Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/01fvmvkGKfz7qIV2DxlTmUygNF4.roa
File:                     01fvmvkGKfz7qIV2DxlTmUygNF4.roa (raw, json)
Hash identifier:          XWCPJyZRWJyaV6R+Do5xkHqLJaXDUOvHej5tqQqU5rA=
Subject key identifier:   D3:57:EF:9A:F9:06:29:FC:FB:A8:85:76:0F:19:53:99:4C:A0:34:5E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EBDF5E61281EDD125604511DFD26492D4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/01fvmvkGKfz7qIV2DxlTmUygNF4.roa
Signing time:             Mon 08 Apr 2024 13:46:32 +0000
ROA not before:           Mon 08 Apr 2024 13:46:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        109.176.204.0/22 maxlen: 22
                          213.210.52.0/22 maxlen: 22
                          217.145.72.0/21 maxlen: 22

Validation:               Failed, certificate revoked on Wed 10 Apr 2024 07:48:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:f5:e6:12:81:ed:d1:25:60:45:11:df:d2:64:92:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  8 13:46:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d357ef9af90629fcfba885760f1953994ca0345e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:a1:da:31:40:69:d1:9c:26:98:b7:0d:4b:8c:
                    60:01:b7:4b:65:4a:e7:9e:ab:03:c7:83:7e:eb:3a:
                    ff:c7:70:cd:e8:bc:1b:4d:08:1f:e9:09:c0:7a:34:
                    ef:81:72:51:4b:25:23:74:27:b8:ff:0d:ee:4a:10:
                    a6:82:b0:80:ab:62:0f:1a:d2:81:93:c6:20:26:c5:
                    5e:7f:e6:f4:52:f4:e8:69:14:08:d4:1a:5a:75:b8:
                    ab:12:cb:54:8f:36:ba:7d:08:37:12:73:0b:a3:56:
                    d3:4e:c5:1f:17:e2:8d:0f:e3:91:fa:47:9e:01:4a:
                    2d:45:4d:ae:ff:78:14:41:4a:eb:f1:28:8d:11:33:
                    2f:00:94:c4:05:29:dd:7e:3c:1e:6f:08:0b:6f:8b:
                    f6:8f:d2:b6:d2:32:a7:bd:67:82:49:72:bb:24:30:
                    4d:7b:9d:eb:96:2e:68:12:f2:db:a7:69:86:c3:35:
                    87:e0:c9:e8:09:0f:27:15:d6:f2:65:cb:3f:11:56:
                    e2:2d:1b:83:d8:6c:3d:1b:12:43:82:a2:59:d9:f5:
                    c8:1e:69:bd:24:c8:10:7c:7f:89:9e:2e:5f:f2:b7:
                    86:d3:70:26:70:76:e8:63:45:b5:fc:32:23:e5:81:
                    73:88:da:98:80:22:f7:0c:61:35:54:56:25:b3:26:
                    95:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:57:EF:9A:F9:06:29:FC:FB:A8:85:76:0F:19:53:99:4C:A0:34:5E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/01fvmvkGKfz7qIV2DxlTmUygNF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.204.0/22
                  213.210.52.0/22
                  217.145.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:57:03:db:f0:8e:f0:ba:65:f4:37:ed:6e:06:80:9d:3f:7e:
         de:57:87:b2:8a:fa:44:49:32:35:80:a3:0a:d3:0f:e7:25:d5:
         8b:c1:2e:78:22:7b:9d:c9:6f:7f:cb:68:0d:c5:4c:3f:ac:ca:
         6d:bb:62:ae:85:01:e8:c9:0e:e0:b6:48:83:fa:e5:04:1f:b8:
         29:3d:2f:b3:66:81:b2:a1:9e:e2:0a:9b:3b:c3:15:07:75:c5:
         8b:09:d7:08:41:5e:78:a0:a9:8b:9a:4f:8e:12:95:80:a3:50:
         6e:31:8c:45:40:23:20:17:bd:8a:de:75:dc:f4:29:92:11:45:
         ce:f6:a4:67:63:98:16:ad:5e:80:36:4c:45:a4:e4:d5:9d:8b:
         c7:70:62:99:82:b1:a4:95:46:cb:b9:4a:e2:84:9b:67:90:5f:
         82:90:55:90:e7:af:46:fe:80:07:c0:a1:e7:b2:69:66:9a:70:
         c8:4e:b8:49:0a:09:69:e2:9a:95:13:f0:a0:19:31:1b:05:77:
         fa:3c:12:8f:37:2b:ca:3e:15:12:34:e0:b2:07:f2:c7:b6:7f:
         87:fc:6f:e2:69:01:65:33:5c:08:de:42:cf:e7:fd:8e:cb:87:
         90:52:ac:ef:29:9e:a1:25:9d:49:21:c1:d3:f9:20:a2:a5:ad:
         17:27:59:62
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY699eYSge3RJWBFEd/SZJLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDA4MTM0NjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzU3ZWY5YWY5MDYyOWZjZmJhODg1NzYwZjE5NTM5OTRjYTAzNDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA66HaMUBp0ZwmmLcNS4xgAbdLZUrn
nqsDx4N+6zr/x3DN6LwbTQgf6QnAejTvgXJRSyUjdCe4/w3uShCmgrCAq2IPGtKB
k8YgJsVef+b0UvToaRQI1BpadbirEstUjza6fQg3EnMLo1bTTsUfF+KND+OR+kee
AUotRU2u/3gUQUrr8SiNETMvAJTEBSndfjwebwgLb4v2j9K20jKnvWeCSXK7JDBN
e53rli5oEvLbp2mGwzWH4MnoCQ8nFdbyZcs/EVbiLRuD2Gw9GxJDgqJZ2fXIHmm9
JMgQfH+Jni5f8reG03AmcHboY0W1/DIj5YFziNqYgCL3DGE1VFYlsyaVRQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNNX75r5Bin8+6iFdg8ZU5lMoDReMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMDFmdm12a0dLZno3cUlWMkR4bFRtVXlnTkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCbbDMAwQC
1dI0AwQD2ZFIMA0GCSqGSIb3DQEBCwUAA4IBAQB3VwPb8I7wumX0N+1uBoCdP37e
V4eyivpESTI1gKMK0w/nJdWLwS54InudyW9/y2gNxUw/rMptu2KuhQHoyQ7gtkiD
+uUEH7gpPS+zZoGyoZ7iCps7wxUHdcWLCdcIQV54oKmLmk+OEpWAo1BuMYxFQCMg
F72K3nXc9CmSEUXO9qRnY5gWrV6ANkxFpOTVnYvHcGKZgrGklUbLuUrihJtnkF+C
kFWQ569G/oAHwKHnsmlmmnDITrhJCglp4pqVE/CgGTEbBXf6PBKPNyvKPhUSNOCy
B/LHtn+H/G/iaQFlM1wI3kLP5/2Oy4eQUqzvKZ6hJZ1JIcHT+SCipa0XJ1li
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:19 2024 by rpki-client on console-ams.rpki-client.org