Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-QPCdwzrT1Jilpn-hYr0NnmqxBI.roa
File:                     1-QPCdwzrT1Jilpn-hYr0NnmqxBI.roa (raw, json)
Hash identifier:          ysXO3cwPYF4RaQnbMwZBmhz4XdCp4tbEDH4M3VGXYr8=
Subject key identifier:   F9:03:C2:77:0C:EB:4F:52:62:96:99:FE:85:8A:F4:36:79:AA:C4:12
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C7C677D9A87B7A4821531BE1B79B54A4E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-QPCdwzrT1Jilpn-hYr0NnmqxBI.roa
Signing time:             Mon 18 Dec 2023 10:10:06 +0000
ROA not before:           Mon 18 Dec 2023 10:10:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.116.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 18 Dec 2023 10:11:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7c:67:7d:9a:87:b7:a4:82:15:31:be:1b:79:b5:4a:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 18 10:10:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f903c2770ceb4f52629699fe858af43679aac412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4c:3a:4c:8b:da:cf:56:f2:18:0e:d2:61:76:
                    2b:24:01:ad:48:01:7f:54:d4:bf:c2:c5:a8:56:a4:
                    40:5e:4e:c5:a8:b0:28:b6:e5:8d:cf:07:8c:e4:14:
                    1c:2f:d9:45:68:81:38:dc:a7:e6:c9:0c:94:cc:85:
                    4c:ca:2c:0b:95:4c:4d:f4:e1:c6:a7:d4:87:1b:ca:
                    4b:91:14:c6:df:97:97:45:8c:13:2d:cb:29:9c:80:
                    c0:15:4e:f6:8d:8e:48:76:54:33:a7:62:a1:0b:cc:
                    8a:f7:18:1c:a9:ef:a2:7b:89:fc:79:6d:01:9b:0b:
                    7d:bb:85:55:93:26:1d:e2:6f:91:66:25:61:aa:7a:
                    f4:66:28:5f:df:46:7e:ba:0c:48:04:69:c2:05:f2:
                    61:e4:55:df:ad:fe:6e:9a:f8:5e:fe:22:c3:da:e1:
                    95:2b:94:39:53:60:d4:98:d9:47:df:c5:51:0a:34:
                    8f:59:34:01:37:84:37:4c:46:0d:c7:85:01:b6:94:
                    6b:2b:2a:b2:01:b6:01:d9:40:78:67:3e:9b:90:6a:
                    35:c1:1e:64:f3:4f:34:97:c2:1e:f2:14:e5:11:5e:
                    39:ee:3d:4d:b9:2a:13:99:9b:5b:0a:4c:24:a5:5e:
                    ba:88:b8:be:1e:43:30:8c:88:10:da:07:33:3b:c3:
                    ca:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:03:C2:77:0C:EB:4F:52:62:96:99:FE:85:8A:F4:36:79:AA:C4:12
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-QPCdwzrT1Jilpn-hYr0NnmqxBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.126.0/24
                  82.153.136.0/22
                  82.153.246.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0-89.213.176.255
                  89.213.180.0/22
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:85:f6:07:10:17:4e:c3:9e:39:49:aa:2a:a5:e3:6f:5d:a8:
         8f:14:a0:1a:39:d4:f4:08:8e:97:5b:7f:24:75:88:1e:65:77:
         f4:6f:3e:1f:83:20:6d:36:fd:85:0c:80:3e:4b:c8:60:68:e7:
         1c:38:4c:6d:af:b8:09:8d:63:82:b8:88:e6:93:2d:8b:d9:57:
         70:da:31:83:a6:1d:5d:2c:47:08:84:6d:b2:0f:9c:53:cc:b4:
         a7:ac:4b:2c:d1:e3:9b:45:1d:81:d1:e5:ef:53:45:aa:4d:63:
         63:e8:9b:e4:a2:7f:25:d1:03:9c:df:cc:a9:99:3e:e8:68:06:
         fe:28:48:79:1d:3c:38:2b:2a:5f:5c:b9:b2:e4:d1:22:48:6e:
         11:c8:dd:59:0d:78:9f:1d:c2:34:8f:0c:b3:29:4f:6c:29:ef:
         b6:e0:49:97:b2:a7:a5:e7:74:93:ed:54:f6:be:82:66:06:42:
         f2:43:18:b8:7c:c3:14:b3:8f:78:0a:36:0c:a7:45:ae:eb:2e:
         04:97:51:c6:21:0f:df:63:2f:66:b9:27:75:b6:8e:d2:a1:d3:
         5c:93:06:e3:e1:20:8f:81:fd:e9:b1:1b:26:52:68:be:8f:5a:
         b2:d7:a9:f3:c1:01:81:7a:64:00:bb:b6:23:de:e1:e8:c6:18:
         ef:02:2b:2a
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYx8Z32ah7ekghUxvht5tUpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjE4MTAxMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTAzYzI3NzBjZWI0ZjUyNjI5Njk5ZmU4NThhZjQzNjc5YWFjNDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUw6TIvaz1byGA7SYXYrJAGtSAF/
VNS/wsWoVqRAXk7FqLAotuWNzweM5BQcL9lFaIE43KfmyQyUzIVMyiwLlUxN9OHG
p9SHG8pLkRTG35eXRYwTLcspnIDAFU72jY5IdlQzp2KhC8yK9xgcqe+ie4n8eW0B
mwt9u4VVkyYd4m+RZiVhqnr0Zihf30Z+ugxIBGnCBfJh5FXfrf5umvhe/iLD2uGV
K5Q5U2DUmNlH38VRCjSPWTQBN4Q3TEYNx4UBtpRrKyqyAbYB2UB4Zz6bkGo1wR5k
8080l8Ie8hTlEV457j1NuSoTmZtbCkwkpV66iLi+HkMwjIgQ2gczO8PKnwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFPkDwncM609SYpaZ/oWK9DZ5qsQSMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1RUENkd3pyVDFKaWxwbi1oWXIwTm5tcXhCSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBlBggrBgEFBQcBBwEB/wRWMFQwUgQCAAEwTAMEAFGodAME
AFGodwMEAFGofgMEAlKZiAMEAFKZ9jAMAwQCWdWUAwQFWdWAMAwDBAJZ1awDBABZ
1bADBAJZ1bQDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAHuF9gcQF07D
njlJqiql429dqI8UoBo51PQIjpdbfyR1iB5ld/RvPh+DIG02/YUMgD5LyGBo5xw4
TG2vuAmNY4K4iOaTLYvZV3DaMYOmHV0sRwiEbbIPnFPMtKesSyzR45tFHYHR5e9T
RapNY2Pom+SifyXRA5zfzKmZPuhoBv4oSHkdPDgrKl9cubLk0SJIbhHI3VkNeJ8d
wjSPDLMpT2wp77bgSZeyp6XndJPtVPa+gmYGQvJDGLh8wxSzj3gKNgynRa7rLgSX
UcYhD99jL2a5J3W2jtKh01yTBuPhII+B/emxGyZSaL6PWrLXqfPBAYF6ZAC7tiPe
4ejGGO8CKyo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:13 2024 by rpki-client on console-fra.rpki-client.org