Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/S408y1mW0MKDTqhQ8jkTlyKfTg0.roa
File:                     S408y1mW0MKDTqhQ8jkTlyKfTg0.roa (raw, json)
Hash identifier:          mtiTeoDIQz32wuQZOBpD/Vac9KqzFazW5JCswlnnrKI=
Subject key identifier:   4B:8D:3C:CB:59:96:D0:C2:83:4E:A8:50:F2:39:13:97:22:9F:4E:0D
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0189FA0E4C759809DA0BD3AAD6FF89C0FDDA
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/S408y1mW0MKDTqhQ8jkTlyKfTg0.roa
Signing time:             Tue 15 Aug 2023 16:36:28 +0000
ROA not before:           Tue 15 Aug 2023 16:36:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211238
IP address blocks:        213.209.157.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 16 Sep 2023 11:15:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:fa:0e:4c:75:98:09:da:0b:d3:aa:d6:ff:89:c0:fd:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug 15 16:36:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b8d3ccb5996d0c2834ea850f2391397229f4e0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d4:20:a4:24:2b:cc:17:53:71:7d:42:0b:8c:
                    02:27:4b:c0:8e:2a:ea:9c:e8:7e:cc:d2:cd:f3:4e:
                    6c:b4:0e:05:3f:84:8b:85:85:c9:ba:2e:e7:c4:77:
                    e1:43:14:00:ff:1e:8b:4e:cc:6e:36:ad:c2:84:9d:
                    88:61:ac:4f:a2:91:9e:b0:27:0e:1b:9b:d6:b3:a6:
                    5a:2e:1c:f4:57:9d:14:fd:d9:55:cb:da:02:76:1e:
                    3b:50:3c:1b:ff:40:6e:92:03:b0:64:4e:7b:c8:37:
                    23:64:1e:0e:6d:38:0b:65:67:f4:63:09:2d:de:3d:
                    f3:a8:af:1d:51:db:b6:1b:67:06:f6:9b:8d:4a:24:
                    fe:90:74:23:e4:86:18:2b:9f:f2:d0:74:a6:ca:ad:
                    e8:4c:b6:5c:db:7c:37:b7:7e:be:a8:71:9c:b8:ab:
                    ee:f6:ad:65:05:f0:be:e7:ba:b5:42:c6:0c:ca:18:
                    24:69:c1:e6:37:4d:7c:dc:28:4e:0c:55:f3:30:7b:
                    83:ad:6a:00:c3:07:73:c3:0b:54:2d:73:8e:5a:53:
                    ce:ba:da:09:f2:7c:13:25:ce:fe:89:29:7b:b0:9d:
                    11:f9:5e:21:2a:6a:67:05:b8:4d:d4:4c:ad:6e:cb:
                    a0:7d:cd:40:a6:0e:f5:fa:dc:43:a1:1b:72:af:ee:
                    46:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:8D:3C:CB:59:96:D0:C2:83:4E:A8:50:F2:39:13:97:22:9F:4E:0D
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/S408y1mW0MKDTqhQ8jkTlyKfTg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:cc:0b:23:4f:d0:91:7f:50:1c:68:07:d7:b5:06:09:f4:2a:
         9f:fc:02:25:c8:6c:ee:3c:f3:9e:f6:b9:be:ab:bb:ea:ea:1d:
         65:af:d3:91:18:d6:4e:2d:76:b7:f0:59:ec:69:fa:ce:5d:89:
         41:c3:69:13:3d:05:98:c6:c6:24:8c:1c:00:42:a3:bb:6f:7d:
         b7:85:90:5a:ab:d2:b0:a6:50:1c:05:7a:3a:8b:68:1a:80:5b:
         4e:fa:1f:67:fd:3b:8f:cf:6a:48:f9:c7:6c:ba:2d:16:70:29:
         ee:a7:a3:3d:52:b9:e1:d6:cb:40:23:e3:e7:0c:58:bd:39:82:
         6c:12:21:9c:9d:d8:13:73:22:31:3c:7d:0c:62:c6:e4:26:1f:
         2b:ca:7f:17:a6:7a:85:63:4a:3e:1f:78:12:f8:a8:33:3e:f9:
         2b:23:0d:e6:65:18:ac:24:9a:34:aa:34:c7:f1:3c:dd:a3:4e:
         97:a4:71:43:ad:dd:93:29:d3:4c:e1:bf:0b:53:51:06:3d:7e:
         9e:16:80:77:10:f8:cd:28:53:e0:c4:57:13:90:da:be:bc:99:
         69:42:0f:1b:43:d9:f5:a4:3c:5e:c8:d4:d1:b5:bf:3c:ab:35:
         37:0d:65:81:2f:e5:60:2a:21:7c:67:4f:58:78:3b:28:07:ea:
         bd:81:69:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYn6Dkx1mAnaC9Oq1v+JwP3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwODE1MTYzNjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjhkM2NjYjU5OTZkMGMyODM0ZWE4NTBmMjM5MTM5NzIyOWY0ZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntQgpCQrzBdTcX1CC4wCJ0vAjirq
nOh+zNLN805stA4FP4SLhYXJui7nxHfhQxQA/x6LTsxuNq3ChJ2IYaxPopGesCcO
G5vWs6ZaLhz0V50U/dlVy9oCdh47UDwb/0BukgOwZE57yDcjZB4ObTgLZWf0Ywkt
3j3zqK8dUdu2G2cG9puNSiT+kHQj5IYYK5/y0HSmyq3oTLZc23w3t36+qHGcuKvu
9q1lBfC+57q1QsYMyhgkacHmN0183ChODFXzMHuDrWoAwwdzwwtULXOOWlPOutoJ
8nwTJc7+iSl7sJ0R+V4hKmpnBbhN1Eytbsugfc1Apg71+txDoRtyr+5GCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuNPMtZltDCg06oUPI5E5cin04NMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvUzQwOHkxbVcwTUtEVHFoUThqa1RseUtmVGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dGdMA0G
CSqGSIb3DQEBCwUAA4IBAQAxzAsjT9CRf1AcaAfXtQYJ9Cqf/AIlyGzuPPOe9rm+
q7vq6h1lr9ORGNZOLXa38FnsafrOXYlBw2kTPQWYxsYkjBwAQqO7b323hZBaq9Kw
plAcBXo6i2gagFtO+h9n/TuPz2pI+cdsui0WcCnup6M9Urnh1stAI+PnDFi9OYJs
EiGcndgTcyIxPH0MYsbkJh8ryn8XpnqFY0o+H3gS+KgzPvkrIw3mZRisJJo0qjTH
8Tzdo06XpHFDrd2TKdNM4b8LU1EGPX6eFoB3EPjNKFPgxFcTkNq+vJlpQg8bQ9n1
pDxeyNTRtb88qzU3DWWBL+VgKiF8Z09YeDsoB+q9gWkE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:25 2024 by rpki-client on console-ams.rpki-client.org