Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/HZX1TJ6_cOLNBOnObNEl6DwHm8g.roa
File:                     HZX1TJ6_cOLNBOnObNEl6DwHm8g.roa (raw, json)
Hash identifier:          4QNB6CYa0oFHaloEnoxNwPpRHmLBm69z4vislTJcRxg=
Subject key identifier:   1D:95:F5:4C:9E:BF:70:E2:CD:04:E9:CE:6C:D1:25:E8:3C:07:9B:C8
Certificate issuer:       /CN=fd89b349c84fc7b3412a52d65ff260d2cc289ab9
Certificate serial:       01856D81A91A6089F90ED14C8F34EF801455
Authority key identifier: FD:89:B3:49:C8:4F:C7:B3:41:2A:52:D6:5F:F2:60:D2:CC:28:9A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_YmzSchPx7NBKlLWX_Jg0swomrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/HZX1TJ6_cOLNBOnObNEl6DwHm8g.roa
Signing time:             Sun 01 Jan 2023 13:24:52 +0000
ROA not before:           Sun 01 Jan 2023 13:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20860
IP address blocks:        149.255.96.0/20 maxlen: 24
                          2a03:ca80::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:29:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:a9:1a:60:89:f9:0e:d1:4c:8f:34:ef:80:14:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd89b349c84fc7b3412a52d65ff260d2cc289ab9
        Validity
            Not Before: Jan  1 13:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d95f54c9ebf70e2cd04e9ce6cd125e83c079bc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:22:90:f9:23:87:56:ce:c4:4a:8b:1a:3e:65:
                    c4:b2:fa:3e:64:21:e9:8e:7b:e3:7c:50:e6:44:4d:
                    b7:19:f0:66:15:c0:00:be:ee:c1:6b:29:ec:be:82:
                    8b:e4:fa:d9:0e:95:27:61:f0:5b:5f:fe:62:76:82:
                    2d:1c:f9:c6:a8:0e:0c:c5:7e:53:4e:aa:c8:98:51:
                    ca:23:dd:ec:e8:47:92:74:cc:ff:24:12:21:f2:f8:
                    13:dd:d1:b4:af:8b:0f:78:07:e2:72:9d:2e:14:76:
                    9c:0d:a1:72:19:3d:6c:22:56:d7:57:f4:0a:fd:d2:
                    3d:6d:d8:26:d7:ca:b8:70:1c:e6:c0:49:10:49:19:
                    fe:4e:04:cb:4d:43:67:86:4b:a8:3a:80:ce:88:76:
                    ba:fc:4d:10:b5:10:3b:18:19:a3:c4:af:4b:8e:50:
                    e5:83:1a:46:fb:94:3b:38:fc:e1:03:cd:68:40:a9:
                    43:4e:06:8f:5c:45:c6:c7:50:f8:7c:b4:1e:e4:21:
                    8f:26:ca:9e:86:61:95:45:f1:a0:58:50:40:27:8e:
                    5b:6f:49:40:7d:80:d2:35:3f:2d:82:cc:36:bc:c4:
                    38:9b:57:fb:c9:85:6d:bf:44:2d:c4:37:87:04:b5:
                    83:0c:53:e1:e3:f8:16:6b:de:89:a2:11:c2:8f:82:
                    9f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:95:F5:4C:9E:BF:70:E2:CD:04:E9:CE:6C:D1:25:E8:3C:07:9B:C8
            X509v3 Authority Key Identifier:
                keyid:FD:89:B3:49:C8:4F:C7:B3:41:2A:52:D6:5F:F2:60:D2:CC:28:9A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_YmzSchPx7NBKlLWX_Jg0swomrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/HZX1TJ6_cOLNBOnObNEl6DwHm8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/ee714a-21ac-4386-82f5-e8176102c5ff/1/_YmzSchPx7NBKlLWX_Jg0swomrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.255.96.0/20
                IPv6:
                  2a03:ca80::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:60:48:8c:87:b8:a7:b7:b4:2c:c9:47:98:94:35:37:1d:06:
         1a:40:4b:d7:04:ec:73:c1:28:da:61:ba:24:e5:bf:29:ba:82:
         45:60:5b:b3:06:a0:b9:eb:3f:11:53:51:95:e5:19:0c:f2:21:
         b9:28:ed:0e:4a:08:7f:af:4d:aa:f5:0e:d4:23:3d:2c:4d:3e:
         76:9d:45:d0:3d:1d:31:c9:0a:9f:98:3a:3b:00:c1:56:81:7c:
         3b:60:01:43:d7:dc:11:67:8f:b3:2b:67:af:ce:6f:1d:94:f1:
         a5:14:ea:2d:6e:87:fe:f9:8e:5c:90:48:5d:f4:a9:a9:c8:85:
         e7:17:be:1d:4f:85:c3:c2:d1:00:f5:69:cf:e7:84:98:21:9b:
         a5:f7:e2:32:7d:f4:f4:8d:55:e7:8a:19:d6:d8:c5:d0:93:bd:
         1a:7a:95:3d:39:28:a3:74:76:a2:72:c5:ca:2f:73:91:c8:58:
         d7:c4:6e:90:03:d2:1e:0c:9a:98:f3:23:b7:04:9e:c8:67:b8:
         d5:2a:12:2f:5d:05:5c:0c:15:e7:9e:e1:87:36:96:16:7a:ef:
         a4:cb:b4:a8:d2:a8:55:6e:0c:4b:b4:b1:3f:e5:32:ba:59:45:
         49:88:90:6e:af:32:c9:13:6f:ba:10:d9:05:1f:0a:b9:54:ff:
         aa:24:3e:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtgakaYIn5DtFMjzTvgBRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkODliMzQ5Yzg0ZmM3YjM0MTJhNTJkNjVmZjI2MGQyY2My
ODlhYjkwHhcNMjMwMTAxMTMyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk1ZjU0YzllYmY3MGUyY2QwNGU5Y2U2Y2QxMjVlODNjMDc5YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriKQ+SOHVs7ESosaPmXEsvo+ZCHp
jnvjfFDmRE23GfBmFcAAvu7BaynsvoKL5PrZDpUnYfBbX/5idoItHPnGqA4MxX5T
TqrImFHKI93s6EeSdMz/JBIh8vgT3dG0r4sPeAficp0uFHacDaFyGT1sIlbXV/QK
/dI9bdgm18q4cBzmwEkQSRn+TgTLTUNnhkuoOoDOiHa6/E0QtRA7GBmjxK9LjlDl
gxpG+5Q7OPzhA81oQKlDTgaPXEXGx1D4fLQe5CGPJsqehmGVRfGgWFBAJ45bb0lA
fYDSNT8tgsw2vMQ4m1f7yYVtv0QtxDeHBLWDDFPh4/gWa96JohHCj4KflQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB2V9Uyev3DizQTpzmzRJeg8B5vIMB8GA1UdIwQY
MBaAFP2Js0nIT8ezQSpS1l/yYNLMKJq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1ltelNjaFB4N05CS2xMV1hfSmcwc3dvbXJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9lZTcxNGEtMjFhYy00Mzg2LTgyZjUt
ZTgxNzYxMDJjNWZmLzEvSFpYMVRKNl9jT0xOQk9uT2JORWw2RHdIbThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9lZTcxNGEtMjFhYy00Mzg2LTgyZjUtZTgxNzYxMDJjNWZm
LzEvX1ltelNjaFB4N05CS2xMV1hfSmcwc3dvbXJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQElf9gMA0E
AgACMAcDBQMqA8qAMA0GCSqGSIb3DQEBCwUAA4IBAQCXYEiMh7int7QsyUeYlDU3
HQYaQEvXBOxzwSjaYbok5b8puoJFYFuzBqC56z8RU1GV5RkM8iG5KO0OSgh/r02q
9Q7UIz0sTT52nUXQPR0xyQqfmDo7AMFWgXw7YAFD19wRZ4+zK2evzm8dlPGlFOot
bof++Y5ckEhd9KmpyIXnF74dT4XDwtEA9WnP54SYIZul9+IyffT0jVXnihnW2MXQ
k70aepU9OSijdHaicsXKL3ORyFjXxG6QA9IeDJqY8yO3BJ7IZ7jVKhIvXQVcDBXn
nuGHNpYWeu+ky7So0qhVbgxLtLE/5TK6WUVJiJBurzLJE2+6ENkFHwq5VP+qJD5A
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:08 2024 by rpki-client on console-ams.rpki-client.org