Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/QonB9OvrMkZD-5bpcCbwylu0EOM.roa
File:                     QonB9OvrMkZD-5bpcCbwylu0EOM.roa (raw, json)
Hash identifier:          3gTyzOXaOQMmPsctBTynOiHbxbHmThTY/sl8FgB1Z5c=
Subject key identifier:   42:89:C1:F4:EB:EB:32:46:43:FB:96:E9:70:26:F0:CA:5B:B4:10:E3
Certificate issuer:       /CN=3a0429b5aecac8364544bf623f94f163afdce561
Certificate serial:       018DC12E6E44185DAF7A6A4C2878809D495D
Authority key identifier: 3A:04:29:B5:AE:CA:C8:36:45:44:BF:62:3F:94:F1:63:AF:DC:E5:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/QonB9OvrMkZD-5bpcCbwylu0EOM.roa
Signing time:             Mon 19 Feb 2024 11:44:22 +0000
ROA not before:           Mon 19 Feb 2024 11:44:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        146.0.0.0/24 maxlen: 24
                          146.0.15.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 19 Feb 2024 14:34:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:2e:6e:44:18:5d:af:7a:6a:4c:28:78:80:9d:49:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0429b5aecac8364544bf623f94f163afdce561
        Validity
            Not Before: Feb 19 11:44:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4289c1f4ebeb324643fb96e97026f0ca5bb410e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f3:45:40:be:c4:f7:78:e0:bd:fd:53:f0:26:
                    8d:ce:86:01:85:bd:aa:a0:0a:82:e2:e4:8b:30:ce:
                    a0:a4:a3:1c:1d:6b:79:0a:d9:8d:25:67:62:db:15:
                    0f:66:ec:02:fa:a8:5d:bc:30:0c:61:ae:86:52:15:
                    03:25:0a:5e:63:3e:e8:d5:76:25:45:b5:27:87:e5:
                    d1:2d:ba:eb:4e:4d:02:6b:2f:45:df:5d:96:c5:8f:
                    f4:f5:f1:4c:b1:0b:fb:85:a4:0c:94:ad:41:a0:99:
                    57:ad:09:c4:4e:5c:c6:d9:40:61:10:2f:30:f4:52:
                    98:72:27:fe:a7:b7:0a:5d:29:da:75:bc:8a:a6:ea:
                    29:17:3c:1f:64:bd:f6:40:0e:44:b2:22:75:d1:fb:
                    41:2b:c1:3c:22:0f:b5:5e:9e:64:f4:d6:63:63:f7:
                    25:ed:8c:63:94:2b:42:4b:9f:83:34:94:02:e9:86:
                    02:cd:1f:8c:2d:9a:bb:50:6b:e7:d9:17:9e:aa:3c:
                    c3:20:8f:c2:be:d6:51:68:5b:98:04:27:77:28:d7:
                    34:e9:e9:fc:74:e4:f6:3f:cb:3c:16:12:26:5d:3b:
                    7f:2c:f5:be:9f:a0:7c:cb:73:c8:15:f3:b3:4d:bd:
                    74:80:99:a3:e8:52:55:bd:00:ce:9a:f8:c0:7a:79:
                    7d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:89:C1:F4:EB:EB:32:46:43:FB:96:E9:70:26:F0:CA:5B:B4:10:E3
            X509v3 Authority Key Identifier:
                keyid:3A:04:29:B5:AE:CA:C8:36:45:44:BF:62:3F:94:F1:63:AF:DC:E5:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/QonB9OvrMkZD-5bpcCbwylu0EOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/OgQpta7KyDZFRL9iP5TxY6_c5WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.0.0.0/24
                  146.0.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:ab:50:e9:7e:3f:22:4b:c8:4e:9f:35:4f:f8:6b:9f:37:70:
         2a:07:10:46:49:5a:d4:90:72:77:7e:5e:1f:93:e2:11:d7:4e:
         3e:99:ef:1c:2f:d2:ff:e8:45:e4:94:23:09:af:6a:df:81:53:
         bb:a4:98:59:e0:02:f5:4d:13:6f:4b:96:d3:07:b6:f1:ba:d1:
         6b:9c:a6:79:83:51:9f:9a:3b:e6:9f:ac:39:c4:2e:e3:d1:36:
         f1:33:0c:fd:c7:33:a2:ae:e8:6e:80:e2:14:f2:0a:87:10:bd:
         7f:a3:9c:fb:81:29:87:39:69:0c:8a:8c:99:29:0a:9f:bd:13:
         6e:f2:db:77:b7:04:0c:bc:af:d5:36:ba:de:f9:89:f2:22:6c:
         95:7a:b6:64:f6:af:2c:b5:62:87:76:f9:10:33:5f:41:eb:98:
         1f:bf:3d:ef:4b:b3:cd:38:91:e3:14:15:dd:be:30:b2:ac:39:
         fa:05:20:f5:14:81:ca:89:d6:80:82:f0:be:9f:cf:de:29:0d:
         6c:4d:70:f4:e9:e0:19:11:1a:34:47:70:bf:cd:0c:c8:ed:0b:
         d4:71:9d:ff:4d:58:3b:38:96:57:3e:a3:fe:80:c9:aa:21:34:
         f9:e5:02:64:f0:b4:aa:32:49:dc:45:1f:a7:25:65:11:0a:86:
         9c:40:76:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3BLm5EGF2vempMKHiAnUldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDQyOWI1YWVjYWM4MzY0NTQ0YmY2MjNmOTRmMTYzYWZk
Y2U1NjEwHhcNMjQwMjE5MTE0NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjg5YzFmNGViZWIzMjQ2NDNmYjk2ZTk3MDI2ZjBjYTViYjQxMGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfNFQL7E93jgvf1T8CaNzoYBhb2q
oAqC4uSLMM6gpKMcHWt5CtmNJWdi2xUPZuwC+qhdvDAMYa6GUhUDJQpeYz7o1XYl
RbUnh+XRLbrrTk0Cay9F312WxY/09fFMsQv7haQMlK1BoJlXrQnETlzG2UBhEC8w
9FKYcif+p7cKXSnadbyKpuopFzwfZL32QA5EsiJ10ftBK8E8Ig+1Xp5k9NZjY/cl
7YxjlCtCS5+DNJQC6YYCzR+MLZq7UGvn2ReeqjzDII/CvtZRaFuYBCd3KNc06en8
dOT2P8s8FhImXTt/LPW+n6B8y3PIFfOzTb10gJmj6FJVvQDOmvjAenl9eQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEKJwfTr6zJGQ/uW6XAm8MpbtBDjMB8GA1UdIwQY
MBaAFDoEKbWuysg2RUS/Yj+U8WOv3OVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dRcHRhN0t5RFpGUkw5aVA1VHhZNl9jNVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9mYjkyMTUtZDFkMS00N2MyLWFjODEt
ODQ3MTJjOWYzNDY0LzEvUW9uQjlPdnJNa1pELTVicGNDYnd5bHUwRU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9mYjkyMTUtZDFkMS00N2MyLWFjODEtODQ3MTJjOWYzNDY0
LzEvT2dRcHRhN0t5RFpGUkw5aVA1VHhZNl9jNVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkgAAAwQA
kgAPMA0GCSqGSIb3DQEBCwUAA4IBAQBOq1Dpfj8iS8hOnzVP+GufN3AqBxBGSVrU
kHJ3fl4fk+IR104+me8cL9L/6EXklCMJr2rfgVO7pJhZ4AL1TRNvS5bTB7bxutFr
nKZ5g1Gfmjvmn6w5xC7j0TbxMwz9xzOiruhugOIU8gqHEL1/o5z7gSmHOWkMioyZ
KQqfvRNu8tt3twQMvK/VNrre+YnyImyVerZk9q8stWKHdvkQM19B65gfvz3vS7PN
OJHjFBXdvjCyrDn6BSD1FIHKidaAgvC+n8/eKQ1sTXD06eAZERo0R3C/zQzI7QvU
cZ3/TVg7OJZXPqP+gMmqITT55QJk8LSqMkncRR+nJWURCoacQHYV
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:23 2024 by rpki-client on console-fra.rpki-client.org