Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FQfgxeQhFi2lVZ-rFFT5QDml_tA.roa
File:                     FQfgxeQhFi2lVZ-rFFT5QDml_tA.roa (raw, json)
Hash identifier:          89bdvvBcuv9BrGjg7hpube2+1cs/IZ+WYM+WcYPdZzc=
Subject key identifier:   15:07:E0:C5:E4:21:16:2D:A5:55:9F:AB:14:54:F9:40:39:A5:FE:D0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3495FE63FE72F8B6547B07E0D64406B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FQfgxeQhFi2lVZ-rFFT5QDml_tA.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        89.213.129.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 07:49:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5f:e6:3f:e7:2f:8b:65:47:b0:7e:0d:64:40:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1507e0c5e421162da5559fab1454f94039a5fed0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d7:59:63:8f:ce:9b:67:3a:e2:05:ee:a5:20:
                    92:38:09:83:b8:ec:88:a9:bf:16:5b:f6:33:42:15:
                    c5:05:05:f9:28:e1:16:c1:0c:78:68:18:49:d3:68:
                    af:cf:0c:26:88:c1:b0:b3:45:ba:bd:b3:e5:ff:ed:
                    54:63:3a:dd:42:7a:9f:32:c2:1e:33:97:b7:a0:2a:
                    44:fd:47:04:90:93:a9:c1:6b:5a:ed:25:52:b4:b4:
                    d9:fc:af:19:e5:46:f6:be:fc:af:2e:6d:96:05:84:
                    d1:fe:57:04:e4:06:fd:c1:b4:6f:ef:ea:9e:79:50:
                    7e:bb:3b:36:d8:48:16:42:84:d3:cc:0b:fb:19:fb:
                    f8:dd:33:b4:d3:84:24:cf:5a:04:ee:0a:8f:a9:25:
                    92:c8:dd:ab:09:0b:0c:35:84:09:c6:31:a6:b6:03:
                    ba:8c:ce:0d:02:eb:f3:ec:43:fa:cd:1e:65:77:e7:
                    ef:fc:7d:0e:33:51:0e:aa:bf:d6:a4:18:86:8a:12:
                    8c:70:c1:b0:1b:eb:66:e9:94:c2:81:24:f6:9a:ba:
                    bd:d2:33:86:3e:73:8b:17:4e:57:ed:f4:69:80:a6:
                    ed:17:23:8a:7f:06:c7:68:2a:25:f0:50:6d:51:f4:
                    07:16:75:06:cc:14:4e:a4:bc:82:07:08:27:2f:47:
                    41:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:07:E0:C5:E4:21:16:2D:A5:55:9F:AB:14:54:F9:40:39:A5:FE:D0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FQfgxeQhFi2lVZ-rFFT5QDml_tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:6f:43:01:0c:1d:41:ba:3c:eb:41:4c:9c:68:5e:6c:69:60:
         e2:b6:5b:e3:52:e7:49:0e:4f:6a:f3:2a:7a:4a:06:d6:9a:c8:
         1f:8e:95:a8:e9:8c:e9:8a:83:d1:fe:f0:d6:6b:5d:35:93:32:
         65:12:8b:76:12:fb:62:db:e2:d9:91:68:17:81:34:4d:ed:fe:
         ca:b4:01:58:b7:e5:ae:4c:ec:51:27:fc:2f:43:23:f0:08:cb:
         82:25:c4:de:22:44:a5:d2:b7:45:30:a1:21:dc:da:f3:0e:59:
         da:bc:9a:03:6f:33:49:66:4f:d6:0e:f8:2a:25:d5:d1:07:85:
         df:92:04:8a:9b:d6:43:5a:dd:3c:9b:c7:d8:86:ca:5e:4a:c8:
         75:0e:37:16:ac:b3:10:17:ec:c8:3e:5b:82:45:ad:49:dd:db:
         35:a1:f8:5a:39:82:e3:61:f6:b2:bb:e7:f0:1f:c1:54:ef:ae:
         1d:5c:f0:2e:32:8c:5a:f9:46:e2:ac:32:3b:18:69:94:3b:fa:
         8e:24:0f:ea:43:e6:13:b1:d1:1c:41:24:41:61:71:11:b7:5c:
         b8:58:7f:e7:6f:c2:ef:00:ef:2a:13:b1:b1:b2:06:49:b2:76:
         9d:4e:a2:07:00:ef:06:12:c8:b0:3b:4e:a4:be:99:94:55:ef:
         51:28:d2:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSV/mP+cvi2VHsH4NZEBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTA3ZTBjNWU0MjExNjJkYTU1NTlmYWIxNDU0Zjk0MDM5YTVmZWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtdZY4/Om2c64gXupSCSOAmDuOyI
qb8WW/YzQhXFBQX5KOEWwQx4aBhJ02ivzwwmiMGws0W6vbPl/+1UYzrdQnqfMsIe
M5e3oCpE/UcEkJOpwWta7SVStLTZ/K8Z5Ub2vvyvLm2WBYTR/lcE5Ab9wbRv7+qe
eVB+uzs22EgWQoTTzAv7Gfv43TO004Qkz1oE7gqPqSWSyN2rCQsMNYQJxjGmtgO6
jM4NAuvz7EP6zR5ld+fv/H0OM1EOqr/WpBiGihKMcMGwG+tm6ZTCgST2mrq90jOG
PnOLF05X7fRpgKbtFyOKfwbHaCol8FBtUfQHFnUGzBROpLyCBwgnL0dB2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUH4MXkIRYtpVWfqxRU+UA5pf7QMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRlFmZ3hlUWhGaTJsVlotckZGVDVRRG1sX3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWBMA0G
CSqGSIb3DQEBCwUAA4IBAQCTb0MBDB1BujzrQUycaF5saWDitlvjUudJDk9q8yp6
SgbWmsgfjpWo6YzpioPR/vDWa101kzJlEot2Evti2+LZkWgXgTRN7f7KtAFYt+Wu
TOxRJ/wvQyPwCMuCJcTeIkSl0rdFMKEh3NrzDlnavJoDbzNJZk/WDvgqJdXRB4Xf
kgSKm9ZDWt08m8fYhspeSsh1DjcWrLMQF+zIPluCRa1J3ds1ofhaOYLjYfayu+fw
H8FU764dXPAuMoxa+UbirDI7GGmUO/qOJA/qQ+YTsdEcQSRBYXERt1y4WH/nb8Lv
AO8qE7GxsgZJsnadTqIHAO8GEsiwO06kvpmUVe9RKNI1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org