Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kwVBOOlcOXVhIkTQpRaEt-d9fJE.roa
File:                     kwVBOOlcOXVhIkTQpRaEt-d9fJE.roa (raw, json)
Hash identifier:          UJMmOqT2ePcamp1ABVvbmD8G5+fhk+VdEeeTBoqbBhU=
Subject key identifier:   93:05:41:38:E9:5C:39:75:61:22:44:D0:A5:16:84:B7:E7:7D:7C:91
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3495C7462A2EFBF2B227D1A83504BF5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kwVBOOlcOXVhIkTQpRaEt-d9fJE.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        109.176.212.0/23 maxlen: 24
                          109.176.214.0/23 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          89.213.46.0/23 maxlen: 24
                          82.153.10.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 07:55:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5c:74:62:a2:ef:bf:2b:22:7d:1a:83:50:4b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93054138e95c3975612244d0a51684b7e77d7c91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9b:95:29:86:ff:53:fd:bb:17:c4:2f:77:e2:
                    f1:d0:d4:6a:6a:e3:cf:7e:f4:2a:a5:8a:3a:b3:64:
                    3d:16:fa:c2:2c:04:ae:23:7c:35:ae:e6:2b:d1:6f:
                    16:a9:76:81:ca:82:6f:78:f1:d2:23:4e:cd:bd:cd:
                    04:21:56:73:59:c0:6f:7c:4e:57:c1:cf:19:6b:7d:
                    a5:c4:aa:0d:77:0e:bd:31:43:5f:ac:f1:b8:5a:7c:
                    c4:65:7c:1b:8f:1a:4e:0c:5e:9b:14:1e:f2:72:7f:
                    cd:db:ab:a4:7e:e2:33:41:ad:76:23:8a:b6:5b:9b:
                    04:cd:03:91:40:c5:66:b9:b1:ef:20:c4:17:53:20:
                    56:52:41:41:1d:f6:6c:1d:59:0e:f8:cd:8d:63:1f:
                    11:8a:3f:c7:ae:24:9a:13:a0:38:e4:f6:aa:0b:2d:
                    86:8b:4a:86:8e:b1:6d:aa:7c:f6:a3:f7:53:4b:ad:
                    dd:b3:b6:2f:7c:05:44:2b:b3:b3:01:3c:32:72:a2:
                    4f:25:35:54:d5:dd:cb:6f:c4:3c:24:3c:04:a6:35:
                    9c:de:c8:c6:ea:e9:ce:34:b3:c1:c3:a4:3a:16:b0:
                    b3:08:4a:d7:5a:df:61:61:70:44:12:6e:15:c5:98:
                    a2:80:28:66:67:a9:a4:5c:c2:05:c0:d1:2c:92:8f:
                    ba:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:05:41:38:E9:5C:39:75:61:22:44:D0:A5:16:84:B7:E7:7D:7C:91
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kwVBOOlcOXVhIkTQpRaEt-d9fJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.123.0/24
                  82.153.10.0/24
                  89.213.46.0/23
                  109.176.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:45:4e:b1:a4:ae:c5:59:8c:e8:57:65:76:2e:3c:e3:05:fc:
         82:cb:4a:26:0e:5c:d5:96:ad:88:ec:6b:ab:c4:ae:d8:bd:1b:
         17:a0:2a:cf:b3:14:4a:aa:3f:c9:d4:9f:c4:ff:08:c1:e7:db:
         90:58:8f:f8:cc:0b:63:ca:0d:d8:8e:02:f3:08:e7:8c:73:2a:
         76:45:66:80:7b:a5:46:af:60:c9:0a:b0:fa:92:5e:1f:25:74:
         6e:83:ad:bd:8b:e7:56:b5:c7:81:7c:07:92:a1:8c:ca:c0:26:
         3f:f5:31:81:6e:8e:20:1d:37:f1:a2:d3:ed:3c:df:1f:a0:4f:
         56:5f:1e:f4:6d:e4:a6:07:9c:9c:25:a5:a9:1f:9f:70:d5:46:
         e0:be:ec:4e:ec:7d:e0:cb:6f:67:59:7e:e7:51:87:0c:f4:5f:
         90:66:31:0c:26:62:9c:83:cf:db:c2:6c:b6:c4:26:4d:ec:9a:
         29:f5:de:2d:aa:df:8b:5c:f8:e6:46:fe:8f:ab:8c:d2:84:11:
         81:32:f7:ea:de:ae:4f:9e:07:44:78:9a:f2:1d:a5:9a:d9:5e:
         30:7d:ed:cf:ff:ba:27:41:72:58:55:26:04:ef:76:eb:88:7f:
         19:f9:20:c9:37:73:ab:c8:02:0b:fb:1c:bd:eb:f2:c6:f3:d1:
         a6:30:0d:df
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzDSVx0YqLvvysifRqDUEv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA1NDEzOGU5NWMzOTc1NjEyMjQ0ZDBhNTE2ODRiN2U3N2Q3YzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZuVKYb/U/27F8Qvd+Lx0NRqauPP
fvQqpYo6s2Q9FvrCLASuI3w1ruYr0W8WqXaByoJvePHSI07Nvc0EIVZzWcBvfE5X
wc8Za32lxKoNdw69MUNfrPG4WnzEZXwbjxpODF6bFB7ycn/N26ukfuIzQa12I4q2
W5sEzQORQMVmubHvIMQXUyBWUkFBHfZsHVkO+M2NYx8Rij/HriSaE6A45PaqCy2G
i0qGjrFtqnz2o/dTS63ds7YvfAVEK7OzATwycqJPJTVU1d3Lb8Q8JDwEpjWc3sjG
6unONLPBw6Q6FrCzCErXWt9hYXBEEm4VxZiigChmZ6mkXMIFwNEsko+66wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJMFQTjpXDl1YSJE0KUWhLfnfXyRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva3dWQk9PbGNPWFZoSWtUUXBSYUV0LWQ5ZkpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUah7AwQA
UpkKAwQBWdUuAwQCbbDUMA0GCSqGSIb3DQEBCwUAA4IBAQCURU6xpK7FWYzoV2V2
LjzjBfyCy0omDlzVlq2I7GurxK7YvRsXoCrPsxRKqj/J1J/E/wjB59uQWI/4zAtj
yg3YjgLzCOeMcyp2RWaAe6VGr2DJCrD6kl4fJXRug629i+dWtceBfAeSoYzKwCY/
9TGBbo4gHTfxotPtPN8foE9WXx70beSmB5ycJaWpH59w1UbgvuxO7H3gy29nWX7n
UYcM9F+QZjEMJmKcg8/bwmy2xCZN7Jop9d4tqt+LXPjmRv6Pq4zShBGBMvfq3q5P
ngdEeJryHaWa2V4wfe3P/7onQXJYVSYE73briH8Z+SDJN3OryAIL+xy96/LG89Gm
MA3f
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:30 2024 by rpki-client on console-ams.rpki-client.org