Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3nVw_K-JKxOr2dEEjHUC68KR-WI.roa
File:                     3nVw_K-JKxOr2dEEjHUC68KR-WI.roa (raw, json)
Hash identifier:          nu+nH6HoH0tFtWnETqehedJGfoVRBFscO4ZMkV52We8=
Subject key identifier:   DE:75:70:FC:AF:89:2B:13:AB:D9:D1:04:8C:75:02:EB:C2:91:F9:62
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018C593B4757D920EE94F2C3A49DD9C89406
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3nVw_K-JKxOr2dEEjHUC68KR-WI.roa
Signing time:             Mon 11 Dec 2023 14:15:06 +0000
ROA not before:           Mon 11 Dec 2023 14:15:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23
                          89.42.80.0/23 maxlen: 23
                          185.101.105.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Dec 2023 05:18:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:59:3b:47:57:d9:20:ee:94:f2:c3:a4:9d:d9:c8:94:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Dec 11 14:15:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de7570fcaf892b13abd9d1048c7502ebc291f962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:25:b6:7f:9a:bc:56:54:24:d9:c5:63:6c:f7:
                    e1:38:a6:45:43:d5:57:75:58:4b:89:26:4f:5c:5b:
                    08:6f:8f:57:49:8d:4f:f2:71:c6:b8:e8:07:71:20:
                    ef:a4:49:69:1f:5e:f7:c3:65:7f:16:2d:56:46:c3:
                    bf:13:6d:14:e1:3d:ef:e1:ab:9f:2a:b3:53:85:ea:
                    fb:4a:21:c8:9d:89:d0:2c:22:c3:76:56:91:fc:2b:
                    d4:b3:67:5d:1e:5e:ab:f2:01:fb:dc:6b:d0:09:5c:
                    40:ce:2b:df:8c:4f:2e:27:7d:06:01:1a:b7:6b:8e:
                    86:cf:3b:d0:25:8e:f1:f1:14:a5:02:8b:ca:a1:67:
                    12:cc:55:e0:94:70:49:54:b6:e2:06:7b:dd:54:54:
                    16:fe:4c:e1:a5:ba:d2:d4:da:64:da:fc:e6:19:17:
                    64:b2:74:4f:30:07:94:92:a4:e2:59:18:08:ab:e3:
                    ea:20:d7:ef:22:e8:61:1d:d2:e8:42:6b:02:3c:20:
                    f8:e8:dd:fa:7e:de:e9:c4:f1:18:d9:36:be:0f:21:
                    a5:3b:9c:cc:89:29:50:f1:ff:29:29:f7:90:4f:ee:
                    a4:97:e1:7d:13:3a:82:14:9e:26:06:db:61:1b:42:
                    bd:fe:ca:15:c8:8c:4b:77:9e:1f:98:c3:7a:cb:3f:
                    d3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:75:70:FC:AF:89:2B:13:AB:D9:D1:04:8C:75:02:EB:C2:91:F9:62
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3nVw_K-JKxOr2dEEjHUC68KR-WI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.80.0/22
                  185.101.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:d1:e8:b3:cf:44:26:f4:84:db:ed:16:f9:65:6b:e4:d0:b0:
         fa:9f:f9:5b:60:e3:66:51:99:e4:ee:7d:03:44:91:d2:fc:9a:
         56:f4:64:56:fc:06:1b:91:78:16:25:89:2a:f0:c9:73:90:11:
         c4:a2:0b:ce:19:df:cf:d4:68:79:8f:85:b0:0b:79:5c:a5:5d:
         95:32:36:16:60:b0:29:86:15:29:2b:87:35:6c:18:fb:45:cf:
         6b:c3:74:11:99:f2:05:bc:56:65:06:dc:41:5e:7f:04:b6:98:
         88:09:5a:27:b2:9f:1a:9e:2b:77:2f:06:ae:ea:fa:27:5d:94:
         21:90:38:1a:f7:9c:20:38:41:e5:ed:86:3d:f7:3e:2d:b4:8f:
         39:2c:ee:c3:3e:ea:a5:f8:9d:e5:03:50:ae:c0:88:00:9d:09:
         d9:51:d0:df:3f:92:c1:e6:59:90:ad:05:3d:13:26:91:75:ac:
         52:58:d4:19:4a:91:03:bd:49:90:b9:96:0b:94:33:7e:39:f3:
         0c:d5:73:78:2d:5e:2f:6e:fe:5b:49:64:6f:f5:dd:fa:4f:1a:
         e5:fa:54:61:de:53:fd:58:1a:50:33:9d:28:bb:21:1c:3b:fd:
         1c:7b:23:af:65:33:8f:3f:2e:4e:e2:d8:4e:fd:3b:f1:f5:27:
         5a:cf:15:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYxZO0dX2SDulPLDpJ3ZyJQGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMjExMTQxNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTc1NzBmY2FmODkyYjEzYWJkOWQxMDQ4Yzc1MDJlYmMyOTFmOTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCW2f5q8VlQk2cVjbPfhOKZFQ9VX
dVhLiSZPXFsIb49XSY1P8nHGuOgHcSDvpElpH173w2V/Fi1WRsO/E20U4T3v4auf
KrNTher7SiHInYnQLCLDdlaR/CvUs2ddHl6r8gH73GvQCVxAzivfjE8uJ30GARq3
a46GzzvQJY7x8RSlAovKoWcSzFXglHBJVLbiBnvdVFQW/kzhpbrS1Npk2vzmGRdk
snRPMAeUkqTiWRgIq+PqINfvIuhhHdLoQmsCPCD46N36ft7pxPEY2Ta+DyGlO5zM
iSlQ8f8pKfeQT+6kl+F9EzqCFJ4mBtthG0K9/soVyIxLd54fmMN6yz/TFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN51cPyviSsTq9nRBIx1AuvCkfliMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvM25Wd19LLUpLeE9yMmRFRWpIVUM2OEtSLVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWSpQAwQA
uWVpMA0GCSqGSIb3DQEBCwUAA4IBAQAB0eizz0Qm9ITb7Rb5ZWvk0LD6n/lbYONm
UZnk7n0DRJHS/JpW9GRW/AYbkXgWJYkq8MlzkBHEogvOGd/P1Gh5j4WwC3lcpV2V
MjYWYLAphhUpK4c1bBj7Rc9rw3QRmfIFvFZlBtxBXn8EtpiICVonsp8anit3Lwau
6vonXZQhkDga95wgOEHl7YY99z4ttI85LO7DPuql+J3lA1CuwIgAnQnZUdDfP5LB
5lmQrQU9EyaRdaxSWNQZSpEDvUmQuZYLlDN+OfMM1XN4LV4vbv5bSWRv9d36Txrl
+lRh3lP9WBpQM50ouyEcO/0ceyOvZTOPPy5O4thO/Tvx9SdazxV+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:49 2024 by rpki-client on console-ams.rpki-client.org