Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATYhs4DO0LhWwFmt8cg9atIdqPM.roa
File:                     ATYhs4DO0LhWwFmt8cg9atIdqPM.roa (raw, json)
Hash identifier:          kiRjVsm7Ed+uSW9alwc1T60SDR6XB9dshe7zu0Td+x0=
Subject key identifier:   01:36:21:B3:80:CE:D0:B8:56:C0:59:AD:F1:C8:3D:6A:D2:1D:A8:F3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E7553BA296E8CE68260B6F73374F71D2D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATYhs4DO0LhWwFmt8cg9atIdqPM.roa
Signing time:             Mon 25 Mar 2024 11:16:45 +0000
ROA not before:           Mon 25 Mar 2024 11:16:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.223.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 30 Mar 2024 19:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:53:ba:29:6e:8c:e6:82:60:b6:f7:33:74:f7:1d:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 11:16:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=013621b380ced0b856c059adf1c83d6ad21da8f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a8:8f:3d:fd:84:48:a4:86:44:0c:52:d0:11:
                    a7:11:b6:ab:93:28:04:99:ef:73:a7:1e:dc:f7:6a:
                    cc:fa:4c:27:0b:07:03:17:61:91:f8:9c:83:38:08:
                    fa:0e:97:46:92:aa:d1:97:4f:d1:14:0f:32:a1:eb:
                    a6:b0:fe:3e:8f:be:e0:15:5f:c0:cb:3f:d8:ce:b2:
                    0e:17:85:16:69:86:50:f2:c8:fa:ef:12:05:f2:2a:
                    93:09:6a:34:f2:b6:7c:5e:7c:94:68:34:73:29:94:
                    e8:e1:22:53:36:90:84:45:0e:d5:69:e3:4c:3b:3f:
                    f6:1b:9a:78:5c:f9:ec:c1:61:d7:7b:19:05:96:4a:
                    c5:72:0f:80:0e:be:19:a8:2c:e7:5f:19:71:18:d1:
                    9e:7f:58:4e:74:75:d6:c2:17:6e:c4:37:01:36:dd:
                    c8:d5:c6:61:de:d0:67:26:b9:56:d9:3f:57:69:a6:
                    ec:9b:00:a6:f9:07:1a:81:39:b3:45:48:2a:d3:d5:
                    89:15:9b:b5:a2:38:c2:dc:8d:49:cb:ee:3a:2a:1c:
                    35:24:a5:01:9a:df:62:1c:86:d3:48:b3:1f:2d:1b:
                    d7:b9:44:9b:b1:ba:bb:39:45:50:9f:cd:a5:29:e6:
                    02:7f:88:be:75:0b:72:6b:4d:2d:8f:b6:3d:69:46:
                    6b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:36:21:B3:80:CE:D0:B8:56:C0:59:AD:F1:C8:3D:6A:D2:1D:A8:F3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATYhs4DO0LhWwFmt8cg9atIdqPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.223.0/24
                  89.213.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:d8:c4:4b:b9:b1:34:de:75:bf:d8:6e:4e:af:9e:a3:15:57:
         2e:bc:bd:39:53:4e:5f:53:be:82:f6:26:e1:96:cf:d6:8c:73:
         74:9c:75:5a:79:83:dc:85:c6:89:1d:47:f7:06:70:2e:a4:db:
         b5:0a:c5:b1:f7:43:bc:2a:b0:3b:4a:f4:7b:4b:03:4c:75:34:
         a7:2e:56:73:96:37:16:a0:51:81:7b:65:50:ea:51:93:4e:cd:
         62:33:8b:67:d9:46:c0:40:d6:e5:23:43:ef:3d:05:28:b1:bb:
         29:62:4a:54:3e:bd:2b:dd:6a:bb:4a:24:56:61:0f:46:90:5c:
         d6:6f:a7:0b:7c:29:0d:41:e1:6f:bd:0c:d6:6a:ef:d0:4f:19:
         f6:ea:35:31:29:47:a9:ec:96:f8:6a:e6:b6:c5:2d:0c:64:9b:
         a7:4e:96:fd:10:9c:30:c8:8e:4b:7c:18:3a:bd:68:3b:57:da:
         6c:e0:04:b5:bf:48:05:62:7d:f8:30:1d:2e:b3:fd:f7:6d:0c:
         26:42:95:1a:a3:23:58:d9:38:98:69:d1:bc:eb:17:44:ad:e0:
         2c:dc:ee:42:bb:29:fa:4e:9c:ed:69:c8:79:ea:e7:e7:bb:a9:
         d5:8a:8d:4b:4c:2f:2f:0e:1c:56:d4:c5:df:4b:4a:6f:8b:e1:
         48:87:85:f5
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY51U7opbozmgmC29zN09x0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI1MTExNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTM2MjFiMzgwY2VkMGI4NTZjMDU5YWRmMWM4M2Q2YWQyMWRhOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6iPPf2ESKSGRAxS0BGnEbarkygE
me9zpx7c92rM+kwnCwcDF2GR+JyDOAj6DpdGkqrRl0/RFA8yoeumsP4+j77gFV/A
yz/YzrIOF4UWaYZQ8sj67xIF8iqTCWo08rZ8XnyUaDRzKZTo4SJTNpCERQ7VaeNM
Oz/2G5p4XPnswWHXexkFlkrFcg+ADr4ZqCznXxlxGNGef1hOdHXWwhduxDcBNt3I
1cZh3tBnJrlW2T9XaabsmwCm+QcagTmzRUgq09WJFZu1ojjC3I1Jy+46Khw1JKUB
mt9iHIbTSLMfLRvXuUSbsbq7OUVQn82lKeYCf4i+dQtya00tj7Y9aUZrNQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFAE2IbOAztC4VsBZrfHIPWrSHajzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQVRZaHM0RE8wTGhXd0ZtdDhjZzlhdElkcVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAWdVrMAwD
BARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0DBABZ1d8DBABZ1eMwDQYJKoZI
hvcNAQELBQADggEBAALYxEu5sTTedb/Ybk6vnqMVVy68vTlTTl9TvoL2JuGWz9aM
c3ScdVp5g9yFxokdR/cGcC6k27UKxbH3Q7wqsDtK9HtLA0x1NKcuVnOWNxagUYF7
ZVDqUZNOzWIzi2fZRsBA1uUjQ+89BSixuyliSlQ+vSvdartKJFZhD0aQXNZvpwt8
KQ1B4W+9DNZq79BPGfbqNTEpR6nslvhq5rbFLQxkm6dOlv0QnDDIjkt8GDq9aDtX
2mzgBLW/SAViffgwHS6z/fdtDCZClRqjI1jZOJhp0bzrF0St4Czc7kK7KfpOnO1p
yHnq5+e7qdWKjUtMLy8OHFbUxd9LSm+L4UiHhfU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:20 2024 by rpki-client on console-ams.rpki-client.org