Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/fhaJWZmTVfoWCx5D20d8s6oBDYE.roa
File:                     fhaJWZmTVfoWCx5D20d8s6oBDYE.roa (raw, json)
Hash identifier:          G/1W3rbUpxTVIw+189GxgDhTKzPhYwwS0E7n2S6CJQw=
Subject key identifier:   7E:16:89:59:99:93:55:FA:16:0B:1E:43:DB:47:7C:B3:AA:01:0D:81
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C7DD78FDF1CB4F22CE1875C717C7
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/fhaJWZmTVfoWCx5D20d8s6oBDYE.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202029
IP address blocks:        91.239.214.0/24 maxlen: 24
                          85.9.104.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 18 Feb 2024 11:37:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c7:dd:78:fd:f1:cb:4f:22:ce:18:75:c7:17:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e168959999355fa160b1e43db477cb3aa010d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2e:99:74:33:7b:95:46:d3:c2:e4:99:b6:ec:
                    37:0c:06:58:f0:fb:aa:be:79:1d:14:90:0d:d8:77:
                    69:0a:28:f7:6e:e6:fe:12:e2:6a:3c:f0:01:26:0e:
                    d9:73:db:03:e1:91:fe:63:1f:ec:3b:50:e8:b8:3b:
                    d2:e9:0e:90:12:06:a4:3b:38:30:5a:30:ea:a7:b8:
                    ba:30:dd:d7:59:c2:3e:80:66:43:c6:8c:8d:d5:d8:
                    81:df:f9:5b:6b:c7:3c:19:88:fb:32:bf:c9:d6:70:
                    d5:0a:72:01:76:5e:d3:01:b9:8e:a9:e2:f4:fd:d1:
                    69:46:ac:4e:52:bf:0a:bb:80:74:9b:ab:d4:ce:2a:
                    27:4c:f0:0d:af:49:78:43:f4:78:37:cd:5d:5d:59:
                    fa:f6:a6:d5:9b:86:2e:b9:19:cb:4c:8e:7e:82:b8:
                    74:cb:72:9d:11:66:59:d5:dd:44:22:e4:b9:41:f5:
                    da:2a:9f:06:71:59:ea:8c:36:ab:d9:d0:9e:ca:e3:
                    b2:d1:71:68:00:99:06:7c:d7:62:c2:da:53:ad:e8:
                    31:18:aa:3c:39:d4:65:7d:4c:ca:48:59:7a:71:61:
                    50:65:c2:71:72:d9:86:5c:cf:16:4e:1f:2e:45:fe:
                    da:db:80:db:75:0a:3b:60:ad:d1:be:d7:40:7d:f5:
                    e5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:16:89:59:99:93:55:FA:16:0B:1E:43:DB:47:7C:B3:AA:01:0D:81
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/fhaJWZmTVfoWCx5D20d8s6oBDYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.104.0/24
                  91.239.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:e1:18:87:5e:8e:7a:4e:df:85:38:b3:a5:93:ec:78:55:00:
         b8:d7:55:7a:fc:d1:00:30:29:73:67:c2:7c:b4:c0:72:a9:38:
         c1:0b:80:0a:fd:d4:b1:c9:c3:c6:73:59:a8:9a:1d:c7:82:d9:
         1c:81:fc:a4:a6:9d:c6:03:b0:ba:0e:97:1f:4e:74:b7:6c:3c:
         12:a1:e0:37:a5:1f:39:53:af:ab:76:fe:e4:24:f6:9d:66:d1:
         cd:dc:08:be:ff:f4:0a:3a:76:25:c8:5a:f9:9f:29:2b:cc:98:
         b8:4d:b4:9a:91:91:34:b6:0f:78:63:f7:ef:2f:c1:c9:05:c9:
         6e:f5:e1:5c:3d:0d:2f:75:06:85:94:50:dd:7f:90:21:e2:ed:
         76:4e:58:0f:dd:de:76:38:bb:bc:b3:46:21:11:84:bc:28:aa:
         c5:15:b1:9b:18:5d:4e:ee:09:e8:37:94:ae:e2:d0:37:95:24:
         9e:59:00:25:ce:72:cf:49:98:94:38:57:13:8c:14:37:f3:3d:
         c1:84:5c:b6:e1:5d:5b:52:61:35:c3:51:5e:9b:10:7b:fb:48:
         6d:97:c1:4e:9e:a1:16:c6:8f:53:98:ef:78:c8:cd:27:ff:68:
         da:17:8a:46:f0:86:b2:42:7d:3e:66:29:9f:e5:1f:11:d0:3a:
         09:66:19:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSMfdeP3xy08izhh1xxfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTE2ODk1OTk5OTM1NWZhMTYwYjFlNDNkYjQ3N2NiM2FhMDEwZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoi6ZdDN7lUbTwuSZtuw3DAZY8Puq
vnkdFJAN2HdpCij3bub+EuJqPPABJg7Zc9sD4ZH+Yx/sO1DouDvS6Q6QEgakOzgw
WjDqp7i6MN3XWcI+gGZDxoyN1diB3/lba8c8GYj7Mr/J1nDVCnIBdl7TAbmOqeL0
/dFpRqxOUr8Ku4B0m6vUzionTPANr0l4Q/R4N81dXVn69qbVm4YuuRnLTI5+grh0
y3KdEWZZ1d1EIuS5QfXaKp8GcVnqjDar2dCeyuOy0XFoAJkGfNdiwtpTregxGKo8
OdRlfUzKSFl6cWFQZcJxctmGXM8WTh8uRf7a24DbdQo7YK3RvtdAffXlCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH4WiVmZk1X6FgseQ9tHfLOqAQ2BMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvZmhhSldabVRWZm9XQ3g1RDIwZDhzNm9CRFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVQloAwQA
W+/WMA0GCSqGSIb3DQEBCwUAA4IBAQB84RiHXo56Tt+FOLOlk+x4VQC411V6/NEA
MClzZ8J8tMByqTjBC4AK/dSxycPGc1momh3Hgtkcgfykpp3GA7C6DpcfTnS3bDwS
oeA3pR85U6+rdv7kJPadZtHN3Ai+//QKOnYlyFr5nykrzJi4TbSakZE0tg94Y/fv
L8HJBclu9eFcPQ0vdQaFlFDdf5Ah4u12TlgP3d52OLu8s0YhEYS8KKrFFbGbGF1O
7gnoN5Su4tA3lSSeWQAlznLPSZiUOFcTjBQ38z3BhFy24V1bUmE1w1FemxB7+0ht
l8FOnqEWxo9TmO94yM0n/2jaF4pG8IayQn0+Zimf5R8R0DoJZhnL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:34 2024 by rpki-client on console-ams.rpki-client.org