Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ciKdmllVWcPxwgn95XSZkpLO6so.roa
File:                     ciKdmllVWcPxwgn95XSZkpLO6so.roa (raw, json)
Hash identifier:          sfq0f2KIh9nDXqZgAhRnIIKOu4xz8FAHXvygZyCc5so=
Subject key identifier:   72:22:9D:9A:59:55:59:C3:F1:C2:09:FD:E5:74:99:92:92:CE:EA:CA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E7676DD1EFF07A93B043653E04785FD6B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ciKdmllVWcPxwgn95XSZkpLO6so.roa
Signing time:             Mon 25 Mar 2024 16:34:45 +0000
ROA not before:           Mon 25 Mar 2024 16:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        80.240.85.0/24 maxlen: 24
                          80.240.87.0/24 maxlen: 24
                          217.145.71.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Apr 2024 07:49:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:76:dd:1e:ff:07:a9:3b:04:36:53:e0:47:85:fd:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 16:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72229d9a595559c3f1c209fde574999292ceeaca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:36:d0:e7:c2:d0:ca:60:fd:25:e5:e5:a0:a0:
                    d4:db:f7:03:1f:a1:5e:7e:0e:bf:e9:7f:3f:5e:03:
                    23:6f:e8:72:e3:b4:b8:3f:26:40:55:7d:d9:1a:b8:
                    8c:f6:5a:80:e0:8c:48:59:1a:d4:0b:ac:e1:f8:4d:
                    ef:85:db:0c:90:82:5e:d4:25:3a:cb:99:88:48:e5:
                    08:96:e5:76:ae:fc:28:a0:bc:79:a3:ba:2b:ca:d9:
                    50:d1:09:34:4b:6b:b7:e9:2a:16:32:1e:50:47:c5:
                    c6:c1:39:a7:99:e2:36:ba:00:1e:28:f5:e0:b7:e3:
                    cc:21:2c:bf:c9:24:8e:00:9a:1a:32:0e:bb:86:ca:
                    07:89:0a:bd:ac:c5:1a:ad:5a:c5:99:49:e1:f4:6f:
                    c0:6e:1d:67:6c:8c:6a:e3:5c:1a:86:0c:b6:16:84:
                    43:9f:b9:66:25:c3:70:70:46:1d:0b:82:1e:d9:39:
                    64:3b:6a:51:d3:7c:0c:b3:af:7b:e7:a5:6d:92:82:
                    7e:ac:2d:59:19:bf:12:f8:66:06:95:93:fb:c0:02:
                    97:f7:46:5c:15:f3:4b:74:85:cc:42:a8:39:e5:46:
                    bd:c0:93:d0:23:9a:5b:1f:9e:9b:b3:82:18:cb:8d:
                    55:a2:a0:95:3c:e5:06:df:93:b7:4f:f7:46:e3:b7:
                    46:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:22:9D:9A:59:55:59:C3:F1:C2:09:FD:E5:74:99:92:92:CE:EA:CA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ciKdmllVWcPxwgn95XSZkpLO6so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.85.0/24
                  80.240.87.0/24
                  217.145.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e4:04:a9:08:f1:aa:ef:46:fe:db:3c:be:e8:ec:0c:4e:64:
         80:b7:aa:a4:55:0e:19:6b:0c:44:de:81:00:dc:47:c3:a5:6d:
         e1:a4:94:f8:14:5b:8d:17:15:19:3c:66:b9:33:21:d3:df:da:
         d3:d6:e1:be:f5:84:5a:79:be:fa:0f:3c:46:9f:9f:06:e8:c6:
         70:86:4b:ff:00:b7:05:99:37:9c:a1:6d:ef:f6:fd:88:a0:ec:
         23:4e:a4:01:c5:4f:e4:d9:a7:ea:c6:0f:44:ad:87:de:78:58:
         e6:93:d2:fd:94:6d:74:93:48:bf:1a:b8:63:89:12:8f:a5:4c:
         8c:62:0f:58:e6:62:57:01:09:f1:ac:35:38:a1:19:ce:6a:cf:
         fc:f7:45:96:e6:38:26:5a:5f:b9:2f:63:78:69:46:5c:13:5d:
         8a:cb:b4:62:46:6c:84:12:20:de:fc:35:fb:6a:5c:78:aa:57:
         5e:47:16:41:2f:6e:70:3f:c7:10:f7:32:3a:e1:6e:15:b5:1c:
         49:c7:1e:67:28:9f:e7:29:27:e2:74:cf:43:2f:1f:cc:33:33:
         5e:63:3c:88:a1:02:81:a2:b5:8b:4d:df:d6:1b:37:96:5c:36:
         60:46:18:84:21:7c:d6:84:eb:21:8a:9d:af:df:f6:2a:ab:fb:
         ff:e4:8f:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY52dt0e/wepOwQ2U+BHhf1rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI1MTYzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjIyOWQ5YTU5NTU1OWMzZjFjMjA5ZmRlNTc0OTk5MjkyY2VlYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTbQ58LQymD9JeXloKDU2/cDH6Fe
fg6/6X8/XgMjb+hy47S4PyZAVX3ZGriM9lqA4IxIWRrUC6zh+E3vhdsMkIJe1CU6
y5mISOUIluV2rvwooLx5o7orytlQ0Qk0S2u36SoWMh5QR8XGwTmnmeI2ugAeKPXg
t+PMISy/ySSOAJoaMg67hsoHiQq9rMUarVrFmUnh9G/Abh1nbIxq41wahgy2FoRD
n7lmJcNwcEYdC4Ie2TlkO2pR03wMs69756VtkoJ+rC1ZGb8S+GYGlZP7wAKX90Zc
FfNLdIXMQqg55Ua9wJPQI5pbH56bs4IYy41VoqCVPOUG35O3T/dG47dGpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHIinZpZVVnD8cIJ/eV0mZKSzurKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY2lLZG1sbFZXY1B4d2duOTVYU1prcExPNnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUPBVAwQA
UPBXAwQA2ZFHMA0GCSqGSIb3DQEBCwUAA4IBAQA05ASpCPGq70b+2zy+6OwMTmSA
t6qkVQ4ZawxE3oEA3EfDpW3hpJT4FFuNFxUZPGa5MyHT39rT1uG+9YRaeb76DzxG
n58G6MZwhkv/ALcFmTecoW3v9v2IoOwjTqQBxU/k2afqxg9ErYfeeFjmk9L9lG10
k0i/GrhjiRKPpUyMYg9Y5mJXAQnxrDU4oRnOas/890WW5jgmWl+5L2N4aUZcE12K
y7RiRmyEEiDe/DX7alx4qldeRxZBL25wP8cQ9zI64W4VtRxJxx5nKJ/nKSfidM9D
Lx/MMzNeYzyIoQKBorWLTd/WGzeWXDZgRhiEIXzWhOship2v3/Yqq/v/5I+h
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org