Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rKnZjXIWZ3LJ_274CVK9j_0DYUs.roa
File:                     rKnZjXIWZ3LJ_274CVK9j_0DYUs.roa (raw, json)
Hash identifier:          eUVGKnEQYEP+zE19Z9lXxqaEkpmhd6ut6mQFz3J2HpY=
Subject key identifier:   AC:A9:D9:8D:72:16:67:72:C9:FF:6E:F8:09:52:BD:8F:FD:03:61:4B
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0196CF69F71286B93A657F7247CD5035784D
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rKnZjXIWZ3LJ_274CVK9j_0DYUs.roa
Signing time:             Wed 14 May 2025 15:29:10 +0000
ROA not before:           Wed 14 May 2025 15:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.187.21.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 25 May 2025 11:05:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:69:f7:12:86:b9:3a:65:7f:72:47:cd:50:35:78:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: May 14 15:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aca9d98d72166772c9ff6ef80952bd8ffd03614b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:7c:a2:9e:63:c0:42:4e:8f:71:c7:8e:67:ee:
                    7d:66:ca:6f:1b:28:96:d2:f4:76:38:4c:e3:ee:22:
                    9a:3e:30:0a:6a:51:50:b0:25:98:c2:6c:7c:b9:e5:
                    4f:e3:13:46:d4:a7:25:da:c1:6d:28:56:7b:f1:ee:
                    bc:a4:2b:56:c4:f9:5d:22:b3:86:3f:22:00:0c:d3:
                    45:23:54:d0:ff:4c:d7:0b:f5:d9:b0:3c:f2:05:ff:
                    50:fb:d0:04:20:c9:35:7b:6a:36:3c:36:05:97:5d:
                    0e:90:5e:c9:21:99:63:86:8b:f0:1d:e4:87:04:e0:
                    5b:c3:f5:d4:7e:f6:ef:2f:7f:96:76:9d:ff:03:fd:
                    ba:68:50:7f:e2:8a:81:7f:f2:d6:9d:97:cb:cf:42:
                    a2:23:dc:92:93:a6:90:84:a0:b9:1e:6f:f6:3f:dd:
                    e7:18:bb:e9:a0:03:36:50:94:b6:34:81:e9:47:46:
                    06:10:2b:3f:44:78:83:b2:bd:5c:c4:40:57:e2:31:
                    84:72:a7:dc:92:56:73:58:b4:af:e4:ce:4d:e9:64:
                    40:b5:21:9c:2d:83:e8:be:0a:bf:d0:b5:58:09:e4:
                    b1:e8:b3:ef:f7:07:62:8f:98:42:fb:3f:b5:6a:11:
                    63:dc:50:ab:f6:f4:6b:0f:74:46:b4:2b:f0:a2:d5:
                    ce:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:A9:D9:8D:72:16:67:72:C9:FF:6E:F8:09:52:BD:8F:FD:03:61:4B
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/rKnZjXIWZ3LJ_274CVK9j_0DYUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:4e:55:53:eb:bd:6b:49:a5:91:61:66:7e:9f:48:5a:90:33:
         57:9a:9f:98:08:e8:64:7f:20:5b:b5:ca:7c:21:6f:c5:68:0a:
         b1:68:55:4b:d1:e4:7f:ec:dc:cc:83:76:c5:38:20:11:db:49:
         e9:1c:51:b2:d0:9e:58:d1:6a:d6:24:da:f2:13:14:b6:37:61:
         c1:f4:a4:37:bf:73:d8:32:cd:9c:52:75:2e:e6:e3:91:19:ff:
         44:f0:ab:ea:da:a4:69:02:b1:a0:cc:c8:70:55:f7:e3:2d:16:
         10:62:26:49:37:f2:61:a8:76:76:14:db:c9:23:45:d8:ce:4c:
         6b:b0:10:02:26:75:ca:73:23:82:18:ea:ae:43:72:b3:29:b2:
         87:07:c5:32:ac:30:d8:fc:ec:eb:9a:cc:cc:9c:c7:dc:94:ca:
         70:b5:12:0a:70:4e:d3:b5:b4:2c:85:83:43:62:82:13:ee:04:
         bb:47:26:12:86:fd:83:ed:d9:36:55:f2:bd:ee:83:24:91:b7:
         be:46:83:e4:50:1b:91:46:9b:ad:0c:d4:c2:6c:77:58:0c:a9:
         65:02:15:11:54:b0:af:64:f0:00:6a:8a:fa:de:3d:fe:14:07:
         51:e7:0f:5a:68:85:5e:bc:6f:5f:48:f5:3d:a5:88:8d:b0:23:
         20:24:5d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbPafcShrk6ZX9yR81QNXhNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwNTE0MTUyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2E5ZDk4ZDcyMTY2NzcyYzlmZjZlZjgwOTUyYmQ4ZmZkMDM2MTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXyinmPAQk6PcceOZ+59ZspvGyiW
0vR2OEzj7iKaPjAKalFQsCWYwmx8ueVP4xNG1Kcl2sFtKFZ78e68pCtWxPldIrOG
PyIADNNFI1TQ/0zXC/XZsDzyBf9Q+9AEIMk1e2o2PDYFl10OkF7JIZljhovwHeSH
BOBbw/XUfvbvL3+Wdp3/A/26aFB/4oqBf/LWnZfLz0KiI9ySk6aQhKC5Hm/2P93n
GLvpoAM2UJS2NIHpR0YGECs/RHiDsr1cxEBX4jGEcqfcklZzWLSv5M5N6WRAtSGc
LYPovgq/0LVYCeSx6LPv9wdij5hC+z+1ahFj3FCr9vRrD3RGtCvwotXOYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyp2Y1yFmdyyf9u+AlSvY/9A2FLMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvcktuWmpYSVdaM0xKXzI3NENWSzlqXzBEWVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsVMA0G
CSqGSIb3DQEBCwUAA4IBAQAKTlVT671rSaWRYWZ+n0hakDNXmp+YCOhkfyBbtcp8
IW/FaAqxaFVL0eR/7NzMg3bFOCAR20npHFGy0J5Y0WrWJNryExS2N2HB9KQ3v3PY
Ms2cUnUu5uORGf9E8Kvq2qRpArGgzMhwVffjLRYQYiZJN/JhqHZ2FNvJI0XYzkxr
sBACJnXKcyOCGOquQ3KzKbKHB8UyrDDY/OzrmszMnMfclMpwtRIKcE7TtbQshYND
YoIT7gS7RyYShv2D7dk2VfK97oMkkbe+RoPkUBuRRputDNTCbHdYDKllAhURVLCv
ZPAAaor63j3+FAdR5w9aaIVevG9fSPU9pYiNsCMgJF1u
-----END CERTIFICATE-----
Generated at Fri Jun 13 14:53:05 2025 by rpki-client