Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CGpyrNOwVQ4ONoir5FcOPBPiQV0.roa
File:                     CGpyrNOwVQ4ONoir5FcOPBPiQV0.roa (raw, json)
Hash identifier:          fP0cz5EqaZRCi2VN5sSbJTxr8/scaZLmCrH22BRjeCA=
Subject key identifier:   08:6A:72:AC:D3:B0:55:0E:0E:36:88:AB:E4:57:0E:3C:13:E2:41:5D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D1C70826A25CF207CD58B5B69E073AEBC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CGpyrNOwVQ4ONoir5FcOPBPiQV0.roa
Signing time:             Thu 18 Jan 2024 11:59:11 +0000
ROA not before:           Thu 18 Jan 2024 11:59:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216276
IP address blocks:        89.213.139.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 08:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:70:82:6a:25:cf:20:7c:d5:8b:5b:69:e0:73:ae:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 18 11:59:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=086a72acd3b0550e0e3688abe4570e3c13e2415d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5a:de:91:db:60:26:d1:98:2b:bb:a0:3e:d4:
                    59:70:0c:d3:b5:37:ca:e3:b5:e0:ec:c8:b7:02:53:
                    0c:05:e4:59:9d:80:6f:6d:25:40:1d:bc:ec:2c:5e:
                    70:c8:b6:16:e8:8c:40:a2:53:ab:2a:c6:e6:f9:30:
                    cc:2a:ae:51:40:af:4c:c5:89:69:ab:53:44:c1:59:
                    2f:22:55:c5:75:31:ed:50:33:06:e8:62:6b:6e:ad:
                    52:c8:66:2c:89:1e:eb:f1:8b:c3:83:4b:e6:59:c7:
                    a0:a7:a6:78:23:7b:66:8b:f8:a1:27:55:cd:18:bb:
                    01:29:67:d9:07:b2:94:56:98:b5:6f:1b:88:eb:d4:
                    1c:51:a0:56:96:1a:12:f9:d8:7e:3e:8d:e3:7d:a9:
                    1b:cd:93:4d:60:45:22:c2:c9:0d:e7:9e:d0:98:81:
                    8f:f2:b7:a9:64:23:7a:56:43:73:1d:e2:7a:6a:fb:
                    f1:dd:ea:9e:20:f2:85:ae:2e:98:ae:9d:2e:49:ce:
                    55:b2:63:fd:db:96:b7:9a:2d:de:36:5d:41:a5:1a:
                    8f:e2:cc:42:9f:31:2d:66:49:d1:18:6f:77:bf:8b:
                    e4:17:87:b2:35:22:b9:45:f6:20:19:81:a3:d3:f6:
                    d8:ef:3d:31:3c:0d:50:3a:64:ea:f2:aa:e2:9c:c9:
                    86:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:6A:72:AC:D3:B0:55:0E:0E:36:88:AB:E4:57:0E:3C:13:E2:41:5D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CGpyrNOwVQ4ONoir5FcOPBPiQV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:44:fd:ab:56:e6:6c:f8:0d:fe:dd:bf:cc:f6:a5:41:fa:7c:
         bc:8c:f1:b6:b8:66:c0:4a:1b:a0:26:e3:af:de:c3:98:f0:d2:
         42:5f:3d:98:78:18:f8:dd:79:b7:f9:31:43:65:f6:40:4e:4c:
         0c:04:fd:c3:1b:8e:61:ed:bc:f5:db:34:4b:fa:c2:ba:58:23:
         b4:b1:ca:87:d6:58:4a:5d:e1:5e:66:82:d5:e5:4f:03:30:a3:
         9c:17:0b:00:6c:f8:3a:28:a9:18:9f:57:e5:38:e3:01:59:f2:
         42:0f:1e:d3:df:1e:41:6d:0b:87:35:15:21:29:49:35:ea:ef:
         37:cd:fd:06:b0:7d:99:d7:38:34:63:0a:b4:16:40:7d:70:3d:
         bc:fb:b4:6a:1a:a6:fd:d7:70:30:c4:8f:c9:b3:af:1b:44:7b:
         86:19:52:59:89:0e:81:ea:3e:e2:d9:d4:ec:f3:d4:a1:4f:af:
         11:f9:8e:0a:cc:e7:61:e9:79:fe:fa:72:81:f2:a5:10:98:52:
         c3:aa:93:4a:ca:d6:c0:6b:96:2b:8a:25:6f:90:2b:c4:23:7b:
         7b:8a:31:77:07:d3:04:e8:04:a4:48:36:99:c8:72:06:4f:fb:
         4a:ab:d6:4c:8e:d0:77:a2:2e:88:b8:16:0e:5c:b7:23:b5:d7:
         d2:7d:fb:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0ccIJqJc8gfNWLW2ngc668MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTE4MTE1OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODZhNzJhY2QzYjA1NTBlMGUzNjg4YWJlNDU3MGUzYzEzZTI0MTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVrekdtgJtGYK7ugPtRZcAzTtTfK
47Xg7Mi3AlMMBeRZnYBvbSVAHbzsLF5wyLYW6IxAolOrKsbm+TDMKq5RQK9MxYlp
q1NEwVkvIlXFdTHtUDMG6GJrbq1SyGYsiR7r8YvDg0vmWcegp6Z4I3tmi/ihJ1XN
GLsBKWfZB7KUVpi1bxuI69QcUaBWlhoS+dh+Po3jfakbzZNNYEUiwskN557QmIGP
8repZCN6VkNzHeJ6avvx3eqeIPKFri6Yrp0uSc5VsmP925a3mi3eNl1BpRqP4sxC
nzEtZknRGG93v4vkF4eyNSK5RfYgGYGj0/bY7z0xPA1QOmTq8qrinMmGzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhqcqzTsFUODjaIq+RXDjwT4kFdMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ0dweXJOT3dWUTRPTm9pcjVGY09QQlBpUVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWLMA0G
CSqGSIb3DQEBCwUAA4IBAQCHRP2rVuZs+A3+3b/M9qVB+ny8jPG2uGbAShugJuOv
3sOY8NJCXz2YeBj43Xm3+TFDZfZATkwMBP3DG45h7bz12zRL+sK6WCO0scqH1lhK
XeFeZoLV5U8DMKOcFwsAbPg6KKkYn1flOOMBWfJCDx7T3x5BbQuHNRUhKUk16u83
zf0GsH2Z1zg0Ywq0FkB9cD28+7RqGqb913AwxI/Js68bRHuGGVJZiQ6B6j7i2dTs
89ShT68R+Y4KzOdh6Xn++nKB8qUQmFLDqpNKytbAa5YriiVvkCvEI3t7ijF3B9ME
6ASkSDaZyHIGT/tKq9ZMjtB3oi6IuBYOXLcjtdfSffty
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:21 2024 by rpki-client on console-ams.rpki-client.org