Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/046docxRdx9j4MnIx8wNUKZj5k4.roa
File:                     046docxRdx9j4MnIx8wNUKZj5k4.roa (raw, json)
Hash identifier:          5onrg6BdDoH00IsUQscMvn2gHJbtMczxkE8vOMHuoOg=
Subject key identifier:   D3:8E:9D:A1:CC:51:77:1F:63:E0:C9:C8:C7:CC:0D:50:A6:63:E6:4E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C90A0AF5E1FCF215E96F648DF7E8CBE47
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/046docxRdx9j4MnIx8wNUKZj5k4.roa
Signing time:             Fri 22 Dec 2023 08:24:58 +0000
ROA not before:           Fri 22 Dec 2023 08:24:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24
                          89.213.178.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          89.213.4.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          89.213.161.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:90:a0:af:5e:1f:cf:21:5e:96:f6:48:df:7e:8c:be:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 22 08:24:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d38e9da1cc51771f63e0c9c8c7cc0d50a663e64e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:cf:5d:a0:e5:aa:e0:6f:60:b4:4f:d2:18:d5:
                    b8:40:f6:75:93:3c:87:ff:db:6a:a4:31:37:b5:30:
                    6a:25:09:42:98:31:e3:67:59:25:f9:db:f5:ab:34:
                    59:9c:e6:55:6b:2a:7c:69:47:fb:a6:f6:2a:7c:d9:
                    8a:d6:a8:44:aa:69:9b:3f:19:04:14:15:67:dc:02:
                    82:42:33:53:82:f3:13:d6:c2:3a:23:eb:ec:26:63:
                    ec:fa:e5:c5:7d:79:bf:31:f7:d8:f1:66:51:a8:41:
                    fe:29:19:cb:c7:36:9e:42:70:08:d6:5a:1a:9c:58:
                    6e:17:5b:8f:16:4c:db:a1:3e:4f:8e:ee:b7:fd:55:
                    41:86:d7:a4:b3:31:5a:2d:08:27:e1:02:70:f5:fd:
                    aa:58:f3:aa:3b:59:e1:ac:de:74:ab:a2:85:20:e4:
                    f3:40:1e:45:c7:e0:62:cf:05:b0:7d:96:75:58:33:
                    26:61:9b:40:1f:c3:3c:cb:43:f7:02:11:91:ec:44:
                    d3:b5:3b:af:61:e8:32:f1:4c:bf:3e:88:47:7e:94:
                    07:96:bd:b0:2b:ee:1c:35:4f:3c:c5:9d:fa:be:03:
                    b7:ce:d8:27:9b:f7:01:9e:a7:cc:3f:9a:eb:a3:07:
                    14:64:66:db:a3:73:90:6a:d0:dc:99:c6:ab:be:fa:
                    9e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:8E:9D:A1:CC:51:77:1F:63:E0:C9:C8:C7:CC:0D:50:A6:63:E6:4E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/046docxRdx9j4MnIx8wNUKZj5k4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0-81.168.120.255
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/24
                  82.153.69.0/24
                  82.153.72.0/24
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/24
                  89.213.4.0/24
                  89.213.6.0/23
                  89.213.130.0/24
                  89.213.161.0/24
                  89.213.178.0/24
                  89.213.190.0/24
                  109.176.247.0/24
                  109.176.251.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:a2:6e:38:1c:27:d1:f3:46:24:f5:52:19:0f:b5:de:0b:46:
         39:c7:1a:92:f8:90:df:04:79:33:c8:de:42:b0:d6:f2:62:77:
         69:4b:c9:da:38:cd:2f:b1:68:7b:22:a5:37:04:3d:dc:d0:a9:
         09:df:05:e5:67:f2:ab:4c:b0:f7:ca:7a:88:08:1e:50:57:23:
         5f:c2:ab:12:69:42:c2:9f:89:1f:0d:7a:83:fd:52:ad:51:c6:
         79:dc:3d:11:22:a7:5b:42:9f:38:b6:3a:38:fc:27:00:a5:81:
         45:12:7f:28:bc:61:08:e9:5a:62:c3:6e:93:5a:c8:2d:19:2a:
         43:6e:ca:c8:5d:2a:88:b9:6e:fb:e5:22:ff:53:60:01:dd:db:
         be:ba:6a:52:47:1b:6b:27:3b:db:f2:db:73:73:56:36:7a:1e:
         88:20:b5:8f:c0:c6:9c:f3:d2:9d:55:85:5d:60:7e:47:71:94:
         51:f8:b8:2c:4b:7f:5e:80:66:0d:c1:3c:f4:7c:dd:ba:b6:b4:
         a2:98:f9:f9:3e:a0:27:3c:25:65:dd:ff:83:e0:a3:be:b9:fe:
         a5:e0:a0:ff:c4:69:ec:04:63:4d:8d:e8:0d:49:4a:85:3c:1b:
         92:af:c9:c2:70:a3:0c:65:e5:bc:85:c7:2c:dd:e0:68:07:2e:
         30:c1:f0:66
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYyQoK9eH88hXpb2SN9+jL5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjIyMDgyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzhlOWRhMWNjNTE3NzFmNjNlMGM5YzhjN2NjMGQ1MGE2NjNlNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi89doOWq4G9gtE/SGNW4QPZ1kzyH
/9tqpDE3tTBqJQlCmDHjZ1kl+dv1qzRZnOZVayp8aUf7pvYqfNmK1qhEqmmbPxkE
FBVn3AKCQjNTgvMT1sI6I+vsJmPs+uXFfXm/MffY8WZRqEH+KRnLxzaeQnAI1loa
nFhuF1uPFkzboT5Pju63/VVBhtekszFaLQgn4QJw9f2qWPOqO1nhrN50q6KFIOTz
QB5Fx+BizwWwfZZ1WDMmYZtAH8M8y0P3AhGR7ETTtTuvYegy8Uy/PohHfpQHlr2w
K+4cNU88xZ36vgO3ztgnm/cBnqfMP5rrowcUZGbbo3OQatDcmcarvvqexwIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFNOOnaHMUXcfY+DJyMfMDVCmY+ZOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMDQ2ZG9jeFJkeDlqNE1uSXg4d05VS1pqNWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdDAMAwQAUah3
AwQAUah4AwQAUpj4AwQAUpj7AwQAUpj+AwQAUplFAwQAUplIAwQAUplPAwQAUpmE
AwQAUpngAwQAWdUEAwQBWdUGAwQAWdWCAwQAWdWhAwQAWdWyAwQAWdW+AwQAbbD3
AwQAbbD7AwQAuTF8MA0GCSqGSIb3DQEBCwUAA4IBAQAuom44HCfR80Yk9VIZD7Xe
C0Y5xxqS+JDfBHkzyN5CsNbyYndpS8naOM0vsWh7IqU3BD3c0KkJ3wXlZ/KrTLD3
ynqICB5QVyNfwqsSaULCn4kfDXqD/VKtUcZ53D0RIqdbQp84tjo4/CcApYFFEn8o
vGEI6Vpiw26TWsgtGSpDbsrIXSqIuW775SL/U2AB3du+umpSRxtrJzvb8ttzc1Y2
eh6IILWPwMac89KdVYVdYH5HcZRR+LgsS39egGYNwTz0fN26trSimPn5PqAnPCVl
3f+D4KO+uf6l4KD/xGnsBGNNjegNSUqFPBuSr8nCcKMMZeW8hccs3eBoBy4wwfBm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:19 2024 by rpki-client on console-ams.rpki-client.org