Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATjn2RWIngK-cdefTPhvXG7IjbU.roa
File:                     ATjn2RWIngK-cdefTPhvXG7IjbU.roa (raw, json)
Hash identifier:          JJeR48CtxXkk8YFvhueoXKRfJO05+tQfW+8CgfAy/qg=
Subject key identifier:   01:38:E7:D9:15:88:9E:02:BE:71:D7:9F:4C:F8:6F:5C:6E:C8:8D:B5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E961D47D41931188F7876849749962EA3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATjn2RWIngK-cdefTPhvXG7IjbU.roa
Signing time:             Sun 31 Mar 2024 20:04:45 +0000
ROA not before:           Sun 31 Mar 2024 20:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        80.240.84.0/24 maxlen: 24
                          81.5.189.0/24 maxlen: 24
                          82.152.49.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          213.130.138.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 Apr 2024 07:30:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:96:1d:47:d4:19:31:18:8f:78:76:84:97:49:96:2e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 31 20:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0138e7d915889e02be71d79f4cf86f5c6ec88db5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:83:2e:57:89:92:d5:02:4c:c7:f1:00:9f:38:
                    46:5c:03:b4:4e:cf:53:9d:40:87:a4:22:1c:63:1e:
                    2c:f7:37:9e:62:4a:dd:6a:83:10:24:9b:b9:3f:ed:
                    1d:5d:22:c0:09:33:ad:c3:d5:fa:c7:06:b9:64:85:
                    9d:ee:9c:35:7d:fd:d4:09:94:59:f8:5c:53:7c:20:
                    5c:1d:25:ce:98:ab:24:29:92:fc:e2:5d:13:7b:aa:
                    ae:de:91:75:eb:9e:8b:6d:e2:b5:dd:e8:84:8a:20:
                    37:4f:ab:6f:23:9e:54:ed:5b:88:99:f0:a4:39:74:
                    5e:90:55:d1:37:1f:ea:fd:07:6a:c6:59:5b:8f:e1:
                    f8:73:70:db:2b:6f:9a:1f:f7:96:ad:88:df:78:f1:
                    79:34:e8:be:b2:7c:c1:9e:10:b9:9c:bf:3a:35:c8:
                    33:c5:58:3c:aa:3f:9d:63:67:9a:d1:bc:87:b3:4d:
                    54:83:0b:de:5f:10:45:04:bf:ac:25:8a:17:78:41:
                    c2:b7:e1:52:14:f3:4b:6e:97:ce:19:e9:9e:26:27:
                    39:bb:34:7c:90:af:32:50:08:96:65:8c:45:eb:a3:
                    49:11:8e:bb:a6:13:d6:72:0b:27:d2:3f:59:89:28:
                    49:4b:28:f2:f6:cd:ce:81:dd:ed:9a:8a:b6:53:b4:
                    be:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:38:E7:D9:15:88:9E:02:BE:71:D7:9F:4C:F8:6F:5C:6E:C8:8D:B5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATjn2RWIngK-cdefTPhvXG7IjbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.84.0/24
                  81.5.189.0/24
                  82.152.49.0/24
                  82.153.65.0/24
                  89.213.152.0/24
                  89.213.176.0/24
                  89.213.183.0/24
                  213.130.138.0/24
                  213.130.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:24:99:49:e1:30:3e:83:b1:d5:44:e1:96:d0:de:18:85:3b:
         b4:39:63:de:38:af:a7:50:89:5e:3d:9f:77:28:8a:4b:ae:9f:
         eb:d3:5a:62:86:36:93:45:20:9b:4a:ea:45:e9:fa:46:6e:19:
         92:0a:77:e8:41:6b:5b:b3:39:01:18:4e:1a:83:4f:97:7a:43:
         26:47:50:0f:ae:87:89:9c:94:bd:c8:b7:4e:7d:20:f6:fd:56:
         a4:3a:74:01:fc:7e:0d:9f:b1:66:47:15:69:58:13:ef:94:37:
         d7:0f:78:fe:39:66:c2:90:ac:64:27:39:19:86:57:39:40:ca:
         cd:16:3c:26:50:da:44:3a:21:55:bb:d2:aa:34:94:02:20:91:
         a0:69:7e:ef:72:99:10:cb:9d:fd:a8:4a:f5:79:fb:8f:60:8f:
         bd:6c:d4:22:9f:cc:45:46:ba:9b:c2:f9:41:1f:1e:55:04:59:
         57:13:82:fd:30:9d:09:59:33:2a:66:3e:cf:c0:80:8c:f7:4d:
         19:35:69:bb:c2:86:6a:fa:c5:93:a8:23:62:05:33:67:98:da:
         53:6d:5d:88:84:c3:70:c1:01:47:fc:ed:2e:b7:35:04:8d:1c:
         d2:a4:3a:47:d5:7e:c8:d5:55:0c:ad:41:17:1b:6c:a1:74:c6:
         1a:43:f4:fb
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY6WHUfUGTEYj3h2hJdJli6jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzMxMjAwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTM4ZTdkOTE1ODg5ZTAyYmU3MWQ3OWY0Y2Y4NmY1YzZlYzg4ZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oMuV4mS1QJMx/EAnzhGXAO0Ts9T
nUCHpCIcYx4s9zeeYkrdaoMQJJu5P+0dXSLACTOtw9X6xwa5ZIWd7pw1ff3UCZRZ
+FxTfCBcHSXOmKskKZL84l0Te6qu3pF1656LbeK13eiEiiA3T6tvI55U7VuImfCk
OXRekFXRNx/q/Qdqxllbj+H4c3DbK2+aH/eWrYjfePF5NOi+snzBnhC5nL86Ncgz
xVg8qj+dY2ea0byHs01UgwveXxBFBL+sJYoXeEHCt+FSFPNLbpfOGemeJic5uzR8
kK8yUAiWZYxF66NJEY67phPWcgsn0j9ZiShJSyjy9s3Ogd3tmoq2U7S+EwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAE459kViJ4CvnHXn0z4b1xuyI21MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQVRqbjJSV0luZ0stY2RlZlRQaHZYRzdJamJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUPBUAwQA
UQW9AwQAUpgxAwQAUplBAwQAWdWYAwQAWdWwAwQAWdW3AwQA1YKKAwQA1YKVMA0G
CSqGSIb3DQEBCwUAA4IBAQBzJJlJ4TA+g7HVROGW0N4YhTu0OWPeOK+nUIlePZ93
KIpLrp/r01pihjaTRSCbSupF6fpGbhmSCnfoQWtbszkBGE4ag0+XekMmR1AProeJ
nJS9yLdOfSD2/VakOnQB/H4Nn7FmRxVpWBPvlDfXD3j+OWbCkKxkJzkZhlc5QMrN
FjwmUNpEOiFVu9KqNJQCIJGgaX7vcpkQy539qEr1efuPYI+9bNQin8xFRrqbwvlB
Hx5VBFlXE4L9MJ0JWTMqZj7PwICM900ZNWm7woZq+sWTqCNiBTNnmNpTbV2IhMNw
wQFH/O0utzUEjRzSpDpH1X7I1VUMrUEXG2yhdMYaQ/T7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:20 2024 by rpki-client on console-ams.rpki-client.org