Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/AaKbtZTKfDtyYWVHl0VaGnP-hbU.roa
File:                     AaKbtZTKfDtyYWVHl0VaGnP-hbU.roa (raw, json)
Hash identifier:          XOEZU1XkXDxVjlHw3fedUt6WXoGyhYpQKJ7HPZmCzGQ=
Subject key identifier:   01:A2:9B:B5:94:CA:7C:3B:72:61:65:47:97:45:5A:1A:73:FE:85:B5
Certificate issuer:       /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial:       01870F0B3A92BEDAE4C5CB653764AB7D670B
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/AaKbtZTKfDtyYWVHl0VaGnP-hbU.roa
Signing time:             Thu 23 Mar 2023 15:16:46 +0000
ROA not before:           Thu 23 Mar 2023 15:16:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198949
IP address blocks:        89.169.101.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0f:0b:3a:92:be:da:e4:c5:cb:65:37:64:ab:7d:67:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
        Validity
            Not Before: Mar 23 15:16:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=01a29bb594ca7c3b7261654797455a1a73fe85b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:89:63:e2:2e:72:a0:2d:d6:80:43:96:1c:fe:
                    7b:e4:ce:c7:7c:51:be:f8:ef:21:76:03:fd:b4:0d:
                    8a:ba:41:44:e6:df:ff:e9:e7:da:77:15:1b:52:45:
                    6d:1c:1a:a4:7d:72:27:c8:9f:a4:d7:52:1b:bc:1d:
                    2f:c0:92:3b:25:5d:3b:4a:de:67:13:0f:42:84:02:
                    fe:cc:fe:67:26:0d:36:16:e2:8d:ed:7d:1d:a7:98:
                    5f:ff:b9:45:cf:d7:90:d6:99:e5:41:43:21:cb:bc:
                    fa:ee:5a:74:30:f8:91:88:0d:8d:22:70:24:f2:c0:
                    7f:b5:c0:0e:43:da:73:25:17:14:c0:3a:0c:83:52:
                    a1:44:ac:66:43:3a:78:fd:74:89:15:dd:88:ed:54:
                    d7:38:16:1c:96:7b:34:db:92:b8:45:04:50:60:e2:
                    17:00:aa:d6:0d:4c:e3:f4:35:77:e4:20:9b:df:2f:
                    0d:71:20:13:72:14:86:95:53:0c:fc:02:79:b6:94:
                    e3:43:74:43:e5:7d:d6:fd:56:3c:8f:da:52:8a:6f:
                    2a:74:11:e5:3e:f8:93:14:06:14:d6:f7:4e:7f:e2:
                    cc:26:ee:5d:d1:f8:63:41:e5:bc:b2:46:39:48:f3:
                    7f:56:a0:4d:d1:49:d8:1e:e6:8f:ab:5f:1b:0d:3a:
                    56:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A2:9B:B5:94:CA:7C:3B:72:61:65:47:97:45:5A:1A:73:FE:85:B5
            X509v3 Authority Key Identifier:
                keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/AaKbtZTKfDtyYWVHl0VaGnP-hbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.169.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:be:34:7c:2e:ae:53:ac:05:e1:34:75:cf:2a:6e:11:9c:55:
         42:8b:7c:53:37:9b:4e:3a:5c:64:19:cc:06:6e:cb:37:a3:1e:
         07:56:d7:5c:36:d7:fa:29:44:8a:ea:af:21:cf:d3:45:88:ee:
         c0:6e:45:83:2b:5e:25:b4:92:ba:7f:67:57:98:d4:5c:49:da:
         f6:30:5b:e5:31:5a:62:2b:53:f4:2d:7e:a4:f7:b6:7a:1d:92:
         d7:ff:47:2a:4d:8e:21:2b:ba:f4:99:81:dc:8c:8d:ae:2d:be:
         ed:a8:0c:12:51:8c:53:fd:02:e4:08:84:2b:0a:89:a4:97:2d:
         60:17:7c:fd:ba:d4:57:7a:76:da:63:07:a5:85:b9:d0:0e:07:
         f2:7f:d3:ae:06:78:a8:8d:23:cb:e8:0c:27:e3:f5:f5:88:79:
         d5:0a:53:36:4e:a1:38:b6:9e:5c:4f:3f:83:11:0e:db:eb:ce:
         e4:3c:d7:92:cb:39:24:e1:ff:3e:31:f3:53:91:cd:0c:e0:3b:
         ad:6b:52:e0:b1:41:5b:74:25:13:f9:90:70:60:d5:56:dd:71:
         90:c8:27:67:b0:2d:5a:bc:dc:09:5e:61:37:c8:71:d0:af:dd:
         f5:bb:6b:cc:d3:4a:f1:80:13:d2:d2:13:e3:05:c2:66:d9:83:
         ed:17:ba:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYcPCzqSvtrkxctlN2SrfWcLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjMwMzIzMTUxNjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWEyOWJiNTk0Y2E3YzNiNzI2MTY1NDc5NzQ1NWExYTczZmU4NWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYlj4i5yoC3WgEOWHP575M7HfFG+
+O8hdgP9tA2KukFE5t//6efadxUbUkVtHBqkfXInyJ+k11IbvB0vwJI7JV07St5n
Ew9ChAL+zP5nJg02FuKN7X0dp5hf/7lFz9eQ1pnlQUMhy7z67lp0MPiRiA2NInAk
8sB/tcAOQ9pzJRcUwDoMg1KhRKxmQzp4/XSJFd2I7VTXOBYclns025K4RQRQYOIX
AKrWDUzj9DV35CCb3y8NcSATchSGlVMM/AJ5tpTjQ3RD5X3W/VY8j9pSim8qdBHl
PviTFAYU1vdOf+LMJu5d0fhjQeW8skY5SPN/VqBN0UnYHuaPq18bDTpWMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGim7WUynw7cmFlR5dFWhpz/oW1MB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvQWFLYnRaVEtmRHR5WVdWSGwwVmFHblAtaGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWallMA0G
CSqGSIb3DQEBCwUAA4IBAQAjvjR8Lq5TrAXhNHXPKm4RnFVCi3xTN5tOOlxkGcwG
bss3ox4HVtdcNtf6KUSK6q8hz9NFiO7AbkWDK14ltJK6f2dXmNRcSdr2MFvlMVpi
K1P0LX6k97Z6HZLX/0cqTY4hK7r0mYHcjI2uLb7tqAwSUYxT/QLkCIQrComkly1g
F3z9utRXenbaYwelhbnQDgfyf9OuBniojSPL6Awn4/X1iHnVClM2TqE4tp5cTz+D
EQ7b687kPNeSyzkk4f8+MfNTkc0M4Duta1LgsUFbdCUT+ZBwYNVW3XGQyCdnsC1a
vNwJXmE3yHHQr931u2vM00rxgBPS0hPjBcJm2YPtF7r+
-----END CERTIFICATE-----
Generated at Mon Jan 1 04:57:10 2024 by rpki-client on console-fra.rpki-client.org