Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/FN3lgNT-RLdxjhLUWCnaazwRjMo.roa
File:                     FN3lgNT-RLdxjhLUWCnaazwRjMo.roa (raw, json)
Hash identifier:          7hSI7z1FAeEN5k+2VZxAvTSMqcTFZMfD11R39f2lIZ8=
Subject key identifier:   14:DD:E5:80:D4:FE:44:B7:71:8E:12:D4:58:29:DA:6B:3C:11:8C:CA
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       01856F5DCDCFF5BD91A929D6C8254E6FE842
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/FN3lgNT-RLdxjhLUWCnaazwRjMo.roa
Signing time:             Sun 01 Jan 2023 22:04:56 +0000
ROA not before:           Sun 01 Jan 2023 22:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41480
IP address blocks:        89.20.64.0/19 maxlen: 19
                          89.20.64.0/20 maxlen: 20
                          212.124.64.0/19 maxlen: 19
                          212.124.64.0/22 maxlen: 22
                          212.124.64.0/20 maxlen: 20
                          212.124.80.0/20 maxlen: 20
                          89.20.80.0/20 maxlen: 20
                          2a02:2170::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:5d:cd:cf:f5:bd:91:a9:29:d6:c8:25:4e:6f:e8:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Jan  1 22:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=14dde580d4fe44b7718e12d45829da6b3c118cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1e:85:48:78:ea:8d:95:83:00:e9:1e:04:81:
                    fa:ff:02:d9:11:d8:55:09:c6:d6:27:ef:c6:e8:75:
                    a8:9b:4c:cb:4c:21:25:9b:cc:84:16:5b:d8:45:ff:
                    78:07:d2:2c:5c:2e:8a:30:a4:bd:2d:4a:25:0f:e1:
                    b2:ee:7e:2d:a4:63:fe:ba:60:9a:20:34:55:b4:55:
                    f0:4c:9d:f9:63:8e:eb:db:99:e8:63:9c:d2:64:0f:
                    0e:2d:c2:f4:42:a4:7a:87:9f:fd:5d:58:4e:08:17:
                    b5:b2:c9:83:e0:4f:0d:38:8e:48:ba:79:a8:e9:97:
                    14:c2:f0:67:42:0a:d1:b9:86:cc:f5:b1:3d:e1:d1:
                    c3:41:aa:91:e9:5a:8c:fb:1b:5d:4a:1f:16:b3:f3:
                    d9:49:5c:f6:7f:2e:ca:10:ac:ae:8f:cd:c3:b8:e6:
                    71:7a:00:c0:28:e0:4b:91:51:36:75:87:ac:95:7d:
                    25:3e:5f:70:a8:2b:b1:96:7c:c6:ff:e4:ee:dc:ac:
                    27:4c:e3:40:fb:0b:ce:7d:c1:ae:cc:a3:ea:46:94:
                    91:1b:70:58:97:16:37:37:54:29:20:d2:ac:32:54:
                    6d:86:12:f7:a0:7c:3b:c0:48:24:03:46:85:5f:f7:
                    26:88:8b:31:21:a1:ef:a6:ce:5a:a6:4d:52:b9:67:
                    69:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DD:E5:80:D4:FE:44:B7:71:8E:12:D4:58:29:DA:6B:3C:11:8C:CA
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/FN3lgNT-RLdxjhLUWCnaazwRjMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.20.64.0/19
                  212.124.64.0/19
                IPv6:
                  2a02:2170::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:d5:74:24:91:63:cf:5c:1c:6e:26:96:54:35:be:db:16:a0:
         77:df:87:f3:b2:7e:65:13:f1:31:c3:c8:08:35:d5:a2:e9:1a:
         58:62:a2:c2:8b:bf:7a:e8:0a:9a:a8:5f:93:4c:0d:54:2f:b5:
         4e:35:4b:5e:43:02:99:3f:f9:48:68:49:9a:b9:ad:78:d7:a7:
         76:0e:a7:ae:b4:f6:4b:4d:94:f1:b8:ac:80:79:96:3c:f2:df:
         18:24:b3:63:2e:a5:e8:36:25:dd:00:c5:58:ba:b6:35:54:a8:
         10:cb:72:8c:e4:a6:f0:e8:53:e2:8c:42:83:0d:f9:cf:53:f9:
         09:89:1d:df:6c:1c:93:55:f2:42:ee:15:84:5c:e6:c9:fa:7c:
         bc:4b:8b:c2:0d:95:0a:56:12:dd:e8:43:70:70:71:0f:a4:d2:
         95:f3:b5:06:0f:2e:c2:ae:27:69:49:bb:a5:2f:b6:40:d0:72:
         42:b3:23:2e:00:10:b3:97:fe:59:b3:1d:a2:a2:33:f8:23:a0:
         02:36:d5:7a:b0:6b:86:fa:b9:1a:06:ab:4c:57:1a:4b:67:76:
         ca:74:36:b2:3b:a5:04:62:7e:a3:71:8b:dd:2e:cf:75:9e:90:
         c9:40:70:d6:3e:56:46:d6:fa:38:30:42:73:0c:05:ef:1f:eb:
         ef:97:90:6b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVvXc3P9b2RqSnWyCVOb+hCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjMwMTAxMjIwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGRkZTU4MGQ0ZmU0NGI3NzE4ZTEyZDQ1ODI5ZGE2YjNjMTE4Y2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsx6FSHjqjZWDAOkeBIH6/wLZEdhV
CcbWJ+/G6HWom0zLTCElm8yEFlvYRf94B9IsXC6KMKS9LUolD+Gy7n4tpGP+umCa
IDRVtFXwTJ35Y47r25noY5zSZA8OLcL0QqR6h5/9XVhOCBe1ssmD4E8NOI5Iunmo
6ZcUwvBnQgrRuYbM9bE94dHDQaqR6VqM+xtdSh8Ws/PZSVz2fy7KEKyuj83DuOZx
egDAKOBLkVE2dYeslX0lPl9wqCuxlnzG/+Tu3KwnTONA+wvOfcGuzKPqRpSRG3BY
lxY3N1QpINKsMlRthhL3oHw7wEgkA0aFX/cmiIsxIaHvps5apk1SuWdpJwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBTd5YDU/kS3cY4S1Fgp2ms8EYzKMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvRk4zbGdOVC1STGR4amhMVVdDbmFhendSak1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFWRRAAwQF
1HxAMA0EAgACMAcDBQAqAiFwMA0GCSqGSIb3DQEBCwUAA4IBAQA41XQkkWPPXBxu
JpZUNb7bFqB334fzsn5lE/Exw8gINdWi6RpYYqLCi7966AqaqF+TTA1UL7VONUte
QwKZP/lIaEmaua1416d2DqeutPZLTZTxuKyAeZY88t8YJLNjLqXoNiXdAMVYurY1
VKgQy3KM5Kbw6FPijEKDDfnPU/kJiR3fbByTVfJC7hWEXObJ+ny8S4vCDZUKVhLd
6ENwcHEPpNKV87UGDy7CridpSbulL7ZA0HJCsyMuABCzl/5Zsx2iojP4I6ACNtV6
sGuG+rkaBqtMVxpLZ3bKdDayO6UEYn6jcYvdLs91npDJQHDWPlZG1vo4MEJzDAXv
H+vvl5Br
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:48 2024 by rpki-client on console-fra.rpki-client.org