Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/9Baz2sy6LZ20TkeOc0OBCAqZBYw.roa
File:                     9Baz2sy6LZ20TkeOc0OBCAqZBYw.roa (raw, json)
Hash identifier:          zA14VeOlHpsY3KrIzh8i2SyYzh1fltUAxBpIXSJDh8c=
Subject key identifier:   F4:16:B3:DA:CC:BA:2D:9D:B4:4E:47:8E:73:43:81:08:0A:99:05:8C
Certificate issuer:       /CN=007e6b5aa437d3693151502a211496e37d4ae2c5
Certificate serial:       01856ED4D1D458D7D3CC9597B0E09C17EEB4
Authority key identifier: 00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/9Baz2sy6LZ20TkeOc0OBCAqZBYw.roa
Signing time:             Sun 01 Jan 2023 19:35:19 +0000
ROA not before:           Sun 01 Jan 2023 19:35:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5630
IP address blocks:        89.106.184.0/21 maxlen: 24
                          2a01:20:4::/48 maxlen: 48
                          2a01:20::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:d4:d1:d4:58:d7:d3:cc:95:97:b0:e0:9c:17:ee:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=007e6b5aa437d3693151502a211496e37d4ae2c5
        Validity
            Not Before: Jan  1 19:35:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f416b3daccba2d9db44e478e734381080a99058c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a9:28:1b:16:80:ab:b4:a9:ce:49:40:9a:9c:
                    4d:a7:21:ba:a8:fb:a1:62:9d:2d:bd:bf:cf:c7:d8:
                    66:2f:56:d1:5c:88:a9:57:dd:fe:71:95:b8:ee:81:
                    df:72:76:e0:ac:6e:aa:0b:99:21:fe:e0:25:22:5c:
                    f5:ba:d1:fb:b2:f7:d5:b1:c8:8a:37:33:c6:e6:c7:
                    7f:5f:86:17:a2:23:62:0a:a7:38:fe:d4:1b:f0:fb:
                    03:f4:e6:15:86:7e:1f:fe:b7:90:fa:8a:e5:c4:e2:
                    a1:0f:6d:56:03:9d:5a:81:ff:ab:8d:fc:cb:af:28:
                    2e:f3:d6:06:51:a0:6c:b8:37:95:f1:8b:17:4d:0c:
                    6c:cd:60:74:3c:ff:7c:73:19:f7:d9:17:ab:25:57:
                    3a:97:41:c1:80:9c:2b:4b:ec:d3:09:89:8f:42:67:
                    69:b1:ea:7a:7e:28:8c:96:12:cb:d9:1b:f3:20:86:
                    4d:45:7c:1e:89:cf:8d:e0:9c:0b:61:0c:ab:55:8f:
                    ee:58:ba:a9:ef:67:21:fc:3d:0d:fb:d3:05:db:e0:
                    1d:2c:77:af:9a:40:9c:88:3b:dd:c9:dd:a2:71:5b:
                    4f:bd:52:6f:86:0f:bd:be:cd:41:51:d1:b4:bc:fb:
                    31:ec:07:5e:fd:6a:da:89:52:71:69:2c:f3:cc:a6:
                    92:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:16:B3:DA:CC:BA:2D:9D:B4:4E:47:8E:73:43:81:08:0A:99:05:8C
            X509v3 Authority Key Identifier:
                keyid:00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/9Baz2sy6LZ20TkeOc0OBCAqZBYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.184.0/21
                IPv6:
                  2a01:20::/48
                  2a01:20:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:e0:f7:ab:67:93:0f:09:67:0f:1c:87:5a:52:69:f1:26:34:
         18:97:59:d3:8f:45:67:cd:9f:d6:eb:34:ea:37:45:78:2e:79:
         1e:b7:fe:78:fc:d9:ad:7d:95:45:2d:11:4b:db:36:d1:ae:1d:
         c5:9e:10:3a:bf:fd:86:76:48:f5:2e:a3:f3:2c:23:d2:21:7f:
         47:29:7f:c0:c3:2e:25:06:8e:c0:e0:08:e5:b0:40:39:5f:fb:
         97:61:e5:ac:b4:32:22:84:27:09:df:1f:c6:51:a8:ba:0f:6d:
         a8:bf:a9:c8:26:75:84:ad:1b:4d:18:a6:73:00:99:6e:80:97:
         ab:f7:a9:3f:e0:f5:59:4f:56:7e:04:11:5b:97:00:89:01:b9:
         81:69:8e:01:c4:57:9e:b7:aa:c9:ca:70:fb:b6:41:07:7b:9e:
         fa:14:85:70:c4:63:48:76:59:6c:77:f9:de:42:e8:90:d6:bb:
         54:74:03:6b:61:aa:28:73:d4:54:1d:e3:70:9f:32:ca:9c:c5:
         fe:cc:24:a8:81:4c:e4:f1:ab:fc:c8:06:3b:9f:71:37:c1:03:
         1e:71:03:de:d5:e3:37:51:aa:80:bf:85:3b:76:ad:dc:af:fa:
         73:dd:96:7b:6e:b9:42:f8:45:03:f3:8d:45:cf:73:b3:09:3a:
         c0:5c:c4:db
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVu1NHUWNfTzJWXsOCcF+60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwN2U2YjVhYTQzN2QzNjkzMTUxNTAyYTIxMTQ5NmUzN2Q0
YWUyYzUwHhcNMjMwMTAxMTkzNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE2YjNkYWNjYmEyZDlkYjQ0ZTQ3OGU3MzQzODEwODBhOTkwNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6koGxaAq7SpzklAmpxNpyG6qPuh
Yp0tvb/Px9hmL1bRXIipV93+cZW47oHfcnbgrG6qC5kh/uAlIlz1utH7svfVsciK
NzPG5sd/X4YXoiNiCqc4/tQb8PsD9OYVhn4f/reQ+orlxOKhD21WA51agf+rjfzL
rygu89YGUaBsuDeV8YsXTQxszWB0PP98cxn32RerJVc6l0HBgJwrS+zTCYmPQmdp
sep6fiiMlhLL2RvzIIZNRXweic+N4JwLYQyrVY/uWLqp72ch/D0N+9MF2+AdLHev
mkCciDvdyd2icVtPvVJvhg+9vs1BUdG0vPsx7Ade/WraiVJxaSzzzKaSuQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPQWs9rMui2dtE5HjnNDgQgKmQWMMB8GA1UdIwQY
MBaAFAB+a1qkN9NpMVFQKiEUluN9SuLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYt
NWE4YzY3ODQyMzg5LzEvOUJhejJzeTZMWjIwVGtlT2MwT0JDQXFaQll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYtNWE4YzY3ODQyMzg5
LzEvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQDWWq4MBgE
AgACMBIDBwAqAQAgAAADBwAqAQAgAAQwDQYJKoZIhvcNAQELBQADggEBAJbg96tn
kw8JZw8ch1pSafEmNBiXWdOPRWfNn9brNOo3RXgueR63/nj82a19lUUtEUvbNtGu
HcWeEDq//YZ2SPUuo/MsI9Ihf0cpf8DDLiUGjsDgCOWwQDlf+5dh5ay0MiKEJwnf
H8ZRqLoPbai/qcgmdYStG00YpnMAmW6Al6v3qT/g9VlPVn4EEVuXAIkBuYFpjgHE
V563qsnKcPu2QQd7nvoUhXDEY0h2WWx3+d5C6JDWu1R0A2thqihz1FQd43CfMsqc
xf7MJKiBTOTxq/zIBjufcTfBAx5xA97V4zdRqoC/hTt2rdyv+nPdlntuuUL4RQPz
jUXPc7MJOsBcxNs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:07 2024 by rpki-client on console-ams.rpki-client.org