Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/R0NKX2GQTaKSQDH38hdeklPS3eQ.roa
File:                     R0NKX2GQTaKSQDH38hdeklPS3eQ.roa (raw, json)
Hash identifier:          tfulI81HbAZuPqeObI/v77faojHb3PhsaVJ0/eGvc2A=
Subject key identifier:   47:43:4A:5F:61:90:4D:A2:92:40:31:F7:F2:17:5E:92:53:D2:DD:E4
Certificate issuer:       /CN=cb889feed135dc03492d8b3e828c7309587d1411
Certificate serial:       01856CA5D1E945E6F7B45F123734742A98FF
Authority key identifier: CB:88:9F:EE:D1:35:DC:03:49:2D:8B:3E:82:8C:73:09:58:7D:14:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y4if7tE13ANJLYs-goxzCVh9FBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/R0NKX2GQTaKSQDH38hdeklPS3eQ.roa
Signing time:             Sun 01 Jan 2023 09:24:44 +0000
ROA not before:           Sun 01 Jan 2023 09:24:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     4749
IP address blocks:        147.189.33.0/24 maxlen: 24
                          147.189.32.0/24 maxlen: 24
                          147.189.32.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:a5:d1:e9:45:e6:f7:b4:5f:12:37:34:74:2a:98:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb889feed135dc03492d8b3e828c7309587d1411
        Validity
            Not Before: Jan  1 09:24:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=47434a5f61904da2924031f7f2175e9253d2dde4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c9:f9:32:e5:5a:2c:80:f1:4e:25:e3:23:16:
                    6e:a7:a9:40:9e:2d:c7:c0:17:fc:67:b2:7b:59:38:
                    f3:f9:24:ca:e1:19:25:12:d7:04:d7:38:00:9c:93:
                    84:eb:59:c8:91:18:e2:d2:08:66:fa:bd:15:ba:c1:
                    8d:aa:b3:60:15:32:c6:2a:fd:c2:09:6b:47:58:7f:
                    c5:dc:ee:c5:83:ad:1f:f9:bb:f1:71:02:20:c9:8e:
                    2d:c4:0b:a2:2d:1a:70:27:2b:91:b4:7d:2c:34:83:
                    d5:55:98:0d:17:18:8b:bf:21:f4:3f:d1:e4:ad:77:
                    d9:dd:33:c2:42:d6:4d:54:24:c9:8e:eb:2e:a3:83:
                    32:36:e7:4c:83:ed:4b:a7:37:89:13:2c:38:af:31:
                    0f:65:9b:47:04:c4:f9:fc:1c:da:2a:a1:c9:7e:20:
                    70:73:5a:0b:90:90:f0:57:01:ce:fa:50:ee:ee:65:
                    a5:9b:68:1c:88:01:ff:2e:7b:0d:7e:86:f7:27:d8:
                    2d:cc:d7:a7:85:1c:8b:c9:a5:11:69:e0:47:ae:02:
                    99:5c:0b:98:0d:2e:71:da:85:bf:07:70:9b:3f:86:
                    9d:57:31:22:e0:45:72:9b:03:02:9e:7b:fb:3a:bb:
                    c5:8c:b5:8f:87:a4:38:80:d7:0a:74:90:22:9d:ee:
                    0a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:43:4A:5F:61:90:4D:A2:92:40:31:F7:F2:17:5E:92:53:D2:DD:E4
            X509v3 Authority Key Identifier:
                keyid:CB:88:9F:EE:D1:35:DC:03:49:2D:8B:3E:82:8C:73:09:58:7D:14:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y4if7tE13ANJLYs-goxzCVh9FBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/R0NKX2GQTaKSQDH38hdeklPS3eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/df0e81-bdcb-4a24-8435-c1f12e58fedd/1/y4if7tE13ANJLYs-goxzCVh9FBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:0a:a0:e4:06:46:6f:98:5d:44:e9:28:ce:32:6f:ee:93:ae:
         49:68:e0:0f:33:b5:ad:e6:38:8d:c0:f5:c9:76:a3:a0:25:bd:
         dd:79:02:ce:29:46:83:a4:6f:80:05:09:94:af:c1:13:d2:04:
         a7:76:6e:23:d1:a3:f8:69:e9:c1:15:41:2e:45:2e:38:5e:a2:
         c2:ab:81:b2:56:12:61:b9:c5:c0:8e:32:51:c5:46:26:98:00:
         1e:8d:fc:ab:4b:36:92:85:f0:6d:34:e3:6e:37:f6:ae:68:0f:
         d5:df:20:9c:a1:39:d4:85:87:76:0d:ab:40:f3:1e:30:b6:57:
         14:9d:2f:e9:0f:13:9e:ae:e4:b6:3c:91:dc:c7:b4:8e:c8:4b:
         ab:2f:04:47:0a:73:17:a7:82:85:90:fc:20:f4:ff:22:a1:f5:
         7b:30:d7:02:11:22:24:96:35:3e:96:4d:75:7a:9b:90:ca:f4:
         63:4d:cd:ed:0e:5a:f3:82:83:e4:4f:0e:d0:50:f6:40:f9:c2:
         c9:68:91:71:75:cc:f2:ef:ad:8e:6e:ff:87:5c:eb:01:1a:10:
         ec:72:75:06:39:b1:07:6f:73:c3:f3:9a:85:88:a6:94:0b:1c:
         fb:80:9d:ed:a0:ad:aa:22:9d:7e:9b:2d:b0:a6:93:83:a4:13:
         b7:8f:42:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVspdHpReb3tF8SNzR0Kpj/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiODg5ZmVlZDEzNWRjMDM0OTJkOGIzZTgyOGM3MzA5NTg3
ZDE0MTEwHhcNMjMwMTAxMDkyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQzNGE1ZjYxOTA0ZGEyOTI0MDMxZjdmMjE3NWU5MjUzZDJkZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8n5MuVaLIDxTiXjIxZup6lAni3H
wBf8Z7J7WTjz+STK4RklEtcE1zgAnJOE61nIkRji0ghm+r0VusGNqrNgFTLGKv3C
CWtHWH/F3O7Fg60f+bvxcQIgyY4txAuiLRpwJyuRtH0sNIPVVZgNFxiLvyH0P9Hk
rXfZ3TPCQtZNVCTJjusuo4MyNudMg+1LpzeJEyw4rzEPZZtHBMT5/BzaKqHJfiBw
c1oLkJDwVwHO+lDu7mWlm2gciAH/LnsNfob3J9gtzNenhRyLyaURaeBHrgKZXAuY
DS5x2oW/B3CbP4adVzEi4EVymwMCnnv7OrvFjLWPh6Q4gNcKdJAine4KzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdDSl9hkE2ikkAx9/IXXpJT0t3kMB8GA1UdIwQY
MBaAFMuIn+7RNdwDSS2LPoKMcwlYfRQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTRpZjd0RTEzQU5KTFlzLWdveHpDVmg5RkJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9kZjBlODEtYmRjYi00YTI0LTg0MzUt
YzFmMTJlNThmZWRkLzEvUjBOS1gyR1FUYUtTUURIMzhoZGVrbFBTM2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9kZjBlODEtYmRjYi00YTI0LTg0MzUtYzFmMTJlNThmZWRk
LzEveTRpZjd0RTEzQU5KTFlzLWdveHpDVmg5RkJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk70gMA0G
CSqGSIb3DQEBCwUAA4IBAQBACqDkBkZvmF1E6SjOMm/uk65JaOAPM7Wt5jiNwPXJ
dqOgJb3deQLOKUaDpG+ABQmUr8ET0gSndm4j0aP4aenBFUEuRS44XqLCq4GyVhJh
ucXAjjJRxUYmmAAejfyrSzaShfBtNONuN/auaA/V3yCcoTnUhYd2DatA8x4wtlcU
nS/pDxOeruS2PJHcx7SOyEurLwRHCnMXp4KFkPwg9P8iofV7MNcCESIkljU+lk11
epuQyvRjTc3tDlrzgoPkTw7QUPZA+cLJaJFxdczy762Obv+HXOsBGhDscnUGObEH
b3PD85qFiKaUCxz7gJ3toK2qIp1+my2wppODpBO3j0Kw
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:53:10 2024 by rpki-client on console-ams.rpki-client.org