Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/647eba-d666-49c7-a089-53edc626b287/1/QnZV3RIcZQ22ssuWBgBMupWFjKE.roa
File:                     QnZV3RIcZQ22ssuWBgBMupWFjKE.roa (raw, json)
Hash identifier:          pzk+Oe2zDvh7tSraLQC1DhatPk8tlmD4HHayVvFrX8U=
Subject key identifier:   42:76:55:DD:12:1C:65:0D:B6:B2:CB:96:06:00:4C:BA:95:85:8C:A1
Certificate issuer:       /CN=de90d43293cfebf87e7eab2b0d553fd21a6e9641
Certificate serial:       01856EB92613AC8CF36BDE4AE43967058031
Authority key identifier: DE:90:D4:32:93:CF:EB:F8:7E:7E:AB:2B:0D:55:3F:D2:1A:6E:96:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3pDUMpPP6_h-fqsrDVU_0hpulkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/647eba-d666-49c7-a089-53edc626b287/1/QnZV3RIcZQ22ssuWBgBMupWFjKE.roa
Signing time:             Sun 01 Jan 2023 19:05:05 +0000
ROA not before:           Sun 01 Jan 2023 19:05:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47172
IP address blocks:        185.200.106.0/24 maxlen: 24
                          185.200.107.0/24 maxlen: 24
                          37.218.242.0/24 maxlen: 24
                          37.218.243.0/24 maxlen: 24
                          37.218.245.0/24 maxlen: 24
                          37.218.246.0/24 maxlen: 24
                          37.218.247.0/24 maxlen: 24
                          185.88.140.0/22 maxlen: 24
                          195.190.28.0/24 maxlen: 24
                          37.218.240.0/24 maxlen: 24
                          185.200.104.0/24 maxlen: 24
                          213.108.104.0/21 maxlen: 24
                          2a00:c6c0::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:30:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:b9:26:13:ac:8c:f3:6b:de:4a:e4:39:67:05:80:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de90d43293cfebf87e7eab2b0d553fd21a6e9641
        Validity
            Not Before: Jan  1 19:05:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=427655dd121c650db6b2cb9606004cba95858ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3e:5e:78:11:60:4f:14:bb:51:11:b4:c5:89:
                    59:6d:fa:c5:75:57:e6:df:ee:7e:00:e6:36:31:72:
                    88:44:8c:1c:44:60:3f:c3:fb:58:a3:bb:0e:46:d2:
                    9b:3a:b2:b6:ba:80:b1:96:89:5a:5a:41:e7:ba:fd:
                    8c:d3:37:c2:f0:62:b7:61:6c:90:c9:60:36:41:73:
                    c5:2e:a9:4a:1e:59:79:c8:a5:7d:3d:17:30:98:11:
                    a4:c6:62:7f:bb:0e:58:bd:98:3e:d4:63:38:19:3a:
                    1f:86:30:c7:e7:1a:e0:6d:f7:3d:0c:f1:02:7a:a8:
                    a4:ed:c2:25:41:52:0c:5b:68:1d:7d:a4:ce:f3:54:
                    d9:70:e7:11:b1:97:3b:b5:73:cc:54:78:58:39:d4:
                    31:ee:dd:7c:2f:8d:8a:b7:f0:4b:a3:c7:15:74:38:
                    5d:7c:e4:3b:17:c8:9c:04:f5:4f:75:b5:26:b4:43:
                    b3:46:57:e7:b9:b3:b2:f9:e4:f4:3d:6f:c0:a8:91:
                    56:cd:21:2e:d5:8f:39:53:a3:0d:66:c9:5a:8e:15:
                    a6:ff:b6:3c:3b:07:2c:5f:61:02:bf:80:aa:fe:98:
                    88:ac:49:85:14:31:d8:97:5f:3b:e8:43:ac:93:15:
                    b3:61:fc:50:e6:a4:9a:51:81:34:e8:65:11:fd:08:
                    27:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:76:55:DD:12:1C:65:0D:B6:B2:CB:96:06:00:4C:BA:95:85:8C:A1
            X509v3 Authority Key Identifier:
                keyid:DE:90:D4:32:93:CF:EB:F8:7E:7E:AB:2B:0D:55:3F:D2:1A:6E:96:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3pDUMpPP6_h-fqsrDVU_0hpulkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/647eba-d666-49c7-a089-53edc626b287/1/QnZV3RIcZQ22ssuWBgBMupWFjKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/647eba-d666-49c7-a089-53edc626b287/1/3pDUMpPP6_h-fqsrDVU_0hpulkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.218.240.0/24
                  37.218.242.0/23
                  37.218.245.0-37.218.247.255
                  185.88.140.0/22
                  185.200.104.0/24
                  185.200.106.0/23
                  195.190.28.0/24
                  213.108.104.0/21
                IPv6:
                  2a00:c6c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:59:48:49:f1:73:a4:1c:a1:ec:03:14:9b:cd:63:e7:51:c5:
         6b:82:c1:14:5b:bc:4f:21:e8:f4:a4:b6:29:c2:bb:50:22:c4:
         e6:26:f9:bc:f8:58:69:87:a9:c2:7d:4b:a7:f3:49:0a:da:07:
         0b:3d:16:63:6e:90:8d:e9:34:42:80:73:36:92:43:f3:36:25:
         b6:06:e6:8d:5d:35:9f:2f:25:b3:0f:a5:56:36:12:aa:0e:83:
         cb:cb:4a:23:e6:89:e9:58:5d:56:2b:00:21:1c:cb:8c:7d:cf:
         d6:6b:1e:b9:c3:7d:1b:b7:ed:ca:22:da:61:91:db:b9:54:c5:
         1d:64:18:d8:bc:4d:6c:4b:fd:08:6f:48:a1:2c:18:75:eb:dd:
         67:4c:a6:70:80:2f:19:cf:03:e4:0a:ac:75:61:8a:81:2c:d8:
         67:4c:ae:de:78:5d:3e:17:e5:41:bd:0e:37:ec:92:ec:6d:bc:
         c8:12:4c:54:36:9a:54:79:e2:38:72:c1:50:2f:ce:22:9c:17:
         e7:2a:6f:b2:a5:a6:3f:3b:e4:b2:eb:a5:5d:b1:e9:4c:89:cd:
         c6:0b:73:19:16:0a:51:65:5a:91:04:d8:4f:c0:2a:3b:81:90:
         53:74:8b:e5:10:47:ce:3f:12:e3:ad:9c:6d:1e:ca:3c:55:d5:
         e7:9c:3c:4b
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYVuuSYTrIzza95K5DlnBYAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOTBkNDMyOTNjZmViZjg3ZTdlYWIyYjBkNTUzZmQyMWE2
ZTk2NDEwHhcNMjMwMTAxMTkwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjc2NTVkZDEyMWM2NTBkYjZiMmNiOTYwNjAwNGNiYTk1ODU4Y2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD5eeBFgTxS7URG0xYlZbfrFdVfm
3+5+AOY2MXKIRIwcRGA/w/tYo7sORtKbOrK2uoCxlolaWkHnuv2M0zfC8GK3YWyQ
yWA2QXPFLqlKHll5yKV9PRcwmBGkxmJ/uw5YvZg+1GM4GTofhjDH5xrgbfc9DPEC
eqik7cIlQVIMW2gdfaTO81TZcOcRsZc7tXPMVHhYOdQx7t18L42Kt/BLo8cVdDhd
fOQ7F8icBPVPdbUmtEOzRlfnubOy+eT0PW/AqJFWzSEu1Y85U6MNZslajhWm/7Y8
OwcsX2ECv4Cq/piIrEmFFDHYl1876EOskxWzYfxQ5qSaUYE06GUR/QgnGQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFEJ2Vd0SHGUNtrLLlgYATLqVhYyhMB8GA1UdIwQY
MBaAFN6Q1DKTz+v4fn6rKw1VP9IabpZBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3BEVU1wUFA2X2gtZnFzckRWVV8waHB1bGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82NDdlYmEtZDY2Ni00OWM3LWEwODkt
NTNlZGM2MjZiMjg3LzEvUW5aVjNSSWNaUTIyc3N1V0JnQk11cFdGaktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82NDdlYmEtZDY2Ni00OWM3LWEwODktNTNlZGM2MjZiMjg3
LzEvM3BEVU1wUFA2X2gtZnFzckRWVV8waHB1bGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTA+BAIAATA4AwQAJdrwAwQB
JdryMAwDBAAl2vUDBAMl2vADBAK5WIwDBAC5yGgDBAG5yGoDBADDvhwDBAPVbGgw
DwQCAAIwCQMHACoAxsAAADANBgkqhkiG9w0BAQsFAAOCAQEAgllISfFzpByh7AMU
m81j51HFa4LBFFu8TyHo9KS2KcK7UCLE5ib5vPhYaYepwn1Lp/NJCtoHCz0WY26Q
jek0QoBzNpJD8zYltgbmjV01ny8lsw+lVjYSqg6Dy8tKI+aJ6VhdVisAIRzLjH3P
1mseucN9G7ftyiLaYZHbuVTFHWQY2LxNbEv9CG9IoSwYdevdZ0ymcIAvGc8D5Aqs
dWGKgSzYZ0yu3nhdPhflQb0ON+yS7G28yBJMVDaaVHniOHLBUC/OIpwX5ypvsqWm
PzvksuulXbHpTInNxgtzGRYKUWVakQTYT8AqO4GQU3SL5RBHzj8S462cbR7KPFXV
55w8Sw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:01 2024 by rpki-client on console-fra.rpki-client.org