Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rPccWf7RmWgr_nApFZbTHDZp6sA.roa
File:                     rPccWf7RmWgr_nApFZbTHDZp6sA.roa (raw, json)
Hash identifier:          jPmfGahr7/mJkNoXlRQh73/nTLgvQZxK4+y90GG8QSg=
Subject key identifier:   AC:F7:1C:59:FE:D1:99:68:2B:FE:70:29:15:96:D3:1C:36:69:EA:C0
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018C024DCB26F2B1378A03E8725E1D9E161A
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rPccWf7RmWgr_nApFZbTHDZp6sA.roa
Signing time:             Fri 24 Nov 2023 17:08:21 +0000
ROA not before:           Fri 24 Nov 2023 17:08:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     54339
IP address blocks:        89.42.89.0/24 maxlen: 24
                          89.42.92.0/24 maxlen: 24
                          89.42.93.0/24 maxlen: 24
                          89.47.123.0/24 maxlen: 24
                          89.47.124.0/24 maxlen: 24
                          93.113.176.0/24 maxlen: 24
                          89.46.4.0/24 maxlen: 24
                          89.43.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:02:4d:cb:26:f2:b1:37:8a:03:e8:72:5e:1d:9e:16:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Nov 24 17:08:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=acf71c59fed199682bfe70291596d31c3669eac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fa:08:0f:cf:5e:ba:37:0f:7c:9c:14:f3:6d:
                    1d:68:a8:9a:89:41:29:03:98:12:1e:e5:a5:56:4b:
                    a9:cb:5f:86:e9:98:68:35:9b:fe:5d:d6:f4:3c:72:
                    fc:dd:dd:46:aa:83:8f:4f:e4:0e:d4:d1:1f:72:25:
                    ba:7d:9f:64:b9:7d:7a:b3:ad:57:fa:57:c2:0b:7b:
                    8b:4a:59:ac:13:85:44:80:a3:81:81:84:d7:c2:d1:
                    d1:af:df:24:35:05:60:14:0b:17:c4:e6:fc:80:0a:
                    a5:da:26:07:10:78:fd:62:52:9b:17:05:dd:cd:07:
                    a8:51:b9:f0:4d:b9:3b:37:e5:60:99:f8:bd:d6:15:
                    de:9e:6d:3a:7a:bd:27:00:27:19:7f:46:e5:8b:9a:
                    a4:ce:04:cc:13:9c:5c:f4:a8:51:39:ad:de:d5:cd:
                    dc:b3:a6:69:d0:c8:fc:af:59:51:18:b7:13:1f:70:
                    cc:bc:28:56:0a:38:e8:a2:4f:39:19:12:53:e3:09:
                    2d:25:69:c2:be:a2:dc:d2:f9:f9:e6:43:ed:a3:59:
                    3e:7b:b5:6b:d4:64:c2:e4:6b:d0:c3:32:f2:8d:a4:
                    d0:d2:e6:f9:1c:3d:65:6d:54:ab:77:05:7f:32:e8:
                    9a:4f:1c:0e:ee:06:37:f6:b6:05:48:6b:73:10:5e:
                    b2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F7:1C:59:FE:D1:99:68:2B:FE:70:29:15:96:D3:1C:36:69:EA:C0
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/rPccWf7RmWgr_nApFZbTHDZp6sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.89.0/24
                  89.42.92.0/23
                  89.43.142.0/24
                  89.46.4.0/24
                  89.47.123.0-89.47.124.255
                  93.113.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:6d:c0:78:6c:57:8a:2a:c1:a3:7d:5d:5c:b4:ae:c7:4c:06:
         30:b9:a1:ec:5a:50:1f:0b:f0:74:0c:b1:4f:2e:81:d2:f5:8a:
         0a:18:b5:d1:73:9a:31:ca:c6:ce:7e:38:06:35:74:d7:2a:5f:
         eb:98:58:51:74:f3:50:06:55:d6:be:d8:a7:5a:75:50:7b:20:
         45:db:9a:80:53:cf:f7:2b:a9:2c:b4:e8:87:e0:dc:1a:1d:36:
         fb:67:a7:6a:f0:6d:fc:f5:ce:8c:e0:49:0a:91:f6:f6:42:72:
         a9:30:4f:da:03:b2:44:4c:fd:ab:03:c0:4a:68:6c:78:38:01:
         24:d2:62:2f:d7:84:e3:fa:5a:3b:88:8b:b9:eb:97:73:72:3d:
         16:6e:d0:ae:b7:18:ee:e5:1f:83:ec:96:79:63:25:d9:9b:d3:
         5a:4b:e7:18:7f:59:2d:5d:be:18:d7:47:2f:01:77:32:40:2b:
         84:ac:ed:46:87:c5:dc:77:15:ec:38:2d:47:95:69:d3:67:4c:
         41:d2:47:67:b5:e7:3b:74:60:35:9a:ba:72:a1:03:ef:0d:b0:
         df:bb:e8:cb:36:bf:45:e2:a0:2a:5b:8d:96:43:c1:1e:94:a5:
         50:ed:1f:fc:65:54:c4:75:b4:9c:49:90:0f:48:aa:ef:3a:5c:
         3e:ff:94:bb
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYwCTcsm8rE3igPocl4dnhYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMTI0MTcwODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Y3MWM1OWZlZDE5OTY4MmJmZTcwMjkxNTk2ZDMxYzM2NjllYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/oID89eujcPfJwU820daKiaiUEp
A5gSHuWlVkupy1+G6ZhoNZv+Xdb0PHL83d1GqoOPT+QO1NEfciW6fZ9kuX16s61X
+lfCC3uLSlmsE4VEgKOBgYTXwtHRr98kNQVgFAsXxOb8gAql2iYHEHj9YlKbFwXd
zQeoUbnwTbk7N+Vgmfi91hXenm06er0nACcZf0bli5qkzgTME5xc9KhROa3e1c3c
s6Zp0Mj8r1lRGLcTH3DMvChWCjjook85GRJT4wktJWnCvqLc0vn55kPto1k+e7Vr
1GTC5GvQwzLyjaTQ0ub5HD1lbVSrdwV/MuiaTxwO7gY39rYFSGtzEF6ylQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFKz3HFn+0ZloK/5wKRWW0xw2aerAMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvclBjY1dmN1JtV2dyX25BcEZaYlRIRFpwNnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAWSpZAwQB
WSpcAwQAWSuOAwQAWS4EMAwDBABZL3sDBABZL3wDBABdcbAwDQYJKoZIhvcNAQEL
BQADggEBADxtwHhsV4oqwaN9XVy0rsdMBjC5oexaUB8L8HQMsU8ugdL1igoYtdFz
mjHKxs5+OAY1dNcqX+uYWFF081AGVda+2KdadVB7IEXbmoBTz/crqSy06Ifg3Bod
Nvtnp2rwbfz1zozgSQqR9vZCcqkwT9oDskRM/asDwEpobHg4ASTSYi/XhOP6WjuI
i7nrl3NyPRZu0K63GO7lH4PslnljJdmb01pL5xh/WS1dvhjXRy8BdzJAK4Ss7UaH
xdx3Few4LUeVadNnTEHSR2e15zt0YDWaunKhA+8NsN+76Ms2v0XioCpbjZZDwR6U
pVDtH/xlVMR1tJxJkA9Iqu86XD7/lLs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:50 2024 by rpki-client on console-ams.rpki-client.org