Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nw9-wOVEju9MiKr_r1lc8Ihw9sg.roa
File:                     nw9-wOVEju9MiKr_r1lc8Ihw9sg.roa (raw, json)
Hash identifier:          /+fFTALzAFcQFU9dqC7crhAdeUbDy+SzmRtVTkR3YOM=
Subject key identifier:   9F:0F:7E:C0:E5:44:8E:EF:4C:88:AA:FF:AF:59:5C:F0:88:70:F6:C8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018AE0FA6216D3B86BDCDFEF0CB0103130A2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nw9-wOVEju9MiKr_r1lc8Ihw9sg.roa
Signing time:             Fri 29 Sep 2023 12:47:00 +0000
ROA not before:           Fri 29 Sep 2023 12:47:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     399073
IP address blocks:        89.213.156.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 12 Oct 2023 07:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:e0:fa:62:16:d3:b8:6b:dc:df:ef:0c:b0:10:31:30:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 29 12:47:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9f0f7ec0e5448eef4c88aaffaf595cf08870f6c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d4:ba:ff:fc:d9:c6:b7:54:2c:4c:09:26:da:
                    53:f3:5f:6f:3f:96:63:a0:fa:5a:4f:3e:d0:46:56:
                    3f:d2:62:71:59:68:3f:93:4c:73:83:8a:fd:e3:9e:
                    68:71:8a:d9:48:bc:56:ab:55:a5:18:8e:81:f6:6a:
                    63:ef:33:6f:80:96:9a:ab:35:39:73:cb:87:6c:53:
                    b7:17:96:2f:c6:3f:a7:17:50:f3:4f:40:39:bf:27:
                    74:09:80:ef:2c:77:f6:13:63:08:cd:1b:e9:33:99:
                    65:83:58:07:f3:69:ac:0c:00:48:c4:5d:ae:37:4b:
                    10:84:82:d1:21:d3:9f:07:c0:a6:25:6b:38:c4:3c:
                    20:a8:37:2c:71:0d:e1:cf:d2:7e:76:c8:86:e8:a6:
                    19:3e:a0:bd:c4:20:e2:ff:b9:fb:5f:4c:8e:ed:1f:
                    fe:2b:d8:6f:cf:27:f8:ff:44:d8:46:c3:93:00:4e:
                    01:67:b7:b5:d5:4c:da:48:2e:94:67:74:af:b4:89:
                    62:62:1e:6a:d1:f6:af:01:b2:09:ec:c1:60:5a:ef:
                    da:35:fb:36:87:a1:01:ef:c3:e9:8c:ae:ae:22:76:
                    57:85:fc:7f:aa:3e:4d:db:01:2d:0f:32:d4:45:d8:
                    15:26:e3:b5:01:9e:7a:61:9b:2d:2b:ef:fd:d5:26:
                    d7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:0F:7E:C0:E5:44:8E:EF:4C:88:AA:FF:AF:59:5C:F0:88:70:F6:C8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nw9-wOVEju9MiKr_r1lc8Ihw9sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:9d:1a:b3:44:cb:54:b1:77:2d:10:99:e9:0c:8e:a8:21:01:
         0c:f7:4b:05:12:bb:12:d7:3e:84:a3:1c:25:26:f7:d6:e8:8d:
         b1:2a:aa:06:16:59:72:f1:47:c5:eb:bf:55:14:38:1b:6f:e3:
         ec:03:6d:ed:80:86:fe:23:46:03:db:e5:77:e3:42:3c:76:3d:
         fb:d2:64:4f:69:4c:ea:d2:0a:7e:42:62:82:53:67:04:9f:11:
         03:81:ef:8e:70:e6:d4:7e:6a:fa:37:02:90:a9:bb:97:76:ef:
         97:90:65:4e:03:14:bc:3c:d0:3c:e1:82:1f:e0:3c:12:ce:53:
         ae:ca:e6:24:d3:f3:2d:e0:a1:3f:64:c4:72:28:80:77:7b:8f:
         12:c0:89:ad:f7:53:96:bb:25:a7:9a:cc:0a:8f:da:0d:ff:95:
         77:59:ec:c8:4a:35:3a:d6:75:40:d6:6f:12:af:c3:5d:ad:c1:
         9d:71:d2:a7:92:88:53:48:44:b8:60:7d:da:cb:38:12:55:b8:
         34:25:1d:3a:28:c6:b0:6e:fb:88:c3:91:5a:fd:68:06:8e:24:
         e5:96:7c:bf:18:0a:d2:fe:ea:74:0f:4c:e2:53:2c:06:d7:9a:
         69:83:d9:9d:75:78:d7:86:93:66:cb:e9:56:9e:e7:4e:74:dc:
         3c:3a:cc:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYrg+mIW07hr3N/vDLAQMTCiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTI5MTI0NzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjBmN2VjMGU1NDQ4ZWVmNGM4OGFhZmZhZjU5NWNmMDg4NzBmNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9S6//zZxrdULEwJJtpT819vP5Zj
oPpaTz7QRlY/0mJxWWg/k0xzg4r9455ocYrZSLxWq1WlGI6B9mpj7zNvgJaaqzU5
c8uHbFO3F5Yvxj+nF1DzT0A5vyd0CYDvLHf2E2MIzRvpM5llg1gH82msDABIxF2u
N0sQhILRIdOfB8CmJWs4xDwgqDcscQ3hz9J+dsiG6KYZPqC9xCDi/7n7X0yO7R/+
K9hvzyf4/0TYRsOTAE4BZ7e11UzaSC6UZ3SvtIliYh5q0favAbIJ7MFgWu/aNfs2
h6EB78PpjK6uInZXhfx/qj5N2wEtDzLURdgVJuO1AZ56YZstK+/91SbXHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8PfsDlRI7vTIiq/69ZXPCIcPbIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbnc5LXdPVkVqdTlNaUtyX3IxbGM4SWh3OXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWdWcMA0G
CSqGSIb3DQEBCwUAA4IBAQAcnRqzRMtUsXctEJnpDI6oIQEM90sFErsS1z6Eoxwl
JvfW6I2xKqoGFlly8UfF679VFDgbb+PsA23tgIb+I0YD2+V340I8dj370mRPaUzq
0gp+QmKCU2cEnxEDge+OcObUfmr6NwKQqbuXdu+XkGVOAxS8PNA84YIf4DwSzlOu
yuYk0/Mt4KE/ZMRyKIB3e48SwImt91OWuyWnmswKj9oN/5V3WezISjU61nVA1m8S
r8NdrcGdcdKnkohTSES4YH3ayzgSVbg0JR06KMawbvuIw5Fa/WgGjiTllny/GArS
/up0D0ziUywG15ppg9mddXjXhpNmy+lWnudOdNw8Osx4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org