Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tSNMGPIYXn2VD4RPTob7fu5Wmvw.roa
File:                     tSNMGPIYXn2VD4RPTob7fu5Wmvw.roa (raw, json)
Hash identifier:          LeZhsWLBoQw0UNKAcqhjx6j0i3jrHQVtl/zziuqw7QU=
Subject key identifier:   B5:23:4C:18:F2:18:5E:7D:95:0F:84:4F:4E:86:FB:7E:EE:56:9A:FC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CE87D33607C8760B93D729A2178F41B88
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tSNMGPIYXn2VD4RPTob7fu5Wmvw.roa
Signing time:             Mon 08 Jan 2024 09:52:48 +0000
ROA not before:           Mon 08 Jan 2024 09:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        89.213.132.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Mar 2024 14:25:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:7d:33:60:7c:87:60:b9:3d:72:9a:21:78:f4:1b:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  8 09:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5234c18f2185e7d950f844f4e86fb7eee569afc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d6:86:4e:e1:b5:9b:5c:39:c9:b6:01:ce:da:
                    b7:89:a5:d7:78:5e:aa:94:0e:30:05:79:03:ca:be:
                    9f:fc:55:5e:05:bf:06:1b:13:fd:11:37:99:ae:2c:
                    4f:ac:68:00:53:57:a8:4d:19:d9:03:71:b0:e6:6d:
                    f3:1e:90:c8:75:d3:40:e1:d8:44:13:18:cb:1b:53:
                    9f:85:f4:ef:b7:79:a3:e0:cb:62:83:fd:4a:0f:af:
                    d4:06:56:17:fb:7c:ca:fb:5f:08:58:a3:97:48:a2:
                    65:b0:eb:9f:a2:8c:51:f0:73:5e:93:ff:53:8c:1c:
                    69:b3:ba:6b:69:c2:6d:ae:21:3f:97:bc:09:e2:8d:
                    22:4e:6b:38:eb:4e:95:12:0d:f2:70:eb:99:61:4c:
                    eb:8e:14:30:e9:80:10:e8:27:0d:18:06:6c:f0:a0:
                    82:ac:4a:c4:44:e7:e9:5c:9e:da:e0:6c:3f:75:14:
                    01:be:ec:29:2e:b0:4b:8d:2c:3f:ee:f6:e9:11:33:
                    bd:d5:9c:9a:ed:51:77:47:89:ac:1e:a3:04:c5:fd:
                    d1:18:3f:19:f1:7a:48:69:0a:34:48:19:88:21:67:
                    b1:7c:43:a8:2c:1c:74:52:d4:7a:dd:f9:7f:90:bb:
                    be:35:b3:aa:d6:aa:ae:fa:1c:f5:04:cb:f6:9e:51:
                    f9:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:23:4C:18:F2:18:5E:7D:95:0F:84:4F:4E:86:FB:7E:EE:56:9A:FC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tSNMGPIYXn2VD4RPTob7fu5Wmvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:65:fa:0b:35:71:86:d3:04:7b:b9:65:b1:dc:8e:46:e4:a9:
         1a:11:5c:06:f1:ca:e2:da:2a:48:df:07:21:49:89:8b:c8:bb:
         77:80:b9:e0:4d:89:cb:33:33:72:05:59:5a:63:2d:fe:eb:47:
         9a:fd:47:8a:2b:cd:72:8c:0d:fc:77:21:2e:de:b4:3f:c6:61:
         bd:6b:6a:b1:b3:e0:4a:f7:58:6e:5d:0e:5f:a8:a3:a9:49:0e:
         5d:bf:ca:29:cc:5d:51:93:8c:95:f5:e8:9e:fa:59:6c:1c:94:
         07:8a:84:f6:44:3a:48:0a:10:d1:28:8c:1c:93:19:ac:53:6a:
         49:64:6b:00:b7:13:d2:34:8b:fd:ec:4d:10:e7:17:8d:92:ff:
         99:6f:d1:14:82:31:3d:97:58:98:48:d8:21:4e:63:24:6d:f5:
         6c:43:14:88:c6:ad:71:5e:59:4f:d2:43:0f:c8:e0:ae:47:b7:
         37:06:30:a0:19:f8:16:11:3d:42:80:70:cd:34:21:e9:e8:db:
         44:8a:13:cd:cf:f1:47:a5:10:14:ff:7b:d0:df:d0:6c:f6:3f:
         b7:36:56:6d:1f:e5:ee:d3:d9:9b:8a:b2:44:42:49:02:bd:6a:
         d4:d5:ca:42:18:e6:57:a0:11:f1:b4:0a:32:42:23:12:e8:fd:
         fb:ca:6a:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzofTNgfIdguT1ymiF49BuIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTA4MDk1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTIzNGMxOGYyMTg1ZTdkOTUwZjg0NGY0ZTg2ZmI3ZWVlNTY5YWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9aGTuG1m1w5ybYBztq3iaXXeF6q
lA4wBXkDyr6f/FVeBb8GGxP9ETeZrixPrGgAU1eoTRnZA3Gw5m3zHpDIddNA4dhE
ExjLG1OfhfTvt3mj4Mtig/1KD6/UBlYX+3zK+18IWKOXSKJlsOufooxR8HNek/9T
jBxps7pracJtriE/l7wJ4o0iTms4606VEg3ycOuZYUzrjhQw6YAQ6CcNGAZs8KCC
rErEROfpXJ7a4Gw/dRQBvuwpLrBLjSw/7vbpETO91Zya7VF3R4msHqMExf3RGD8Z
8XpIaQo0SBmIIWexfEOoLBx0UtR63fl/kLu+NbOq1qqu+hz1BMv2nlH5aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUjTBjyGF59lQ+ET06G+37uVpr8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdFNOTUdQSVlYbjJWRDRSUFRvYjdmdTVXbXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWEMA0G
CSqGSIb3DQEBCwUAA4IBAQAzZfoLNXGG0wR7uWWx3I5G5KkaEVwG8cri2ipI3wch
SYmLyLt3gLngTYnLMzNyBVlaYy3+60ea/UeKK81yjA38dyEu3rQ/xmG9a2qxs+BK
91huXQ5fqKOpSQ5dv8opzF1Rk4yV9eie+llsHJQHioT2RDpIChDRKIwckxmsU2pJ
ZGsAtxPSNIv97E0Q5xeNkv+Zb9EUgjE9l1iYSNghTmMkbfVsQxSIxq1xXllP0kMP
yOCuR7c3BjCgGfgWET1CgHDNNCHp6NtEihPNz/FHpRAU/3vQ39Bs9j+3NlZtH+Xu
09mbirJEQkkCvWrU1cpCGOZXoBHxtAoyQiMS6P37ympx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:31 2024 by rpki-client on console-ams.rpki-client.org