Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sGNtTJeQniKsb4zdBwibrvb0jyw.roa
File:                     sGNtTJeQniKsb4zdBwibrvb0jyw.roa (raw, json)
Hash identifier:          T1CzBDiO8TWzsiSDE/cj5/5UWqeOIyQi/yRRNWQrvXI=
Subject key identifier:   B0:63:6D:4C:97:90:9E:22:AC:6F:8C:DD:07:08:9B:AE:F6:F4:8F:2C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3496291F3A37BFF5391DABC6BBC3A2E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sGNtTJeQniKsb4zdBwibrvb0jyw.roa
Signing time:             Mon 01 Jan 2024 04:30:15 +0000
ROA not before:           Mon 01 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212104
IP address blocks:        89.213.174.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 22 Jan 2024 10:23:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:62:91:f3:a3:7b:ff:53:91:da:bc:6b:bc:3a:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0636d4c97909e22ac6f8cdd07089baef6f48f2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f1:de:6c:da:e5:b7:a8:7d:da:78:1e:8f:27:
                    04:a6:43:ac:16:62:6e:b8:c0:0a:dc:52:fd:f5:62:
                    94:e0:73:01:89:6e:a9:44:1a:e7:9c:9e:49:af:3e:
                    f7:83:96:52:29:a6:cb:64:1b:40:7f:f7:2f:1b:a5:
                    5f:65:13:86:a3:66:a3:e3:e4:47:52:28:f2:0a:ab:
                    ee:7a:68:fd:09:a9:22:88:6d:a2:13:fa:5d:ca:0e:
                    0d:1e:90:48:85:02:63:cb:7c:57:a0:42:3c:2f:77:
                    9f:60:50:6a:a6:45:c1:8c:29:c8:2b:c4:9d:7d:37:
                    81:3c:68:ec:53:e2:d3:aa:a9:e6:fd:64:f1:2d:d7:
                    29:8c:3d:42:fc:7b:ae:f6:57:93:58:64:08:3d:ba:
                    57:fe:65:99:66:4d:de:9f:7e:34:01:98:20:dd:c6:
                    3b:6f:84:50:93:d4:8a:c3:e4:c5:d0:77:34:30:26:
                    54:9a:47:77:e9:02:53:3b:25:84:d1:2d:bd:07:48:
                    a4:30:16:02:37:ed:70:7b:a4:55:e6:ff:c5:0e:40:
                    6d:ad:fc:57:8c:43:cb:fd:64:65:43:2e:23:3a:bb:
                    d2:82:48:1e:9a:30:d1:db:90:40:9d:b8:17:fc:a5:
                    d1:15:39:f9:7a:48:6d:92:2e:d4:3d:9d:cd:8f:2a:
                    d0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:63:6D:4C:97:90:9E:22:AC:6F:8C:DD:07:08:9B:AE:F6:F4:8F:2C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sGNtTJeQniKsb4zdBwibrvb0jyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:b0:2a:cf:1b:ad:6b:51:6b:06:9a:15:6e:1a:b9:ad:8a:0c:
         9a:6a:22:9c:9e:98:2b:c4:d5:fb:12:0b:95:71:dc:93:c7:28:
         e5:4c:bd:20:20:4c:11:a8:3d:08:98:40:bf:af:4b:29:f3:12:
         c8:e9:f3:15:20:f8:bc:c4:71:62:47:a4:03:d2:14:a1:dd:27:
         5b:99:24:3c:92:ec:7f:62:e9:67:93:09:cd:65:42:1d:0c:c4:
         7a:0e:d1:34:75:f2:c6:d3:fe:8c:4f:52:5d:6e:44:d7:b0:8f:
         09:87:b1:fa:ac:63:5b:22:16:a0:75:c5:6c:6c:22:06:20:d1:
         fa:b5:20:68:85:42:73:cb:4d:3c:f2:67:b8:ab:0d:38:33:4e:
         a1:27:2a:c0:b2:d6:2e:4f:bb:13:5e:9e:a8:e5:67:ab:ae:8f:
         6a:14:f9:53:5f:fa:10:8b:30:b8:6f:2a:b0:74:e9:76:72:2c:
         83:90:0b:60:39:19:e7:1e:90:4d:2e:57:c1:55:97:c2:a6:7c:
         5b:18:61:5e:cb:9a:d1:0c:d5:77:30:d4:a4:3b:6f:64:d2:40:
         c5:f4:ac:36:f9:be:3b:c9:de:f1:dd:d3:66:34:0d:99:43:2c:
         24:fb:a9:bb:69:00:c2:5e:56:f2:2f:28:b1:ae:db:b6:f0:fb:
         fe:8a:35:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWKR86N7/1OR2rxrvDouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDYzNmQ0Yzk3OTA5ZTIyYWM2ZjhjZGQwNzA4OWJhZWY2ZjQ4ZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfHebNrlt6h92ngejycEpkOsFmJu
uMAK3FL99WKU4HMBiW6pRBrnnJ5Jrz73g5ZSKabLZBtAf/cvG6VfZROGo2aj4+RH
UijyCqvuemj9CakiiG2iE/pdyg4NHpBIhQJjy3xXoEI8L3efYFBqpkXBjCnIK8Sd
fTeBPGjsU+LTqqnm/WTxLdcpjD1C/Huu9leTWGQIPbpX/mWZZk3en340AZgg3cY7
b4RQk9SKw+TF0Hc0MCZUmkd36QJTOyWE0S29B0ikMBYCN+1we6RV5v/FDkBtrfxX
jEPL/WRlQy4jOrvSgkgemjDR25BAnbgX/KXRFTn5ekhtki7UPZ3NjyrQfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBjbUyXkJ4irG+M3QcIm6729I8sMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc0dOdFRKZVFuaUtzYjR6ZEJ3aWJydmIwanl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWuMA0G
CSqGSIb3DQEBCwUAA4IBAQCCsCrPG61rUWsGmhVuGrmtigyaaiKcnpgrxNX7EguV
cdyTxyjlTL0gIEwRqD0ImEC/r0sp8xLI6fMVIPi8xHFiR6QD0hSh3SdbmSQ8kux/
YulnkwnNZUIdDMR6DtE0dfLG0/6MT1JdbkTXsI8Jh7H6rGNbIhagdcVsbCIGINH6
tSBohUJzy0088me4qw04M06hJyrAstYuT7sTXp6o5Werro9qFPlTX/oQizC4byqw
dOl2ciyDkAtgORnnHpBNLlfBVZfCpnxbGGFey5rRDNV3MNSkO29k0kDF9Kw2+b47
yd7x3dNmNA2ZQywk+6m7aQDCXlbyLyixrtu28Pv+ijUK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org