Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tXNYSFazWcpnRqpoQHuHRmk7gUs.roa
File:                     tXNYSFazWcpnRqpoQHuHRmk7gUs.roa (raw, json)
Hash identifier:          b+cMsv/69iSyKH8+5ivfR09Qv+D+3bzh7M15XFSCNDY=
Subject key identifier:   B5:73:58:48:56:B3:59:CA:67:46:AA:68:40:7B:87:46:69:3B:81:4B
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018737ABBBE1B7D1EF024A3F36B766556C08
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tXNYSFazWcpnRqpoQHuHRmk7gUs.roa
Signing time:             Fri 31 Mar 2023 12:36:54 +0000
ROA not before:           Fri 31 Mar 2023 12:36:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        81.29.147.0/24 maxlen: 24
                          81.29.157.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 05 Apr 2023 05:51:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:37:ab:bb:e1:b7:d1:ef:02:4a:3f:36:b7:66:55:6c:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Mar 31 12:36:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b573584856b359ca6746aa68407b8746693b814b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:7a:56:0a:d1:6c:de:10:d7:17:27:51:c0:45:
                    f8:c1:d5:a5:1b:5e:07:3a:aa:bb:d1:55:6f:f9:6e:
                    7b:62:49:66:e9:80:c9:c9:cd:5f:8e:e1:24:20:ee:
                    a4:91:3a:b3:e4:ad:20:14:d4:e7:dc:b7:4a:cf:34:
                    f9:a7:9b:59:84:08:73:3f:42:26:66:80:9f:2a:ee:
                    c9:f7:73:d5:60:7c:f0:27:d8:75:4d:87:42:7b:85:
                    3e:96:a1:8f:d1:bd:08:34:8c:ff:b0:6f:75:9b:d9:
                    3e:2c:2a:0a:59:83:28:f2:ef:71:da:bc:cb:1a:20:
                    6e:6c:21:56:34:f8:74:e7:96:2e:e2:30:70:7d:cb:
                    45:f2:44:bc:8e:ad:e1:13:44:de:93:78:00:89:4c:
                    65:2f:1d:97:cb:30:01:66:2e:16:d9:57:a9:d9:61:
                    04:ec:f6:9b:93:2d:25:52:f4:e8:bb:d7:40:65:d0:
                    a3:fe:7b:4f:ad:c6:57:68:54:ce:0c:e7:2e:61:81:
                    e7:b5:2e:f5:79:ce:bb:86:35:68:38:d6:9c:f5:f2:
                    32:6e:65:0d:2d:28:13:f6:1c:24:a2:96:da:ac:ad:
                    c0:3c:f8:5f:2d:20:af:d9:92:93:fe:82:1d:cd:bc:
                    1a:1f:78:2b:bc:ef:70:fd:a9:d4:6c:c2:f6:2f:3d:
                    43:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:73:58:48:56:B3:59:CA:67:46:AA:68:40:7B:87:46:69:3B:81:4B
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tXNYSFazWcpnRqpoQHuHRmk7gUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.147.0/24
                  81.29.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:0a:40:15:f0:ba:49:8c:e2:92:4d:bd:e0:47:a4:8b:50:0d:
         f3:19:3c:ae:03:09:ee:4c:47:a7:38:0a:b1:59:c0:30:a8:68:
         70:b5:06:1e:27:98:73:bc:92:a0:cb:cd:ee:f7:f0:89:b6:67:
         39:a2:40:11:f3:a8:a9:19:23:47:a7:a8:d9:4a:67:9d:64:20:
         fe:d6:ce:05:09:32:8e:c0:d3:c0:18:54:35:3c:ab:50:de:22:
         85:4a:ff:28:22:8e:78:ec:82:08:dc:a4:fe:1d:c8:6b:f3:9b:
         af:d1:6d:5e:d7:62:31:cd:9b:15:a6:4f:20:d8:11:d9:16:d9:
         4a:93:f0:31:a7:2f:7d:90:33:43:99:9b:7f:6d:af:47:e8:2b:
         89:92:19:3c:8f:cf:79:5f:0c:ff:03:bf:27:55:65:05:ac:2c:
         65:5d:81:2f:7a:a6:44:1d:0a:c5:4c:2e:39:30:61:37:03:7f:
         73:cc:fc:ea:e1:92:38:23:dc:f3:b2:6f:be:8f:c3:34:2f:b0:
         d9:52:63:f1:0c:69:21:e7:31:3f:c4:d3:56:b3:5d:0d:60:8a:
         42:c8:f4:e2:37:fc:2e:1d:0a:11:26:0e:b7:b0:f5:56:47:2d:
         cf:a2:53:69:c9:29:80:72:f8:ad:55:7a:58:c7:96:d5:2a:38:
         5e:e8:9e:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYc3q7vht9HvAko/NrdmVWwIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjMwMzMxMTIzNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTczNTg0ODU2YjM1OWNhNjc0NmFhNjg0MDdiODc0NjY5M2I4MTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3pWCtFs3hDXFydRwEX4wdWlG14H
Oqq70VVv+W57Yklm6YDJyc1fjuEkIO6kkTqz5K0gFNTn3LdKzzT5p5tZhAhzP0Im
ZoCfKu7J93PVYHzwJ9h1TYdCe4U+lqGP0b0INIz/sG91m9k+LCoKWYMo8u9x2rzL
GiBubCFWNPh055Yu4jBwfctF8kS8jq3hE0Tek3gAiUxlLx2XyzABZi4W2Vep2WEE
7Pabky0lUvTou9dAZdCj/ntPrcZXaFTODOcuYYHntS71ec67hjVoONac9fIybmUN
LSgT9hwkopbarK3APPhfLSCv2ZKT/oIdzbwaH3grvO9w/anUbML2Lz1DBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLVzWEhWs1nKZ0aqaEB7h0ZpO4FLMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvdFhOWVNGYXpXY3BuUnFwb1FIdUhSbWs3Z1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUR2TAwQA
UR2dMA0GCSqGSIb3DQEBCwUAA4IBAQB4CkAV8LpJjOKSTb3gR6SLUA3zGTyuAwnu
TEenOAqxWcAwqGhwtQYeJ5hzvJKgy83u9/CJtmc5okAR86ipGSNHp6jZSmedZCD+
1s4FCTKOwNPAGFQ1PKtQ3iKFSv8oIo547III3KT+Hchr85uv0W1e12IxzZsVpk8g
2BHZFtlKk/Axpy99kDNDmZt/ba9H6CuJkhk8j895Xwz/A78nVWUFrCxlXYEveqZE
HQrFTC45MGE3A39zzPzq4ZI4I9zzsm++j8M0L7DZUmPxDGkh5zE/xNNWs10NYIpC
yPTiN/wuHQoRJg63sPVWRy3PolNpySmAcvitVXpYx5bVKjhe6J4X
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:40 2024 by rpki-client on console-fra.rpki-client.org