Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z4Ocz4dPm20rLoIclfH4iUj0sJE.roa
File:                     Z4Ocz4dPm20rLoIclfH4iUj0sJE.roa (raw, json)
Hash identifier:          B8+u1e6gKBqFdAXRzD6weKyD8OomZTPz86h9uReyGXs=
Subject key identifier:   67:83:9C:CF:87:4F:9B:6D:2B:2E:82:1C:95:F1:F8:89:48:F4:B0:91
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018825C6FBB013255A5CDCB2C329C97FA575
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z4Ocz4dPm20rLoIclfH4iUj0sJE.roa
Signing time:             Tue 16 May 2023 18:16:17 +0000
ROA not before:           Tue 16 May 2023 18:16:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198652
IP address blocks:        82.152.108.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 16 Jun 2023 13:38:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:25:c6:fb:b0:13:25:5a:5c:dc:b2:c3:29:c9:7f:a5:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 16 18:16:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=67839ccf874f9b6d2b2e821c95f1f88948f4b091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ea:53:48:cd:4d:ae:47:13:d6:55:c4:f7:f8:
                    3c:3a:90:56:d7:ae:fb:3b:d0:82:b8:84:a2:45:8d:
                    57:f2:8c:3e:8c:48:dc:a6:9a:ca:eb:bb:03:2a:e8:
                    96:5e:7d:16:ac:67:d6:2d:79:a5:d7:05:41:40:4f:
                    70:d8:dd:da:ef:05:2b:97:1b:f0:ac:55:96:bb:4b:
                    2f:20:a1:1e:e2:58:37:1b:c7:95:23:ad:90:d8:35:
                    f1:33:0a:2d:0d:10:21:48:31:4e:2d:7b:78:a3:c2:
                    3c:05:a0:da:e7:df:33:c7:a2:62:c1:b6:d0:f8:c2:
                    f1:5d:c5:3d:bc:1c:2b:ef:fb:82:41:c4:e3:3f:45:
                    0c:fa:fa:05:33:9c:0d:e5:93:1c:67:e5:44:97:b3:
                    d3:bd:77:2b:c7:b0:10:27:9f:7a:e7:64:dd:b2:1f:
                    ab:65:d5:ad:06:24:0a:56:78:cf:57:8b:bd:0e:48:
                    d1:34:1d:38:b1:64:ec:8f:72:9c:6b:2b:a7:2d:69:
                    e3:f1:ce:93:3a:dd:89:95:34:2c:e2:c1:76:1b:0d:
                    28:24:6e:c1:d4:4c:9b:2b:6e:68:12:d2:ba:b5:b1:
                    35:ba:98:94:f5:0b:0a:dd:a1:68:a5:08:79:8e:9c:
                    db:31:3a:bc:46:d3:ed:45:f5:28:05:ad:be:b7:38:
                    55:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:83:9C:CF:87:4F:9B:6D:2B:2E:82:1C:95:F1:F8:89:48:F4:B0:91
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z4Ocz4dPm20rLoIclfH4iUj0sJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:43:ee:30:00:6c:42:29:0f:46:c4:af:7f:42:64:ad:e9:be:
         97:a9:11:1c:3b:3a:9b:70:f8:bb:3c:26:b4:56:9c:dd:be:92:
         36:74:ae:9d:4f:0a:c7:22:63:a9:f1:b0:26:f7:ff:70:d9:5d:
         56:23:3f:e0:74:d3:cf:de:1f:1f:bd:6f:41:c9:1c:4c:9f:50:
         62:88:2b:32:7a:48:ca:8c:e2:81:fc:fe:1f:79:f6:ea:b7:85:
         7c:1b:a9:37:13:00:cc:cd:11:18:35:8a:d6:76:ca:d0:e8:60:
         44:13:d1:aa:ea:92:a0:7a:3c:ce:5c:bb:aa:60:12:18:6e:ed:
         09:19:85:09:10:53:5d:cb:de:f0:1e:9c:0c:fb:a5:b5:17:05:
         a8:97:d7:b9:d5:b9:d4:6f:99:5b:4d:98:1c:1c:c9:62:8c:8a:
         5d:3c:c2:d4:35:e4:15:e3:29:61:32:e5:1f:49:74:2d:5a:41:
         5e:fb:74:4f:80:6d:8d:ec:02:9a:b1:3d:f4:f3:6c:a7:a3:a0:
         21:dd:c4:e7:37:bb:db:00:02:52:7f:c9:4d:98:7f:cd:9e:bd:
         1d:75:47:7a:8b:02:53:14:21:9b:d2:a7:07:b5:61:1d:21:1a:
         b7:c1:a0:85:dc:eb:95:27:fc:5f:a2:dc:ea:f5:ba:7d:fe:32:
         2f:10:e4:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYglxvuwEyVaXNyywynJf6V1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTE2MTgxNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzgzOWNjZjg3NGY5YjZkMmIyZTgyMWM5NWYxZjg4OTQ4ZjRiMDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2epTSM1NrkcT1lXE9/g8OpBW1677
O9CCuISiRY1X8ow+jEjcpprK67sDKuiWXn0WrGfWLXml1wVBQE9w2N3a7wUrlxvw
rFWWu0svIKEe4lg3G8eVI62Q2DXxMwotDRAhSDFOLXt4o8I8BaDa598zx6JiwbbQ
+MLxXcU9vBwr7/uCQcTjP0UM+voFM5wN5ZMcZ+VEl7PTvXcrx7AQJ59652Tdsh+r
ZdWtBiQKVnjPV4u9DkjRNB04sWTsj3KcayunLWnj8c6TOt2JlTQs4sF2Gw0oJG7B
1EybK25oEtK6tbE1upiU9QsK3aFopQh5jpzbMTq8RtPtRfUoBa2+tzhVCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeDnM+HT5ttKy6CHJXx+IlI9LCRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWjRPY3o0ZFBtMjByTG9JY2xmSDRpVWowc0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUphsMA0G
CSqGSIb3DQEBCwUAA4IBAQAyQ+4wAGxCKQ9GxK9/QmSt6b6XqREcOzqbcPi7PCa0
VpzdvpI2dK6dTwrHImOp8bAm9/9w2V1WIz/gdNPP3h8fvW9ByRxMn1BiiCsyekjK
jOKB/P4fefbqt4V8G6k3EwDMzREYNYrWdsrQ6GBEE9Gq6pKgejzOXLuqYBIYbu0J
GYUJEFNdy97wHpwM+6W1FwWol9e51bnUb5lbTZgcHMlijIpdPMLUNeQV4ylhMuUf
SXQtWkFe+3RPgG2N7AKasT3082yno6Ah3cTnN7vbAAJSf8lNmH/Nnr0ddUd6iwJT
FCGb0qcHtWEdIRq3waCF3OuVJ/xfotzq9bp9/jIvEOTL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org