Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/14WS9nPsiD2k6lvBwYdfi9z6WCE.roa
File:                     14WS9nPsiD2k6lvBwYdfi9z6WCE.roa (raw, json)
Hash identifier:          5MuWDJOc67T40g8B5HtZygNerJ7cH3S2ALpIz6K1io0=
Subject key identifier:   D7:85:92:F6:73:EC:88:3D:A4:EA:5B:C1:C1:87:5F:8B:DC:FA:58:21
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E6007C330055947738265D1F85AC3ACAA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/14WS9nPsiD2k6lvBwYdfi9z6WCE.roa
Signing time:             Thu 21 Mar 2024 08:01:45 +0000
ROA not before:           Thu 21 Mar 2024 08:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        89.213.218.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 11:47:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:07:c3:30:05:59:47:73:82:65:d1:f8:5a:c3:ac:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 21 08:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d78592f673ec883da4ea5bc1c1875f8bdcfa5821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:76:27:89:85:2f:04:4f:68:ae:38:83:f0:45:
                    fa:d1:9e:de:b4:89:2d:10:8b:ce:33:ab:32:e7:f3:
                    c3:4a:ba:fd:c3:41:7e:db:00:4f:6e:6c:3a:c4:47:
                    0d:ea:75:00:7d:df:2f:1c:ec:86:79:4e:c4:ff:40:
                    4b:6a:d2:3e:6f:eb:1b:de:8a:de:0a:ec:5e:5f:d8:
                    2a:ab:a0:5c:ea:5a:f3:2d:88:cc:88:0e:db:0f:c5:
                    52:16:b0:03:58:a1:9f:70:f1:74:12:5c:91:f1:77:
                    e8:3c:b1:56:bf:cd:f6:c9:f9:75:56:9a:49:f0:b1:
                    88:20:b5:b5:6e:7c:06:69:10:9e:de:0c:7c:2a:b0:
                    ee:4c:ab:49:58:c3:2c:7c:65:ad:b4:c6:0f:b9:07:
                    cf:c5:f5:33:df:d4:fb:25:01:de:d8:0a:95:ba:29:
                    6e:53:94:d6:15:d2:ca:61:a1:f8:45:7f:c7:12:b7:
                    8a:3d:99:c4:4b:b5:da:e5:7a:2a:98:d1:f4:26:7f:
                    66:8a:aa:1d:14:c5:f7:97:82:1f:b7:ee:e5:b0:f3:
                    99:4a:17:2f:72:98:52:f0:5e:08:41:63:58:0d:37:
                    7f:37:99:98:10:92:7f:09:3e:f3:d5:dd:1d:da:a0:
                    6b:73:bd:12:7c:0e:d6:2e:bd:99:f1:eb:b9:76:82:
                    13:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:85:92:F6:73:EC:88:3D:A4:EA:5B:C1:C1:87:5F:8B:DC:FA:58:21
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/14WS9nPsiD2k6lvBwYdfi9z6WCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:64:dc:94:ca:13:0d:6c:5b:a4:7b:74:be:23:d4:bd:e5:f0:
         4a:b6:e9:78:23:25:78:6f:6c:eb:00:bd:53:47:f2:9a:26:e6:
         3c:b4:7d:42:d1:d8:9d:5b:5a:36:82:fa:4c:88:f3:2d:2e:61:
         a0:33:a5:01:ac:d3:02:45:b8:3d:df:62:8f:5f:f9:c7:09:41:
         90:85:e4:0c:bc:a3:40:4f:b3:fa:2a:db:97:81:9a:9b:6c:35:
         6f:6b:c6:cb:a4:cb:19:ab:bc:eb:b5:de:19:2b:96:68:53:a9:
         76:a5:ea:a8:fe:4d:d3:6b:a1:6d:44:46:b2:d1:e3:a2:93:26:
         c3:cd:9f:e8:99:c5:75:4d:b3:03:8e:5d:79:1e:ca:12:b1:ab:
         3f:9c:41:47:f9:46:09:ea:4b:f7:26:cd:b6:5a:e2:6f:27:5a:
         df:9d:5b:e7:8c:78:1b:54:9a:d0:f8:a2:a6:36:1b:cd:f8:d5:
         df:f6:3a:3f:ec:6b:73:15:0f:3f:45:5d:cc:38:b1:f0:d6:8d:
         30:2b:18:6d:08:69:5f:a2:1d:ed:b8:45:88:10:84:0d:cf:9c:
         b4:84:4b:56:2a:3b:c8:50:3a:36:19:29:bb:92:49:0c:12:5a:
         62:4c:3f:f9:32:15:e5:e5:fd:d1:4f:d5:81:c2:5b:20:9d:83:
         82:45:6d:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5gB8MwBVlHc4Jl0fhaw6yqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzIxMDgwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzg1OTJmNjczZWM4ODNkYTRlYTViYzFjMTg3NWY4YmRjZmE1ODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnYniYUvBE9orjiD8EX60Z7etIkt
EIvOM6sy5/PDSrr9w0F+2wBPbmw6xEcN6nUAfd8vHOyGeU7E/0BLatI+b+sb3ore
CuxeX9gqq6Bc6lrzLYjMiA7bD8VSFrADWKGfcPF0ElyR8XfoPLFWv832yfl1VppJ
8LGIILW1bnwGaRCe3gx8KrDuTKtJWMMsfGWttMYPuQfPxfUz39T7JQHe2AqVuilu
U5TWFdLKYaH4RX/HEreKPZnES7Xa5XoqmNH0Jn9miqodFMX3l4Ift+7lsPOZShcv
cphS8F4IQWNYDTd/N5mYEJJ/CT7z1d0d2qBrc70SfA7WLr2Z8eu5doITgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNeFkvZz7Ig9pOpbwcGHX4vc+lghMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMTRXUzluUHNpRDJrNmx2QndZZGZpOXo2V0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXaMA0G
CSqGSIb3DQEBCwUAA4IBAQCLZNyUyhMNbFuke3S+I9S95fBKtul4IyV4b2zrAL1T
R/KaJuY8tH1C0didW1o2gvpMiPMtLmGgM6UBrNMCRbg932KPX/nHCUGQheQMvKNA
T7P6KtuXgZqbbDVva8bLpMsZq7zrtd4ZK5ZoU6l2peqo/k3Ta6FtREay0eOikybD
zZ/omcV1TbMDjl15HsoSsas/nEFH+UYJ6kv3Js22WuJvJ1rfnVvnjHgbVJrQ+KKm
NhvN+NXf9jo/7GtzFQ8/RV3MOLHw1o0wKxhtCGlfoh3tuEWIEIQNz5y0hEtWKjvI
UDo2GSm7kkkMElpiTD/5MhXl5f3RT9WBwlsgnYOCRW3A
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:19 2024 by rpki-client on console-ams.rpki-client.org