Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rh_ZbZFjavKFW_1pw0ot2AONg-0.roa
File:                     rh_ZbZFjavKFW_1pw0ot2AONg-0.roa (raw, json)
Hash identifier:          v6xZgaz+XCBIuORMCN/fuJoThItbKWYBgNFZJWgZ+QE=
Subject key identifier:   AE:1F:D9:6D:91:63:6A:F2:85:5B:FD:69:C3:4A:2D:D8:03:8D:83:ED
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C249BFEBFB8631D948E23D1575407C398
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rh_ZbZFjavKFW_1pw0ot2AONg-0.roa
Signing time:             Fri 01 Dec 2023 09:00:52 +0000
ROA not before:           Fri 01 Dec 2023 09:00:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199614
IP address blocks:        109.176.212.0/23 maxlen: 24
                          109.176.214.0/23 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          89.213.46.0/23 maxlen: 24
                          82.153.10.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:24:9b:fe:bf:b8:63:1d:94:8e:23:d1:57:54:07:c3:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec  1 09:00:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ae1fd96d91636af2855bfd69c34a2dd8038d83ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8f:35:59:87:e8:43:5a:f8:90:a5:b0:33:45:
                    ea:fe:4d:c3:c2:f8:59:bb:ac:cb:7f:73:2c:8e:3e:
                    d6:6d:fe:98:2a:43:c2:d0:f0:c7:7a:a9:1b:2a:4a:
                    f1:03:78:4f:ae:48:d0:c2:52:dc:2c:25:19:a2:59:
                    fd:f9:7f:d3:c3:04:df:f4:a1:82:83:22:b4:57:e1:
                    00:ba:1e:e1:d4:68:6e:2b:7f:a4:5f:d0:7a:ca:f0:
                    32:91:e9:9d:4e:2a:da:bb:dd:d0:27:95:14:4f:1d:
                    36:42:45:b9:33:88:03:40:36:bd:22:5b:89:0d:c2:
                    9e:7a:8b:f5:22:33:c8:ce:f5:52:e0:97:c7:7c:f9:
                    6c:ee:8d:81:5c:ce:45:16:7e:47:72:42:27:20:88:
                    8c:4d:27:b2:9b:4f:3b:87:c9:27:7c:7b:a2:66:7a:
                    c8:c0:c9:d2:2d:86:3b:8f:3b:91:a2:54:69:ed:94:
                    c5:02:07:de:04:2d:dc:11:d1:69:66:b4:2d:d6:60:
                    ef:95:a5:8e:4d:ed:14:01:71:bf:53:a7:98:a6:78:
                    57:73:c7:3a:4a:9f:b6:62:71:51:75:e6:53:63:fd:
                    62:82:a0:8d:45:ca:e4:96:49:12:a4:eb:60:bc:8e:
                    01:26:ef:d5:9a:c5:b5:26:ad:0e:cd:8c:ef:ce:48:
                    fd:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1F:D9:6D:91:63:6A:F2:85:5B:FD:69:C3:4A:2D:D8:03:8D:83:ED
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rh_ZbZFjavKFW_1pw0ot2AONg-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.123.0/24
                  82.153.10.0/24
                  89.213.46.0/23
                  109.176.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:ad:b6:6d:fc:bc:b8:40:14:c4:f1:44:16:60:4e:b0:61:5a:
         aa:19:c7:d5:eb:5a:b0:3c:3e:db:aa:0c:7b:64:13:c6:04:94:
         66:07:07:6b:5e:c7:46:19:5e:fc:2d:69:6e:86:8a:a0:ad:07:
         22:cc:b0:83:a0:53:2a:06:bc:30:f2:c7:8b:05:55:0b:18:14:
         f8:e4:02:2b:52:8a:45:b1:49:5e:8b:74:1a:c8:2d:44:5b:3d:
         dc:17:ec:55:4b:a6:c7:68:c4:b6:34:66:e2:60:b2:bf:7a:15:
         c9:4b:65:01:61:93:af:a2:59:2e:28:82:9c:ff:77:50:a4:29:
         ee:6f:4c:20:74:ed:73:66:52:58:42:f6:0c:5f:9c:67:c9:c6:
         61:d0:e1:8e:3a:f3:dd:7e:57:f6:d0:d9:42:ce:a2:d3:06:20:
         e0:f6:82:de:3c:b4:ba:8c:ea:04:af:6a:06:f7:9d:b0:a8:88:
         89:9e:76:8c:e1:ff:fa:ad:9c:44:d4:96:f3:43:59:12:f2:7f:
         82:52:c7:b8:fc:1a:6a:16:db:a0:c6:4f:f2:68:2c:6f:f1:6d:
         82:4d:c7:ab:45:76:0d:76:98:d9:43:97:e5:c1:7f:8f:29:44:
         3c:87:5d:a0:a8:9a:2c:88:6b:4e:2b:f5:e1:3f:53:67:03:f1:
         82:cb:7f:e7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYwkm/6/uGMdlI4j0VdUB8OYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjAxMDkwMDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTFmZDk2ZDkxNjM2YWYyODU1YmZkNjljMzRhMmRkODAzOGQ4M2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzI81WYfoQ1r4kKWwM0Xq/k3DwvhZ
u6zLf3Msjj7Wbf6YKkPC0PDHeqkbKkrxA3hPrkjQwlLcLCUZoln9+X/TwwTf9KGC
gyK0V+EAuh7h1GhuK3+kX9B6yvAykemdTirau93QJ5UUTx02QkW5M4gDQDa9IluJ
DcKeeov1IjPIzvVS4JfHfPls7o2BXM5FFn5HckInIIiMTSeym087h8knfHuiZnrI
wMnSLYY7jzuRolRp7ZTFAgfeBC3cEdFpZrQt1mDvlaWOTe0UAXG/U6eYpnhXc8c6
Sp+2YnFRdeZTY/1igqCNRcrklkkSpOtgvI4BJu/VmsW1Jq0OzYzvzkj9JwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFK4f2W2RY2ryhVv9acNKLdgDjYPtMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcmhfWmJaRmphdktGV18xcHcwb3QyQU9OZy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUah7AwQA
UpkKAwQBWdUuAwQCbbDUMA0GCSqGSIb3DQEBCwUAA4IBAQA6rbZt/Ly4QBTE8UQW
YE6wYVqqGcfV61qwPD7bqgx7ZBPGBJRmBwdrXsdGGV78LWluhoqgrQcizLCDoFMq
Brww8seLBVULGBT45AIrUopFsUlei3QayC1EWz3cF+xVS6bHaMS2NGbiYLK/ehXJ
S2UBYZOvolkuKIKc/3dQpCnub0wgdO1zZlJYQvYMX5xnycZh0OGOOvPdflf20NlC
zqLTBiDg9oLePLS6jOoEr2oG952wqIiJnnaM4f/6rZxE1JbzQ1kS8n+CUse4/Bpq
Ftugxk/yaCxv8W2CTcerRXYNdpjZQ5flwX+PKUQ8h12gqJosiGtOK/XhP1NnA/GC
y3/n
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org