Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3134342e302f32312d3234203d3e20383334.roa
File:                     3134302e3135302e3134342e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          4BsCc2o7roWUUwbuvdj+rqcB/E8M5/wK1qBVVkqZCRM=
Subject key identifier:   06:DB:40:D0:30:89:B8:70:75:74:1F:B2:C7:4B:F6:AB:D4:65:E1:DD
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       715C5403408168B8C0139B7FFDB6AD8F0B0FF6B6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3134342e302f32312d3234203d3e20383334.roa
Signing time:             Thu 08 Feb 2024 00:01:49 +0000
ROA not before:           Wed 07 Feb 2024 23:56:49 +0000
ROA not after:            Thu 06 Feb 2025 00:01:49 +0000
asID:                     834
IP address blocks:        140.150.144.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Wed 06 Mar 2024 17:13:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:5c:54:03:40:81:68:b8:c0:13:9b:7f:fd:b6:ad:8f:0b:0f:f6:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  7 23:56:49 2024 GMT
            Not After : Feb  6 00:01:49 2025 GMT
        Subject: CN=06DB40D03089B87075741FB2C74BF6ABD465E1DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:dc:63:2a:75:09:5f:48:e0:e6:f4:f2:6a:93:
                    f0:7a:d5:25:43:57:71:bf:87:19:32:25:13:15:30:
                    11:94:5d:ac:c5:c6:ae:1e:9a:63:16:bc:fe:99:06:
                    39:e4:cb:d5:e3:c5:17:8d:2a:21:bb:5a:c3:39:c5:
                    83:59:06:9f:29:c3:c8:c3:13:f6:d6:d1:4c:3b:a7:
                    13:e5:bc:e0:b9:77:17:84:b0:f3:20:ee:02:45:98:
                    7c:6d:6e:a8:8a:c7:94:48:19:dc:f5:c1:84:bd:88:
                    c0:54:74:31:73:57:f4:33:32:0b:70:2d:5a:62:b4:
                    9e:eb:6b:01:0f:c9:45:29:6c:58:02:71:24:6f:55:
                    e4:01:7c:64:82:ca:c4:fb:da:1c:d3:4e:99:b5:aa:
                    71:6d:e4:ea:a8:77:cb:ce:f0:bd:78:74:a6:34:5d:
                    3c:23:9a:53:d3:86:e8:1a:2d:ff:26:0f:16:6b:71:
                    c2:eb:e8:ec:6c:ef:91:ec:72:6a:85:5a:ae:5b:1e:
                    03:cb:33:fc:ff:0e:2e:18:0f:84:17:20:2e:3b:a9:
                    4a:19:c4:0d:af:57:66:3c:77:e2:cc:a7:fa:cd:22:
                    9c:7e:66:7a:0b:35:55:e8:ff:3a:15:6e:49:ba:1f:
                    b8:52:1d:1d:b3:dc:13:d2:73:72:f6:34:9f:e7:67:
                    ed:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:DB:40:D0:30:89:B8:70:75:74:1F:B2:C7:4B:F6:AB:D4:65:E1:DD
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3134342e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         46:5b:9a:47:81:06:10:0e:23:0d:fe:99:a3:6f:74:76:c5:74:
         b6:e4:b1:14:0a:24:e0:07:f3:c6:c3:30:30:4f:b8:31:a9:79:
         b7:35:42:66:91:56:05:77:9e:67:c6:ae:0b:dd:03:fe:3b:d2:
         2d:44:14:8f:2e:9b:0a:7c:1c:52:59:1b:89:c0:6f:b1:d1:1a:
         30:b2:48:ae:95:ec:ed:0b:77:8a:6c:5c:e0:ad:a7:cc:a4:6e:
         30:76:e9:0f:ee:82:52:03:f8:da:2a:69:c4:45:c7:2e:47:b4:
         6d:c0:3e:13:86:d7:fe:ba:a7:fb:80:43:4d:26:bf:ed:ff:37:
         22:b5:77:c5:3f:13:3f:c9:35:12:65:e5:10:dc:d5:c7:2a:b7:
         69:06:0a:19:32:2e:a7:3c:e1:08:e8:fb:d2:05:e1:51:20:f9:
         e5:46:19:ee:a0:41:30:e8:ea:7e:aa:e3:3d:59:db:da:40:7b:
         1d:d2:e8:9a:50:07:e7:c8:e0:56:2d:df:2c:d7:ff:31:78:6f:
         6b:97:d1:3d:83:8e:db:b2:d0:13:9f:6f:63:32:d7:e2:9a:b3:
         48:c8:81:b4:00:1f:c7:fb:8e:a5:59:1d:7e:70:e9:78:ad:f5:
         8c:5d:e1:c9:48:66:a0:df:c7:3e:86:ff:0f:13:8f:37:07:04:
         9c:d9:43:ae
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcVxUA0CBaLjAE5t//batjwsP9rYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDAyMDcyMzU2NDlaFw0yNTAyMDYwMDAxNDlaMDMxMTAvBgNV
BAMTKDA2REI0MEQwMzA4OUI4NzA3NTc0MUZCMkM3NEJGNkFCRDQ2NUUxREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ3GMqdQlfSODm9PJqk/B61SVD
V3G/hxkyJRMVMBGUXazFxq4emmMWvP6ZBjnky9XjxReNKiG7WsM5xYNZBp8pw8jD
E/bW0Uw7pxPlvOC5dxeEsPMg7gJFmHxtbqiKx5RIGdz1wYS9iMBUdDFzV/QzMgtw
LVpitJ7rawEPyUUpbFgCcSRvVeQBfGSCysT72hzTTpm1qnFt5Oqod8vO8L14dKY0
XTwjmlPThugaLf8mDxZrccLr6Oxs75HscmqFWq5bHgPLM/z/Di4YD4QXIC47qUoZ
xA2vV2Y8d+LMp/rNIpx+ZnoLNVXo/zoVbkm6H7hSHR2z3BPSc3L2NJ/nZ+1fAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBttA0DCJuHB1dB+yx0v2q9Rl4d0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDliZTNhYWUt
YWVhMS00MWRjLWIxYjktOTVhYzU5MTgyNDRkLzAvMzEzNDMwMmUzMTM1MzAyZTMx
MzQzNDJlMzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA4yW
kDANBgkqhkiG9w0BAQsFAAOCAQEARluaR4EGEA4jDf6Zo290dsV0tuSxFAok4Afz
xsMwME+4Mal5tzVCZpFWBXeeZ8auC90D/jvSLUQUjy6bCnwcUlkbicBvsdEaMLJI
rpXs7Qt3imxc4K2nzKRuMHbpD+6CUgP42ippxEXHLke0bcA+E4bX/rqn+4BDTSa/
7f83IrV3xT8TP8k1EmXlENzVxyq3aQYKGTIupzzhCOj70gXhUSD55UYZ7qBBMOjq
fqrjPVnb2kB7HdLomlAH58jgVi3fLNf/MXhva5fRPYOO27LQE59vYzLX4pqzSMiB
tAAfx/uOpVkdfnDpeK31jF3hyUhmoN/HPob/DxOPNwcEnNlDrg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:08 2024 by rpki-client on console-fra.rpki-client.org