Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/f3QKAzxiMTWL6dqxX-nUX8okRLA.roa
File:                     f3QKAzxiMTWL6dqxX-nUX8okRLA.roa (raw, json)
Hash identifier:          gTRZyTqrJ2fG+vf3vu6dlVL2mvB97YBAY2uRKw11WIE=
Subject key identifier:   7F:74:0A:03:3C:62:31:35:8B:E9:DA:B1:5F:E9:D4:5F:CA:24:44:B0
Certificate issuer:       /CN=87be093097097c4457ff5aa3e5893c8c15432612
Certificate serial:       0186D7A32B8D1F717AFDD54AC7BB729329A8
Authority key identifier: 87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/f3QKAzxiMTWL6dqxX-nUX8okRLA.roa
Signing time:             Sun 12 Mar 2023 21:04:00 +0000
ROA not before:           Sun 12 Mar 2023 21:04:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39409
IP address blocks:        37.153.156.0/24 maxlen: 24
                          185.216.8.0/24 maxlen: 24
                          2a10:9906::/36 maxlen: 36

Validation:               Failed, certificate revoked on Thu 14 Sep 2023 13:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d7:a3:2b:8d:1f:71:7a:fd:d5:4a:c7:bb:72:93:29:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87be093097097c4457ff5aa3e5893c8c15432612
        Validity
            Not Before: Mar 12 21:04:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7f740a033c6231358be9dab15fe9d45fca2444b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:b2:18:c6:e1:08:b4:28:2d:5d:39:bd:3a:f1:
                    35:4d:85:37:02:1f:5e:c0:7f:b1:ca:75:a9:2a:a3:
                    44:7d:1b:34:6a:6c:e0:65:3e:b1:d1:43:01:4b:98:
                    73:50:25:25:3b:62:df:87:25:6c:ef:e6:bb:3e:ae:
                    e2:32:9b:6b:70:5b:cd:6e:ba:ba:4a:04:52:01:fe:
                    6d:f3:be:bb:38:bc:6a:40:be:f9:39:e7:8d:cc:5b:
                    1e:82:9d:b6:85:1c:8f:ac:46:08:61:18:73:2d:c8:
                    68:0d:8c:92:23:98:71:ef:22:d4:39:75:a6:27:d1:
                    2e:d3:76:98:86:f4:b3:e1:ae:15:95:aa:9c:09:65:
                    cf:e5:1b:fa:58:20:b1:02:5e:61:24:ed:b5:81:66:
                    cb:64:a2:38:87:89:f4:f1:96:a3:a9:9e:73:fc:9f:
                    08:bd:fa:b3:31:6d:fc:cf:3b:65:c6:6d:e0:2f:71:
                    8c:66:5a:9c:4c:a9:68:90:2d:9c:33:ce:04:00:af:
                    ec:cb:37:d6:56:23:55:f8:a0:0d:c2:89:4b:e9:a9:
                    ea:50:24:ae:d6:37:9b:ad:69:ca:c6:81:18:cf:a8:
                    52:7b:f7:88:e9:ec:b5:eb:6c:50:fe:a0:3a:6e:8d:
                    d3:37:c6:c7:79:7b:ed:a9:d4:41:a3:f5:5a:dd:69:
                    d6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:74:0A:03:3C:62:31:35:8B:E9:DA:B1:5F:E9:D4:5F:CA:24:44:B0
            X509v3 Authority Key Identifier:
                keyid:87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/f3QKAzxiMTWL6dqxX-nUX8okRLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.156.0/24
                  185.216.8.0/24
                IPv6:
                  2a10:9906::/36

    Signature Algorithm: sha256WithRSAEncryption
         9f:36:12:67:af:c9:6b:f9:38:44:53:85:de:ba:40:97:03:3a:
         1d:50:fd:c7:f0:b2:25:13:40:c4:1e:f8:46:84:8b:90:df:cd:
         96:70:7b:80:2c:1a:78:61:a2:1d:8f:b1:fa:d7:7e:b7:c1:bc:
         a2:ad:33:c4:a3:96:a7:cd:36:90:34:9a:70:8e:14:2c:d9:6c:
         db:c1:3b:87:69:fd:20:06:82:d6:d7:20:65:b3:2e:3a:01:c3:
         e2:bc:d6:74:fc:52:b3:ff:d0:15:b9:df:15:94:ce:26:ef:fa:
         77:91:73:26:11:00:3e:00:4b:53:fc:3e:1d:fe:8d:06:80:b4:
         52:db:ba:b9:ea:62:32:09:ed:dc:fd:14:8a:4e:14:3e:0c:0d:
         b2:34:ba:fd:b7:1e:de:b5:6a:32:70:f9:59:a6:a7:53:2f:d7:
         75:3e:0b:6a:22:b6:60:a7:f7:c3:0a:08:4e:5b:b4:5f:1f:99:
         8a:52:ab:49:c9:97:14:7f:7a:e7:61:3b:48:d7:15:a6:55:86:
         b4:74:44:d2:43:f8:7a:c7:20:b3:08:0f:b9:8a:27:29:19:64:
         f4:24:c4:66:26:88:99:ea:8a:de:45:50:8d:ad:de:44:ca:c9:
         e8:82:26:ea:9d:75:43:98:9f:c0:5e:f8:41:27:7c:bd:9c:c2:
         f7:6f:fa:ff
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYbXoyuNH3F6/dVKx7tykymoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YmUwOTMwOTcwOTdjNDQ1N2ZmNWFhM2U1ODkzYzhjMTU0
MzI2MTIwHhcNMjMwMzEyMjEwNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjc0MGEwMzNjNjIzMTM1OGJlOWRhYjE1ZmU5ZDQ1ZmNhMjQ0NGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbIYxuEItCgtXTm9OvE1TYU3Ah9e
wH+xynWpKqNEfRs0amzgZT6x0UMBS5hzUCUlO2LfhyVs7+a7Pq7iMptrcFvNbrq6
SgRSAf5t8767OLxqQL75OeeNzFsegp22hRyPrEYIYRhzLchoDYySI5hx7yLUOXWm
J9Eu03aYhvSz4a4VlaqcCWXP5Rv6WCCxAl5hJO21gWbLZKI4h4n08ZajqZ5z/J8I
vfqzMW38zztlxm3gL3GMZlqcTKlokC2cM84EAK/syzfWViNV+KANwolL6anqUCSu
1jebrWnKxoEYz6hSe/eI6ey162xQ/qA6bo3TN8bHeXvtqdRBo/Va3WnWUwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFH90CgM8YjE1i+nasV/p1F/KJESwMB8GA1UdIwQY
MBaAFIe+CTCXCXxEV/9ao+WJPIwVQyYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMt
MmNkZTY1ZjMxMTJhLzEvZjNRS0F6eGlNVFdMNmRxeFgtblVYOG9rUkxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMtMmNkZTY1ZjMxMTJh
LzEvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAJZmcAwQA
udgIMA4EAgACMAgDBgQqEJkGADANBgkqhkiG9w0BAQsFAAOCAQEAnzYSZ6/Ja/k4
RFOF3rpAlwM6HVD9x/CyJRNAxB74RoSLkN/NlnB7gCwaeGGiHY+x+td+t8G8oq0z
xKOWp802kDSacI4ULNls28E7h2n9IAaC1tcgZbMuOgHD4rzWdPxSs//QFbnfFZTO
Ju/6d5FzJhEAPgBLU/w+Hf6NBoC0Utu6uepiMgnt3P0Uik4UPgwNsjS6/bce3rVq
MnD5WaanUy/XdT4LaiK2YKf3wwoITlu0Xx+ZilKrScmXFH9652E7SNcVplWGtHRE
0kP4escgswgPuYonKRlk9CTEZiaImeqK3kVQja3eRMrJ6IIm6p11Q5ifwF74QSd8
vZzC92/6/w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:20 2024 by rpki-client on console-fra.rpki-client.org