Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AFT8a9UWefr3gp3mV9DGnZrhpsg.roa
File:                     AFT8a9UWefr3gp3mV9DGnZrhpsg.roa (raw, json)
Hash identifier:          uWl6bPgE2A13Wgt7SXGY3uQ7wPFig6cX3lvZ+d93+2g=
Subject key identifier:   00:54:FC:6B:D5:16:79:FA:F7:82:9D:E6:57:D0:C6:9D:9A:E1:A6:C8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3494E8F836E38162D9BAACB221D1507
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AFT8a9UWefr3gp3mV9DGnZrhpsg.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        89.213.173.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 22 Jan 2024 10:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4e:8f:83:6e:38:16:2d:9b:aa:cb:22:1d:15:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0054fc6bd51679faf7829de657d0c69d9ae1a6c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c9:7e:4f:29:b9:72:69:c2:01:ad:b8:15:10:
                    fd:7b:b7:f5:e7:7c:1f:1e:12:09:55:4b:ee:61:97:
                    0c:00:3e:f4:bf:39:a0:ce:2c:a9:c6:8f:c5:ab:f0:
                    c1:fa:d6:38:b8:d7:d7:72:c9:f0:ac:7b:15:d4:9e:
                    2e:86:f4:02:43:19:3c:8a:19:74:4e:75:5a:18:3e:
                    9d:ec:71:b7:ea:82:8c:d5:57:64:15:40:86:a9:d3:
                    ad:76:4d:22:b2:11:f0:c4:da:f1:40:ff:4e:c4:c5:
                    37:b4:f9:c5:76:ae:6e:df:ba:4b:a3:d9:fc:44:49:
                    46:49:57:5f:fd:84:6c:61:ef:47:7d:64:5d:b1:19:
                    9f:bc:2c:68:26:16:1c:77:fe:4d:e6:18:b3:b2:c4:
                    34:d7:a7:b3:64:54:0f:b7:77:41:c9:aa:ce:c0:30:
                    0c:13:0d:f5:a3:2d:b2:c6:08:e4:21:be:d2:50:c4:
                    91:30:17:37:ad:81:6b:0b:cf:fa:a7:85:48:da:d7:
                    b9:23:f6:ed:fe:d6:b0:74:c6:09:15:be:a8:89:22:
                    a5:d3:e4:26:a8:07:21:05:76:bb:7f:b9:be:92:91:
                    b5:ef:79:20:ca:76:35:93:e7:fb:42:7b:a0:36:62:
                    3d:ab:b2:c5:0c:63:b7:ea:06:e0:07:eb:64:1f:71:
                    2a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:54:FC:6B:D5:16:79:FA:F7:82:9D:E6:57:D0:C6:9D:9A:E1:A6:C8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AFT8a9UWefr3gp3mV9DGnZrhpsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:ef:24:27:c0:be:9a:a1:9d:8a:3b:65:7d:48:4f:a9:7a:4e:
         87:a8:ae:7a:a7:e4:85:bd:24:00:f4:68:3b:70:5f:10:60:2d:
         39:ad:ea:76:28:41:e8:eb:27:b7:d3:fe:cb:40:b3:f9:95:1b:
         43:15:3b:1f:49:d3:d2:7d:ba:bd:00:65:f0:3b:78:b7:e9:26:
         52:fb:fd:b4:c4:ce:9f:33:3e:fc:f6:3a:5f:8f:96:74:6f:b0:
         7c:d7:db:e0:27:fe:ab:c1:14:a8:dc:5a:b9:bf:34:97:0e:2c:
         5b:b8:1f:48:1e:6e:a5:26:b2:97:f3:fb:c6:b3:be:14:e2:e0:
         ac:35:1f:4c:0a:73:03:0a:db:00:4d:fb:1e:33:62:00:ea:22:
         4e:35:3d:ee:22:c9:33:91:74:9f:45:4c:bd:dc:93:41:22:0d:
         5a:8a:aa:10:b8:72:ea:52:c2:fc:79:b0:5c:76:ae:64:44:1a:
         36:67:6c:ea:3b:52:24:84:13:0a:1f:8b:54:06:2b:8c:c6:11:
         4d:e6:21:f3:b0:f5:fe:d5:5e:0a:87:52:75:e8:cd:5a:62:77:
         e7:eb:e3:9f:75:dd:25:ee:0e:0a:14:4e:55:32:8a:8d:ab:47:
         7a:89:78:de:50:66:fd:82:19:7b:72:79:de:56:26:e4:af:6a:
         d2:b7:1b:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSU6Pg244Fi2bqssiHRUHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU0ZmM2YmQ1MTY3OWZhZjc4MjlkZTY1N2QwYzY5ZDlhZTFhNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMl+Tym5cmnCAa24FRD9e7f153wf
HhIJVUvuYZcMAD70vzmgziypxo/Fq/DB+tY4uNfXcsnwrHsV1J4uhvQCQxk8ihl0
TnVaGD6d7HG36oKM1VdkFUCGqdOtdk0ishHwxNrxQP9OxMU3tPnFdq5u37pLo9n8
RElGSVdf/YRsYe9HfWRdsRmfvCxoJhYcd/5N5hizssQ016ezZFQPt3dByarOwDAM
Ew31oy2yxgjkIb7SUMSRMBc3rYFrC8/6p4VI2te5I/bt/tawdMYJFb6oiSKl0+Qm
qAchBXa7f7m+kpG173kgynY1k+f7QnugNmI9q7LFDGO36gbgB+tkH3EqQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABU/GvVFnn694Kd5lfQxp2a4abIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQUZUOGE5VVdlZnIzZ3AzbVY5REduWnJocHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdWsMA0G
CSqGSIb3DQEBCwUAA4IBAQAp7yQnwL6aoZ2KO2V9SE+pek6HqK56p+SFvSQA9Gg7
cF8QYC05rep2KEHo6ye30/7LQLP5lRtDFTsfSdPSfbq9AGXwO3i36SZS+/20xM6f
Mz789jpfj5Z0b7B819vgJ/6rwRSo3Fq5vzSXDixbuB9IHm6lJrKX8/vGs74U4uCs
NR9MCnMDCtsATfseM2IA6iJONT3uIskzkXSfRUy93JNBIg1aiqoQuHLqUsL8ebBc
dq5kRBo2Z2zqO1IkhBMKH4tUBiuMxhFN5iHzsPX+1V4Kh1J16M1aYnfn6+Ofdd0l
7g4KFE5VMoqNq0d6iXjeUGb9ghl7cnneVibkr2rStxt1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org