Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1whCkGZOg38PUhXb9NPsilW4oz0.roa
File:                     1whCkGZOg38PUhXb9NPsilW4oz0.roa (raw, json)
Hash identifier:          LjLqDltIOPepdgrybp1mDrpC++uEUpTKJ9MCeTOEMMc=
Subject key identifier:   D7:08:42:90:66:4E:83:7F:0F:52:15:DB:F4:D3:EC:8A:55:B8:A3:3D
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018B3816E5AF4462ACD533016D88D2701C13
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1whCkGZOg38PUhXb9NPsilW4oz0.roa
Signing time:             Mon 16 Oct 2023 10:45:06 +0000
ROA not before:           Mon 16 Oct 2023 10:45:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212238
IP address blocks:        89.42.85.0/24 maxlen: 24
                          89.42.81.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 16 Nov 2023 05:47:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:38:16:e5:af:44:62:ac:d5:33:01:6d:88:d2:70:1c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 16 10:45:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d7084290664e837f0f5215dbf4d3ec8a55b8a33d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0a:86:56:7f:c2:7f:2c:73:77:bd:e7:cc:14:
                    c7:6e:98:31:32:70:df:9f:a9:71:49:4d:67:2d:8e:
                    00:40:25:5b:4b:47:ce:06:64:6b:e1:df:10:01:25:
                    31:c0:ac:79:3f:0a:a8:e5:b1:2e:6b:25:05:e0:43:
                    fb:e9:c7:e7:13:7c:6c:a3:d8:23:09:e2:93:8b:b3:
                    2d:90:98:9b:93:be:2e:78:47:42:76:04:29:05:71:
                    03:49:a3:6b:12:28:33:be:70:80:ba:b0:80:fa:e4:
                    a3:75:e1:9e:50:f4:eb:96:e3:23:b3:b6:56:73:b1:
                    52:c3:6a:28:36:61:7d:a0:34:3d:84:42:7b:f0:92:
                    f4:4b:2d:88:1e:d8:97:a6:f4:4f:ce:e4:e4:38:78:
                    b6:0d:aa:43:69:c1:e3:95:06:29:e7:0c:ec:72:55:
                    a9:b0:c9:a4:59:c0:b9:86:0d:5e:31:d3:c8:6b:c2:
                    fc:8c:e7:1d:65:92:fd:70:6d:b6:01:9e:90:85:d8:
                    27:3a:08:9f:4d:55:48:63:84:e8:ff:64:1b:33:7d:
                    56:d0:5b:fe:05:d5:5e:07:c0:de:d2:ec:e7:1b:af:
                    5d:74:50:84:8c:e9:e1:5d:e2:66:75:46:66:19:53:
                    8c:19:e7:cc:5f:81:bf:02:1a:d1:77:c0:7e:c9:f2:
                    5e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:08:42:90:66:4E:83:7F:0F:52:15:DB:F4:D3:EC:8A:55:B8:A3:3D
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1whCkGZOg38PUhXb9NPsilW4oz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.81.0/24
                  89.42.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:01:ec:68:a0:a4:d5:30:8b:65:09:33:b5:2d:71:2e:98:ac:
         a7:44:1c:fb:14:db:9d:aa:cd:8f:b4:52:ca:2b:72:c6:07:e8:
         ad:0e:65:c2:f9:e0:1f:8f:06:1a:05:9b:01:55:c0:40:87:bf:
         75:d3:c7:78:23:18:d0:7b:53:bd:c7:76:21:0e:71:ee:f7:7b:
         3d:e4:36:b2:13:a6:36:08:51:a0:71:f4:ab:09:71:cf:c0:ed:
         ee:07:e1:a7:4f:44:a7:4e:cb:05:bd:25:f1:bd:97:3a:93:03:
         32:1f:01:57:a6:0f:5c:dd:a5:2f:ea:77:76:81:1f:2f:d2:7e:
         54:9a:81:aa:38:72:e3:5e:69:87:c8:0e:61:9a:fe:d3:aa:ef:
         27:05:26:74:f5:e0:9c:b5:ab:7c:7d:79:8c:d9:64:7e:19:23:
         3c:40:a0:3e:a6:c0:f7:65:e6:61:f4:a3:a0:f4:aa:9d:0f:26:
         fe:b1:f0:a7:f7:5a:7a:e6:33:13:68:60:e8:e0:10:64:3d:36:
         c6:6e:8b:ef:f0:60:a6:b9:0f:d8:f8:14:83:47:20:76:a4:b3:
         60:6c:dc:71:a8:ad:39:89:3f:cc:a2:d4:7e:5d:be:a6:65:37:
         68:e6:52:31:73:19:7b:fd:5d:bc:54:87:53:1d:64:64:c2:86:
         46:63:b0:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYs4FuWvRGKs1TMBbYjScBwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMDE2MTA0NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzA4NDI5MDY2NGU4MzdmMGY1MjE1ZGJmNGQzZWM4YTU1YjhhMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogqGVn/Cfyxzd73nzBTHbpgxMnDf
n6lxSU1nLY4AQCVbS0fOBmRr4d8QASUxwKx5Pwqo5bEuayUF4EP76cfnE3xso9gj
CeKTi7MtkJibk74ueEdCdgQpBXEDSaNrEigzvnCAurCA+uSjdeGeUPTrluMjs7ZW
c7FSw2ooNmF9oDQ9hEJ78JL0Sy2IHtiXpvRPzuTkOHi2DapDacHjlQYp5wzsclWp
sMmkWcC5hg1eMdPIa8L8jOcdZZL9cG22AZ6QhdgnOgifTVVIY4To/2QbM31W0Fv+
BdVeB8De0uznG69ddFCEjOnhXeJmdUZmGVOMGefMX4G/AhrRd8B+yfJe1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNcIQpBmToN/D1IV2/TT7IpVuKM9MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvMXdoQ2tHWk9nMzhQVWhYYjlOUHNpbFc0b3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSpRAwQA
WSpVMA0GCSqGSIb3DQEBCwUAA4IBAQApAexooKTVMItlCTO1LXEumKynRBz7FNud
qs2PtFLKK3LGB+itDmXC+eAfjwYaBZsBVcBAh79108d4IxjQe1O9x3YhDnHu93s9
5DayE6Y2CFGgcfSrCXHPwO3uB+GnT0SnTssFvSXxvZc6kwMyHwFXpg9c3aUv6nd2
gR8v0n5UmoGqOHLjXmmHyA5hmv7Tqu8nBSZ09eCctat8fXmM2WR+GSM8QKA+psD3
ZeZh9KOg9KqdDyb+sfCn91p65jMTaGDo4BBkPTbGbovv8GCmuQ/Y+BSDRyB2pLNg
bNxxqK05iT/MotR+Xb6mZTdo5lIxcxl7/V28VIdTHWRkwoZGY7Dd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:49 2024 by rpki-client on console-ams.rpki-client.org