Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0fFgjuStz2b0TYJ4F0_afUYxCok.roa
File:                     0fFgjuStz2b0TYJ4F0_afUYxCok.roa (raw, json)
Hash identifier:          4s3jAx9pc/R5xFhfhX3zHCIFMAk634AwxRtDFvyK7ug=
Subject key identifier:   D1:F1:60:8E:E4:AD:CF:66:F4:4D:82:78:17:4F:DA:7D:46:31:0A:89
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EE5B683F7227479D88D9EC2752739ED2C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0fFgjuStz2b0TYJ4F0_afUYxCok.roa
Signing time:             Tue 16 Apr 2024 07:02:07 +0000
ROA not before:           Tue 16 Apr 2024 07:02:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.152.177.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 08:14:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e5:b6:83:f7:22:74:79:d8:8d:9e:c2:75:27:39:ed:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 16 07:02:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1f1608ee4adcf66f44d8278174fda7d46310a89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b4:39:07:10:19:93:c8:2c:50:e8:51:ff:37:
                    e2:db:f6:bf:34:e8:a3:63:94:45:8e:bc:8c:db:f2:
                    80:68:eb:d9:52:61:fd:ce:09:cc:26:c0:c5:57:c3:
                    b4:a5:d5:20:40:57:16:9c:71:cf:e6:89:d8:52:f6:
                    64:1d:12:d8:f9:35:5e:da:92:af:65:c5:6f:f2:33:
                    b3:d7:2e:48:3f:45:2e:e3:59:18:e1:b5:b3:51:c5:
                    aa:12:d5:63:98:7b:6c:19:13:72:3d:0c:5e:30:f3:
                    e7:0e:57:dd:27:25:c9:bd:c0:6e:5a:53:4d:13:12:
                    55:7a:c3:a8:0f:dd:08:a9:61:26:96:71:62:2a:a0:
                    55:d4:14:e3:b8:fc:47:59:b7:84:91:cf:48:e6:4c:
                    5c:db:e3:3c:41:04:f2:62:4b:e9:ed:92:01:0a:01:
                    5e:8a:7d:fe:f2:20:80:4e:92:86:bc:a1:fb:02:da:
                    56:61:67:45:a1:70:d5:3e:29:c4:f7:e9:16:ff:c1:
                    0a:7b:36:29:ca:64:fa:be:a1:db:39:5a:1f:25:ab:
                    bb:61:6d:34:8f:6e:1e:c6:4f:f5:8f:e8:29:94:c4:
                    17:ef:fe:cb:1a:c1:62:b6:a9:35:8d:be:78:b7:3b:
                    64:9a:c0:69:fc:3b:3f:d6:ec:75:16:52:4b:7a:d6:
                    2b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F1:60:8E:E4:AD:CF:66:F4:4D:82:78:17:4F:DA:7D:46:31:0A:89
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0fFgjuStz2b0TYJ4F0_afUYxCok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.65.0/24
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.130.149.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:fa:94:13:b2:33:de:a6:32:4f:3c:43:18:d5:fa:df:a5:a5:
         9a:3b:6c:14:78:ad:9a:25:c8:3e:a9:e2:6a:ba:53:be:9f:e7:
         a1:7e:6e:ee:02:d5:84:9a:7e:61:d2:94:2d:fc:7a:e0:a1:7c:
         99:98:2f:87:6e:e2:7a:be:a6:9b:82:4e:a0:85:c8:38:19:d8:
         55:33:a8:91:2e:af:7e:3b:50:1f:4b:5a:17:66:4a:86:3f:48:
         6c:8a:04:87:fb:aa:97:fa:b8:64:e7:59:8d:9f:c0:ce:40:f1:
         c1:54:9e:86:ce:98:ba:59:ae:5d:a5:b2:7a:8a:1c:a6:99:37:
         b1:88:d8:f3:d3:9c:64:86:74:eb:5a:e1:dc:be:25:c5:cc:88:
         fa:21:7f:ac:cc:28:10:9c:da:0f:73:d3:31:c3:a8:04:42:90:
         49:cc:0a:a0:02:bd:38:1d:2d:cb:87:cc:90:5b:fb:ae:ee:36:
         94:82:15:0a:fb:ab:ba:ac:24:22:83:ad:68:da:6c:9f:96:cd:
         fb:4f:83:65:ef:56:2a:fa:92:d0:60:2c:3a:e4:5a:ba:97:38:
         25:ff:14:c4:ce:30:20:f7:d7:5d:74:44:bc:ef:21:1b:a0:96:
         b3:e8:6b:74:73:30:d7:96:2a:e2:74:6a:4c:4e:62:28:1c:c3:
         d3:b2:04:5a
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAY7ltoP3InR52I2ewnUnOe0sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDE2MDcwMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWYxNjA4ZWU0YWRjZjY2ZjQ0ZDgyNzgxNzRmZGE3ZDQ2MzEwYTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrQ5BxAZk8gsUOhR/zfi2/a/NOij
Y5RFjryM2/KAaOvZUmH9zgnMJsDFV8O0pdUgQFcWnHHP5onYUvZkHRLY+TVe2pKv
ZcVv8jOz1y5IP0Uu41kY4bWzUcWqEtVjmHtsGRNyPQxeMPPnDlfdJyXJvcBuWlNN
ExJVesOoD90IqWEmlnFiKqBV1BTjuPxHWbeEkc9I5kxc2+M8QQTyYkvp7ZIBCgFe
in3+8iCATpKGvKH7AtpWYWdFoXDVPinE9+kW/8EKezYpymT6vqHbOVofJau7YW00
j24exk/1j+gplMQX7/7LGsFitqk1jb54tztkmsBp/Ds/1ux1FlJLetYr+QIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFNHxYI7krc9m9E2CeBdP2n1GMQqJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMGZGZ2p1U3R6MmIwVFlKNEYwX2FmVVl4Q29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBUpiwAwQA
UplBAwQCUpmIAwQAUpn1AwQAWdWFMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQD
BAG5MX4DBADVgpUDBADVmCowDQYJKoZIhvcNAQELBQADggEBAEX6lBOyM96mMk88
QxjV+t+lpZo7bBR4rZolyD6p4mq6U76f56F+bu4C1YSafmHSlC38euChfJmYL4du
4nq+ppuCTqCFyDgZ2FUzqJEur347UB9LWhdmSoY/SGyKBIf7qpf6uGTnWY2fwM5A
8cFUnobOmLpZrl2lsnqKHKaZN7GI2PPTnGSGdOta4dy+JcXMiPohf6zMKBCc2g9z
0zHDqARCkEnMCqACvTgdLcuHzJBb+67uNpSCFQr7q7qsJCKDrWjabJ+WzftPg2Xv
Vir6ktBgLDrkWrqXOCX/FMTOMCD31110RLzvIRuglrPoa3RzMNeWKuJ0akxOYigc
w9OyBFo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:13 2024 by rpki-client on console-fra.rpki-client.org