Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/172e0b-8cbb-402e-8f2c-8595b4500884/1/o48U7GuASH_a7LTsAHakFx0mjl0.roa
File:                     o48U7GuASH_a7LTsAHakFx0mjl0.roa (raw, json)
Hash identifier:          Mc8ExpU0L4lXx7VoUDc7f86TADorKIcv25u89YkHocg=
Subject key identifier:   A3:8F:14:EC:6B:80:48:7F:DA:EC:B4:EC:00:76:A4:17:1D:26:8E:5D
Certificate issuer:       /CN=731c1382858b0dc95a9adbea4728b31f9e22c0d8
Certificate serial:       018AAF3C297CD77FAE6A275C9112905E1A95
Authority key identifier: 73:1C:13:82:85:8B:0D:C9:5A:9A:DB:EA:47:28:B3:1F:9E:22:C0:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxwTgoWLDclamtvqRyizH54iwNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/172e0b-8cbb-402e-8f2c-8595b4500884/1/o48U7GuASH_a7LTsAHakFx0mjl0.roa
Signing time:             Tue 19 Sep 2023 20:57:50 +0000
ROA not before:           Tue 19 Sep 2023 20:57:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     216433
IP address blocks:        89.39.123.0/24 maxlen: 24
                          2a13:b140::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:af:3c:29:7c:d7:7f:ae:6a:27:5c:91:12:90:5e:1a:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=731c1382858b0dc95a9adbea4728b31f9e22c0d8
        Validity
            Not Before: Sep 19 20:57:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a38f14ec6b80487fdaecb4ec0076a4171d268e5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e7:68:47:bf:ee:38:59:99:f1:f8:e5:28:9a:
                    06:ac:96:35:ba:6b:e1:e0:a9:07:32:a0:4c:d2:03:
                    bd:d1:15:3f:5a:25:17:e4:86:6c:4a:d9:57:3f:fb:
                    cb:77:e8:a9:c7:7d:4c:24:12:da:41:46:51:83:b5:
                    cc:6f:89:1c:3a:e4:9c:e3:e8:02:4e:7a:96:02:f2:
                    41:ad:8b:1a:c6:bb:55:e8:cb:af:4d:8f:03:6e:6e:
                    e0:48:54:3d:e2:8e:ca:ec:22:a0:11:60:43:5a:83:
                    21:67:94:f4:06:59:09:b6:cc:ea:c5:92:33:d9:51:
                    1e:40:af:70:ca:63:94:8e:16:de:00:60:45:5b:2a:
                    ba:42:a8:0c:fd:12:dd:c3:fb:20:f5:3b:f8:2c:45:
                    aa:d8:4a:10:a1:6f:a9:05:58:d4:1b:7c:45:94:a2:
                    ca:7d:f7:ac:b4:6e:fd:ee:2d:f4:09:b0:1a:6a:8b:
                    7a:25:47:95:fd:fd:f9:d1:9a:df:b5:ca:28:1d:dd:
                    1f:3e:79:56:6e:d0:c5:08:93:1f:01:1a:8b:09:51:
                    04:ff:95:59:b6:e5:0b:49:8f:32:31:0a:9e:25:db:
                    b3:80:ed:fe:11:83:ff:63:a9:d1:10:bc:f2:27:23:
                    f3:2f:ee:c9:e6:6d:56:9d:b9:45:f5:3b:da:a9:ed:
                    a3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:8F:14:EC:6B:80:48:7F:DA:EC:B4:EC:00:76:A4:17:1D:26:8E:5D
            X509v3 Authority Key Identifier:
                keyid:73:1C:13:82:85:8B:0D:C9:5A:9A:DB:EA:47:28:B3:1F:9E:22:C0:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxwTgoWLDclamtvqRyizH54iwNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/172e0b-8cbb-402e-8f2c-8595b4500884/1/o48U7GuASH_a7LTsAHakFx0mjl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/172e0b-8cbb-402e-8f2c-8595b4500884/1/cxwTgoWLDclamtvqRyizH54iwNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.123.0/24
                IPv6:
                  2a13:b140::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:34:4d:64:eb:0d:46:45:31:73:52:1b:64:23:8e:72:48:fb:
         6e:03:c6:ee:2a:5a:a1:7b:95:b7:45:14:93:20:1a:04:b5:08:
         ed:d4:2f:26:f6:09:79:e0:f0:95:fe:44:10:c0:96:b9:da:b6:
         65:4f:80:6c:38:38:d6:6d:3c:9c:35:92:4f:db:6b:55:5f:f1:
         bb:cc:02:69:e1:4e:b6:f5:d8:bc:c2:b5:5b:85:ce:3c:e4:14:
         04:e6:28:13:fb:21:0a:99:1c:3e:42:17:89:d8:3f:38:53:65:
         ae:2f:67:7c:b9:93:2e:38:4b:f9:db:7c:62:d6:b9:00:50:1c:
         ef:b0:e9:e5:12:13:07:0f:0a:a3:32:65:ad:9d:ae:7e:9b:1b:
         3c:cb:d3:8f:30:e2:45:1c:69:fe:d8:5f:72:fd:bf:4c:02:d2:
         44:69:bf:7b:f6:cb:66:96:d1:de:72:28:0d:24:41:3e:a2:2e:
         f3:9a:07:32:0a:45:49:49:4f:cb:f0:03:87:3d:42:f5:c6:da:
         cd:8d:b1:b4:56:0c:42:93:31:e3:53:e4:c9:41:02:0a:7e:6f:
         ed:63:65:5a:dc:7f:c4:55:8f:8f:15:f3:6b:c3:eb:06:7e:a8:
         10:1d:f2:e2:4d:4f:13:e7:88:9e:46:4f:fb:00:bb:cc:e4:da:
         a6:89:35:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYqvPCl813+uaidckRKQXhqVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMWMxMzgyODU4YjBkYzk1YTlhZGJlYTQ3MjhiMzFmOWUy
MmMwZDgwHhcNMjMwOTE5MjA1NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzhmMTRlYzZiODA0ODdmZGFlY2I0ZWMwMDc2YTQxNzFkMjY4ZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvedoR7/uOFmZ8fjlKJoGrJY1umvh
4KkHMqBM0gO90RU/WiUX5IZsStlXP/vLd+ipx31MJBLaQUZRg7XMb4kcOuSc4+gC
TnqWAvJBrYsaxrtV6MuvTY8Dbm7gSFQ94o7K7CKgEWBDWoMhZ5T0BlkJtszqxZIz
2VEeQK9wymOUjhbeAGBFWyq6QqgM/RLdw/sg9Tv4LEWq2EoQoW+pBVjUG3xFlKLK
ffestG797i30CbAaaot6JUeV/f350ZrftcooHd0fPnlWbtDFCJMfARqLCVEE/5VZ
tuULSY8yMQqeJduzgO3+EYP/Y6nRELzyJyPzL+7J5m1WnblF9Tvaqe2jHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKOPFOxrgEh/2uy07AB2pBcdJo5dMB8GA1UdIwQY
MBaAFHMcE4KFiw3JWprb6kcosx+eIsDYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3h3VGdvV0xEY2xhbXR2cVJ5aXpINTRpd05nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xNzJlMGItOGNiYi00MDJlLThmMmMt
ODU5NWI0NTAwODg0LzEvbzQ4VTdHdUFTSF9hN0xUc0FIYWtGeDBtamwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xNzJlMGItOGNiYi00MDJlLThmMmMtODU5NWI0NTAwODg0
LzEvY3h3VGdvV0xEY2xhbXR2cVJ5aXpINTRpd05nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWSd7MA0E
AgACMAcDBQMqE7FAMA0GCSqGSIb3DQEBCwUAA4IBAQBcNE1k6w1GRTFzUhtkI45y
SPtuA8buKlqhe5W3RRSTIBoEtQjt1C8m9gl54PCV/kQQwJa52rZlT4BsODjWbTyc
NZJP22tVX/G7zAJp4U629di8wrVbhc485BQE5igT+yEKmRw+QheJ2D84U2WuL2d8
uZMuOEv523xi1rkAUBzvsOnlEhMHDwqjMmWtna5+mxs8y9OPMOJFHGn+2F9y/b9M
AtJEab979stmltHecigNJEE+oi7zmgcyCkVJSU/L8AOHPUL1xtrNjbG0VgxCkzHj
U+TJQQIKfm/tY2Va3H/EVY+PFfNrw+sGfqgQHfLiTU8T54ieRk/7ALvM5NqmiTVb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:20 2024 by rpki-client on console-ams.rpki-client.org