:55:68:b8:df:05:a5:37:0f:
                    c9:23:0c:2f:c9:41:eb:72:a0:5e:4e:85:cd:a1:31:
                    23:49:0c:fd:ce:7c:2c:7f:0b:dd:ea:e7:39:b3:47:
                    66:6e:6c:ab:0b:39:b4:fe:72:5b:5c:63:fb:08:00:
                    40:5f:c6:df:22:33:85:ee:aa:c1:65:2d:db:0e:a7:
                    d9:5f:78:e8:c9:5f:0e:37:6e:d5:a7:dd:77:62:c2:
                    70:11:be:1b:b2:46:39:96:fb:41:82:44:ac:17:97:
                    06:9c:d5:96:3f:76:c5:c0:f4:c1:be:bf:bb:77:d6:
                    30:a3:88:02:ed:6c:88:b8:9b:91:ac:54:80:43:43:
                    01:7f:0d:15:e2:1b:b8:ac:bf:f6:a4:08:08:5a:24:
                    63:1c:4b:37:8f:49:66:00:e6:06:83:a3:5d:41:74:
                    6c:3b:e6:1c:d7:ec:28:7b:d9:c5:ba:6e:35:d9:29:
                    19:06:b2:95:d5:ee:38:07:c1:45:25:d1:67:dd:a9:
                    5e:7c:83:96:53:47:7e:d0:92:fb:c8:55:43:81:86:
                    c2:de:b4:49:88:52:e4:9d:0b:85:31:32:4d:60:eb:
                    48:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F0:DE:A9:A5:50:C3:54:17:96:B7:8A:77:3E:04:A2:CF:50:B4:85
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QvDeqaVQw1QXlreKdz4Eos9QtIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.150.0/24
                  45.144.226.0/24
                  185.121.121.0-185.121.123.255
                  185.239.243.0/24
                  193.239.164.0/23
                  220.158.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:eb:45:3f:d8:93:72:28:8c:76:b9:89:f1:d1:e7:54:2e:41:
         c7:6f:be:64:fb:ed:70:9d:0d:5e:0c:91:fe:a5:a8:56:49:57:
         24:b1:c6:4f:f4:64:0d:42:d4:4a:96:41:2a:ca:06:c9:82:7b:
         3c:89:8b:ee:03:c3:e4:4c:24:28:4c:01:62:d1:b2:b4:6d:5a:
         96:ca:57:69:3e:1d:81:fb:11:73:9d:7f:c3:51:59:40:8b:9c:
         7e:ff:90:5d:0c:d7:d1:ab:8c:1b:c0:e1:f6:58:71:36:a9:fd:
         93:11:28:6b:4f:fe:b8:bd:ef:6d:dc:9a:a3:ce:cd:71:8c:63:
         e8:a4:09:e9:fc:1e:c4:93:49:26:88:a3:31:15:c9:54:fa:5e:
         48:cb:70:9f:55:78:3a:0f:78:65:99:26:19:c7:b9:68:4d:ec:
         65:6d:5c:6c:f9:c8:e3:82:c8:1e:4c:c5:d3:8e:ce:d0:9d:8d:
         a6:9b:db:15:af:d2:c1:8b:16:72:9e:d4:70:d4:63:5c:1e:28:
         8a:8e:1f:e6:c9:ab:09:87:64:16:be:44:3f:cf:3d:8a:ac:6f:
         31:bc:4a:36:72:63:37:c0:00:fb:05:91:22:5a:a3:81:c6:90:
         35:a6:75:a0:72:c8:3c:ba:38:0b:52:95:77:d2:01:38:d9:9a:
         7c:bf:e3:06
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY4IFD8/LupCYB2Zvb88t0QVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMzA0MDYwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmYwZGVhOWE1NTBjMzU0MTc5NmI3OGE3NzNlMDRhMmNmNTBiNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn//HPbWbYoAa1FsRrheugjrWXy23
3TgBqYwX51PDJBbwlMzJVWi43wWlNw/JIwwvyUHrcqBeToXNoTEjSQz9znwsfwvd
6uc5s0dmbmyrCzm0/nJbXGP7CABAX8bfIjOF7qrBZS3bDqfZX3joyV8ON27Vp913
YsJwEb4bskY5lvtBgkSsF5cGnNWWP3bFwPTBvr+7d9Ywo4gC7WyIuJuRrFSAQ0MB
fw0V4hu4rL/2pAgIWiRjHEs3j0lmAOYGg6NdQXRsO+Yc1+woe9nFum412SkZBrKV
1e44B8FFJdFn3alefIOWU0d+0JL7yFVDgYbC3rRJiFLknQuFMTJNYOtIzwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFELw3qmlUMNUF5a3inc+BKLPULSFMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUXZEZXFhVlF3MVFYbHJlS2R6NEVvczlRdElVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAJS6WAwQA
LZDiMAwDBAC5eXkDBAK5eXgDBAC57/MDBAHB76QDBADcnsYwDQYJKoZIhvcNAQEL
BQADggEBAEbrRT/Yk3IojHa5ifHR51QuQcdvvmT77XCdDV4Mkf6lqFZJVySxxk/0
ZA1C1EqWQSrKBsmCezyJi+4Dw+RMJChMAWLRsrRtWpbKV2k+HYH7EXOdf8NRWUCL
nH7/kF0M19GrjBvA4fZYcTap/ZMRKGtP/ri9723cmqPOzXGMY+ikCen8HsSTSSaI
ozEVyVT6XkjLcJ9VeDoPeGWZJhnHuWhN7GVtXGz5yOOCyB5MxdOOztCdjaab2xWv
0sGLFnKe1HDUY1weKIqOH+bJqwmHZBa+RD/PPYqsbzG8SjZyYzfAAPsFkSJao4HG
kDWmdaByyDy6OAtSlXfSATjZmny/4wY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org