Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kRAyGKF9xnJFpHor1vZaKIbGdg0.roa
File:                     kRAyGKF9xnJFpHor1vZaKIbGdg0.roa (raw, json)
Hash identifier:          jBRG3WTM3Mqk6OfSXJ404O90KmWfEhTHuhG6TwYPflg=
Subject key identifier:   91:10:32:18:A1:7D:C6:72:45:A4:7A:2B:D6:F6:5A:28:86:C6:76:0D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018B3C836869A6C6DE4BFB1833FF8E17DDC4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kRAyGKF9xnJFpHor1vZaKIbGdg0.roa
Signing time:             Tue 17 Oct 2023 07:22:06 +0000
ROA not before:           Tue 17 Oct 2023 07:22:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51741
IP address blocks:        89.213.152.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 Nov 2023 10:27:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:3c:83:68:69:a6:c6:de:4b:fb:18:33:ff:8e:17:dd:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 17 07:22:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91103218a17dc67245a47a2bd6f65a2886c6760d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7b:f6:46:56:1a:fb:8e:f8:87:68:49:49:7a:
                    3d:b0:a6:ad:de:26:dd:04:50:63:e2:69:47:0d:63:
                    8b:47:fe:48:55:e4:00:6a:bb:87:1c:42:e8:49:53:
                    73:85:2c:7a:1a:fd:41:ba:2a:ec:3c:79:34:f7:12:
                    01:3b:b2:df:62:bf:8f:4f:a8:94:7e:2e:6e:80:fd:
                    a2:d5:07:2c:2b:34:ff:a4:8c:fa:90:c6:9b:00:ca:
                    c3:51:58:cb:85:1b:4d:bd:fb:df:6f:de:01:d7:1b:
                    87:d2:85:26:4d:b2:33:d7:47:2d:b7:8c:0d:3a:6e:
                    51:d2:92:93:80:a8:fc:36:95:f8:bc:b0:f5:0b:24:
                    af:c6:cf:7e:1b:a6:05:43:52:9d:8a:72:3f:e1:0c:
                    30:f6:ff:93:7f:f1:4a:02:9e:3f:47:59:ce:8e:85:
                    0c:ea:04:2f:c5:19:27:14:e3:3c:b5:73:6f:9b:de:
                    62:bd:b1:5f:16:eb:3f:8e:79:16:c7:00:f5:ea:28:
                    e0:ad:19:0e:be:65:48:e0:fb:46:bb:b0:ff:43:ea:
                    5e:aa:5b:4f:4e:af:34:59:5a:31:cf:af:bb:b9:ab:
                    3a:52:ad:18:db:33:b1:88:c3:41:91:ac:f7:bb:69:
                    97:89:04:9a:81:aa:e0:9f:9a:ac:76:45:66:73:11:
                    cc:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:10:32:18:A1:7D:C6:72:45:A4:7A:2B:D6:F6:5A:28:86:C6:76:0D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kRAyGKF9xnJFpHor1vZaKIbGdg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:26:ef:19:85:16:bd:1c:f3:56:11:90:44:d8:b8:1e:f9:0b:
         b5:e8:e0:35:9a:35:fb:9c:f5:b3:f9:10:bb:78:5b:ca:e2:fa:
         27:5f:2e:05:8b:47:ad:02:0a:df:e9:62:f4:e1:9a:39:1b:8d:
         c3:3d:00:a2:42:5f:b2:a7:e9:9b:45:22:f5:5e:d9:0b:3c:0a:
         39:0c:c5:71:88:f7:ba:2a:9a:08:36:66:3d:62:54:98:b5:24:
         85:e2:8d:65:f7:10:d7:a0:c2:4e:13:ca:b2:79:a5:79:40:b2:
         70:c8:09:cd:ab:94:af:4a:f8:9e:c2:74:0c:de:9c:91:de:2d:
         16:7a:fd:54:de:e3:68:a5:9d:59:8e:04:35:c0:58:6b:d6:f7:
         aa:0c:2c:bc:b5:d9:26:e3:7f:e0:dc:21:5a:a1:68:dc:9f:51:
         b0:23:60:f5:d3:31:39:7e:27:e9:2a:6d:5c:b4:b9:8c:33:8a:
         85:52:bf:72:aa:49:b8:b8:6a:3e:e4:2f:a1:b7:8e:93:6e:dc:
         ff:c0:45:ca:12:d6:c3:f8:be:b8:51:be:02:02:2e:e3:8f:d5:
         7f:fc:3e:4f:08:22:e5:d2:ec:84:b9:51:13:f8:83:e6:15:10:
         ff:26:02:21:e2:47:1e:bb:29:0a:8c:3f:b5:9c:40:43:29:b3:
         14:e8:2a:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYs8g2hppsbeS/sYM/+OF93EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDE3MDcyMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTEwMzIxOGExN2RjNjcyNDVhNDdhMmJkNmY2NWEyODg2YzY3NjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3v2RlYa+474h2hJSXo9sKat3ibd
BFBj4mlHDWOLR/5IVeQAaruHHELoSVNzhSx6Gv1BuirsPHk09xIBO7LfYr+PT6iU
fi5ugP2i1QcsKzT/pIz6kMabAMrDUVjLhRtNvfvfb94B1xuH0oUmTbIz10ctt4wN
Om5R0pKTgKj8NpX4vLD1CySvxs9+G6YFQ1KdinI/4Qww9v+Tf/FKAp4/R1nOjoUM
6gQvxRknFOM8tXNvm95ivbFfFus/jnkWxwD16ijgrRkOvmVI4PtGu7D/Q+peqltP
Tq80WVoxz6+7uas6Uq0Y2zOxiMNBkaz3u2mXiQSagargn5qsdkVmcxHMHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEQMhihfcZyRaR6K9b2WiiGxnYNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva1JBeUdLRjl4bkpGcEhvcjF2WmFLSWJHZGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWYMA0G
CSqGSIb3DQEBCwUAA4IBAQAfJu8ZhRa9HPNWEZBE2Lge+Qu16OA1mjX7nPWz+RC7
eFvK4vonXy4Fi0etAgrf6WL04Zo5G43DPQCiQl+yp+mbRSL1XtkLPAo5DMVxiPe6
KpoINmY9YlSYtSSF4o1l9xDXoMJOE8qyeaV5QLJwyAnNq5SvSviewnQM3pyR3i0W
ev1U3uNopZ1ZjgQ1wFhr1veqDCy8tdkm43/g3CFaoWjcn1GwI2D10zE5fifpKm1c
tLmMM4qFUr9yqkm4uGo+5C+ht46Tbtz/wEXKEtbD+L64Ub4CAi7jj9V//D5PCCLl
0uyEuVET+IPmFRD/JgIh4kceuykKjD+1nEBDKbMU6Cqq
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:30 2024 by rpki-client on console-ams.rpki-client.org