Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/SSm8YKmuFsVw8DkecJgE65p7WAg.roa
File:                     SSm8YKmuFsVw8DkecJgE65p7WAg.roa (raw, json)
Hash identifier:          wiE7qyFifye5Yc3q5PKkoMmjWsg3y2jldtxHl5rDGNI=
Subject key identifier:   49:29:BC:60:A9:AE:16:C5:70:F0:39:1E:70:98:04:EB:9A:7B:58:08
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       01856C6EF17D82F689C71779FF1611764896
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/SSm8YKmuFsVw8DkecJgE65p7WAg.roa
Signing time:             Sun 01 Jan 2023 08:24:48 +0000
ROA not before:           Sun 01 Jan 2023 08:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6453
IP address blocks:        89.39.6.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6e:f1:7d:82:f6:89:c7:17:79:ff:16:11:76:48:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 08:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4929bc60a9ae16c570f0391e709804eb9a7b5808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:21:41:02:75:c7:ab:af:60:c3:07:bc:0e:2d:
                    02:a5:04:9e:49:61:33:cc:e5:40:10:19:f0:87:23:
                    be:35:c3:3d:c6:c3:ad:39:01:1a:1a:f6:1e:4e:e5:
                    5a:53:f8:ab:5c:88:48:47:90:ce:31:f0:d8:d6:cb:
                    48:9b:00:80:c7:a5:24:20:38:90:8d:ca:bc:09:69:
                    b6:f7:3e:84:cf:00:68:d3:27:cd:ac:83:fa:dc:5a:
                    64:34:cd:62:22:5d:f8:4e:61:31:37:4c:4b:ac:a7:
                    f9:68:59:70:d3:5a:25:27:ec:73:14:1d:23:01:bc:
                    f5:65:27:d9:3a:9a:16:54:ab:90:e6:1e:48:71:c6:
                    31:8c:1b:f6:25:b0:c1:4d:01:f0:eb:55:ab:d6:2c:
                    47:42:22:ce:8b:4c:50:3a:64:ee:9a:9b:b3:1a:55:
                    c3:29:1a:cf:1d:85:3f:ea:3b:04:0f:87:3f:fa:a1:
                    41:27:50:84:6c:3d:ba:fc:29:2b:aa:93:b5:9b:7d:
                    e7:65:d5:d7:a0:45:a4:9e:33:5b:55:5d:cf:c1:fa:
                    4f:b4:96:22:25:d1:1d:f8:d9:b2:3f:8b:2d:f1:bc:
                    2a:18:cd:5e:17:63:6c:35:a1:25:79:17:29:a2:c6:
                    24:ec:51:25:ca:81:d0:fd:e7:0f:e1:e8:a0:3f:98:
                    10:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:29:BC:60:A9:AE:16:C5:70:F0:39:1E:70:98:04:EB:9A:7B:58:08
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/SSm8YKmuFsVw8DkecJgE65p7WAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:ce:9f:71:6f:ed:54:e9:f3:e2:1b:2f:8a:93:57:6d:bd:14:
         71:68:4a:a1:fe:98:02:98:f6:d2:e0:b5:84:71:ac:07:c9:a3:
         59:19:23:ab:94:0e:94:30:4b:c7:55:e5:df:98:16:d3:05:fa:
         04:e2:0f:3b:7a:22:67:25:ab:1a:61:5e:7c:5c:e2:c4:f6:1c:
         a3:00:89:68:e8:f5:b1:cb:ab:7a:60:f5:b7:1f:51:fe:e5:f6:
         49:1a:2b:f7:e9:16:2b:f1:de:83:7e:8b:d9:2c:f3:6f:74:49:
         c6:64:8e:65:06:aa:78:7a:f4:8e:8d:8c:d3:54:c3:76:47:01:
         b4:9d:66:f4:06:17:4c:73:b8:be:40:8c:c6:c8:7e:72:14:77:
         6c:a5:57:32:88:ce:74:26:40:57:32:c2:63:bd:94:20:d9:31:
         55:5e:57:e9:76:5e:bb:4c:82:07:4f:a0:fb:f8:df:3b:81:af:
         33:10:dd:c4:05:99:95:c5:96:95:af:1f:34:9c:47:e8:f7:b2:
         b5:81:a6:12:85:70:33:9e:20:e6:1a:da:c3:97:9a:96:a6:59:
         da:92:a4:3d:27:67:f0:86:81:87:b5:20:c8:02:de:a4:38:8d:
         fb:90:31:0a:e3:aa:8c:30:c9:32:50:5d:88:40:02:4d:7c:e6:
         fd:60:ad:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsbvF9gvaJxxd5/xYRdkiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjMwMTAxMDgyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTI5YmM2MGE5YWUxNmM1NzBmMDM5MWU3MDk4MDRlYjlhN2I1ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriFBAnXHq69gwwe8Di0CpQSeSWEz
zOVAEBnwhyO+NcM9xsOtOQEaGvYeTuVaU/irXIhIR5DOMfDY1stImwCAx6UkIDiQ
jcq8CWm29z6EzwBo0yfNrIP63FpkNM1iIl34TmExN0xLrKf5aFlw01olJ+xzFB0j
Abz1ZSfZOpoWVKuQ5h5IccYxjBv2JbDBTQHw61Wr1ixHQiLOi0xQOmTumpuzGlXD
KRrPHYU/6jsED4c/+qFBJ1CEbD26/CkrqpO1m33nZdXXoEWknjNbVV3PwfpPtJYi
JdEd+NmyP4st8bwqGM1eF2NsNaEleRcposYk7FElyoHQ/ecP4eigP5gQ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkpvGCprhbFcPA5HnCYBOuae1gIMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvU1NtOFlLbXVGc1Z3OERrZWNKZ0U2NXA3V0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWScGMA0G
CSqGSIb3DQEBCwUAA4IBAQA7zp9xb+1U6fPiGy+Kk1dtvRRxaEqh/pgCmPbS4LWE
cawHyaNZGSOrlA6UMEvHVeXfmBbTBfoE4g87eiJnJasaYV58XOLE9hyjAIlo6PWx
y6t6YPW3H1H+5fZJGiv36RYr8d6DfovZLPNvdEnGZI5lBqp4evSOjYzTVMN2RwG0
nWb0BhdMc7i+QIzGyH5yFHdspVcyiM50JkBXMsJjvZQg2TFVXlfpdl67TIIHT6D7
+N87ga8zEN3EBZmVxZaVrx80nEfo97K1gaYShXAzniDmGtrDl5qWplnakqQ9J2fw
hoGHtSDIAt6kOI37kDEK46qMMMkyUF2IQAJNfOb9YK0X
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:42 2024 by rpki-client on console-ams.rpki-client.org