Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QIYc2cDiUvqOG4W_TAKJv_zMkVE.roa
File:                     QIYc2cDiUvqOG4W_TAKJv_zMkVE.roa (raw, json)
Hash identifier:          kY2Rx0l2e9ooSP4DGQfZQ8tZ4G7RRde69GrfqN3xs9w=
Subject key identifier:   40:86:1C:D9:C0:E2:52:FA:8E:1B:85:BF:4C:02:89:BF:FC:CC:91:51
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C5F0B037ABD6DC31A272E9BEDCA153A8B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QIYc2cDiUvqOG4W_TAKJv_zMkVE.roa
Signing time:             Tue 12 Dec 2023 17:20:06 +0000
ROA not before:           Tue 12 Dec 2023 17:20:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     395839
IP address blocks:        82.153.1.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 24 Dec 2023 14:54:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:5f:0b:03:7a:bd:6d:c3:1a:27:2e:9b:ed:ca:15:3a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 12 17:20:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40861cd9c0e252fa8e1b85bf4c0289bffccc9151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:88:9f:5b:40:01:03:9e:16:aa:11:34:9f:17:
                    2d:8c:f9:28:d7:43:33:f8:20:4d:df:41:97:87:c1:
                    bf:a4:78:ad:d2:aa:6f:26:8e:1a:bd:45:89:87:a7:
                    7e:fa:b5:75:2a:36:ce:c3:5f:ce:e9:ae:ed:10:25:
                    3a:b2:20:d0:2d:98:2c:27:7f:45:7d:9c:51:f7:8a:
                    6d:00:25:3e:66:8a:dc:68:f9:40:ef:85:f2:15:9f:
                    9f:63:3d:0b:eb:c9:1b:ca:9c:7d:7e:c9:42:7c:34:
                    30:bb:b8:d2:dc:58:c3:45:7b:f0:d2:83:a9:80:24:
                    05:04:e2:26:4d:4a:a6:13:06:c8:ff:9b:59:f8:8b:
                    0a:64:47:2b:c7:aa:63:24:95:7c:48:a8:a6:d8:05:
                    1a:c6:cc:e2:0e:83:4c:cd:a1:69:74:01:3f:f9:29:
                    2b:de:b5:cf:87:a9:31:81:73:2f:86:ab:21:23:7c:
                    aa:b1:92:5b:35:1f:5d:d0:a2:6f:00:45:60:fa:78:
                    13:3e:a8:4b:fe:fd:5a:e7:b4:bf:f3:d2:e3:a8:e5:
                    12:18:77:88:fa:db:0b:18:a6:d4:d3:57:d1:ce:f0:
                    62:94:c2:5f:8e:b3:81:f6:20:b9:ac:cd:47:d9:99:
                    7b:91:a9:c0:ba:5b:3c:97:9e:53:d6:d9:11:79:1a:
                    84:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:86:1C:D9:C0:E2:52:FA:8E:1B:85:BF:4C:02:89:BF:FC:CC:91:51
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QIYc2cDiUvqOG4W_TAKJv_zMkVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:26:b5:e8:e5:c3:69:bb:05:de:93:93:13:00:df:72:bf:d9:
         cf:04:96:49:f4:67:c9:77:7b:cf:18:57:99:80:50:82:71:ab:
         63:15:17:4c:f0:07:bc:da:dc:12:dc:41:ba:bd:25:94:6f:78:
         ba:c4:6b:97:ae:20:f1:b4:ae:a0:89:98:61:65:a9:6f:54:11:
         16:d0:3f:77:7c:f2:08:c4:cd:56:bc:cd:5c:1e:10:0a:ee:aa:
         58:6d:6e:af:a4:1e:28:e3:e3:3d:c7:d4:4f:1c:0f:82:d1:a1:
         51:16:47:e6:8a:fb:00:1a:01:e1:9b:d2:e3:6e:00:9b:94:9b:
         f4:aa:42:df:11:bd:58:ca:55:75:a7:5f:fc:78:1b:c7:5b:e3:
         8e:99:9d:af:37:34:9f:53:c7:70:21:00:28:a0:ec:af:fa:04:
         63:4a:59:3b:26:4c:53:11:e3:65:db:53:c9:aa:a3:24:6f:a9:
         24:20:4e:1b:6f:69:3c:f8:f8:5f:dd:65:ac:99:2a:9a:cf:c6:
         87:f0:a2:91:c2:6a:2b:0c:68:bc:34:12:02:2e:15:98:6c:7d:
         1f:a3:8f:aa:84:66:fd:26:d6:fe:15:52:d1:d4:0b:b6:8b:71:
         32:b9:e4:a0:07:72:7e:c4:57:73:e9:58:41:d9:d7:d8:80:9d:
         d8:c2:bb:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYxfCwN6vW3DGicum+3KFTqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjEyMTcyMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDg2MWNkOWMwZTI1MmZhOGUxYjg1YmY0YzAyODliZmZjY2M5MTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4ifW0ABA54WqhE0nxctjPko10Mz
+CBN30GXh8G/pHit0qpvJo4avUWJh6d++rV1KjbOw1/O6a7tECU6siDQLZgsJ39F
fZxR94ptACU+ZorcaPlA74XyFZ+fYz0L68kbypx9fslCfDQwu7jS3FjDRXvw0oOp
gCQFBOImTUqmEwbI/5tZ+IsKZEcrx6pjJJV8SKim2AUaxsziDoNMzaFpdAE/+Skr
3rXPh6kxgXMvhqshI3yqsZJbNR9d0KJvAEVg+ngTPqhL/v1a57S/89LjqOUSGHeI
+tsLGKbU01fRzvBilMJfjrOB9iC5rM1H2Zl7kanAuls8l55T1tkReRqEUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECGHNnA4lL6jhuFv0wCib/8zJFRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUUlZYzJjRGlVdnFPRzRXX1RBS0p2X3pNa1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpkBMA0G
CSqGSIb3DQEBCwUAA4IBAQAsJrXo5cNpuwXek5MTAN9yv9nPBJZJ9GfJd3vPGFeZ
gFCCcatjFRdM8Ae82twS3EG6vSWUb3i6xGuXriDxtK6giZhhZalvVBEW0D93fPII
xM1WvM1cHhAK7qpYbW6vpB4o4+M9x9RPHA+C0aFRFkfmivsAGgHhm9LjbgCblJv0
qkLfEb1YylV1p1/8eBvHW+OOmZ2vNzSfU8dwIQAooOyv+gRjSlk7JkxTEeNl21PJ
qqMkb6kkIE4bb2k8+Phf3WWsmSqaz8aH8KKRwmorDGi8NBICLhWYbH0fo4+qhGb9
Jtb+FVLR1Au2i3EyueSgB3J+xFdz6VhB2dfYgJ3YwrvA
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:23 2024 by rpki-client on console-ams.rpki-client.org