Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Qvh2agBupptXOTAVJeAsHaq6DiQ.roa
File:                     Qvh2agBupptXOTAVJeAsHaq6DiQ.roa (raw, json)
Hash identifier:          sQ+kfWO0ho6WEFMe7pg982ygeMb4r2UdnnW7/jMpFBE=
Subject key identifier:   42:F8:76:6A:00:6E:A6:9B:57:39:30:15:25:E0:2C:1D:AA:BA:0E:24
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01960F451EB81EB49AABDBF9396081C01C17
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Qvh2agBupptXOTAVJeAsHaq6DiQ.roa
Signing time:             Mon 07 Apr 2025 08:01:50 +0000
ROA not before:           Mon 07 Apr 2025 08:01:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214654
IP address blocks:        212.38.81.0/24 maxlen: 24
                          213.210.52.0/24 maxlen: 24
                          213.210.53.0/24 maxlen: 24
                          213.218.239.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 30 Apr 2025 12:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:0f:45:1e:b8:1e:b4:9a:ab:db:f9:39:60:81:c0:1c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  7 08:01:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42f8766a006ea69b5739301525e02c1daaba0e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8a:b4:09:67:3a:74:f5:63:b0:1f:7d:25:63:
                    47:d8:17:a7:da:b3:f4:df:26:5f:ea:29:db:2f:ca:
                    b8:ab:a6:f2:3a:db:fb:66:17:56:0c:e4:9a:b4:dd:
                    a1:49:94:68:d8:a7:48:93:b7:ea:d3:31:3a:df:fb:
                    1e:e5:a8:15:a4:d9:9e:f7:77:65:bb:3c:5d:6f:98:
                    46:f5:66:ac:d3:f7:83:0e:3f:e7:5a:c1:26:7b:63:
                    29:28:41:38:28:01:96:f4:a5:53:29:61:2a:06:2f:
                    8c:29:30:08:90:e4:e2:83:7d:c6:95:dc:20:d0:56:
                    66:f7:bb:87:b9:6f:ff:b4:2f:20:50:f9:2b:b5:ff:
                    e2:7b:34:58:d6:dd:c9:b0:42:4e:c3:69:9d:c3:9d:
                    75:37:1b:51:61:98:64:ff:5e:53:d7:96:ae:fe:11:
                    fc:6c:4b:b3:bf:54:42:89:c2:36:b9:34:17:df:33:
                    3d:4c:e0:5e:fe:d7:d1:24:c3:08:2e:68:b2:8d:66:
                    aa:0d:af:76:12:11:5a:24:41:47:e9:75:ab:0a:d9:
                    7b:cc:92:c3:54:5a:8f:50:c2:c5:98:fe:35:33:ea:
                    30:b0:0b:21:b0:b9:62:fa:15:ab:ab:73:ad:70:17:
                    bf:22:0b:21:63:5a:61:0c:16:4e:d6:61:ef:1d:56:
                    73:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F8:76:6A:00:6E:A6:9B:57:39:30:15:25:E0:2C:1D:AA:BA:0E:24
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Qvh2agBupptXOTAVJeAsHaq6DiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.38.81.0/24
                  213.210.52.0/23
                  213.218.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:4e:54:e5:40:e7:e7:5c:76:18:ce:57:ca:b2:f2:df:d4:69:
         f3:71:ec:be:6b:94:29:90:b4:63:0d:b3:21:6b:b2:51:2c:f5:
         68:70:50:d2:4d:fd:51:d3:89:78:9b:f2:cf:c7:3f:61:b8:38:
         8a:bb:19:85:de:80:e6:06:ab:02:93:0a:f5:bb:71:1f:6e:11:
         ea:8b:4d:66:98:63:86:3d:42:99:0b:11:21:d9:6b:a9:43:42:
         35:a8:ce:f5:b3:13:df:8a:f7:b7:67:2c:63:09:67:79:d0:c0:
         a5:c7:71:18:a0:45:be:e6:8e:dc:42:63:7b:02:d9:3d:8f:be:
         43:a1:d5:46:49:b4:9c:03:3b:34:35:60:46:e2:cc:4c:37:c9:
         b2:e5:c4:0d:83:49:7b:c6:39:fd:60:f4:a8:15:bb:88:8d:05:
         a2:26:bd:dd:09:04:bd:70:b9:2a:cc:34:95:ef:0a:50:9b:84:
         a4:e5:61:37:74:70:d4:70:0f:5b:4e:aa:61:87:a6:52:5d:c1:
         a1:1b:a7:a6:d8:a2:27:72:74:07:65:c9:68:26:0b:90:9e:75:
         0d:57:64:45:ac:d0:85:a5:78:ef:7f:a3:b8:80:9d:d0:9e:eb:
         35:d4:68:a9:52:73:38:53:48:7f:32:4a:d1:36:a9:a8:fd:11:
         50:06:45:b8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZYPRR64HrSaq9v5OWCBwBwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDA3MDgwMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmY4NzY2YTAwNmVhNjliNTczOTMwMTUyNWUwMmMxZGFhYmEwZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYq0CWc6dPVjsB99JWNH2Ben2rP0
3yZf6inbL8q4q6byOtv7ZhdWDOSatN2hSZRo2KdIk7fq0zE63/se5agVpNme93dl
uzxdb5hG9Was0/eDDj/nWsEme2MpKEE4KAGW9KVTKWEqBi+MKTAIkOTig33Gldwg
0FZm97uHuW//tC8gUPkrtf/iezRY1t3JsEJOw2mdw511NxtRYZhk/15T15au/hH8
bEuzv1RCicI2uTQX3zM9TOBe/tfRJMMILmiyjWaqDa92EhFaJEFH6XWrCtl7zJLD
VFqPUMLFmP41M+owsAshsLli+hWrq3OtcBe/IgshY1phDBZO1mHvHVZz5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEL4dmoAbqabVzkwFSXgLB2qug4kMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUXZoMmFnQnVwcHRYT1RBVkplQXNIYXE2RGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1CZRAwQB
1dI0AwQA1drvMA0GCSqGSIb3DQEBCwUAA4IBAQAkTlTlQOfnXHYYzlfKsvLf1Gnz
cey+a5QpkLRjDbMha7JRLPVocFDSTf1R04l4m/LPxz9huDiKuxmF3oDmBqsCkwr1
u3EfbhHqi01mmGOGPUKZCxEh2WupQ0I1qM71sxPfive3ZyxjCWd50MClx3EYoEW+
5o7cQmN7Atk9j75DodVGSbScAzs0NWBG4sxMN8my5cQNg0l7xjn9YPSoFbuIjQWi
Jr3dCQS9cLkqzDSV7wpQm4Sk5WE3dHDUcA9bTqphh6ZSXcGhG6em2KIncnQHZclo
JguQnnUNV2RFrNCFpXjvf6O4gJ3Qnus11GipUnM4U0h/MkrRNqmo/RFQBkW4
-----END CERTIFICATE-----
Generated at Fri May 2 10:23:51 2025 by rpki-client