Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JwQIy9xXM6xuztQ2qVPwmXDZBT8.roa
File:                     JwQIy9xXM6xuztQ2qVPwmXDZBT8.roa (raw, json)
Hash identifier:          f9Br+h8ImCgbIgLibBgukp8ojlAeSPh5MCZpCTGU/Jw=
Subject key identifier:   27:04:08:CB:DC:57:33:AC:6E:CE:D4:36:A9:53:F0:99:70:D9:05:3F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BD70D094F0826918623649135D4395026
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JwQIy9xXM6xuztQ2qVPwmXDZBT8.roa
Signing time:             Thu 16 Nov 2023 07:33:57 +0000
ROA not before:           Thu 16 Nov 2023 07:33:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49981
IP address blocks:        89.213.157.0/24 maxlen: 24
                          82.153.220.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 Nov 2023 08:44:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d7:0d:09:4f:08:26:91:86:23:64:91:35:d4:39:50:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 16 07:33:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=270408cbdc5733ac6eced436a953f09970d9053f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:73:80:19:53:f2:38:6b:8c:07:19:9c:3d:fa:
                    c2:f7:f1:37:fd:7c:c6:3c:11:ca:06:5d:cd:ff:dd:
                    3f:09:24:dc:9c:66:f4:bf:05:af:f1:24:58:6f:ff:
                    b4:a3:f7:32:c4:10:d3:f0:5e:4b:e7:2a:82:01:08:
                    35:19:59:e6:91:f6:d6:8a:32:96:4d:9c:b7:e2:79:
                    a4:5c:b5:71:54:5a:18:46:59:e5:10:e9:c7:48:96:
                    e4:d2:b9:da:4d:66:a1:a9:fe:25:12:4a:3b:90:6b:
                    49:b1:90:24:fd:ce:82:4e:52:f2:2e:a4:34:e6:75:
                    c9:cb:2f:ed:57:c2:44:59:43:0c:94:69:5b:a9:26:
                    29:b6:25:7c:7a:5a:22:03:0b:3a:43:1a:38:7e:ca:
                    ed:8a:00:42:d0:e2:76:d8:6b:bb:b4:b6:0b:9f:c4:
                    15:cf:6e:50:ae:5e:f0:fa:66:76:5f:be:bc:17:aa:
                    24:ac:ae:42:bf:f8:73:6d:be:db:3f:75:21:2c:e7:
                    4c:b1:99:36:da:28:cc:f5:23:f2:c4:4e:5e:61:6f:
                    b0:7a:ee:46:be:48:ec:7c:5a:39:8c:25:73:de:be:
                    d2:b0:ec:71:99:c2:32:59:7d:31:f4:89:8f:29:3c:
                    cc:87:af:d7:51:d0:69:13:43:7b:1a:78:87:fc:7c:
                    62:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:04:08:CB:DC:57:33:AC:6E:CE:D4:36:A9:53:F0:99:70:D9:05:3F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JwQIy9xXM6xuztQ2qVPwmXDZBT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.220.0/24
                  89.213.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:d5:72:b7:5b:f9:02:1f:49:4e:ce:cd:74:90:46:9a:8c:19:
         c4:ce:cc:33:06:b0:e2:6f:cf:b5:93:5c:dd:4d:41:01:bd:d3:
         6c:c0:e5:dc:b0:91:89:5b:db:8e:06:3f:56:83:83:b2:17:1b:
         d8:48:4f:d5:20:f3:93:ec:f7:0a:50:62:98:9c:35:23:40:10:
         6e:ca:21:66:f3:c3:9d:74:ac:9e:97:fb:39:fd:7d:62:c2:a7:
         5b:07:57:50:c0:7b:83:d4:1d:e8:7d:1b:89:ca:17:c0:01:ec:
         08:bd:0b:03:bf:c8:4e:79:8b:db:83:20:83:79:df:1b:1b:84:
         f1:70:b9:7b:eb:22:7a:f0:8f:b0:95:ff:1d:be:1c:12:c7:e7:
         f2:b0:bb:0c:9b:eb:49:18:c3:fd:c1:36:c5:0b:64:f0:96:7e:
         fa:c3:b0:ef:79:a8:cc:f7:0a:9f:9f:ae:b2:29:52:07:b9:8f:
         69:b8:29:2c:8f:a4:82:7a:34:1f:86:8d:15:d3:c1:e9:f4:be:
         ff:19:2b:11:50:2d:e9:c8:f2:1a:57:6f:9d:15:c6:3b:66:a8:
         92:25:1a:fd:23:d9:cd:0a:24:73:bd:fb:23:85:04:27:98:31:
         50:18:fb:bd:09:5f:f7:fe:3c:df:f9:9c:70:f9:50:94:49:ac:
         f3:67:2e:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYvXDQlPCCaRhiNkkTXUOVAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE2MDczMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzA0MDhjYmRjNTczM2FjNmVjZWQ0MzZhOTUzZjA5OTcwZDkwNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXOAGVPyOGuMBxmcPfrC9/E3/XzG
PBHKBl3N/90/CSTcnGb0vwWv8SRYb/+0o/cyxBDT8F5L5yqCAQg1GVnmkfbWijKW
TZy34nmkXLVxVFoYRlnlEOnHSJbk0rnaTWahqf4lEko7kGtJsZAk/c6CTlLyLqQ0
5nXJyy/tV8JEWUMMlGlbqSYptiV8eloiAws6Qxo4fsrtigBC0OJ22Gu7tLYLn8QV
z25Qrl7w+mZ2X768F6okrK5Cv/hzbb7bP3UhLOdMsZk22ijM9SPyxE5eYW+weu5G
vkjsfFo5jCVz3r7SsOxxmcIyWX0x9ImPKTzMh6/XUdBpE0N7GniH/HxiAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCcECMvcVzOsbs7UNqlT8Jlw2QU/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSndRSXk5eFhNNnh1enRRMnFWUHdtWERaQlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpncAwQA
WdWdMA0GCSqGSIb3DQEBCwUAA4IBAQBv1XK3W/kCH0lOzs10kEaajBnEzswzBrDi
b8+1k1zdTUEBvdNswOXcsJGJW9uOBj9Wg4OyFxvYSE/VIPOT7PcKUGKYnDUjQBBu
yiFm88OddKyel/s5/X1iwqdbB1dQwHuD1B3ofRuJyhfAAewIvQsDv8hOeYvbgyCD
ed8bG4TxcLl76yJ68I+wlf8dvhwSx+fysLsMm+tJGMP9wTbFC2Twln76w7DveajM
9wqfn66yKVIHuY9puCksj6SCejQfho0V08Hp9L7/GSsRUC3pyPIaV2+dFcY7ZqiS
JRr9I9nNCiRzvfsjhQQnmDFQGPu9CV/3/jzf+Zxw+VCUSazzZy4b
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org