Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R1q0Qf63ml-3YXKN4TK-nZPVWNs.roa
File:                     R1q0Qf63ml-3YXKN4TK-nZPVWNs.roa (raw, json)
Hash identifier:          4WgVYEeWgLeS5oOu9DKS6PUbE64n+mA2F0HU3KAG0OM=
Subject key identifier:   47:5A:B4:41:FE:B7:9A:5F:B7:61:72:8D:E1:32:BE:9D:93:D5:58:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C91B8D524654FD71342E3FE50B7C049D5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R1q0Qf63ml-3YXKN4TK-nZPVWNs.roa
Signing time:             Fri 22 Dec 2023 13:30:58 +0000
ROA not before:           Fri 22 Dec 2023 13:30:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     23470
IP address blocks:        89.213.173.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:91:b8:d5:24:65:4f:d7:13:42:e3:fe:50:b7:c0:49:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 22 13:30:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=475ab441feb79a5fb761728de132be9d93d558db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:77:2f:59:c6:d2:68:d5:02:52:b8:5f:44:66:
                    cb:4d:81:9d:bb:a1:47:45:7e:00:0a:c5:e9:6e:4f:
                    3e:40:f7:dd:2a:4a:bd:ed:a2:ee:6d:5c:7f:54:5f:
                    a5:d3:a8:02:28:24:80:96:dd:69:f7:75:a6:1b:26:
                    b7:c1:3a:78:8a:f5:72:de:15:ad:81:e0:18:5d:2b:
                    73:a7:fd:f7:ae:f2:67:ae:75:f3:d5:77:e8:51:26:
                    23:9f:ea:ea:ac:a4:c7:40:d0:56:a0:42:cc:db:67:
                    83:61:e2:3e:0d:a9:a9:ee:30:15:a6:0d:e2:3d:aa:
                    01:64:2c:e1:98:c9:12:c0:ce:03:29:13:48:fb:c9:
                    7e:bc:07:e2:e9:bc:6d:79:de:78:97:0a:c4:09:49:
                    28:54:bc:af:3a:93:06:15:58:2c:7f:a4:1f:0c:cd:
                    af:e5:50:a4:2a:84:7f:4e:95:f5:dd:5b:5a:66:aa:
                    4b:eb:b8:43:e4:db:3b:56:39:2d:14:80:e6:b7:0a:
                    5c:31:53:aa:91:d0:1d:9a:35:4d:0e:a4:b1:e7:c1:
                    af:87:1a:1d:67:65:2b:ca:6c:ff:0c:68:9b:72:e6:
                    83:99:bc:6b:d6:81:2f:5b:60:18:ac:bf:16:84:87:
                    d8:f3:37:71:e3:60:0a:c6:3c:b4:86:7b:54:e5:19:
                    19:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:5A:B4:41:FE:B7:9A:5F:B7:61:72:8D:E1:32:BE:9D:93:D5:58:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R1q0Qf63ml-3YXKN4TK-nZPVWNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:12:d3:54:5e:e1:e2:9e:bb:df:dc:8f:ec:dc:06:00:a4:c8:
         ec:83:86:ee:67:cc:82:68:18:02:9d:c3:39:33:72:b4:5f:0d:
         75:1b:07:d5:6a:bf:37:6a:bd:e0:5f:ae:70:a7:d1:56:2b:57:
         f5:61:98:fa:fd:d8:f7:c7:30:69:2a:d5:12:d1:9f:a9:1a:20:
         23:71:da:e1:be:36:09:05:2a:1f:dc:a2:57:b3:78:51:84:d3:
         fb:de:ad:22:63:82:d1:54:80:38:e9:4a:23:17:77:b3:9e:94:
         7a:77:ca:72:f7:20:c3:a5:aa:92:a2:13:4b:49:8a:54:56:f3:
         04:e4:eb:48:94:61:af:e6:66:d2:b4:51:c6:b6:c4:90:5d:d7:
         d8:bb:8b:9e:f3:bc:43:3c:d5:b2:2c:4a:8c:c3:b7:da:71:35:
         f8:d2:d3:88:b9:b5:6a:39:f1:0b:2e:d6:db:fc:25:0b:c8:f3:
         1c:82:ce:e5:ee:9b:21:a1:db:67:b0:28:2f:bc:01:7c:1c:53:
         8d:a8:74:47:c6:1f:ad:58:97:37:af:54:4b:df:11:b4:ab:12:
         ec:f9:29:d5:87:f4:6c:d5:84:13:eb:d5:dd:ca:92:60:eb:22:
         ea:ec:75:44:e1:a0:f3:eb:60:09:a6:0b:79:51:f4:80:9c:67:
         2e:ca:4c:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyRuNUkZU/XE0Lj/lC3wEnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjIyMTMzMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzVhYjQ0MWZlYjc5YTVmYjc2MTcyOGRlMTMyYmU5ZDkzZDU1OGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXcvWcbSaNUCUrhfRGbLTYGdu6FH
RX4ACsXpbk8+QPfdKkq97aLubVx/VF+l06gCKCSAlt1p93WmGya3wTp4ivVy3hWt
geAYXStzp/33rvJnrnXz1XfoUSYjn+rqrKTHQNBWoELM22eDYeI+Damp7jAVpg3i
PaoBZCzhmMkSwM4DKRNI+8l+vAfi6bxted54lwrECUkoVLyvOpMGFVgsf6QfDM2v
5VCkKoR/TpX13VtaZqpL67hD5Ns7VjktFIDmtwpcMVOqkdAdmjVNDqSx58Gvhxod
Z2Urymz/DGibcuaDmbxr1oEvW2AYrL8WhIfY8zdx42AKxjy0hntU5RkZOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdatEH+t5pft2FyjeEyvp2T1VjbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUjFxMFFmNjNtbC0zWVhLTjRUSy1uWlBWV05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdWsMA0G
CSqGSIb3DQEBCwUAA4IBAQApEtNUXuHinrvf3I/s3AYApMjsg4buZ8yCaBgCncM5
M3K0Xw11GwfVar83ar3gX65wp9FWK1f1YZj6/dj3xzBpKtUS0Z+pGiAjcdrhvjYJ
BSof3KJXs3hRhNP73q0iY4LRVIA46UojF3eznpR6d8py9yDDpaqSohNLSYpUVvME
5OtIlGGv5mbStFHGtsSQXdfYu4ue87xDPNWyLEqMw7facTX40tOIubVqOfELLtbb
/CULyPMcgs7l7pshodtnsCgvvAF8HFONqHRHxh+tWJc3r1RL3xG0qxLs+SnVh/Rs
1YQT69XdypJg6yLq7HVE4aDz62AJpgt5UfSAnGcuykzR
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:23 2024 by rpki-client on console-ams.rpki-client.org