Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z4bVA5B9DWp2Z6XGYFRsrVrILA8.roa
File:                     z4bVA5B9DWp2Z6XGYFRsrVrILA8.roa (raw, json)
Hash identifier:          kJH1D2NSbTeGRuR3zhAu93YxuoJfw5BgBpcCO/fHI0g=
Subject key identifier:   CF:86:D5:03:90:7D:0D:6A:76:67:A5:C6:60:54:6C:AD:5A:C8:2C:0F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C60976FC430ABB99A7221728C33E56457
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z4bVA5B9DWp2Z6XGYFRsrVrILA8.roa
Signing time:             Wed 13 Dec 2023 00:33:06 +0000
ROA not before:           Wed 13 Dec 2023 00:33:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42831
IP address blocks:        89.213.191.0/24 maxlen: 24
                          82.153.66.0/24 maxlen: 24
                          82.152.110.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 27 Dec 2023 11:45:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:60:97:6f:c4:30:ab:b9:9a:72:21:72:8c:33:e5:64:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 13 00:33:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf86d503907d0d6a7667a5c660546cad5ac82c0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:69:1d:0a:a2:68:c6:1c:36:dc:e7:de:63:45:
                    9d:16:3f:34:b0:4d:60:bb:22:78:91:6a:87:bb:43:
                    fd:15:a3:6b:92:ff:be:6f:94:e4:e9:7f:eb:18:15:
                    0f:14:dd:9f:c2:62:99:fe:48:da:a5:f0:26:09:82:
                    00:2d:ed:50:9c:d5:f7:46:12:b6:27:25:8f:a5:8e:
                    a2:12:93:ca:27:1e:43:49:78:1c:e2:44:aa:66:c6:
                    ba:ba:98:6d:ef:c4:42:c6:a2:f1:c2:6b:e5:1d:e6:
                    2a:89:a8:c4:ef:1a:b7:62:f7:56:b6:0b:37:1e:da:
                    4e:c5:8d:c9:3e:c4:c9:b9:06:b5:92:ec:d6:f8:8f:
                    a1:30:ff:8b:d9:09:4b:48:4f:dd:3f:c5:d0:64:66:
                    b1:13:58:a6:63:13:5d:ab:c7:fd:a6:de:20:d8:88:
                    9e:8a:9c:63:89:6a:1c:f2:37:d0:72:bd:4a:0b:bb:
                    11:7f:be:9b:a2:9a:78:cd:24:63:c9:a3:c2:ae:c6:
                    a4:45:cd:a0:da:ba:56:77:75:25:b9:a3:4f:48:2c:
                    c5:11:dd:83:31:6c:55:4b:4e:81:21:65:4b:31:ce:
                    e8:fa:03:d9:05:b9:19:b3:02:78:83:84:1d:86:e9:
                    f0:41:e8:5f:1d:76:ee:db:4f:7b:6b:1a:fd:47:c3:
                    c0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:86:D5:03:90:7D:0D:6A:76:67:A5:C6:60:54:6C:AD:5A:C8:2C:0F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z4bVA5B9DWp2Z6XGYFRsrVrILA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.110.0/24
                  82.153.66.0/24
                  89.213.131.0/24
                  89.213.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:fc:1b:ae:3b:14:76:0f:2d:12:2a:06:10:69:ea:d0:9a:c2:
         47:e6:e9:65:9a:38:94:67:8f:ef:90:c2:e9:b3:38:c6:84:09:
         40:18:e4:b7:5a:8c:5d:1d:e5:65:c8:b2:73:a9:be:ef:8f:0f:
         4d:5b:7f:dd:af:19:99:fd:66:44:ad:ad:6c:89:62:ef:91:b2:
         d5:d5:1e:a2:79:43:a2:40:d4:c3:60:a9:be:42:61:13:ae:54:
         15:bc:e2:cc:2b:f3:93:d2:9d:c2:df:80:7e:a7:0f:57:a0:b0:
         11:74:d1:b1:53:1b:84:a9:7f:a3:93:78:af:59:b0:a2:7c:06:
         de:33:e8:09:8c:17:56:86:aa:b1:22:86:3d:81:9d:e8:fd:ac:
         1d:74:c3:99:8a:7f:c7:c5:fa:9b:4e:cf:19:87:7f:d7:f9:38:
         47:99:9d:3e:d3:7c:58:d4:59:2a:5a:15:5d:76:87:4d:5e:fd:
         ed:de:3f:57:f2:8a:af:5f:a1:f5:3a:11:47:fa:ab:33:c9:81:
         e1:f0:22:88:ea:39:ed:a1:d8:fe:7e:02:e6:c5:f6:90:bf:50:
         3d:89:98:b2:de:36:e8:ce:1c:4f:5f:36:91:87:40:87:04:59:
         6d:f8:15:b3:fe:b8:5d:f6:4c:94:aa:7d:04:af:18:c2:74:a3:
         64:b5:4b:69
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYxgl2/EMKu5mnIhcowz5WRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjEzMDAzMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjg2ZDUwMzkwN2QwZDZhNzY2N2E1YzY2MDU0NmNhZDVhYzgyYzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2kdCqJoxhw23OfeY0WdFj80sE1g
uyJ4kWqHu0P9FaNrkv++b5Tk6X/rGBUPFN2fwmKZ/kjapfAmCYIALe1QnNX3RhK2
JyWPpY6iEpPKJx5DSXgc4kSqZsa6upht78RCxqLxwmvlHeYqiajE7xq3YvdWtgs3
HtpOxY3JPsTJuQa1kuzW+I+hMP+L2QlLSE/dP8XQZGaxE1imYxNdq8f9pt4g2Iie
ipxjiWoc8jfQcr1KC7sRf76bopp4zSRjyaPCrsakRc2g2rpWd3UluaNPSCzFEd2D
MWxVS06BIWVLMc7o+gPZBbkZswJ4g4QdhunwQehfHXbu2097axr9R8PAIQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFM+G1QOQfQ1qdmelxmBUbK1ayCwPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvejRiVkE1QjlEV3AyWjZYR1lGUnNyVnJJTEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUphuAwQA
UplCAwQAWdWDAwQAWdW/MA0GCSqGSIb3DQEBCwUAA4IBAQAE/BuuOxR2Dy0SKgYQ
aerQmsJH5ullmjiUZ4/vkMLpszjGhAlAGOS3WoxdHeVlyLJzqb7vjw9NW3/drxmZ
/WZEra1siWLvkbLV1R6ieUOiQNTDYKm+QmETrlQVvOLMK/OT0p3C34B+pw9XoLAR
dNGxUxuEqX+jk3ivWbCifAbeM+gJjBdWhqqxIoY9gZ3o/awddMOZin/HxfqbTs8Z
h3/X+ThHmZ0+03xY1FkqWhVddodNXv3t3j9X8oqvX6H1OhFH+qszyYHh8CKI6jnt
odj+fgLmxfaQv1A9iZiy3jbozhxPXzaRh0CHBFlt+BWz/rhd9kyUqn0ErxjCdKNk
tUtp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org