Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-HDLDsVs5xDgtxzenk2iVpSO4oA.roa
File:                     1-HDLDsVs5xDgtxzenk2iVpSO4oA.roa (raw, json)
Hash identifier:          d8H4JCauAQj7xuliYluIUnGY0zQni30i2ge3YejCAfQ=
Subject key identifier:   F8:70:CB:0E:C5:6C:E7:10:E0:B7:1C:DE:9E:4D:A2:56:94:8E:E2:80
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F9EFFF356F2FF006D09363AB4229E8CB1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-HDLDsVs5xDgtxzenk2iVpSO4oA.roa
Signing time:             Wed 22 May 2024 06:32:05 +0000
ROA not before:           Wed 22 May 2024 06:32:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.152.176.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.98.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.196.0/22 maxlen: 24
                          89.213.200.0/22 maxlen: 24
                          89.213.204.0/22 maxlen: 24
                          89.213.232.0/22 maxlen: 24
                          89.213.236.0/22 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 22 May 2024 13:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9e:ff:f3:56:f2:ff:00:6d:09:36:3a:b4:22:9e:8c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 22 06:32:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f870cb0ec56ce710e0b71cde9e4da256948ee280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8e:64:7d:35:df:70:91:81:9a:d6:3c:1e:40:
                    f4:26:74:ea:d5:f8:ee:2d:15:e3:7c:d7:8f:31:b3:
                    1b:5b:12:70:da:af:55:2a:43:43:c7:e5:28:7e:a9:
                    42:17:fd:c9:aa:a0:2a:7d:d7:17:8a:49:7d:89:23:
                    02:fa:19:61:99:22:63:19:76:9f:01:1e:c4:fc:07:
                    65:ce:0f:a0:42:b3:35:4b:55:e8:bd:72:b7:b5:ca:
                    db:97:e2:ab:51:bc:78:d6:3e:7d:80:bc:79:1b:aa:
                    3b:83:4f:79:ab:03:b3:aa:cf:35:f7:a0:f9:b6:8c:
                    e2:73:eb:41:14:84:ae:40:6a:39:f3:7b:43:bb:bb:
                    f4:5d:f2:f3:b9:7d:29:75:06:0f:0d:d8:4e:94:14:
                    39:6c:61:25:d1:7e:31:fd:e8:2d:c1:7b:53:8b:f5:
                    8b:91:4e:d9:39:b8:ed:8a:3f:db:02:02:c0:64:a5:
                    74:c7:44:e1:63:f3:38:7d:f9:b9:53:c0:20:de:2d:
                    3f:a5:fb:48:47:43:74:bb:49:00:1e:46:57:81:1d:
                    3f:28:2a:f7:da:e6:37:04:f2:45:f8:3b:f9:ac:6c:
                    bc:15:95:68:42:6d:67:bd:a8:14:50:a8:a6:d5:d6:
                    39:bf:01:88:80:32:65:ba:da:19:99:a1:ca:ba:9d:
                    29:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:70:CB:0E:C5:6C:E7:10:E0:B7:1C:DE:9E:4D:A2:56:94:8E:E2:80
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-HDLDsVs5xDgtxzenk2iVpSO4oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  89.213.98.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.196.0-89.213.207.255
                  89.213.232.0/21
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.130.0/24
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:06:3d:fb:3e:f1:8b:8a:0f:76:fa:fe:75:9b:28:07:c9:a4:
         aa:87:c9:32:78:53:0f:fe:95:2b:24:f2:fe:7d:94:5c:91:0a:
         b9:ea:bf:b1:c8:9e:8e:8b:23:e0:2d:0c:f7:27:95:72:a8:ab:
         4a:69:06:03:35:74:b8:a1:f5:bd:13:bf:29:6a:72:ad:8d:96:
         8d:71:70:c9:03:1d:b9:74:e4:bf:29:ed:55:0b:07:e9:26:3c:
         c9:30:62:72:36:cd:ff:24:df:b5:04:8e:26:0f:36:14:01:1f:
         38:8b:03:58:77:ce:67:cf:ca:ca:7a:6c:30:9a:ca:e3:a9:c2:
         0d:cc:c3:3b:45:d2:20:f0:94:66:b1:d2:d4:78:9f:da:44:01:
         fc:a2:1c:dd:bf:ea:bf:62:65:60:02:59:54:7c:bb:1c:02:ec:
         1d:65:d2:27:ab:5e:ae:12:5c:db:fa:2d:41:97:98:1e:9a:c1:
         83:75:7a:bf:93:d7:3e:4d:45:f3:d2:5c:3e:58:72:ca:2e:93:
         8f:33:97:58:7b:c9:08:63:94:db:3b:9a:1c:87:52:5a:c2:7d:
         fd:19:ee:9f:a3:35:17:fe:6a:ad:d5:b1:6a:d3:45:d3:66:69:
         47:be:c8:a1:a1:25:2d:9e:1f:14:9c:a4:8c:36:37:b3:62:2f:
         11:9c:47:fe
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAY+e//NW8v8AbQk2OrQinoyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIyMDYzMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODcwY2IwZWM1NmNlNzEwZTBiNzFjZGU5ZTRkYTI1Njk0OGVlMjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxI5kfTXfcJGBmtY8HkD0JnTq1fju
LRXjfNePMbMbWxJw2q9VKkNDx+UofqlCF/3JqqAqfdcXikl9iSMC+hlhmSJjGXaf
AR7E/Adlzg+gQrM1S1XovXK3tcrbl+KrUbx41j59gLx5G6o7g095qwOzqs8196D5
tozic+tBFISuQGo583tDu7v0XfLzuX0pdQYPDdhOlBQ5bGEl0X4x/egtwXtTi/WL
kU7ZObjtij/bAgLAZKV0x0ThY/M4ffm5U8Ag3i0/pftIR0N0u0kAHkZXgR0/KCr3
2uY3BPJF+Dv5rGy8FZVoQm1nvagUUKim1dY5vwGIgDJlutoZmaHKup0p4wIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFPhwyw7FbOcQ4Lcc3p5NolaUjuKAMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1IRExEc1ZzNXhEZ3R4emVuazJpVnBTTzRvQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB9BggrBgEFBQcBBwEB/wRuMGwwagQCAAEwZAMEAVKYsAME
AlKZiAMEAFnVYjAMAwQCWdWUAwQFWdWAAwQCWdWsMAwDBAJZ1cQDBARZ1cADBANZ
1egDBANtsBADBAG5MX4DBATCaVADBADVgoIDBADVgpUDBAHV2tIDBADV2ucwDQYJ
KoZIhvcNAQELBQADggEBAGwGPfs+8YuKD3b6/nWbKAfJpKqHyTJ4Uw/+lSsk8v59
lFyRCrnqv7HIno6LI+AtDPcnlXKoq0ppBgM1dLih9b0Tvylqcq2Nlo1xcMkDHbl0
5L8p7VULB+kmPMkwYnI2zf8k37UEjiYPNhQBHziLA1h3zmfPysp6bDCayuOpwg3M
wztF0iDwlGax0tR4n9pEAfyiHN2/6r9iZWACWVR8uxwC7B1l0ierXq4SXNv6LUGX
mB6awYN1er+T1z5NRfPSXD5Ycsouk48zl1h7yQhjlNs7mhyHUlrCff0Z7p+jNRf+
aq3VsWrTRdNmaUe+yKGhJS2eHxScpIw2N7NiLxGcR/4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:19 2024 by rpki-client on console-ams.rpki-client.org