Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/riUsCImPz4E8zePcPdUvLuy7euc.roa
File:                     riUsCImPz4E8zePcPdUvLuy7euc.roa (raw, json)
Hash identifier:          n/vNA7TI3m7evSzEtvhcYqyM5rqdlRTgOEyTIHl80/I=
Subject key identifier:   AE:25:2C:08:89:8F:CF:81:3C:CD:E3:DC:3D:D5:2F:2E:EC:BB:7A:E7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EB844B498B93832614FE0DBEAF0D57601
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/riUsCImPz4E8zePcPdUvLuy7euc.roa
Signing time:             Sun 07 Apr 2024 11:14:54 +0000
ROA not before:           Sun 07 Apr 2024 11:14:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.223.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 22 Apr 2024 07:49:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b8:44:b4:98:b9:38:32:61:4f:e0:db:ea:f0:d5:76:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  7 11:14:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae252c08898fcf813ccde3dc3dd52f2eecbb7ae7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:87:ac:85:9c:de:68:24:4f:ac:6e:cd:8a:81:
                    60:04:7b:47:63:6b:35:5d:e2:79:98:ef:6e:49:7e:
                    56:9a:1f:52:df:f4:3e:ab:b1:14:ff:74:5a:b5:08:
                    64:b5:81:65:fd:09:1a:9a:24:73:ee:2c:9d:25:59:
                    93:1c:8c:02:53:b2:03:75:12:74:5c:7c:92:f0:66:
                    fc:b4:28:03:b7:47:9f:4e:e5:a4:02:94:af:3b:d0:
                    ec:1d:b2:82:a6:94:a5:47:5e:d4:bf:db:a0:d3:9a:
                    25:d1:49:2c:54:f7:f0:e0:63:1c:dd:9d:5b:48:79:
                    f0:39:bd:4a:ba:ef:4c:a5:a6:60:53:47:28:59:7d:
                    70:66:8f:81:7b:ac:2d:bf:93:76:b8:f0:d7:5b:9b:
                    28:90:b2:3c:7a:f0:0b:de:37:52:83:33:dd:c0:e6:
                    17:1f:29:d0:47:b9:d2:c4:e5:01:45:1f:ec:52:26:
                    53:0a:79:41:60:3f:23:5e:10:81:76:be:f8:bf:2b:
                    9c:6a:f0:7d:91:87:7b:ac:c2:ea:c4:a5:59:b7:f9:
                    df:a3:82:b1:5d:c9:5d:47:bc:65:e5:73:09:e0:cd:
                    cf:b4:7c:19:0d:c2:2b:35:c1:6b:f5:f0:94:a1:c4:
                    87:37:2c:07:ee:96:d1:74:05:2c:57:6e:e1:43:ec:
                    65:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:25:2C:08:89:8F:CF:81:3C:CD:E3:DC:3D:D5:2F:2E:EC:BB:7A:E7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/riUsCImPz4E8zePcPdUvLuy7euc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.223.0/24
                  89.213.227.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:86:a0:6a:17:e3:6f:6e:eb:7c:7d:a2:6e:d0:58:58:8c:1c:
         2d:82:42:64:3d:b3:4f:ac:5e:8c:6f:b0:34:2e:14:67:02:3e:
         6f:49:3d:82:17:7e:93:ce:3a:ef:79:87:b0:9d:8a:10:04:7d:
         fe:b2:f1:3e:52:8c:d8:71:49:79:aa:86:c2:4c:92:7e:a3:7a:
         5f:76:15:5b:b1:aa:d6:9a:0b:59:20:e2:ca:43:08:52:02:99:
         95:35:86:2a:dc:51:ae:81:76:c2:a0:11:a2:f5:9a:19:5c:fa:
         73:26:d6:c9:55:18:1e:62:ee:bb:6f:ab:4e:e5:6e:ac:4c:9d:
         63:c5:b5:3e:95:8c:f6:d0:35:2b:0a:7c:3c:c4:1b:79:bf:65:
         7c:6d:ed:f6:e9:fa:70:a4:68:68:6a:94:5f:27:18:0e:36:d5:
         4e:d2:6d:ed:cb:8c:0a:39:62:1f:9d:f2:b0:a4:7d:70:53:cc:
         78:06:2e:6d:26:6d:a6:b4:3f:af:0a:5c:d1:e8:34:31:c1:45:
         ae:3e:c8:27:e9:48:a4:90:99:bb:74:73:23:b9:e6:82:c7:32:
         9a:d4:41:d8:41:41:c6:0e:59:14:69:3f:6e:5a:9d:b9:a6:ea:
         44:cc:29:e2:b4:23:51:50:e9:80:f6:55:58:37:f7:0c:84:1b:
         99:01:58:d6
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY64RLSYuTgyYU/g2+rw1XYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDA3MTExNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTI1MmMwODg5OGZjZjgxM2NjZGUzZGMzZGQ1MmYyZWVjYmI3YWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4eshZzeaCRPrG7NioFgBHtHY2s1
XeJ5mO9uSX5Wmh9S3/Q+q7EU/3RatQhktYFl/QkamiRz7iydJVmTHIwCU7IDdRJ0
XHyS8Gb8tCgDt0efTuWkApSvO9DsHbKCppSlR17Uv9ug05ol0UksVPfw4GMc3Z1b
SHnwOb1Kuu9MpaZgU0coWX1wZo+Be6wtv5N2uPDXW5sokLI8evAL3jdSgzPdwOYX
HynQR7nSxOUBRR/sUiZTCnlBYD8jXhCBdr74vyucavB9kYd7rMLqxKVZt/nfo4Kx
XcldR7xl5XMJ4M3PtHwZDcIrNcFr9fCUocSHNywH7pbRdAUsV27hQ+xl8QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFK4lLAiJj8+BPM3j3D3VLy7su3rnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcmlVc0NJbVB6NEU4emVQY1BkVXZMdXk3ZXVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAWdVrMAwD
BARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0DBABZ1d8DBABZ1eMDBADVgokw
DAMEA9WCmAMEANWCmjANBgkqhkiG9w0BAQsFAAOCAQEAW4agahfjb27rfH2ibtBY
WIwcLYJCZD2zT6xejG+wNC4UZwI+b0k9ghd+k84673mHsJ2KEAR9/rLxPlKM2HFJ
eaqGwkySfqN6X3YVW7Gq1poLWSDiykMIUgKZlTWGKtxRroF2wqARovWaGVz6cybW
yVUYHmLuu2+rTuVurEydY8W1PpWM9tA1Kwp8PMQbeb9lfG3t9un6cKRoaGqUXycY
DjbVTtJt7cuMCjliH53ysKR9cFPMeAYubSZtprQ/rwpc0eg0McFFrj7IJ+lIpJCZ
u3RzI7nmgscymtRB2EFBxg5ZFGk/blqduabqRMwp4rQjUVDpgPZVWDf3DIQbmQFY
1g==
-----END CERTIFICATE-----