Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KQWZsm27hklFI9VAVLRi8a5MuFM.roa
File:                     KQWZsm27hklFI9VAVLRi8a5MuFM.roa (raw, json)
Hash identifier:          qiWdFdJ3jYy0APz6TM0onuEtSQ3NK5BEjwW95REBq30=
Subject key identifier:   29:05:99:B2:6D:BB:86:49:45:23:D5:40:54:B4:62:F1:AE:4C:B8:53
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F9A21E94E86C1E28B706C1EC7DE7B27DE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KQWZsm27hklFI9VAVLRi8a5MuFM.roa
Signing time:             Tue 21 May 2024 07:51:04 +0000
ROA not before:           Tue 21 May 2024 07:51:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197537
IP address blocks:        89.213.206.0/23 maxlen: 24
                          89.213.228.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Fri 24 May 2024 07:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:21:e9:4e:86:c1:e2:8b:70:6c:1e:c7:de:7b:27:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 21 07:51:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=290599b26dbb86494523d54054b462f1ae4cb853
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:68:73:a0:7a:e6:38:ad:d6:92:98:11:d5:22:
                    78:a8:e4:57:4f:49:7c:de:f5:c4:c9:7c:e7:77:af:
                    7b:27:d9:5a:3d:bf:31:5a:74:ac:01:5e:56:dd:ba:
                    88:26:f0:75:b1:05:cb:0f:3d:96:c1:07:51:39:d8:
                    1f:8a:76:87:9a:da:4d:92:65:a1:c5:6f:be:f8:11:
                    8a:6d:9f:cf:2c:06:24:b4:23:0e:fb:52:4e:65:84:
                    7d:83:2f:78:5e:cc:17:dc:03:69:90:62:e0:81:34:
                    f2:33:a2:48:67:52:dd:9f:bf:8a:89:35:b5:fb:01:
                    11:f8:f2:89:df:d4:20:70:ca:84:df:47:87:4c:1f:
                    0a:92:88:09:2d:db:a1:27:f3:69:64:a4:b3:ee:17:
                    4e:4c:97:89:a7:cf:d1:0c:d3:d0:79:d0:9f:34:11:
                    b0:62:70:c8:69:d4:e6:6e:8c:2f:31:11:7c:b8:7c:
                    17:2f:2f:66:1b:92:5a:f7:c9:20:d2:65:47:5e:02:
                    ed:11:31:80:66:f1:4e:13:c3:e2:8c:9a:6c:cb:f3:
                    16:55:a9:43:8b:96:91:85:c7:11:49:b6:a7:7a:62:
                    9f:b1:85:dc:e1:67:59:4e:88:47:e1:68:b2:c8:3d:
                    d8:5d:6b:41:de:65:fe:5b:bc:59:34:1d:39:f3:6b:
                    e2:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:05:99:B2:6D:BB:86:49:45:23:D5:40:54:B4:62:F1:AE:4C:B8:53
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KQWZsm27hklFI9VAVLRi8a5MuFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.206.0/23
                  89.213.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:73:9e:5a:79:aa:85:0a:3d:0b:42:75:fa:e9:05:50:da:a9:
         a4:66:8e:d4:4b:f3:40:cd:d5:43:e2:21:a9:6f:c5:8c:c3:ab:
         03:af:64:54:22:36:9b:7b:ed:52:7c:3c:89:85:6c:8b:74:57:
         47:62:2a:ae:52:72:fb:a5:cc:be:bf:b0:94:bf:10:0f:07:38:
         1b:6f:fb:77:47:2e:c9:71:e7:dd:0e:17:3e:fc:23:cc:e5:9b:
         c3:43:e8:72:65:ec:2f:83:fa:88:1a:5e:b8:be:c0:9f:1a:83:
         4b:d5:94:e1:f8:d8:78:05:24:3f:82:38:9a:c6:e6:44:09:83:
         58:22:ce:23:98:78:50:06:aa:bc:2b:56:b5:0c:a6:20:0d:8d:
         31:e5:4d:c0:2a:13:05:a3:15:ed:90:11:b7:89:b8:84:ff:fb:
         9e:91:e7:c6:4a:25:2b:29:8b:8a:b4:98:47:02:b1:ac:1b:9b:
         3b:ec:27:cf:bd:ab:2c:4f:b7:bc:58:94:71:e7:26:a5:69:5a:
         ef:9b:97:a9:34:a1:f8:31:27:bf:4a:48:9f:88:61:16:ed:ea:
         07:8b:7e:ef:13:b3:a8:3d:cd:fb:21:03:d2:5f:e4:27:6d:c4:
         90:de:79:c5:71:b7:c0:08:67:e8:0d:1c:80:79:a9:33:e2:c7:
         33:bf:f8:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+aIelOhsHii3BsHsfeeyfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIxMDc1MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTA1OTliMjZkYmI4NjQ5NDUyM2Q1NDA1NGI0NjJmMWFlNGNiODUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWhzoHrmOK3WkpgR1SJ4qORXT0l8
3vXEyXznd697J9laPb8xWnSsAV5W3bqIJvB1sQXLDz2WwQdROdgfinaHmtpNkmWh
xW+++BGKbZ/PLAYktCMO+1JOZYR9gy94XswX3ANpkGLggTTyM6JIZ1Ldn7+KiTW1
+wER+PKJ39QgcMqE30eHTB8KkogJLduhJ/NpZKSz7hdOTJeJp8/RDNPQedCfNBGw
YnDIadTmbowvMRF8uHwXLy9mG5Ja98kg0mVHXgLtETGAZvFOE8PijJpsy/MWValD
i5aRhccRSbanemKfsYXc4WdZTohH4WiyyD3YXWtB3mX+W7xZNB0582vi4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCkFmbJtu4ZJRSPVQFS0YvGuTLhTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS1FXWnNtMjdoa2xGSTlWQVZMUmk4YTVNdUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWdXOAwQC
WdXkMA0GCSqGSIb3DQEBCwUAA4IBAQCtc55aeaqFCj0LQnX66QVQ2qmkZo7US/NA
zdVD4iGpb8WMw6sDr2RUIjabe+1SfDyJhWyLdFdHYiquUnL7pcy+v7CUvxAPBzgb
b/t3Ry7JcefdDhc+/CPM5ZvDQ+hyZewvg/qIGl64vsCfGoNL1ZTh+Nh4BSQ/gjia
xuZECYNYIs4jmHhQBqq8K1a1DKYgDY0x5U3AKhMFoxXtkBG3ibiE//uekefGSiUr
KYuKtJhHArGsG5s77CfPvassT7e8WJRx5yalaVrvm5epNKH4MSe/SkifiGEW7eoH
i37vE7OoPc37IQPSX+QnbcSQ3nnFcbfACGfoDRyAeakz4sczv/ib
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org