Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hz5H1K1PNnWDk_BZfZIli0AfHMk.roa
File:                     Hz5H1K1PNnWDk_BZfZIli0AfHMk.roa (raw, json)
Hash identifier:          ubW4VvRb3euUVWC39O6dwM78hWJUOunUNeyLn/IeX7w=
Subject key identifier:   1F:3E:47:D4:AD:4F:36:75:83:93:F0:59:7D:92:25:8B:40:1F:1C:C9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FAF2E5EC45B24B4E3825B329E286EF645
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hz5H1K1PNnWDk_BZfZIli0AfHMk.roa
Signing time:             Sat 25 May 2024 09:56:42 +0000
ROA not before:           Sat 25 May 2024 09:56:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197537
IP address blocks:        89.213.49.0/24 maxlen: 24
                          89.213.50.0/23 maxlen: 24
                          89.213.52.0/22 maxlen: 24
                          89.213.56.0/22 maxlen: 24
                          89.213.206.0/23 maxlen: 24
                          89.213.212.0/24 maxlen: 24
                          89.213.214.0/24 maxlen: 24
                          89.213.215.0/24 maxlen: 24
                          89.213.228.0/22 maxlen: 24
                          109.176.165.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 27 May 2024 08:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:af:2e:5e:c4:5b:24:b4:e3:82:5b:32:9e:28:6e:f6:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 25 09:56:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f3e47d4ad4f36758393f0597d92258b401f1cc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:79:0f:85:29:32:8d:8e:00:eb:39:2b:f2:d9:
                    a4:1c:1e:eb:03:4c:3f:e0:ef:18:fa:1e:bb:4b:17:
                    cf:db:28:76:59:c1:3c:7e:fb:c9:63:8c:78:52:fd:
                    64:f2:53:ef:44:80:e7:ca:ac:40:ff:7a:5d:5d:af:
                    3f:30:99:72:67:27:13:3f:19:a1:0e:16:53:75:d8:
                    dd:05:be:36:16:13:e6:7f:dc:49:b6:c5:50:2c:24:
                    18:ac:fc:58:5b:86:05:dd:04:9a:3b:d5:6d:43:c7:
                    3b:10:75:bc:06:22:b5:5f:a9:2d:fd:42:39:6d:b4:
                    5b:47:c5:a3:19:ac:6d:dd:5d:a4:36:bc:66:38:04:
                    eb:24:b5:c0:3f:ae:fe:aa:87:f4:62:f0:56:e9:3d:
                    60:2f:5a:84:75:55:9e:cb:6f:c9:14:e4:0d:3e:5d:
                    a5:85:c5:e8:92:7d:44:0f:30:00:1c:3e:ab:68:51:
                    f1:40:6a:c3:6b:95:90:c0:9e:2d:1e:5a:2c:58:01:
                    ea:64:bc:ec:21:b8:22:9c:3b:ea:58:25:ce:55:80:
                    51:e5:b7:74:3b:55:56:fb:e8:29:da:2b:66:1f:a9:
                    02:90:1b:fa:6c:b3:87:65:78:3b:05:09:a0:58:de:
                    cf:f9:9c:e9:34:75:23:1e:ac:16:75:5d:22:0e:f5:
                    e4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:3E:47:D4:AD:4F:36:75:83:93:F0:59:7D:92:25:8B:40:1F:1C:C9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hz5H1K1PNnWDk_BZfZIli0AfHMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.49.0-89.213.59.255
                  89.213.206.0/23
                  89.213.212.0/24
                  89.213.214.0/23
                  89.213.228.0/22
                  109.176.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:85:1c:b6:22:f4:4d:1c:e6:a7:f0:d3:9a:1a:62:70:31:e4:
         c6:81:b1:83:6c:8f:95:3b:5d:dd:e1:52:b0:4b:c5:0d:e9:95:
         0c:8a:fe:cf:7e:ea:f3:e3:61:4e:22:98:c4:6b:95:c1:c6:79:
         ce:83:31:5e:ae:ab:58:4b:27:11:1f:af:4d:b9:f6:79:f1:2c:
         44:88:db:65:a9:87:42:d9:8c:c7:f5:28:f2:7d:33:d4:9c:a9:
         61:1c:97:ac:25:2c:9b:fd:6b:0d:18:1d:9d:66:d7:45:32:49:
         89:a4:c5:1a:ac:d4:ba:02:41:ad:ea:e7:8f:6f:3e:eb:cf:cb:
         2e:1f:24:55:1a:83:d9:be:e2:df:b0:24:04:90:08:aa:4d:07:
         eb:73:e7:b6:b9:b6:ed:3f:8c:85:4e:2d:ac:14:9c:f5:8f:e6:
         65:a9:b9:d3:5e:a4:6b:60:03:aa:94:51:56:85:fc:97:9c:ef:
         96:07:ab:61:01:be:87:e8:5e:e3:68:35:4a:30:7b:57:e4:eb:
         06:47:32:60:19:d0:30:02:8a:c6:1f:ef:82:c5:fd:33:ef:2d:
         0e:42:71:2f:0a:2b:33:ee:ea:00:10:5e:cf:3f:88:23:b9:13:
         3b:b5:55:ae:8c:45:c3:82:fc:82:f2:1d:50:4e:cc:60:2b:46:
         fe:c5:e7:09
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY+vLl7EWyS044JbMp4obvZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI1MDk1NjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjNlNDdkNGFkNGYzNjc1ODM5M2YwNTk3ZDkyMjU4YjQwMWYxY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nkPhSkyjY4A6zkr8tmkHB7rA0w/
4O8Y+h67SxfP2yh2WcE8fvvJY4x4Uv1k8lPvRIDnyqxA/3pdXa8/MJlyZycTPxmh
DhZTddjdBb42FhPmf9xJtsVQLCQYrPxYW4YF3QSaO9VtQ8c7EHW8BiK1X6kt/UI5
bbRbR8WjGaxt3V2kNrxmOATrJLXAP67+qof0YvBW6T1gL1qEdVWey2/JFOQNPl2l
hcXokn1EDzAAHD6raFHxQGrDa5WQwJ4tHlosWAHqZLzsIbginDvqWCXOVYBR5bd0
O1VW++gp2itmH6kCkBv6bLOHZXg7BQmgWN7P+ZzpNHUjHqwWdV0iDvXkgQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFB8+R9StTzZ1g5PwWX2SJYtAHxzJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSHo1SDFLMVBObldEa19CWmZaSWxpMEFmSE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBABZ1TED
BAJZ1TgDBAFZ1c4DBABZ1dQDBAFZ1dYDBAJZ1eQDBABtsKUwDQYJKoZIhvcNAQEL
BQADggEBAI+FHLYi9E0c5qfw05oaYnAx5MaBsYNsj5U7Xd3hUrBLxQ3plQyK/s9+
6vPjYU4imMRrlcHGec6DMV6uq1hLJxEfr0259nnxLESI22Wph0LZjMf1KPJ9M9Sc
qWEcl6wlLJv9aw0YHZ1m10UySYmkxRqs1LoCQa3q549vPuvPyy4fJFUag9m+4t+w
JASQCKpNB+tz57a5tu0/jIVOLawUnPWP5mWpudNepGtgA6qUUVaF/Jec75YHq2EB
vofoXuNoNUowe1fk6wZHMmAZ0DACisYf74LF/TPvLQ5CcS8KKzPu6gAQXs8/iCO5
Ezu1Va6MRcOC/ILyHVBOzGArRv7F5wk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org