Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gGQklpKljQ3IDeTeqCfzDEp3sMQ.roa
File:                     gGQklpKljQ3IDeTeqCfzDEp3sMQ.roa (raw, json)
Hash identifier:          L5R2gibQoMg4VLMAoLCqk9KkhS4SjluQtyDPacA992A=
Subject key identifier:   80:64:24:96:92:A5:8D:0D:C8:0D:E4:DE:A8:27:F3:0C:4A:77:B0:C4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E6006DF321CFF1C155AADC8B7C4503C7D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gGQklpKljQ3IDeTeqCfzDEp3sMQ.roa
Signing time:             Thu 21 Mar 2024 08:00:46 +0000
ROA not before:           Thu 21 Mar 2024 08:00:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.223.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Mar 2024 14:53:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:06:df:32:1c:ff:1c:15:5a:ad:c8:b7:c4:50:3c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 21 08:00:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8064249692a58d0dc80de4dea827f30c4a77b0c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:49:c5:57:f8:89:94:8a:c5:1d:40:7b:a4:f6:
                    21:c6:26:20:ae:97:57:56:d7:49:6d:47:12:b7:12:
                    f8:3f:55:ca:5a:79:99:3f:33:eb:2d:a5:13:24:ac:
                    00:40:9a:38:e7:56:27:70:9c:88:48:b3:92:96:83:
                    3e:f2:6a:57:5e:f7:94:74:d3:4c:ae:27:45:04:4b:
                    2f:b9:71:e3:06:0c:c1:e7:13:3b:7e:ce:18:f9:a6:
                    3c:d7:26:10:63:8b:dd:17:c4:db:a9:3e:88:e7:f2:
                    30:07:7c:be:d5:f9:3d:d1:1d:b9:21:a6:ca:d2:3a:
                    9e:8b:2b:3c:28:8d:00:cc:67:16:27:13:92:c4:4e:
                    19:fb:48:22:2e:40:ae:bd:42:c2:24:59:80:78:c0:
                    32:37:1f:44:8f:88:05:41:31:2d:ab:29:ff:ca:7f:
                    1a:8b:35:28:1d:98:1f:19:6c:a0:93:a3:66:48:56:
                    e2:72:73:f6:0f:38:3e:70:85:98:00:07:12:f8:29:
                    29:a6:52:8e:6f:57:13:d0:18:b0:d0:03:3e:27:c1:
                    dd:e5:9d:7d:e8:55:3c:98:91:80:03:c4:24:e3:a4:
                    ca:fe:53:a5:6c:ad:f4:c6:c1:56:dd:67:69:41:ed:
                    c0:fb:2d:91:bf:a2:b5:c1:41:05:a9:fd:79:a2:6d:
                    65:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:64:24:96:92:A5:8D:0D:C8:0D:E4:DE:A8:27:F3:0C:4A:77:B0:C4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gGQklpKljQ3IDeTeqCfzDEp3sMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.107.0/24
                  89.213.112.0/24
                  89.213.116.0/24
                  89.213.157.0/24
                  89.213.223.0/24
                  89.213.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:9f:03:72:24:1b:fb:be:1e:e2:ab:4b:92:64:c2:e5:82:0b:
         26:69:be:82:b5:18:56:66:9f:3e:c7:ca:34:6a:b2:7a:85:50:
         ed:5b:bb:a9:a1:a5:db:6b:ef:c2:b5:74:fd:fb:2a:19:9b:8d:
         3e:91:89:7c:24:f0:fd:b2:f3:53:82:3a:0a:27:94:4c:10:d2:
         6c:96:66:17:ae:ea:ff:59:49:e5:7d:4d:d7:f4:dd:63:d7:9b:
         09:6c:06:3a:74:f3:15:e5:2c:28:73:1b:32:b9:8a:be:a3:9b:
         27:05:ff:cb:d5:6d:9e:d6:83:d7:6e:1c:d8:7a:b6:b1:f1:69:
         e6:13:d2:11:4b:48:55:5d:84:d2:6f:5e:e7:5d:eb:d8:27:5e:
         d2:89:41:a4:af:65:7a:17:e6:b3:bb:4b:e7:19:e0:25:8c:98:
         b5:d0:87:b3:24:48:78:82:bd:58:93:80:80:0f:f4:34:d0:4f:
         ec:18:b5:57:c9:89:04:f7:ff:21:ef:13:74:8c:fc:f8:ed:71:
         75:a9:9f:e4:9d:68:11:2d:0e:39:06:96:bd:f0:e9:42:4f:66:
         ad:ad:ff:9d:90:03:57:a4:89:27:9e:9f:cf:67:09:50:f7:97:
         de:63:8d:4f:be:ba:11:04:7e:01:8a:b8:21:5e:b3:99:fb:10:
         2c:e2:2f:c8
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY5gBt8yHP8cFVqtyLfEUDx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzIxMDgwMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDY0MjQ5NjkyYTU4ZDBkYzgwZGU0ZGVhODI3ZjMwYzRhNzdiMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0nFV/iJlIrFHUB7pPYhxiYgrpdX
VtdJbUcStxL4P1XKWnmZPzPrLaUTJKwAQJo451YncJyISLOSloM+8mpXXveUdNNM
ridFBEsvuXHjBgzB5xM7fs4Y+aY81yYQY4vdF8TbqT6I5/IwB3y+1fk90R25IabK
0jqeiys8KI0AzGcWJxOSxE4Z+0giLkCuvULCJFmAeMAyNx9Ej4gFQTEtqyn/yn8a
izUoHZgfGWygk6NmSFbicnP2Dzg+cIWYAAcS+CkpplKOb1cT0Biw0AM+J8Hd5Z19
6FU8mJGAA8Qk46TK/lOlbK30xsFW3WdpQe3A+y2Rv6K1wUEFqf15om1lIwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIBkJJaSpY0NyA3k3qgn8wxKd7DEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ0dRa2xwS2xqUTNJRGVUZXFDZnpERXAzc01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAWdVrAwQA
WdVwAwQAWdV0AwQAWdWdAwQAWdXfAwQAWdXjMA0GCSqGSIb3DQEBCwUAA4IBAQCi
nwNyJBv7vh7iq0uSZMLlggsmab6CtRhWZp8+x8o0arJ6hVDtW7upoaXba+/CtXT9
+yoZm40+kYl8JPD9svNTgjoKJ5RMENJslmYXrur/WUnlfU3X9N1j15sJbAY6dPMV
5SwocxsyuYq+o5snBf/L1W2e1oPXbhzYerax8WnmE9IRS0hVXYTSb17nXevYJ17S
iUGkr2V6F+azu0vnGeAljJi10IezJEh4gr1Yk4CAD/Q00E/sGLVXyYkE9/8h7xN0
jPz47XF1qZ/knWgRLQ45Bpa98OlCT2atrf+dkANXpIknnp/PZwlQ95feY41PvroR
BH4BirghXrOZ+xAs4i/I
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org