Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ahB49GPv8LoKp4inWPjakD8WDB0.roa
File:                     ahB49GPv8LoKp4inWPjakD8WDB0.roa (raw, json)
Hash identifier:          TBKvYoB/pEyUG5dg3dkj35/J/eI0Si8OrBPqa0SK+zg=
Subject key identifier:   6A:10:78:F4:63:EF:F0:BA:0A:A7:88:A7:58:F8:DA:90:3F:16:0C:1D
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018D788768345733CA44F4E4CC033E0EB2B0
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ahB49GPv8LoKp4inWPjakD8WDB0.roa
Signing time:             Mon 05 Feb 2024 09:09:16 +0000
ROA not before:           Mon 05 Feb 2024 09:09:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        89.34.224.0/23 maxlen: 24
                          89.34.228.0/24 maxlen: 24
                          89.34.231.0/24 maxlen: 24
                          89.42.81.0/24 maxlen: 24
                          89.42.86.0/24 maxlen: 24
                          89.42.95.0/24 maxlen: 24
                          89.42.143.0/24 maxlen: 24
                          89.43.140.0/24 maxlen: 24
                          89.43.143.0/24 maxlen: 24
                          89.46.0.0/24 maxlen: 24
                          89.47.114.0/24 maxlen: 24
                          89.47.115.0/24 maxlen: 24
                          89.47.119.0/24 maxlen: 24
                          89.47.125.0/24 maxlen: 24
                          89.47.127.0/24 maxlen: 24
                          93.113.181.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 24 Feb 2024 06:56:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:87:68:34:57:33:ca:44:f4:e4:cc:03:3e:0e:b2:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Feb  5 09:09:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a1078f463eff0ba0aa788a758f8da903f160c1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:21:c8:92:f1:a5:cf:65:4c:72:bc:a3:7b:2a:
                    ac:7b:84:2f:60:74:de:dc:60:5b:f6:06:f8:bf:d4:
                    bf:57:9a:e0:e8:e7:a9:b2:36:56:e2:c8:ad:e2:27:
                    10:dc:ab:09:9f:d0:7d:31:1b:0e:3a:10:ae:61:1d:
                    ea:f3:b8:2a:e3:86:d7:fb:c1:7c:7b:06:28:8d:02:
                    59:a1:7d:6c:43:80:ef:ff:c8:70:74:d1:bd:be:d5:
                    b7:bd:a0:90:ea:c3:94:7c:e8:cd:8a:5e:14:cb:4d:
                    bc:51:59:6f:e0:4a:8b:16:87:a5:2b:61:75:30:b8:
                    24:c7:65:26:d3:3c:8d:8e:36:43:81:44:51:69:ca:
                    8f:5b:e9:2a:0a:fa:b0:60:c1:41:96:80:d7:dc:77:
                    05:90:a3:23:ce:09:ac:fd:93:81:9f:90:d9:1b:68:
                    d3:48:de:d3:60:ba:22:55:5c:de:fd:76:6a:c6:93:
                    01:5e:bf:fb:bd:54:e5:2e:8e:2c:b9:25:9d:be:97:
                    6b:3f:04:cd:28:21:95:c1:16:fe:d1:09:78:79:5d:
                    fd:e9:50:2c:26:6c:78:42:c5:b4:96:f1:f0:0f:9f:
                    11:4b:f2:a6:87:f9:7c:21:ee:b9:17:21:e9:bc:56:
                    45:9a:6f:e7:90:d4:bf:aa:a0:a1:c0:1c:59:cb:53:
                    11:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:10:78:F4:63:EF:F0:BA:0A:A7:88:A7:58:F8:DA:90:3F:16:0C:1D
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ahB49GPv8LoKp4inWPjakD8WDB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.224.0/23
                  89.34.228.0/24
                  89.34.231.0/24
                  89.42.81.0/24
                  89.42.86.0/24
                  89.42.95.0/24
                  89.42.143.0/24
                  89.43.140.0/24
                  89.43.143.0/24
                  89.46.0.0/24
                  89.47.114.0/23
                  89.47.119.0/24
                  89.47.125.0/24
                  89.47.127.0/24
                  93.113.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:d4:2e:f0:e5:cf:ce:b2:aa:1f:d8:fa:97:1c:9e:2a:7b:08:
         bf:62:7b:2a:0c:3c:d4:85:54:48:3c:c2:4e:ee:35:9a:9f:a6:
         e0:5e:3b:96:89:f7:91:db:b8:a2:84:55:94:e7:46:2e:97:d1:
         53:16:48:14:bb:0e:ca:b0:9a:83:e5:51:b9:42:6c:35:c6:12:
         e6:7b:2c:00:af:c3:b1:e5:ad:3a:36:a7:b6:32:dd:65:bd:48:
         b3:01:26:c2:05:2b:dd:a4:4f:11:6a:d5:52:de:ef:86:3b:1a:
         2e:a3:2d:be:47:51:f5:ab:f0:8b:f6:de:82:0e:88:13:81:87:
         f6:d6:4a:c5:86:fa:01:89:5b:51:58:e0:17:b7:e6:5f:ad:74:
         67:2d:cd:f5:d0:2a:de:76:03:5e:6b:ad:79:1b:7c:fa:d7:a8:
         97:c8:38:a7:32:ae:c3:9e:1d:a0:a0:26:25:04:62:b9:cf:e0:
         1f:3d:d8:00:34:03:67:6d:04:66:26:21:7e:13:83:f7:e3:51:
         a1:ac:2f:8c:d0:aa:55:75:97:bb:f5:f7:42:2f:88:e2:a3:11:
         e2:14:b6:21:15:89:a2:19:4b:de:a8:fa:32:bc:b5:19:97:5e:
         4d:a8:cc:ae:db:b3:68:ff:36:aa:6d:28:6e:e6:c5:0b:6f:9f:
         fe:44:28:f3
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY14h2g0VzPKRPTkzAM+DrKwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMjA1MDkwOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTEwNzhmNDYzZWZmMGJhMGFhNzg4YTc1OGY4ZGE5MDNmMTYwYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCHIkvGlz2VMcryjeyqse4QvYHTe
3GBb9gb4v9S/V5rg6OepsjZW4sit4icQ3KsJn9B9MRsOOhCuYR3q87gq44bX+8F8
ewYojQJZoX1sQ4Dv/8hwdNG9vtW3vaCQ6sOUfOjNil4Uy028UVlv4EqLFoelK2F1
MLgkx2Um0zyNjjZDgURRacqPW+kqCvqwYMFBloDX3HcFkKMjzgms/ZOBn5DZG2jT
SN7TYLoiVVze/XZqxpMBXr/7vVTlLo4suSWdvpdrPwTNKCGVwRb+0Ql4eV396VAs
Jmx4QsW0lvHwD58RS/Kmh/l8Ie65FyHpvFZFmm/nkNS/qqChwBxZy1MRIQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFGoQePRj7/C6CqeIp1j42pA/FgwdMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvYWhCNDlHUHY4TG9LcDRpbldQamFrRDhXREIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQBWSLgAwQA
WSLkAwQAWSLnAwQAWSpRAwQAWSpWAwQAWSpfAwQAWSqPAwQAWSuMAwQAWSuPAwQA
WS4AAwQBWS9yAwQAWS93AwQAWS99AwQAWS9/AwQAXXG1MA0GCSqGSIb3DQEBCwUA
A4IBAQBP1C7w5c/Osqof2PqXHJ4qewi/YnsqDDzUhVRIPMJO7jWan6bgXjuWifeR
27iihFWU50Yul9FTFkgUuw7KsJqD5VG5Qmw1xhLmeywAr8Ox5a06Nqe2Mt1lvUiz
ASbCBSvdpE8RatVS3u+GOxouoy2+R1H1q/CL9t6CDogTgYf21krFhvoBiVtRWOAX
t+ZfrXRnLc310CredgNea615G3z616iXyDinMq7Dnh2goCYlBGK5z+AfPdgANANn
bQRmJiF+E4P341GhrC+M0KpVdZe79fdCL4jioxHiFLYhFYmiGUveqPoyvLUZl15N
qMyu27No/zaqbShu5sULb5/+RCjz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:19 2024 by rpki-client on console-fra.rpki-client.org