Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PEhdgAcyvgdqIzbU747WidAGfas.roa
File:                     PEhdgAcyvgdqIzbU747WidAGfas.roa (raw, json)
Hash identifier:          WHMzfQQi7G+eicpjoOMesQHjh1D6FX9pgmecs7tm87Y=
Subject key identifier:   3C:48:5D:80:07:32:BE:07:6A:23:36:D4:EF:8E:D6:89:D0:06:7D:AB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BD2013844CF1F4342429808B1E4F611B6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PEhdgAcyvgdqIzbU747WidAGfas.roa
Signing time:             Wed 15 Nov 2023 08:02:57 +0000
ROA not before:           Wed 15 Nov 2023 08:02:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49981
IP address blocks:        109.176.245.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.153.220.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 16 Nov 2023 07:33:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d2:01:38:44:cf:1f:43:42:42:98:08:b1:e4:f6:11:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 15 08:02:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c485d800732be076a2336d4ef8ed689d0067dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e3:08:d9:ad:24:13:f7:86:81:45:08:58:2a:
                    fd:e7:84:ed:64:ed:b7:13:47:84:ee:a3:72:95:6d:
                    a1:be:90:2a:f3:6f:eb:89:33:9b:a5:89:80:bf:1e:
                    37:6d:b3:4f:a9:73:5b:3d:03:c8:ba:1b:b5:d9:02:
                    76:64:db:46:70:c2:4a:da:eb:f5:25:fc:2a:db:fd:
                    cb:b0:e5:a9:ae:6c:47:f2:ca:37:2f:2a:bf:72:a1:
                    a9:89:ce:e2:ad:ad:c2:29:a6:58:a4:1a:bd:b3:b9:
                    5a:41:ba:99:c3:82:d9:ea:0f:31:65:f4:ae:2a:35:
                    29:fb:9f:07:30:b9:cb:21:23:c9:14:79:0b:a0:3f:
                    d6:29:7d:02:c1:d7:0e:ee:7d:29:e9:7d:4a:88:58:
                    8b:8b:ad:1d:d6:95:bb:dd:e8:92:2e:aa:00:b0:64:
                    35:d4:6d:1e:ab:2b:10:a9:2c:cb:16:b8:33:24:ef:
                    2d:1b:8d:f5:f4:eb:3c:42:17:6c:fd:da:32:fa:49:
                    fd:ed:94:32:00:59:76:a7:8c:47:46:2e:de:cc:bd:
                    ac:ce:a9:46:f3:30:c7:b4:07:54:d7:db:7a:c0:ae:
                    66:42:ff:b3:ff:f8:31:57:be:60:f3:77:25:36:22:
                    05:9e:01:5b:67:9b:60:34:bf:00:c5:f2:46:a2:b1:
                    8b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:48:5D:80:07:32:BE:07:6A:23:36:D4:EF:8E:D6:89:D0:06:7D:AB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PEhdgAcyvgdqIzbU747WidAGfas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.220.0/24
                  89.213.157.0/24
                  109.176.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:20:10:7e:09:e3:46:c3:c0:a0:46:96:5d:99:79:4b:0d:ae:
         4f:21:b4:92:6a:66:3f:b9:72:5d:d2:4e:5d:ea:36:f6:72:05:
         26:ce:b7:f3:91:a1:7f:6d:d3:b8:ad:51:5d:6b:9c:76:e1:3b:
         d3:bd:dd:c2:aa:32:23:90:cf:16:20:c5:91:8b:24:a1:ec:00:
         a8:82:a8:41:2a:ac:96:23:85:b5:60:28:f8:fc:6c:27:f4:e6:
         01:93:89:e4:27:f8:67:3c:c6:e3:9e:e2:6d:aa:4f:0f:f4:cd:
         96:82:12:b0:a1:e1:72:37:bf:98:4b:e0:50:34:10:86:bc:97:
         b4:8b:d5:35:37:d5:18:ca:07:22:75:0f:ab:25:ef:6c:be:79:
         94:95:de:58:6e:ab:27:d1:e2:18:e6:b4:2f:1f:85:7c:f4:78:
         9d:f5:2b:d0:41:1d:b1:11:91:59:b0:52:11:96:75:bc:97:d4:
         c6:e0:28:a8:1b:5d:78:e1:a3:f8:73:19:86:de:76:de:1a:a0:
         08:e0:8e:8c:a1:f2:d7:97:6e:97:c9:d8:ce:80:b6:ba:b9:b4:
         a1:a6:03:fa:34:1c:c8:98:7a:5c:09:e5:1c:00:8c:0e:c7:db:
         1d:77:36:f3:6c:2e:55:04:56:b2:47:74:6c:a3:82:a6:9c:f9:
         95:95:21:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYvSAThEzx9DQkKYCLHk9hG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE1MDgwMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQ4NWQ4MDA3MzJiZTA3NmEyMzM2ZDRlZjhlZDY4OWQwMDY3ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+MI2a0kE/eGgUUIWCr954TtZO23
E0eE7qNylW2hvpAq82/riTObpYmAvx43bbNPqXNbPQPIuhu12QJ2ZNtGcMJK2uv1
Jfwq2/3LsOWprmxH8so3Lyq/cqGpic7ira3CKaZYpBq9s7laQbqZw4LZ6g8xZfSu
KjUp+58HMLnLISPJFHkLoD/WKX0CwdcO7n0p6X1KiFiLi60d1pW73eiSLqoAsGQ1
1G0eqysQqSzLFrgzJO8tG4319Os8Qhds/doy+kn97ZQyAFl2p4xHRi7ezL2szqlG
8zDHtAdU19t6wK5mQv+z//gxV75g83clNiIFngFbZ5tgNL8AxfJGorGLDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDxIXYAHMr4HaiM21O+O1onQBn2rMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUEVoZGdBY3l2Z2RxSXpiVTc0N1dpZEFHZmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpncAwQA
WdWdAwQAbbD1MA0GCSqGSIb3DQEBCwUAA4IBAQB7IBB+CeNGw8CgRpZdmXlLDa5P
IbSSamY/uXJd0k5d6jb2cgUmzrfzkaF/bdO4rVFda5x24TvTvd3CqjIjkM8WIMWR
iySh7ACogqhBKqyWI4W1YCj4/Gwn9OYBk4nkJ/hnPMbjnuJtqk8P9M2WghKwoeFy
N7+YS+BQNBCGvJe0i9U1N9UYygcidQ+rJe9svnmUld5Ybqsn0eIY5rQvH4V89Hid
9SvQQR2xEZFZsFIRlnW8l9TG4CioG1144aP4cxmG3nbeGqAI4I6MofLXl26XydjO
gLa6ubShpgP6NBzImHpcCeUcAIwOx9sddzbzbC5VBFayR3Rso4KmnPmVlSH/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:23 2024 by rpki-client on console-ams.rpki-client.org