Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/6820f9-4459-4858-98ce-c694f0eacba6/1/QhRUnyNh0B0u1-739AxMGy5oOvI.roa
File:                     QhRUnyNh0B0u1-739AxMGy5oOvI.roa (raw, json)
Hash identifier:          AMXIw8AbPzY74uaiBRj4id4n0P0a5pqKhZlV1LHd7vs=
Subject key identifier:   42:14:54:9F:23:61:D0:1D:2E:D7:EE:F7:F4:0C:4C:1B:2E:68:3A:F2
Certificate issuer:       /CN=a4b18f96aaa03567f22fc02c42a6935708655aa9
Certificate serial:       01920F9225BD6CAFB3FC0B0946E32C913491
Authority key identifier: A4:B1:8F:96:AA:A0:35:67:F2:2F:C0:2C:42:A6:93:57:08:65:5A:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLGPlqqgNWfyL8AsQqaTVwhlWqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/6820f9-4459-4858-98ce-c694f0eacba6/1/QhRUnyNh0B0u1-739AxMGy5oOvI.roa
Signing time:             Fri 20 Sep 2024 13:14:48 +0000
ROA not before:           Fri 20 Sep 2024 13:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21245
IP address blocks:        31.3.0.0/24 maxlen: 24
                          31.3.1.0/24 maxlen: 24
                          31.3.2.0/24 maxlen: 24
                          31.3.3.0/24 maxlen: 24
                          31.3.4.0/24 maxlen: 24
                          31.3.5.0/24 maxlen: 24
                          31.3.6.0/24 maxlen: 24
                          31.3.7.0/24 maxlen: 24
                          146.19.176.0/24 maxlen: 24
                          185.21.180.0/24 maxlen: 24
                          185.21.181.0/24 maxlen: 24
                          185.21.182.0/24 maxlen: 24
                          185.21.183.0/24 maxlen: 24
                          185.22.160.0/24 maxlen: 24
                          185.22.161.0/24 maxlen: 24
                          185.22.162.0/24 maxlen: 24
                          185.22.163.0/24 maxlen: 24
                          185.87.172.0/24 maxlen: 24
                          185.87.173.0/24 maxlen: 24
                          185.87.174.0/24 maxlen: 24
                          185.87.175.0/24 maxlen: 24
                          185.230.16.0/24 maxlen: 24
                          185.230.17.0/24 maxlen: 24
                          185.230.19.0/24 maxlen: 24
                          185.235.10.0/24 maxlen: 24
                          185.241.63.0/24 maxlen: 24
                          2a03:3f00::/48 maxlen: 48
                          2a03:3f00:1::/48 maxlen: 48
                          2a03:3f00:2::/48 maxlen: 48
                          2a03:3f00:3::/48 maxlen: 48
                          2a03:3f00:4::/48 maxlen: 48
                          2a03:3f00:5::/48 maxlen: 48
                          2a03:3f00:6::/48 maxlen: 48
                          2a03:3f00:7::/48 maxlen: 48
                          2a03:3f00:10::/48 maxlen: 48
                          2a03:3f00:17::/48 maxlen: 48
                          2a03:3f00:19::/48 maxlen: 48
                          2a03:3f00:31::/48 maxlen: 48
                          2a03:3f00:160::/48 maxlen: 48
                          2a03:3f00:161::/48 maxlen: 48
                          2a03:3f00:162::/48 maxlen: 48
                          2a03:3f00:163::/48 maxlen: 48
                          2a03:3f00:172::/48 maxlen: 48
                          2a03:3f00:174::/48 maxlen: 48
                          2a03:3f00:175::/48 maxlen: 48
                          2a03:3f00:180::/48 maxlen: 48
                          2a03:3f00:181::/48 maxlen: 48
                          2a03:3f00:182::/48 maxlen: 48
                          2a03:3f00:183::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 27 Sep 2024 10:59:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0f:92:25:bd:6c:af:b3:fc:0b:09:46:e3:2c:91:34:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b18f96aaa03567f22fc02c42a6935708655aa9
        Validity
            Not Before: Sep 20 13:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4214549f2361d01d2ed7eef7f40c4c1b2e683af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:04:80:6d:46:4e:62:9e:0d:3e:f5:fb:6e:0f:
                    ef:48:b3:37:92:37:04:ce:d5:ed:3a:58:83:95:9c:
                    fc:8f:a0:c5:42:5a:5e:e8:b5:c9:2d:2c:b9:ac:ff:
                    60:00:12:b5:20:e8:7c:2d:5b:e4:5e:42:cf:d2:a0:
                    4f:e7:62:2b:ed:cb:ce:6f:76:8e:66:fa:34:cc:73:
                    9f:0c:75:74:59:c1:e2:61:20:cc:d1:38:fa:d6:89:
                    4a:0c:49:a7:fd:9e:de:48:a8:6b:06:ad:db:97:fe:
                    b2:45:08:6c:72:2b:10:5f:94:4d:18:f4:15:22:73:
                    3f:8b:0b:39:04:57:fc:ad:46:cb:29:2c:c2:4d:17:
                    69:5d:11:f4:f9:ca:a2:3f:dd:ed:95:4b:c0:63:21:
                    2e:98:0a:6c:fa:c0:c7:a5:d2:35:6d:82:99:f0:28:
                    e6:86:82:68:b1:0a:6c:df:4d:fd:61:47:35:d9:c3:
                    60:d0:41:13:c7:63:60:0f:83:8e:5a:a4:19:c2:45:
                    5b:e7:03:37:09:85:74:73:cc:54:46:c6:3d:7d:30:
                    07:b0:4e:77:56:af:d8:06:84:50:55:6d:38:85:fa:
                    b2:c7:a3:20:68:94:10:7d:29:b9:89:90:9b:29:ca:
                    59:f8:05:3f:54:31:87:76:38:77:c9:3c:b6:e3:46:
                    c3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:14:54:9F:23:61:D0:1D:2E:D7:EE:F7:F4:0C:4C:1B:2E:68:3A:F2
            X509v3 Authority Key Identifier:
                keyid:A4:B1:8F:96:AA:A0:35:67:F2:2F:C0:2C:42:A6:93:57:08:65:5A:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLGPlqqgNWfyL8AsQqaTVwhlWqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/6820f9-4459-4858-98ce-c694f0eacba6/1/QhRUnyNh0B0u1-739AxMGy5oOvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/6820f9-4459-4858-98ce-c694f0eacba6/1/pLGPlqqgNWfyL8AsQqaTVwhlWqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.0.0/21
                  146.19.176.0/24
                  185.21.180.0/22
                  185.22.160.0/22
                  185.87.172.0/22
                  185.230.16.0/23
                  185.230.19.0/24
                  185.235.10.0/24
                  185.241.63.0/24
                IPv6:
                  2a03:3f00::/45
                  2a03:3f00:10::/48
                  2a03:3f00:17::/48
                  2a03:3f00:19::/48
                  2a03:3f00:31::/48
                  2a03:3f00:160::/46
                  2a03:3f00:172::/48
                  2a03:3f00:174::/47
                  2a03:3f00:180::/46

    Signature Algorithm: sha256WithRSAEncryption
         04:f7:38:a0:22:13:65:56:20:86:80:8c:06:74:a5:59:23:7c:
         02:4f:34:e0:ff:1f:0d:db:38:a9:86:5a:96:58:5e:49:f4:43:
         66:24:1e:ff:af:72:94:42:bf:62:02:4c:a8:16:ad:22:50:32:
         b6:88:4d:39:fd:3f:64:d6:60:0a:6c:3b:12:38:32:65:2e:fa:
         01:d7:4f:50:99:9f:27:0e:14:e6:4d:aa:f3:03:99:a0:b1:ab:
         3b:c4:ca:a0:dd:06:02:df:e6:1f:a4:7a:29:b2:d9:b9:04:e1:
         68:2f:b9:3e:51:4b:b9:b3:80:2f:c0:58:b6:c5:68:27:61:ab:
         82:e4:a2:18:31:6c:d1:44:a5:73:3b:89:58:13:44:2f:5a:02:
         46:60:a5:8c:df:a9:11:80:74:c0:e2:38:0a:ce:cc:d5:fc:b0:
         63:12:43:f7:bf:ee:0f:f5:a9:32:aa:2c:15:84:18:ef:20:1d:
         ab:b5:90:06:8f:77:63:af:ed:a1:40:48:00:06:a9:e1:7f:8f:
         f6:1b:54:3e:2b:13:fa:29:25:bc:e0:98:f5:05:64:01:cc:98:
         7a:77:53:92:9f:ab:5b:77:2e:76:f2:c4:39:82:4e:1b:e9:51:
         6e:54:4a:6d:f4:b0:7d:7d:4d:60:af:12:c1:d0:9b:a3:c3:52:
         9a:93:fd:52
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZIPkiW9bK+z/AsJRuMskTSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjE4Zjk2YWFhMDM1NjdmMjJmYzAyYzQyYTY5MzU3MDg2
NTVhYTkwHhcNMjQwOTIwMTMxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE0NTQ5ZjIzNjFkMDFkMmVkN2VlZjdmNDBjNGMxYjJlNjgzYWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wSAbUZOYp4NPvX7bg/vSLM3kjcE
ztXtOliDlZz8j6DFQlpe6LXJLSy5rP9gABK1IOh8LVvkXkLP0qBP52Ir7cvOb3aO
Zvo0zHOfDHV0WcHiYSDM0Tj61olKDEmn/Z7eSKhrBq3bl/6yRQhscisQX5RNGPQV
InM/iws5BFf8rUbLKSzCTRdpXRH0+cqiP93tlUvAYyEumAps+sDHpdI1bYKZ8Cjm
hoJosQps3039YUc12cNg0EETx2NgD4OOWqQZwkVb5wM3CYV0c8xURsY9fTAHsE53
Vq/YBoRQVW04hfqyx6MgaJQQfSm5iZCbKcpZ+AU/VDGHdjh3yTy240bDrwIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFEIUVJ8jYdAdLtfu9/QMTBsuaDryMB8GA1UdIwQY
MBaAFKSxj5aqoDVn8i/ALEKmk1cIZVqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExHUGxxcWdOV2Z5TDhBc1FxYVRWd2hsV3FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC82ODIwZjktNDQ1OS00ODU4LTk4Y2Ut
YzY5NGYwZWFjYmE2LzEvUWhSVW55TmgwQjB1MS03MzlBeE1HeTVvT3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC82ODIwZjktNDQ1OS00ODU4LTk4Y2UtYzY5NGYwZWFjYmE2
LzEvcExHUGxxcWdOV2Z5TDhBc1FxYVRWd2hsV3FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGqBggrBgEFBQcBBwEB/wSBmjCBlzA8BAIAATA2AwQDHwMA
AwQAkhOwAwQCuRW0AwQCuRagAwQCuVesAwQBueYQAwQAueYTAwQAuesKAwQAufE/
MFcEAgACMFEDBwMqAz8AAAADBwAqAz8AABADBwAqAz8AABcDBwAqAz8AABkDBwAq
Az8AADEDBwIqAz8AAWADBwAqAz8AAXIDBwEqAz8AAXQDBwIqAz8AAYAwDQYJKoZI
hvcNAQELBQADggEBAAT3OKAiE2VWIIaAjAZ0pVkjfAJPNOD/Hw3bOKmGWpZYXkn0
Q2YkHv+vcpRCv2ICTKgWrSJQMraITTn9P2TWYApsOxI4MmUu+gHXT1CZnycOFOZN
qvMDmaCxqzvEyqDdBgLf5h+keimy2bkE4WgvuT5RS7mzgC/AWLbFaCdhq4Lkohgx
bNFEpXM7iVgTRC9aAkZgpYzfqRGAdMDiOArOzNX8sGMSQ/e/7g/1qTKqLBWEGO8g
Hau1kAaPd2Ov7aFASAAGqeF/j/YbVD4rE/opJbzgmPUFZAHMmHp3U5Kfq1t3Lnby
xDmCThvpUW5USm30sH19TWCvEsHQm6PDUpqT/VI=
-----END CERTIFICATE-----
Generated at Fri Sep 27 13:21:08 2024 by rpki-client on console-fra.rpki-client.org