Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/hiup9lsY_LzsNwGXvgLW5QqaENA.roa
File:                     hiup9lsY_LzsNwGXvgLW5QqaENA.roa (raw, json)
Hash identifier:          Zq3jsLT4rekedfskL9OvQnvsxYOOcZtyVizJloeNTDY=
Subject key identifier:   86:2B:A9:F6:5B:18:FC:BC:EC:37:01:97:BE:02:D6:E5:0A:9A:10:D0
Certificate issuer:       /CN=89ae220b4768da6e276e6a62edd6746d8fc3c1fb
Certificate serial:       01876AA57ADEE1BA6C24536F749929BD401B
Authority key identifier: 89:AE:22:0B:47:68:DA:6E:27:6E:6A:62:ED:D6:74:6D:8F:C3:C1:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/hiup9lsY_LzsNwGXvgLW5QqaENA.roa
Signing time:             Mon 10 Apr 2023 10:10:42 +0000
ROA not before:           Mon 10 Apr 2023 10:10:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210711
IP address blocks:        94.154.121.0/24 maxlen: 24
                          2a11:48c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6a:a5:7a:de:e1:ba:6c:24:53:6f:74:99:29:bd:40:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ae220b4768da6e276e6a62edd6746d8fc3c1fb
        Validity
            Not Before: Apr 10 10:10:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=862ba9f65b18fcbcec370197be02d6e50a9a10d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cc:f3:f1:00:90:06:ad:c3:41:5d:6d:7a:90:
                    5c:58:26:1c:d0:18:3a:83:cd:32:84:85:d8:93:46:
                    7e:b7:e8:39:d3:b4:d5:e7:c9:55:1b:2a:4b:7b:97:
                    c2:0f:5a:e3:ce:80:3b:66:74:4b:a9:b6:16:91:97:
                    21:3b:e0:8f:76:39:ab:29:04:c1:f6:a2:47:94:50:
                    f3:0c:9f:d1:d8:5e:6e:13:0b:29:c2:bb:e7:96:7b:
                    f3:bb:69:5d:4a:05:79:01:0d:37:48:5b:83:87:af:
                    5f:89:4b:c2:8e:c0:13:c5:35:ac:60:ef:65:8f:10:
                    4d:7b:6e:4d:75:6c:b2:21:07:ce:af:75:d2:48:79:
                    e3:87:b1:e5:0d:8e:b0:4c:67:0c:33:a8:16:d6:43:
                    e0:3e:85:da:ee:f0:74:b2:18:ac:98:a3:54:65:e4:
                    52:0d:a8:37:03:de:0e:40:8f:16:9f:fa:54:2d:c5:
                    46:eb:86:6c:28:79:f6:32:5e:95:b8:ca:17:66:a2:
                    9f:b9:6e:9d:89:78:d8:31:38:86:6e:f9:c3:c6:61:
                    59:15:63:35:4e:74:86:89:98:f9:bb:68:39:2d:30:
                    2f:82:1c:99:36:55:6a:e9:29:ad:5c:cc:81:88:aa:
                    db:06:04:53:dd:08:8b:37:b6:54:f7:28:d7:fa:4c:
                    80:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2B:A9:F6:5B:18:FC:BC:EC:37:01:97:BE:02:D6:E5:0A:9A:10:D0
            X509v3 Authority Key Identifier:
                keyid:89:AE:22:0B:47:68:DA:6E:27:6E:6A:62:ED:D6:74:6D:8F:C3:C1:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/hiup9lsY_LzsNwGXvgLW5QqaENA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.121.0/24
                IPv6:
                  2a11:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:76:6a:4d:97:72:e2:c2:fa:30:73:93:0a:3e:cd:fd:b5:2a:
         15:b0:c9:80:b0:2e:da:58:22:ff:7a:bf:1d:e2:79:3c:c4:35:
         25:d1:db:9f:0f:9f:ce:f0:53:13:66:c9:f0:18:ce:21:53:a3:
         53:3b:d9:23:e9:62:4e:18:da:b4:91:93:4f:03:82:cb:9f:ba:
         a8:f4:56:a9:fd:ae:e5:46:9f:17:17:f0:48:b5:01:ca:33:0e:
         28:b0:b7:64:d4:6f:6d:95:83:8e:f1:5d:e0:4c:f2:ac:a4:fd:
         c9:0c:be:77:9b:3f:27:04:b4:b2:9c:98:99:b0:a9:02:ad:04:
         90:8d:d1:a2:75:fd:c4:55:67:5c:16:d5:6a:4a:59:a0:3f:cf:
         dd:2d:62:0d:8a:34:ab:40:37:21:78:56:0f:30:55:2a:c3:3a:
         b7:59:4d:4b:c6:3f:43:b4:46:da:fb:4f:45:df:09:62:c3:1d:
         6b:a5:2d:26:5d:44:52:98:62:6f:fb:fc:a5:93:17:a5:10:8c:
         0d:97:ae:07:03:8e:98:1c:cc:df:1f:5f:98:5c:3b:bc:6a:75:
         fd:6c:cc:e6:fe:5c:cf:4f:ab:35:2b:27:fc:4e:08:c0:b8:85:
         47:20:d6:81:26:41:2f:78:8a:31:85:45:3f:13:9b:30:0b:ab:
         19:86:48:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYdqpXre4bpsJFNvdJkpvUAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWUyMjBiNDc2OGRhNmUyNzZlNmE2MmVkZDY3NDZkOGZj
M2MxZmIwHhcNMjMwNDEwMTAxMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjJiYTlmNjViMThmY2JjZWMzNzAxOTdiZTAyZDZlNTBhOWExMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8zz8QCQBq3DQV1tepBcWCYc0Bg6
g80yhIXYk0Z+t+g507TV58lVGypLe5fCD1rjzoA7ZnRLqbYWkZchO+CPdjmrKQTB
9qJHlFDzDJ/R2F5uEwspwrvnlnvzu2ldSgV5AQ03SFuDh69fiUvCjsATxTWsYO9l
jxBNe25NdWyyIQfOr3XSSHnjh7HlDY6wTGcMM6gW1kPgPoXa7vB0shismKNUZeRS
Dag3A94OQI8Wn/pULcVG64ZsKHn2Ml6VuMoXZqKfuW6diXjYMTiGbvnDxmFZFWM1
TnSGiZj5u2g5LTAvghyZNlVq6SmtXMyBiKrbBgRT3QiLN7ZU9yjX+kyA2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIYrqfZbGPy87DcBl74C1uUKmhDQMB8GA1UdIwQY
MBaAFImuIgtHaNpuJ25qYu3WdG2Pw8H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWE0aUMwZG8ybTRuYm1waTdkWjBiWV9Ed2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zYjhhNDAtNzYxMC00ZTRkLTliMzct
NzQxZmE0ZTEwZTM2LzEvaGl1cDlsc1lfTHpzTndHWHZnTFc1UXFhRU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zYjhhNDAtNzYxMC00ZTRkLTliMzctNzQxZmE0ZTEwZTM2
LzEvaWE0aUMwZG8ybTRuYm1waTdkWjBiWV9Ed2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXpp5MA0E
AgACMAcDBQMqEUjAMA0GCSqGSIb3DQEBCwUAA4IBAQAidmpNl3Liwvowc5MKPs39
tSoVsMmAsC7aWCL/er8d4nk8xDUl0dufD5/O8FMTZsnwGM4hU6NTO9kj6WJOGNq0
kZNPA4LLn7qo9Fap/a7lRp8XF/BItQHKMw4osLdk1G9tlYOO8V3gTPKspP3JDL53
mz8nBLSynJiZsKkCrQSQjdGidf3EVWdcFtVqSlmgP8/dLWINijSrQDcheFYPMFUq
wzq3WU1Lxj9DtEba+09F3wliwx1rpS0mXURSmGJv+/ylkxelEIwNl64HA46YHMzf
H1+YXDu8anX9bMzm/lzPT6s1Kyf8TgjAuIVHINaBJkEveIoxhUU/E5swC6sZhkh3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:32 2024 by rpki-client on console-fra.rpki-client.org