Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PrkiusSAc1H9QD4R8pXiQ49_alY.roa
File:                     PrkiusSAc1H9QD4R8pXiQ49_alY.roa (raw, json)
Hash identifier:          5CZnnVAt76sKKilTE6Zg624JG106lB/tu0uEYgZTPDc=
Subject key identifier:   3E:B9:22:BA:C4:80:73:51:FD:40:3E:11:F2:95:E2:43:8F:7F:6A:56
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018BB026D709764D612FEC1F6A48B71EC7F3
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PrkiusSAc1H9QD4R8pXiQ49_alY.roa
Signing time:             Wed 08 Nov 2023 18:16:57 +0000
ROA not before:           Wed 08 Nov 2023 18:16:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3257
IP address blocks:        89.40.161.0/24 maxlen: 24
                          194.50.200.0/23 maxlen: 24
                          194.50.206.0/23 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          85.159.117.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          195.138.108.0/24 maxlen: 24
                          195.138.116.0/24 maxlen: 24
                          89.39.242.0/24 maxlen: 24
                          195.138.122.0/23 maxlen: 23
                          195.138.124.0/22 maxlen: 22
                          45.67.117.0/24 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          91.242.70.0/24 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/23 maxlen: 24
                          91.242.75.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b0:26:d7:09:76:4d:61:2f:ec:1f:6a:48:b7:1e:c7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Nov  8 18:16:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3eb922bac4807351fd403e11f295e2438f7f6a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6d:22:84:8d:84:93:fa:f3:f9:ee:c2:10:57:
                    ca:f9:19:15:03:69:a2:79:06:6c:25:db:94:5f:8c:
                    cd:3e:10:59:22:78:b0:a0:59:37:8c:08:77:03:5e:
                    4b:18:3a:18:c0:21:4d:bb:c6:d1:bc:3c:bd:78:4a:
                    81:a4:e9:82:f4:66:5b:2a:dc:5b:5a:54:8e:07:ef:
                    19:71:20:b5:37:9b:bd:1a:ad:1d:d5:f9:5c:1c:8f:
                    37:28:2a:0c:8b:45:2d:52:06:40:a3:51:7b:5b:22:
                    f4:a2:49:c0:b0:57:5e:c2:bb:72:6b:08:31:27:96:
                    de:e5:74:2d:1a:4a:cf:3d:38:0e:59:ea:dd:4f:80:
                    e9:7b:27:a4:f5:18:20:70:fb:24:67:cf:a6:9a:de:
                    c4:f9:83:ae:1d:95:97:86:01:28:22:ea:bf:a9:df:
                    55:20:bf:92:07:65:b4:d1:d5:a4:e5:ae:99:57:1b:
                    69:65:d1:22:f0:b4:f3:b8:84:c2:b1:4e:71:48:1f:
                    4c:ba:4e:cc:c0:3f:26:dd:55:ec:c3:66:a0:4e:c5:
                    27:60:f1:3a:2f:08:c9:de:f6:fb:ad:f9:ba:c5:51:
                    9a:49:02:56:5e:f1:63:3f:6a:15:86:fd:10:36:3f:
                    5b:73:0c:97:db:3f:53:bf:93:39:e9:a1:71:c9:3c:
                    49:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B9:22:BA:C4:80:73:51:FD:40:3E:11:F2:95:E2:43:8F:7F:6A:56
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PrkiusSAc1H9QD4R8pXiQ49_alY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.117.0/24
                  85.159.117.0/24
                  89.39.242.0/24
                  89.40.161.0/24
                  91.242.70.0/24
                  91.242.72.0/22
                  91.242.103.0/24
                  94.231.198.0/24
                  185.40.105.0/24
                  194.50.200.0/23
                  194.50.206.0/23
                  195.138.105.0-195.138.106.255
                  195.138.108.0/24
                  195.138.116.0/24
                  195.138.122.0-195.138.127.255

    Signature Algorithm: sha256WithRSAEncryption
         0c:c3:7b:c4:4c:aa:5f:a3:a4:c8:fc:93:c4:d9:0c:ba:9d:11:
         9e:b0:e0:37:91:2f:c7:5b:4f:23:5c:ae:75:d6:e1:dc:8e:f1:
         87:61:02:57:b6:a6:52:d6:d1:80:08:3b:15:72:b9:18:27:d5:
         08:50:32:11:fb:d5:bb:6a:54:33:55:1f:a2:0f:ce:41:23:e1:
         46:f3:06:04:1c:bb:c9:b3:4d:f5:fd:d2:c8:a6:dc:d8:90:e5:
         02:47:d9:eb:f7:14:ac:50:e2:57:62:c0:3e:79:92:26:42:20:
         06:b6:07:8b:3b:3f:1a:05:64:5c:07:58:ca:f7:fb:69:b8:4f:
         47:8b:0e:35:cd:a3:17:fa:d5:31:8e:bb:06:ac:02:36:e7:41:
         d5:9a:fb:29:b7:ba:1f:f1:ab:56:3d:11:65:c8:cb:7a:67:0f:
         fe:94:e3:b0:e5:92:32:1e:da:b3:b2:0e:33:22:81:0e:a0:0f:
         cf:1a:de:d4:fd:1f:5b:1c:59:5e:4a:6c:b0:a1:08:06:eb:82:
         99:92:56:54:16:8f:f5:d6:70:b0:a3:db:a1:e7:ef:d0:4a:1a:
         f7:59:c6:71:90:7a:84:38:30:42:cb:69:3a:15:79:0f:43:09:
         6d:94:6e:53:ee:26:74:79:f1:75:7e:ff:96:51:4a:75:6b:f8:
         b5:1f:4a:4a
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYuwJtcJdk1hL+wfaki3HsfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMTA4MTgxNjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI5MjJiYWM0ODA3MzUxZmQ0MDNlMTFmMjk1ZTI0MzhmN2Y2YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW0ihI2Ek/rz+e7CEFfK+RkVA2mi
eQZsJduUX4zNPhBZIniwoFk3jAh3A15LGDoYwCFNu8bRvDy9eEqBpOmC9GZbKtxb
WlSOB+8ZcSC1N5u9Gq0d1flcHI83KCoMi0UtUgZAo1F7WyL0oknAsFdewrtyawgx
J5be5XQtGkrPPTgOWerdT4Dpeyek9RggcPskZ8+mmt7E+YOuHZWXhgEoIuq/qd9V
IL+SB2W00dWk5a6ZVxtpZdEi8LTzuITCsU5xSB9Muk7MwD8m3VXsw2agTsUnYPE6
LwjJ3vb7rfm6xVGaSQJWXvFjP2oVhv0QNj9bcwyX2z9Tv5M56aFxyTxJHwIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFD65IrrEgHNR/UA+EfKV4kOPf2pWMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUHJraXVzU0FjMUg5UUQ0UjhwWGlRNDlfYWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMEAC1DdQME
AFWfdQMEAFkn8gMEAFkooQMEAFvyRgMEAlvySAMEAFvyZwMEAF7nxgMEALkoaQME
AcIyyAMEAcIyzjAMAwQAw4ppAwQAw4pqAwQAw4psAwQAw4p0MAwDBAHDinoDBAfD
igAwDQYJKoZIhvcNAQELBQADggEBAAzDe8RMql+jpMj8k8TZDLqdEZ6w4DeRL8db
TyNcrnXW4dyO8YdhAle2plLW0YAIOxVyuRgn1QhQMhH71btqVDNVH6IPzkEj4Ubz
BgQcu8mzTfX90sim3NiQ5QJH2ev3FKxQ4ldiwD55kiZCIAa2B4s7PxoFZFwHWMr3
+2m4T0eLDjXNoxf61TGOuwasAjbnQdWa+ym3uh/xq1Y9EWXIy3pnD/6U47DlkjIe
2rOyDjMigQ6gD88a3tT9H1scWV5KbLChCAbrgpmSVlQWj/XWcLCj26Hn79BKGvdZ
xnGQeoQ4MELLaToVeQ9DCW2UblPuJnR58XV+/5ZRSnVr+LUfSko=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org