Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/kIyj3Z_YBwMZVBysO0MNZASOiQ0.roa
File:                     kIyj3Z_YBwMZVBysO0MNZASOiQ0.roa (raw, json)
Hash identifier:          bq7fkuYcFc4z5uN8+KdUldmxwURBY3shNxUE8vLePYo=
Subject key identifier:   90:8C:A3:DD:9F:D8:07:03:19:54:1C:AC:3B:43:0D:64:04:8E:89:0D
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       018A21D19CA9C94358A261910AF41746FA5C
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/kIyj3Z_YBwMZVBysO0MNZASOiQ0.roa
Signing time:             Wed 23 Aug 2023 09:54:59 +0000
ROA not before:           Wed 23 Aug 2023 09:54:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     45012
IP address blocks:        89.49.128.0/20 maxlen: 20
                          89.49.96.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Tue 12 Dec 2023 10:58:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:21:d1:9c:a9:c9:43:58:a2:61:91:0a:f4:17:46:fa:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Aug 23 09:54:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=908ca3dd9fd8070319541cac3b430d64048e890d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:06:a3:c4:a1:72:f5:27:03:7c:80:24:23:96:
                    e8:6a:b0:4e:03:9c:3a:d7:e8:e3:40:7b:e0:a5:8e:
                    a9:7c:fc:54:83:69:05:b6:39:78:b9:0a:59:77:0c:
                    49:8c:cf:56:45:cb:82:44:3d:d4:38:55:62:3b:c5:
                    44:ae:8b:d2:f6:75:a0:c3:f4:ae:86:8a:5e:7d:5c:
                    2e:0a:95:1b:eb:19:2b:fa:a4:a7:af:70:bf:cb:fe:
                    ff:dc:95:1b:8f:c7:36:1b:2a:1c:66:a9:18:b9:ad:
                    44:3e:77:1c:19:23:02:87:07:e3:0a:3d:26:bf:6a:
                    4c:6d:a8:48:34:b3:25:fc:e5:43:df:e4:72:0a:76:
                    18:37:56:46:91:94:70:63:0b:84:91:94:58:03:e0:
                    92:1a:46:11:90:f8:70:2a:b2:ce:e8:20:74:ad:6e:
                    a6:d7:eb:c8:78:ca:70:ed:60:ee:cb:d9:80:08:ad:
                    ec:07:06:2b:fb:0a:9d:bf:e2:fb:57:34:10:f5:79:
                    06:d9:be:d5:72:70:5d:e4:a5:5c:dc:06:82:87:38:
                    1d:c4:63:a5:08:75:5c:06:39:75:0d:29:2b:e1:70:
                    fc:69:e1:bf:ba:95:5d:7e:5f:5a:71:bd:69:9a:ac:
                    b4:ac:43:44:68:6c:05:bd:47:de:d0:e9:1b:27:a5:
                    cb:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:8C:A3:DD:9F:D8:07:03:19:54:1C:AC:3B:43:0D:64:04:8E:89:0D
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/kIyj3Z_YBwMZVBysO0MNZASOiQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.49.96.0/20
                  89.49.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9a:e6:cd:20:f6:83:35:1d:59:3c:3b:c9:9b:ab:b3:6f:cc:01:
         cb:97:62:4e:1b:ac:3c:e0:74:cb:73:aa:17:35:15:a0:ee:ad:
         77:1c:22:a0:ff:e9:52:d6:b4:17:97:a4:59:bb:ee:19:cf:a0:
         ed:3e:b9:f7:c9:b0:27:74:ed:06:fd:aa:04:57:18:64:2b:a4:
         94:51:e8:c1:cd:ad:e9:35:93:be:e1:3b:5d:41:e1:16:6d:00:
         6e:17:3c:30:64:7f:6c:d5:0e:ed:48:8c:03:13:ee:d5:5f:81:
         3a:dd:68:84:d1:da:ea:e1:03:a5:66:a5:2b:69:2f:de:a7:6e:
         f3:3d:af:59:f0:30:84:47:6a:df:65:57:93:88:be:83:ff:c7:
         f3:99:c9:24:12:ee:1a:0b:99:69:80:71:65:4f:18:1f:e4:e2:
         6c:0c:c9:c7:aa:f8:91:e5:53:41:0c:98:77:11:8e:f1:02:ab:
         e5:62:89:a8:92:e4:57:16:61:f2:36:aa:96:be:7d:01:df:23:
         47:a0:c6:91:5d:00:43:98:a6:83:fd:10:f1:ad:47:5f:7d:0d:
         2a:64:d5:8d:81:6b:67:20:45:46:32:0c:c8:8c:ec:2d:7a:93:
         84:1f:db:93:42:18:7a:a1:94:a9:94:65:ad:5d:0a:0a:dd:a4:
         ad:f3:92:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYoh0ZypyUNYomGRCvQXRvpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjMwODIzMDk1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDhjYTNkZDlmZDgwNzAzMTk1NDFjYWMzYjQzMGQ2NDA0OGU4OTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAajxKFy9ScDfIAkI5boarBOA5w6
1+jjQHvgpY6pfPxUg2kFtjl4uQpZdwxJjM9WRcuCRD3UOFViO8VErovS9nWgw/Su
hopefVwuCpUb6xkr+qSnr3C/y/7/3JUbj8c2GyocZqkYua1EPnccGSMChwfjCj0m
v2pMbahINLMl/OVD3+RyCnYYN1ZGkZRwYwuEkZRYA+CSGkYRkPhwKrLO6CB0rW6m
1+vIeMpw7WDuy9mACK3sBwYr+wqdv+L7VzQQ9XkG2b7VcnBd5KVc3AaChzgdxGOl
CHVcBjl1DSkr4XD8aeG/upVdfl9acb1pmqy0rENEaGwFvUfe0OkbJ6XLxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJCMo92f2AcDGVQcrDtDDWQEjokNMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEva0l5ajNaX1lCd01aVkJ5c08wTU5aQVNPaVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWTFgAwQE
WTGAMA0GCSqGSIb3DQEBCwUAA4IBAQCa5s0g9oM1HVk8O8mbq7NvzAHLl2JOG6w8
4HTLc6oXNRWg7q13HCKg/+lS1rQXl6RZu+4Zz6DtPrn3ybAndO0G/aoEVxhkK6SU
UejBza3pNZO+4TtdQeEWbQBuFzwwZH9s1Q7tSIwDE+7VX4E63WiE0drq4QOlZqUr
aS/ep27zPa9Z8DCER2rfZVeTiL6D/8fzmckkEu4aC5lpgHFlTxgf5OJsDMnHqviR
5VNBDJh3EY7xAqvlYomokuRXFmHyNqqWvn0B3yNHoMaRXQBDmKaD/RDxrUdffQ0q
ZNWNgWtnIEVGMgzIjOwtepOEH9uTQhh6oZSplGWtXQoK3aSt85Jt
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org