Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/8ffazngXfDZjGs-bXCZus0SZPf0.roa
File:                     8ffazngXfDZjGs-bXCZus0SZPf0.roa (raw, json)
Hash identifier:          APZayn2Ef7FKu6H7ZNpDKJAGBQntfz5vvaajwme2o94=
Subject key identifier:   F1:F7:DA:CE:78:17:7C:36:63:1A:CF:9B:5C:26:6E:B3:44:99:3D:FD
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       018CC6B8ACC62CDE0D2FD7CB4177B2833CFB
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/8ffazngXfDZjGs-bXCZus0SZPf0.roa
Signing time:             Mon 01 Jan 2024 20:30:40 +0000
ROA not before:           Mon 01 Jan 2024 20:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8648
IP address blocks:        89.49.128.0/20 maxlen: 20
                          89.49.96.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Sun 26 May 2024 08:36:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ac:c6:2c:de:0d:2f:d7:cb:41:77:b2:83:3c:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jan  1 20:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1f7dace78177c36631acf9b5c266eb344993dfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6a:79:ad:11:38:a1:25:69:42:16:4b:22:d1:
                    ab:a1:65:64:85:42:f5:ee:17:cf:e5:ef:9f:f5:25:
                    b5:9d:42:2a:a2:d7:d9:72:d6:a5:bf:0c:5d:6f:14:
                    66:20:c8:67:7e:76:cb:06:61:c2:ac:c2:f2:8a:ea:
                    85:da:07:01:e8:17:92:1b:a5:c6:53:75:3a:f7:06:
                    84:a5:b1:f5:e7:f3:fd:3e:0d:03:7b:5c:83:3b:66:
                    32:0d:b0:50:c4:62:36:1e:ae:73:be:f1:67:74:93:
                    cb:b8:be:b1:4b:50:24:0c:84:06:f0:b0:aa:bd:55:
                    b3:e9:3b:a9:14:02:74:6c:d6:e5:80:37:08:d6:a8:
                    75:9e:db:91:1a:05:09:7a:1e:9e:70:f0:50:1d:d8:
                    33:8c:f1:4d:90:15:83:89:78:86:78:16:bf:4b:28:
                    53:e8:00:1b:ef:c3:f6:60:60:01:a8:d5:36:83:b1:
                    9b:30:c1:6c:8f:e3:77:d6:c6:f3:53:45:55:f4:52:
                    3d:77:d9:a7:ec:d9:57:35:e2:51:be:dd:af:47:e1:
                    04:e8:81:55:b6:18:6c:87:21:a9:61:af:b2:4a:89:
                    1c:f9:92:3f:1d:ea:9e:86:9d:f4:54:d7:a4:99:54:
                    fb:82:0e:66:3a:d9:5a:9b:52:5e:18:2e:26:3c:7f:
                    75:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:F7:DA:CE:78:17:7C:36:63:1A:CF:9B:5C:26:6E:B3:44:99:3D:FD
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/8ffazngXfDZjGs-bXCZus0SZPf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.49.96.0/20
                  89.49.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5f:fa:09:f8:0f:f1:32:11:e6:7d:b8:4c:6f:fc:99:7d:9e:cb:
         41:8a:7c:a7:35:d6:4f:eb:02:fe:6a:70:83:c0:16:bd:2b:3d:
         b1:b1:e2:6a:fd:eb:40:94:d5:ba:59:b1:38:f8:35:01:02:98:
         4a:2b:d7:f9:9e:2d:7d:8c:ae:3f:21:a5:f2:6c:51:28:24:81:
         03:2b:f1:00:f1:09:34:05:80:40:c8:c8:e8:d9:28:7d:ae:19:
         ae:42:bf:03:38:23:3b:a3:5a:03:e8:bf:c7:57:15:c2:aa:f1:
         b5:61:3f:8e:67:cf:bb:8c:92:1b:f8:12:7c:5a:64:c2:f5:97:
         24:7f:6a:b0:6c:b1:c6:74:b6:b9:08:06:a2:bf:8e:7e:04:ee:
         87:b8:34:09:89:9f:37:7d:f0:87:65:a9:32:6f:68:65:d6:15:
         20:b3:69:cf:8b:48:e7:f0:32:66:c8:05:a8:b1:42:71:4b:b6:
         5a:8b:9d:70:57:66:01:47:12:2a:e7:61:c3:c7:6c:da:ab:b3:
         8e:82:43:04:06:35:73:4b:71:8c:45:8f:74:44:54:7b:95:61:
         46:81:57:0d:b9:01:a2:81:86:23:f2:e1:bb:c5:c9:cf:a4:70:
         10:1e:bf:b0:0e:66:ac:e0:27:02:bc:ec:a5:2b:c2:26:4a:c4:
         e5:cc:09:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuKzGLN4NL9fLQXeygzz7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQwMTAxMjAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWY3ZGFjZTc4MTc3YzM2NjMxYWNmOWI1YzI2NmViMzQ0OTkzZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWp5rRE4oSVpQhZLItGroWVkhUL1
7hfP5e+f9SW1nUIqotfZctalvwxdbxRmIMhnfnbLBmHCrMLyiuqF2gcB6BeSG6XG
U3U69waEpbH15/P9Pg0De1yDO2YyDbBQxGI2Hq5zvvFndJPLuL6xS1AkDIQG8LCq
vVWz6TupFAJ0bNblgDcI1qh1ntuRGgUJeh6ecPBQHdgzjPFNkBWDiXiGeBa/SyhT
6AAb78P2YGABqNU2g7GbMMFsj+N31sbzU0VV9FI9d9mn7NlXNeJRvt2vR+EE6IFV
thhshyGpYa+ySokc+ZI/Heqehp30VNekmVT7gg5mOtlam1JeGC4mPH91mQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPH32s54F3w2YxrPm1wmbrNEmT39MB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvOGZmYXpuZ1hmRFpqR3MtYlhDWnVzMFNaUGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWTFgAwQE
WTGAMA0GCSqGSIb3DQEBCwUAA4IBAQBf+gn4D/EyEeZ9uExv/Jl9nstBinynNdZP
6wL+anCDwBa9Kz2xseJq/etAlNW6WbE4+DUBAphKK9f5ni19jK4/IaXybFEoJIED
K/EA8Qk0BYBAyMjo2Sh9rhmuQr8DOCM7o1oD6L/HVxXCqvG1YT+OZ8+7jJIb+BJ8
WmTC9Zckf2qwbLHGdLa5CAaiv45+BO6HuDQJiZ83ffCHZakyb2hl1hUgs2nPi0jn
8DJmyAWosUJxS7Zai51wV2YBRxIq52HDx2zaq7OOgkMEBjVzS3GMRY90RFR7lWFG
gVcNuQGigYYj8uG7xcnPpHAQHr+wDmas4CcCvOylK8ImSsTlzAlM
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org