Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u5xoOYWdWiiGDQvY39bLyND6cpw.roa
File:                     u5xoOYWdWiiGDQvY39bLyND6cpw.roa (raw, json)
Hash identifier:          wX/gneA4BY2IYhnHlT+2Y/svPAgS5L8Acolhv8MbeYk=
Subject key identifier:   BB:9C:68:39:85:9D:5A:28:86:0D:0B:D8:DF:D6:CB:C8:D0:FA:72:9C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189E3FDF568AA2CD168BFE717AD8E2E297B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u5xoOYWdWiiGDQvY39bLyND6cpw.roa
Signing time:             Fri 11 Aug 2023 09:46:58 +0000
ROA not before:           Fri 11 Aug 2023 09:46:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200482
IP address blocks:        82.153.4.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 03 Dec 2023 17:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e3:fd:f5:68:aa:2c:d1:68:bf:e7:17:ad:8e:2e:29:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 11 09:46:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bb9c6839859d5a28860d0bd8dfd6cbc8d0fa729c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e3:d6:af:e8:d4:2c:a7:74:96:89:8c:6b:4b:
                    d5:e5:2f:c8:eb:2c:47:42:f2:71:b7:8e:89:69:53:
                    7a:e7:b9:c0:04:9f:c4:47:1e:b9:7c:ea:86:6c:6d:
                    59:83:8a:4d:1b:c8:75:17:86:85:3f:fc:55:98:e0:
                    a1:53:02:9d:17:bb:06:aa:19:4c:e8:10:0a:8f:32:
                    6c:b1:72:ea:ca:fe:f4:d4:35:d5:a3:59:17:02:05:
                    39:98:a7:78:29:2b:99:0b:70:c7:3f:e3:45:ff:ee:
                    eb:8c:da:0c:f1:4a:33:d4:02:a1:91:ab:18:99:7e:
                    74:6c:8d:f0:84:d9:6d:3d:54:3e:0e:06:cd:a1:d1:
                    e0:bc:68:44:44:dc:02:98:b2:e4:aa:e8:7d:c7:40:
                    af:f5:df:d6:92:15:78:86:b8:3a:20:8b:80:e7:4f:
                    52:9a:28:67:9f:b2:1b:b5:60:2a:31:d9:23:47:f8:
                    0c:50:a5:7b:38:58:bd:0d:41:54:07:3a:a0:40:bc:
                    40:fc:b9:74:e4:58:d5:9c:91:b6:90:46:ff:51:50:
                    bb:1f:d1:0a:a0:69:c8:13:82:79:3d:7e:41:4a:36:
                    d5:5a:4a:b5:06:9b:da:cc:36:b2:65:66:c1:b2:7e:
                    56:63:0a:a4:71:3c:0a:ae:49:e8:2d:d2:36:de:0b:
                    e6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:9C:68:39:85:9D:5A:28:86:0D:0B:D8:DF:D6:CB:C8:D0:FA:72:9C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u5xoOYWdWiiGDQvY39bLyND6cpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:e8:95:bf:07:64:b1:f6:84:dc:10:6e:e0:08:7a:0a:dc:1e:
         06:6a:37:00:1b:6b:a7:63:9f:6d:7f:43:84:81:40:9a:b2:96:
         37:bc:99:a0:f3:a2:b1:87:d0:fc:8a:d8:3c:dc:a5:bd:a4:a9:
         57:bc:a7:2e:8a:a2:74:c4:36:62:43:f9:fb:b6:48:6a:a5:a1:
         ee:ac:07:13:e3:05:18:e6:92:37:ae:8f:39:63:19:07:ac:e0:
         4b:5f:e1:3b:0b:3b:2c:3e:29:d3:d9:5c:70:d7:a5:4d:30:7d:
         0c:22:5a:39:59:f3:33:08:46:d0:6a:95:ba:e4:6b:6c:6d:2d:
         4b:a1:12:f2:d9:66:a9:49:83:27:f6:93:99:03:3b:01:9b:a2:
         2f:db:50:29:1a:2b:d7:48:8d:76:58:80:1a:c2:c0:60:1a:08:
         90:7f:ec:42:3f:cb:4e:fe:90:16:10:f4:81:dc:50:a1:56:c3:
         a9:eb:95:52:b4:8c:1d:eb:be:a3:19:f0:84:df:47:7d:fb:05:
         a6:b3:1c:0d:63:a7:e5:a3:f8:3c:6b:bc:50:99:e3:a0:60:e3:
         49:b2:6f:92:43:e8:b7:fb:1e:b5:0d:a6:c8:af:9a:a8:11:9e:
         cf:10:1e:fe:60:f0:da:98:93:d0:a6:49:d6:b2:16:3a:d5:2f:
         88:cd:71:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYnj/fVoqizRaL/nF62OLil7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODExMDk0NjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjljNjgzOTg1OWQ1YTI4ODYwZDBiZDhkZmQ2Y2JjOGQwZmE3MjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+PWr+jULKd0lomMa0vV5S/I6yxH
QvJxt46JaVN657nABJ/ERx65fOqGbG1Zg4pNG8h1F4aFP/xVmOChUwKdF7sGqhlM
6BAKjzJssXLqyv701DXVo1kXAgU5mKd4KSuZC3DHP+NF/+7rjNoM8Uoz1AKhkasY
mX50bI3whNltPVQ+DgbNodHgvGhERNwCmLLkquh9x0Cv9d/WkhV4hrg6IIuA509S
mihnn7IbtWAqMdkjR/gMUKV7OFi9DUFUBzqgQLxA/Ll05FjVnJG2kEb/UVC7H9EK
oGnIE4J5PX5BSjbVWkq1BpvazDayZWbBsn5WYwqkcTwKrknoLdI23gvmXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLucaDmFnVoohg0L2N/Wy8jQ+nKcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdTV4b09ZV2RXaWlHRFF2WTM5Ykx5TkQ2Y3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpkEMA0G
CSqGSIb3DQEBCwUAA4IBAQAj6JW/B2Sx9oTcEG7gCHoK3B4GajcAG2unY59tf0OE
gUCaspY3vJmg86Kxh9D8itg83KW9pKlXvKcuiqJ0xDZiQ/n7tkhqpaHurAcT4wUY
5pI3ro85YxkHrOBLX+E7CzssPinT2Vxw16VNMH0MIlo5WfMzCEbQapW65GtsbS1L
oRLy2WapSYMn9pOZAzsBm6Iv21ApGivXSI12WIAawsBgGgiQf+xCP8tO/pAWEPSB
3FChVsOp65VStIwd676jGfCE30d9+wWmsxwNY6flo/g8a7xQmeOgYONJsm+SQ+i3
+x61DabIr5qoEZ7PEB7+YPDamJPQpknWshY61S+IzXEq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org