Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/J4zHRkpk1VFjCC_q5bak6H9Ia1k.roa
File:                     J4zHRkpk1VFjCC_q5bak6H9Ia1k.roa (raw, json)
Hash identifier:          /DMg8uYqcNE9q+a9bJb70SydbFtMbHbbCI91hUz0cUo=
Subject key identifier:   27:8C:C7:46:4A:64:D5:51:63:08:2F:EA:E5:B6:A4:E8:7F:48:6B:59
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D1842428A9EE8373ECFE45406723CAED0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/J4zHRkpk1VFjCC_q5bak6H9Ia1k.roa
Signing time:             Wed 17 Jan 2024 16:30:12 +0000
ROA not before:           Wed 17 Jan 2024 16:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400529
IP address blocks:        89.213.139.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 08:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:42:42:8a:9e:e8:37:3e:cf:e4:54:06:72:3c:ae:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 17 16:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=278cc7464a64d55163082feae5b6a4e87f486b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:79:c5:9f:37:1e:19:08:22:f3:2d:3a:84:ea:
                    77:ee:6b:e9:bf:cd:c9:1c:c4:a1:d4:06:40:6d:8c:
                    59:c9:e3:c4:ab:b6:c9:9e:8f:dd:04:2e:a0:06:b2:
                    e5:76:10:ef:ec:2e:b9:b6:8d:8a:41:d9:aa:de:c9:
                    4e:45:32:1e:cc:3f:bd:f8:d4:67:5e:b5:a1:f0:0b:
                    49:36:48:a1:77:f6:d4:01:ec:96:2b:b9:d1:f2:e7:
                    b2:9f:2b:96:9d:93:b0:0a:61:08:e8:75:d0:69:79:
                    12:2e:95:6e:b8:e7:69:00:49:bd:6e:23:e9:ee:68:
                    c9:ec:c5:87:fd:7c:db:f4:2c:d4:7a:c5:fe:e4:54:
                    42:0c:60:43:46:be:0a:e2:0e:a7:8f:7b:90:ac:6d:
                    b9:ff:49:de:d5:23:de:12:61:2f:fc:c3:19:92:15:
                    bd:47:e2:ee:26:07:55:69:4e:b0:a0:c7:3d:9a:9b:
                    bb:54:63:05:85:75:69:24:3f:c9:5e:51:dd:be:1b:
                    c8:1f:9d:4a:d3:16:5d:29:4e:7c:e9:9b:ce:c1:1e:
                    ec:ba:ef:c5:27:40:af:38:07:19:03:f6:e6:32:cf:
                    82:00:88:e1:10:2d:dc:36:42:93:8c:35:33:7b:f4:
                    07:5d:32:c7:3c:3f:db:03:90:f5:74:1b:eb:43:ef:
                    1a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:8C:C7:46:4A:64:D5:51:63:08:2F:EA:E5:B6:A4:E8:7F:48:6B:59
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/J4zHRkpk1VFjCC_q5bak6H9Ia1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:1e:d3:d1:97:ff:19:c4:da:55:f1:38:67:28:5f:ee:fb:80:
         54:a7:49:3a:73:bd:3e:2f:56:36:c0:92:43:47:24:eb:d3:8d:
         1b:57:58:fa:ff:8c:4e:9b:31:36:88:e7:7e:6a:b5:94:c1:f9:
         a3:72:bd:f6:90:65:c8:8c:ed:7b:3d:93:3d:a9:6e:cf:d8:71:
         70:e7:70:cb:e4:57:14:6a:5f:e9:b8:5f:6c:fd:b7:1b:c3:af:
         bd:cd:5c:99:e0:7f:c1:1e:c8:40:a7:3d:1f:b9:24:cc:1f:b8:
         22:7d:8a:c9:55:fd:2f:d2:59:c7:76:1a:4c:9c:d2:e0:fc:04:
         94:2c:44:79:6e:7a:1a:c7:5a:b9:1a:a6:07:df:5d:a6:08:84:
         c2:17:9b:02:48:75:32:09:99:21:e1:39:ae:9a:74:b5:0c:70:
         8a:6e:03:66:68:98:d7:53:74:cb:8e:fd:a7:d5:5e:aa:66:89:
         b0:c1:2c:12:e3:a0:df:e8:82:c9:0b:c6:a2:a4:d5:dd:04:90:
         e7:2b:57:74:47:39:a6:a5:30:9c:4f:ba:9c:cd:3b:26:97:a1:
         43:92:64:50:51:32:31:37:9b:50:74:54:cb:cd:a9:34:40:34:
         e3:b6:bc:81:01:ba:62:be:9a:be:bc:34:68:c7:c3:d4:a1:d1:
         a3:b4:9e:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0YQkKKnug3Ps/kVAZyPK7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTE3MTYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzhjYzc0NjRhNjRkNTUxNjMwODJmZWFlNWI2YTRlODdmNDg2YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23nFnzceGQgi8y06hOp37mvpv83J
HMSh1AZAbYxZyePEq7bJno/dBC6gBrLldhDv7C65to2KQdmq3slORTIezD+9+NRn
XrWh8AtJNkihd/bUAeyWK7nR8ueynyuWnZOwCmEI6HXQaXkSLpVuuOdpAEm9biPp
7mjJ7MWH/Xzb9CzUesX+5FRCDGBDRr4K4g6nj3uQrG25/0ne1SPeEmEv/MMZkhW9
R+LuJgdVaU6woMc9mpu7VGMFhXVpJD/JXlHdvhvIH51K0xZdKU586ZvOwR7suu/F
J0CvOAcZA/bmMs+CAIjhEC3cNkKTjDUze/QHXTLHPD/bA5D1dBvrQ+8axwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeMx0ZKZNVRYwgv6uW2pOh/SGtZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSjR6SFJrcGsxVkZqQ0NfcTViYWs2SDlJYTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWLMA0G
CSqGSIb3DQEBCwUAA4IBAQAUHtPRl/8ZxNpV8ThnKF/u+4BUp0k6c70+L1Y2wJJD
RyTr040bV1j6/4xOmzE2iOd+arWUwfmjcr32kGXIjO17PZM9qW7P2HFw53DL5FcU
al/puF9s/bcbw6+9zVyZ4H/BHshApz0fuSTMH7gifYrJVf0v0lnHdhpMnNLg/ASU
LER5bnoax1q5GqYH312mCITCF5sCSHUyCZkh4TmumnS1DHCKbgNmaJjXU3TLjv2n
1V6qZomwwSwS46Df6ILJC8aipNXdBJDnK1d0RzmmpTCcT7qczTsml6FDkmRQUTIx
N5tQdFTLzak0QDTjtryBAbpivpq+vDRox8PUodGjtJ4e
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org