Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NrvoeYq-nSC_0QvII5CKQL6w0J8.roa
File:                     NrvoeYq-nSC_0QvII5CKQL6w0J8.roa (raw, json)
Hash identifier:          ApQj0B2T0YDwkfzoHBJbhSWMT7agmEk65BKVjbsqMbQ=
Subject key identifier:   36:BB:E8:79:8A:BE:9D:20:BF:D1:0B:C8:23:90:8A:40:BE:B0:D0:9F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018B1003274D192C8199DF72300E57E85379
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NrvoeYq-nSC_0QvII5CKQL6w0J8.roa
Signing time:             Sun 08 Oct 2023 15:58:43 +0000
ROA not before:           Sun 08 Oct 2023 15:58:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47516
IP address blocks:        89.213.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 27 Nov 2023 09:05:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:10:03:27:4d:19:2c:81:99:df:72:30:0e:57:e8:53:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct  8 15:58:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=36bbe8798abe9d20bfd10bc823908a40beb0d09f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f7:20:3b:7c:df:8b:06:ed:d9:a7:94:fe:7a:
                    67:49:9e:bd:fc:29:ac:4d:cf:b9:c1:43:f9:c0:64:
                    d1:1a:45:3e:65:bc:a2:67:15:15:c6:a6:05:d8:bd:
                    f2:08:40:e3:49:cf:b6:e5:14:97:7c:78:df:7c:ed:
                    a6:68:55:57:3f:be:5c:f2:a0:2c:ba:01:79:7a:f5:
                    45:fa:f5:fc:64:f2:a5:0d:c2:f0:1d:b1:14:e9:a7:
                    24:d3:98:a9:8b:1e:b9:f7:71:eb:0c:34:4c:0b:35:
                    76:e8:38:98:e4:a2:3d:1b:1c:b3:23:c7:f8:d7:e1:
                    f8:4f:e4:3e:64:33:05:d1:cc:df:5e:1c:8c:2d:b2:
                    03:c9:a6:06:fd:81:57:43:a1:d3:a2:d5:9b:ac:c6:
                    d2:3f:f1:80:9e:9b:df:3a:f2:8c:80:e0:be:c9:58:
                    b6:34:a7:0a:8a:46:49:20:f2:c2:18:dd:49:aa:e1:
                    bc:5d:d5:a9:d5:08:db:50:9d:08:8b:f7:1c:ac:f4:
                    8a:6b:6b:7b:6b:5b:d2:6d:7d:bc:e1:ef:c8:b6:a9:
                    1a:c7:f7:69:a8:8f:8d:bc:4e:4b:57:e2:81:f5:4b:
                    9c:59:bd:66:b8:d9:00:6f:7d:af:65:b1:ef:0d:88:
                    00:8a:9f:91:48:1d:d2:6b:7e:96:90:e4:b6:c5:34:
                    1a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:BB:E8:79:8A:BE:9D:20:BF:D1:0B:C8:23:90:8A:40:BE:B0:D0:9F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NrvoeYq-nSC_0QvII5CKQL6w0J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:33:39:50:68:c4:2b:0f:92:48:be:e5:da:fe:8f:da:b8:7b:
         64:cd:4d:69:99:91:8b:d4:0b:7a:eb:13:14:a8:d9:14:72:29:
         f6:03:cf:e4:09:89:f3:6b:b3:e9:43:6e:42:e0:0c:68:21:83:
         c0:d0:3c:e2:19:30:ca:e3:36:e9:92:0f:07:87:23:03:7f:e7:
         b6:89:89:33:27:f0:32:bf:a0:c3:61:db:ff:65:8e:df:01:cc:
         a3:f6:48:d1:69:6c:e6:f3:e3:dc:ec:71:78:37:cc:be:61:d0:
         86:1d:c5:8f:6c:41:a5:0c:d2:3f:06:5a:c6:e2:16:65:04:b3:
         a6:39:c7:0c:8c:c0:ff:fa:7b:13:f1:95:5c:b6:a0:bf:2c:87:
         f1:69:34:3a:63:bb:42:4f:f4:78:74:48:a8:19:60:76:75:a0:
         94:63:fb:57:4a:1e:b2:63:66:ac:4b:4f:a8:04:35:19:69:37:
         97:e2:7e:85:4d:d7:3c:64:31:80:c4:26:ea:93:dd:5c:3f:b0:
         95:59:59:12:2a:cb:f7:c9:ff:11:9d:fa:d4:5e:dd:15:dd:06:
         cd:0a:57:8d:ca:1a:26:ea:30:c6:63:97:bd:fa:7f:6c:0d:1b:
         bf:d8:1e:f0:b5:e0:8d:21:cf:74:c9:db:26:b5:aa:06:00:4f:
         8b:47:25:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYsQAydNGSyBmd9yMA5X6FN5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDA4MTU1ODQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmJiZTg3OThhYmU5ZDIwYmZkMTBiYzgyMzkwOGE0MGJlYjBkMDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvcgO3zfiwbt2aeU/npnSZ69/Cms
Tc+5wUP5wGTRGkU+ZbyiZxUVxqYF2L3yCEDjSc+25RSXfHjffO2maFVXP75c8qAs
ugF5evVF+vX8ZPKlDcLwHbEU6ack05ipix6593HrDDRMCzV26DiY5KI9GxyzI8f4
1+H4T+Q+ZDMF0czfXhyMLbIDyaYG/YFXQ6HTotWbrMbSP/GAnpvfOvKMgOC+yVi2
NKcKikZJIPLCGN1JquG8XdWp1QjbUJ0Ii/ccrPSKa2t7a1vSbX284e/Itqkax/dp
qI+NvE5LV+KB9UucWb1muNkAb32vZbHvDYgAip+RSB3Sa36WkOS2xTQabwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDa76HmKvp0gv9ELyCOQikC+sNCfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTnJ2b2VZcS1uU0NfMFF2SUk1Q0tRTDZ3MEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUqMA0G
CSqGSIb3DQEBCwUAA4IBAQAGMzlQaMQrD5JIvuXa/o/auHtkzU1pmZGL1At66xMU
qNkUcin2A8/kCYnza7PpQ25C4AxoIYPA0DziGTDK4zbpkg8HhyMDf+e2iYkzJ/Ay
v6DDYdv/ZY7fAcyj9kjRaWzm8+Pc7HF4N8y+YdCGHcWPbEGlDNI/BlrG4hZlBLOm
OccMjMD/+nsT8ZVctqC/LIfxaTQ6Y7tCT/R4dEioGWB2daCUY/tXSh6yY2asS0+o
BDUZaTeX4n6FTdc8ZDGAxCbqk91cP7CVWVkSKsv3yf8RnfrUXt0V3QbNCleNyhom
6jDGY5e9+n9sDRu/2B7wteCNIc90ydsmtaoGAE+LRyV5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org