Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XbfJdrUMF1cxHNfZioLgALr20_Y.roa
File:                     XbfJdrUMF1cxHNfZioLgALr20_Y.roa (raw, json)
Hash identifier:          B/fTbb/kHTMiWHkRRbpuAbrWr9CWsYE8yRLXV1DTdAg=
Subject key identifier:   5D:B7:C9:76:B5:0C:17:57:31:1C:D7:D9:8A:82:E0:00:BA:F6:D3:F6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F2E13874BC6524430FE32C072911E7172
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XbfJdrUMF1cxHNfZioLgALr20_Y.roa
Signing time:             Tue 30 Apr 2024 08:16:22 +0000
ROA not before:           Tue 30 Apr 2024 08:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     235
IP address blocks:        213.218.214.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 May 2024 10:32:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:13:87:4b:c6:52:44:30:fe:32:c0:72:91:1e:71:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 30 08:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5db7c976b50c1757311cd7d98a82e000baf6d3f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e7:73:bd:00:5e:21:2c:f7:01:43:41:96:11:
                    bf:68:16:6a:f2:69:b8:95:d9:2b:c6:86:47:c1:46:
                    ce:2d:2e:24:68:f3:35:68:e2:cf:e4:a0:24:70:02:
                    84:5f:dd:39:5d:24:1b:97:a3:aa:23:2f:51:31:9f:
                    2d:55:74:72:7a:98:7b:cf:d5:14:5c:1f:47:00:e3:
                    0d:82:8a:af:9d:53:c1:8d:c0:bc:5f:e3:e2:e3:cd:
                    0c:0e:f7:cb:9a:61:b0:20:e6:a5:8a:bc:87:cc:1e:
                    c3:66:3e:3d:d5:90:45:a3:24:fc:11:c0:c3:4d:df:
                    9f:1d:db:df:c5:01:77:27:61:7e:c5:40:dc:d9:c0:
                    66:9e:e6:e1:9f:2b:37:f8:bf:41:a1:b2:0d:10:8a:
                    36:5f:79:1f:54:fc:a0:0a:14:8a:b8:3d:ee:e4:ad:
                    bc:db:b2:b8:65:77:54:59:bb:08:b4:d6:db:bf:a7:
                    9a:fb:1f:ba:5f:fe:07:79:98:ce:be:5e:35:0d:4a:
                    7a:93:42:92:81:95:6d:30:45:28:0f:f9:47:53:ce:
                    9c:2a:24:fc:6f:83:7d:92:c7:5a:70:0c:c6:ed:d3:
                    3a:91:7e:f3:d1:a1:af:b7:a9:5b:3c:9b:e4:cb:af:
                    bf:45:4b:61:fa:35:a8:44:97:2f:c4:a6:08:f2:e7:
                    76:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B7:C9:76:B5:0C:17:57:31:1C:D7:D9:8A:82:E0:00:BA:F6:D3:F6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XbfJdrUMF1cxHNfZioLgALr20_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:66:ab:a3:39:27:a3:a8:58:97:28:1e:c5:22:9d:1e:f2:fc:
         42:ce:7a:f4:01:24:5d:03:19:02:51:55:ac:75:51:a2:f9:cc:
         17:42:a0:f0:3c:cf:67:97:70:9f:5d:ff:c5:40:1c:aa:08:f5:
         8b:30:a7:53:05:e7:f8:52:4f:4e:5e:b6:7d:a7:33:6e:4a:da:
         bb:d9:ef:16:35:2b:af:28:9b:57:00:bc:80:46:12:26:49:c5:
         82:f3:80:a3:80:a9:89:d4:de:6a:dd:90:ac:82:ae:2d:1b:5d:
         f1:42:99:2f:94:2e:71:bc:8f:02:4e:3f:d0:11:5a:f5:56:cb:
         11:89:95:5e:91:3e:06:95:80:fe:28:28:71:bd:eb:d2:11:6d:
         7a:41:24:d8:70:7e:dc:20:59:a4:20:43:3e:d2:a9:62:98:19:
         b2:e0:80:cf:a4:13:7a:74:78:9d:e4:13:76:66:d6:da:fb:d6:
         01:23:f8:96:78:80:22:c2:eb:1b:f7:6a:de:36:5a:b4:23:c9:
         59:80:3c:75:e4:11:67:de:92:07:b9:d7:13:1d:d8:85:95:6f:
         43:0c:a4:c3:65:86:de:94:d1:f8:72:9b:2a:5a:67:53:81:86:
         94:70:17:c7:49:0c:94:71:9f:75:b4:1f:39:19:1a:95:a7:36:
         8c:d3:fa:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8uE4dLxlJEMP4ywHKRHnFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDMwMDgxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI3Yzk3NmI1MGMxNzU3MzExY2Q3ZDk4YTgyZTAwMGJhZjZkM2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+dzvQBeISz3AUNBlhG/aBZq8mm4
ldkrxoZHwUbOLS4kaPM1aOLP5KAkcAKEX905XSQbl6OqIy9RMZ8tVXRyeph7z9UU
XB9HAOMNgoqvnVPBjcC8X+Pi480MDvfLmmGwIOaliryHzB7DZj491ZBFoyT8EcDD
Td+fHdvfxQF3J2F+xUDc2cBmnubhnys3+L9BobINEIo2X3kfVPygChSKuD3u5K28
27K4ZXdUWbsItNbbv6ea+x+6X/4HeZjOvl41DUp6k0KSgZVtMEUoD/lHU86cKiT8
b4N9ksdacAzG7dM6kX7z0aGvt6lbPJvky6+/RUth+jWoRJcvxKYI8ud2vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF23yXa1DBdXMRzX2YqC4AC69tP2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWGJmSmRyVU1GMWN4SE5mWmlvTGdBTHIyMF9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drWMA0G
CSqGSIb3DQEBCwUAA4IBAQBOZqujOSejqFiXKB7FIp0e8vxCznr0ASRdAxkCUVWs
dVGi+cwXQqDwPM9nl3CfXf/FQByqCPWLMKdTBef4Uk9OXrZ9pzNuStq72e8WNSuv
KJtXALyARhImScWC84CjgKmJ1N5q3ZCsgq4tG13xQpkvlC5xvI8CTj/QEVr1VssR
iZVekT4GlYD+KChxvevSEW16QSTYcH7cIFmkIEM+0qlimBmy4IDPpBN6dHid5BN2
Ztba+9YBI/iWeIAiwusb92reNlq0I8lZgDx15BFn3pIHudcTHdiFlW9DDKTDZYbe
lNH4cpsqWmdTgYaUcBfHSQyUcZ91tB85GRqVpzaM0/pf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org