Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aMF_yhe5rAvNAHljHutDLR1gRQQ.roa
File:                     aMF_yhe5rAvNAHljHutDLR1gRQQ.roa (raw, json)
Hash identifier:          6LiWsfI+PXTgzJnVjd6AKWM7GpXUSuMsaSRxVwFT83M=
Subject key identifier:   68:C1:7F:CA:17:B9:AC:0B:CD:00:79:63:1E:EB:43:2D:1D:60:45:04
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018A933B9680B2864A98273B5A85D843A5A9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aMF_yhe5rAvNAHljHutDLR1gRQQ.roa
Signing time:             Thu 14 Sep 2023 10:27:50 +0000
ROA not before:           Thu 14 Sep 2023 10:27:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209242
IP address blocks:        89.213.139.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Sep 2023 07:04:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:93:3b:96:80:b2:86:4a:98:27:3b:5a:85:d8:43:a5:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 14 10:27:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=68c17fca17b9ac0bcd0079631eeb432d1d604504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:0b:65:7f:8b:9e:b8:3f:a8:14:c7:b1:75:8e:
                    7c:69:ee:36:9e:c0:ce:82:04:0e:cd:b0:1b:8e:e4:
                    e8:79:e2:14:6d:eb:6c:be:16:52:64:3d:ef:b6:0e:
                    89:52:2d:d3:40:01:b1:fc:6f:4d:9d:7a:9f:fe:29:
                    6e:6e:aa:e3:b2:45:7a:a6:02:e0:0a:ac:a5:b0:77:
                    e1:f9:cb:a1:e1:60:be:56:6a:be:ad:35:f1:8f:75:
                    f2:1c:10:e3:fb:21:4a:69:a3:fc:cd:ce:0d:3c:80:
                    63:67:77:43:fb:b8:9b:fc:df:39:29:55:27:f1:bd:
                    7d:76:66:5b:c5:4e:99:13:d9:96:3d:f7:7b:fd:2e:
                    93:37:43:e2:0e:be:b3:1d:4c:c0:bc:33:b5:02:29:
                    f0:08:29:78:4d:56:0a:fe:60:ba:96:3e:a1:6f:1b:
                    75:f5:f4:bf:b9:8d:12:c1:7d:5b:e2:4c:14:0a:ff:
                    7b:23:c8:82:86:99:b7:de:6c:3e:13:9b:6f:20:3a:
                    35:ed:e2:f2:d7:ad:56:8a:0e:68:09:26:9d:0d:27:
                    9d:ee:c4:f7:cc:28:39:0b:b0:1d:5c:af:a1:2a:b4:
                    e0:c4:11:43:8d:8f:57:63:de:46:e9:f7:4e:97:ba:
                    d1:e5:88:e7:85:35:df:58:ae:fe:fb:d2:56:22:19:
                    3c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C1:7F:CA:17:B9:AC:0B:CD:00:79:63:1E:EB:43:2D:1D:60:45:04
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aMF_yhe5rAvNAHljHutDLR1gRQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:41:ca:7d:5d:bb:46:26:bc:b4:2b:1c:d2:bb:2f:11:8a:ac:
         ab:27:b6:22:d7:65:09:9e:d9:13:ca:9c:8e:b0:b6:39:5c:7b:
         f1:33:b2:6a:9c:dc:96:c8:ed:32:27:34:07:91:35:2f:9e:f8:
         e6:fc:51:be:27:26:16:c4:07:c6:10:20:36:a9:2d:60:68:58:
         40:cd:93:14:25:60:32:84:18:0a:83:3b:7d:97:4d:6a:76:f7:
         1b:5a:15:27:5d:e9:99:ee:d3:25:cd:f5:76:22:e6:01:ec:63:
         f8:f3:a6:94:6f:6d:6a:63:e3:bb:aa:b0:71:0b:36:1f:8a:31:
         33:51:3d:7b:61:d8:aa:3d:c1:65:61:af:1d:8d:c4:1c:3f:91:
         a0:48:57:34:8f:50:51:22:6f:6d:e9:0d:fc:28:4a:12:a6:da:
         ce:97:2e:80:a8:a4:96:b0:c8:19:c8:7b:63:6d:0a:5f:35:94:
         1a:de:f5:d0:70:3b:ae:e8:05:db:61:6e:d6:a1:2e:8e:30:fb:
         7e:b3:46:6c:01:aa:14:d9:f1:e9:c5:9f:65:2e:d6:a3:61:c6:
         7f:25:b1:84:19:dc:be:8b:d9:49:8b:3e:a4:17:49:d7:38:46:
         e2:21:a9:48:4a:13:e7:8f:70:50:d4:5d:5d:68:b2:67:7d:71:
         78:e5:61:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYqTO5aAsoZKmCc7WoXYQ6WpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTE0MTAyNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGMxN2ZjYTE3YjlhYzBiY2QwMDc5NjMxZWViNDMyZDFkNjA0NTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qtlf4ueuD+oFMexdY58ae42nsDO
ggQOzbAbjuToeeIUbetsvhZSZD3vtg6JUi3TQAGx/G9NnXqf/ilubqrjskV6pgLg
CqylsHfh+cuh4WC+Vmq+rTXxj3XyHBDj+yFKaaP8zc4NPIBjZ3dD+7ib/N85KVUn
8b19dmZbxU6ZE9mWPfd7/S6TN0PiDr6zHUzAvDO1AinwCCl4TVYK/mC6lj6hbxt1
9fS/uY0SwX1b4kwUCv97I8iChpm33mw+E5tvIDo17eLy161Wig5oCSadDSed7sT3
zCg5C7AdXK+hKrTgxBFDjY9XY95G6fdOl7rR5YjnhTXfWK7++9JWIhk8fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjBf8oXuawLzQB5Yx7rQy0dYEUEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYU1GX3loZTVyQXZOQUhsakh1dERMUjFnUlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWLMA0G
CSqGSIb3DQEBCwUAA4IBAQAIQcp9XbtGJry0KxzSuy8RiqyrJ7Yi12UJntkTypyO
sLY5XHvxM7JqnNyWyO0yJzQHkTUvnvjm/FG+JyYWxAfGECA2qS1gaFhAzZMUJWAy
hBgKgzt9l01qdvcbWhUnXemZ7tMlzfV2IuYB7GP486aUb21qY+O7qrBxCzYfijEz
UT17YdiqPcFlYa8djcQcP5GgSFc0j1BRIm9t6Q38KEoSptrOly6AqKSWsMgZyHtj
bQpfNZQa3vXQcDuu6AXbYW7WoS6OMPt+s0ZsAaoU2fHpxZ9lLtajYcZ/JbGEGdy+
i9lJiz6kF0nXOEbiIalIShPnj3BQ1F1daLJnfXF45WGR
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org