Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/Po8PMc2oyKvqsY1hzSyMI4BzNlo.roa
File:                     Po8PMc2oyKvqsY1hzSyMI4BzNlo.roa (raw, json)
Hash identifier:          QeLIrF97sgxWda63Bb4kALpusfHNVE0zfdK2o6FYiP0=
Subject key identifier:   3E:8F:0F:31:CD:A8:C8:AB:EA:B1:8D:61:CD:2C:8C:23:80:73:36:5A
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018A454D9FA3737B47ADC1F028673FEC4980
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/Po8PMc2oyKvqsY1hzSyMI4BzNlo.roa
Signing time:             Wed 30 Aug 2023 07:17:09 +0000
ROA not before:           Wed 30 Aug 2023 07:17:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202029
IP address blocks:        91.239.214.0/24 maxlen: 24
                          85.9.104.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:45:4d:9f:a3:73:7b:47:ad:c1:f0:28:67:3f:ec:49:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Aug 30 07:17:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3e8f0f31cda8c8abeab18d61cd2c8c238073365a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5a:9e:3f:d7:0e:bd:dc:1c:b8:88:f0:70:f7:
                    4e:5e:0f:76:1f:e1:b8:27:d2:d5:e7:7e:71:a8:96:
                    29:cc:c0:39:b5:22:b8:40:82:79:8c:d8:d3:78:a8:
                    3a:bf:a1:51:c0:93:be:8d:ee:48:55:59:74:ad:e4:
                    43:72:4c:63:6a:fa:46:76:83:83:2b:3d:29:66:77:
                    35:64:cb:ee:06:a5:22:ec:90:da:3c:ac:4d:d7:e1:
                    04:94:0c:04:0c:3b:19:ed:a0:bf:a9:22:e3:fd:ef:
                    6e:41:ba:45:26:2b:44:b6:2e:30:ab:67:60:b7:14:
                    a6:13:2e:ca:8c:de:16:80:15:be:a2:99:8d:1f:14:
                    45:7c:10:d6:58:ce:31:1e:a5:b2:1d:a1:13:c0:b9:
                    40:63:18:7b:12:d8:de:84:05:34:e5:92:bf:a8:e0:
                    ed:99:0c:11:a2:26:97:f3:10:74:91:9c:8f:2b:b0:
                    0a:db:1d:14:45:76:15:69:88:4f:b0:f5:82:75:d1:
                    95:4f:0d:c2:54:42:c9:22:90:f3:71:fd:85:0a:cf:
                    69:3c:3e:49:a5:6b:e7:e8:9c:f1:d7:3f:2b:6e:20:
                    c6:15:11:5f:9a:fe:c8:68:e1:8d:b8:24:53:32:49:
                    9d:81:b4:35:a6:83:34:91:ea:4d:58:ed:71:18:67:
                    f0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8F:0F:31:CD:A8:C8:AB:EA:B1:8D:61:CD:2C:8C:23:80:73:36:5A
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/Po8PMc2oyKvqsY1hzSyMI4BzNlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.104.0/24
                  91.239.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:39:cc:5a:25:ca:4d:c8:38:fb:f9:41:fa:4a:a3:9d:5b:7e:
         9c:99:6b:56:de:51:42:03:85:37:b8:81:93:95:86:21:72:0a:
         51:bb:66:d1:c2:7f:9d:c5:aa:1a:c2:a8:73:9f:1a:6f:1d:a0:
         7b:4b:f8:d8:e8:4a:f2:84:1c:55:67:c0:95:d8:62:05:82:8b:
         78:b0:c3:89:cb:0c:e6:19:3a:89:45:08:f1:f6:59:6d:a4:d3:
         68:0a:e7:34:9c:f8:87:e7:bd:81:e3:4c:f4:e9:bb:09:ba:1b:
         1a:e4:6e:89:0d:f7:6c:fb:a8:09:0e:39:d6:b9:2a:9c:44:2f:
         6b:53:08:87:09:95:84:8d:97:a5:2f:3a:c1:04:a4:7c:a9:8a:
         f4:11:9b:bf:98:5a:33:55:9e:52:f9:28:7d:95:fd:57:f6:34:
         bc:ed:da:70:54:5f:e0:ab:46:38:52:a0:f5:b7:cb:ec:de:ad:
         fa:86:cc:4c:ef:73:d1:c1:29:74:22:63:d4:22:50:bf:e1:30:
         d6:5a:a5:86:81:c7:c1:e0:76:32:9e:8f:a0:d8:54:83:99:cc:
         07:04:2f:39:ec:c6:81:17:e4:af:15:7d:c1:98:a1:79:7e:17:
         c2:6e:e8:25:3c:64:8e:ee:11:72:25:48:e7:1b:3e:ea:df:7a:
         05:cf:e0:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYpFTZ+jc3tHrcHwKGc/7EmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjMwODMwMDcxNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThmMGYzMWNkYThjOGFiZWFiMThkNjFjZDJjOGMyMzgwNzMzNjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1qeP9cOvdwcuIjwcPdOXg92H+G4
J9LV535xqJYpzMA5tSK4QIJ5jNjTeKg6v6FRwJO+je5IVVl0reRDckxjavpGdoOD
Kz0pZnc1ZMvuBqUi7JDaPKxN1+EElAwEDDsZ7aC/qSLj/e9uQbpFJitEti4wq2dg
txSmEy7KjN4WgBW+opmNHxRFfBDWWM4xHqWyHaETwLlAYxh7EtjehAU05ZK/qODt
mQwRoiaX8xB0kZyPK7AK2x0URXYVaYhPsPWCddGVTw3CVELJIpDzcf2FCs9pPD5J
pWvn6Jzx1z8rbiDGFRFfmv7IaOGNuCRTMkmdgbQ1poM0kepNWO1xGGfwbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD6PDzHNqMir6rGNYc0sjCOAczZaMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvUG84UE1jMm95S3Zxc1kxaHpTeU1JNEJ6TmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVQloAwQA
W+/WMA0GCSqGSIb3DQEBCwUAA4IBAQCaOcxaJcpNyDj7+UH6SqOdW36cmWtW3lFC
A4U3uIGTlYYhcgpRu2bRwn+dxaoawqhznxpvHaB7S/jY6EryhBxVZ8CV2GIFgot4
sMOJywzmGTqJRQjx9lltpNNoCuc0nPiH572B40z06bsJuhsa5G6JDfds+6gJDjnW
uSqcRC9rUwiHCZWEjZelLzrBBKR8qYr0EZu/mFozVZ5S+Sh9lf1X9jS87dpwVF/g
q0Y4UqD1t8vs3q36hsxM73PRwSl0ImPUIlC/4TDWWqWGgcfB4HYyno+g2FSDmcwH
BC857MaBF+SvFX3BmKF5fhfCbuglPGSO7hFyJUjnGz7q33oFz+Cc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:10 2024 by rpki-client on console-fra.rpki-client.org