Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-zPnQomX_fIXUZG0FrvZSGCnLfM.roa
File:                     1-zPnQomX_fIXUZG0FrvZSGCnLfM.roa (raw, json)
Hash identifier:          9wmhPc+nwFcdRDmxzWCsnCUHBblZX1Yuo22N5R5UWS0=
Subject key identifier:   FB:33:E7:42:89:97:FD:F2:17:51:91:B4:16:BB:D9:48:60:A7:2D:F3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FAB65BE765ADCB4ED1D09CF427E3718AB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-zPnQomX_fIXUZG0FrvZSGCnLfM.roa
Signing time:             Fri 24 May 2024 16:18:42 +0000
ROA not before:           Fri 24 May 2024 16:18:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        81.168.83.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          82.152.8.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.153.37.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          82.153.132.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24
                          89.213.4.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          89.213.196.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 29 May 2024 10:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ab:65:be:76:5a:dc:b4:ed:1d:09:cf:42:7e:37:18:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 24 16:18:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb33e7428997fdf2175191b416bbd94860a72df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:93:03:2c:c7:4b:c8:5b:dc:84:19:6a:8e:17:
                    32:11:57:22:ba:c2:bd:36:ec:cd:d6:20:90:43:ea:
                    3f:1b:13:84:21:69:7c:d7:94:5e:25:c8:04:e1:87:
                    99:13:df:e9:01:b8:e0:2c:a5:1d:ec:d0:ea:e2:6b:
                    b8:46:df:b3:21:79:88:f3:53:9e:ad:e4:c1:94:f5:
                    65:bd:3b:55:97:a2:36:c5:f6:82:a6:ae:e9:b0:0d:
                    3a:f3:63:75:e0:93:5b:dc:ee:d1:14:f9:a0:46:09:
                    bd:e8:bf:16:eb:95:9b:db:dc:a7:49:03:45:8d:00:
                    2a:63:dc:a6:72:65:4d:55:4d:2e:17:e1:ea:fd:4d:
                    25:99:35:8d:05:b5:5c:85:49:70:3d:3f:d2:f4:ee:
                    76:b1:8d:9a:1c:fd:a2:b7:7c:9e:19:e4:7d:11:50:
                    38:b5:78:f9:93:ed:3e:e6:a0:83:cb:ab:2f:59:b7:
                    50:e0:9f:73:94:15:2b:c3:b6:82:f1:93:1d:2e:34:
                    01:66:36:15:c6:4c:8c:af:a3:e3:92:60:69:25:7e:
                    b5:a9:3e:3d:7b:b0:4f:ab:32:fb:34:08:35:1e:85:
                    3d:26:cc:30:5d:3b:c4:6c:f3:6d:e5:e3:fb:b0:66:
                    bc:86:bf:7f:bc:3b:e7:11:dd:13:08:ed:43:80:ac:
                    40:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:33:E7:42:89:97:FD:F2:17:51:91:B4:16:BB:D9:48:60:A7:2D:F3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-zPnQomX_fIXUZG0FrvZSGCnLfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.83.0/24
                  81.168.120.0/24
                  82.152.8.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/24
                  82.153.37.0/24
                  82.153.69.0/24
                  82.153.72.0/24
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/24
                  89.213.4.0/24
                  89.213.6.0/23
                  89.213.130.0/24
                  89.213.190.0/24
                  89.213.196.0/24
                  109.176.247.0/24
                  109.176.251.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:0b:08:a2:19:dd:64:61:c2:78:25:aa:55:4c:e4:e1:db:6d:
         cd:a1:8d:8f:e3:f8:1f:e7:90:9d:c4:91:52:48:02:1a:1c:8b:
         d4:45:19:5d:f6:90:2f:ec:bb:1c:4b:06:37:86:35:8d:90:88:
         40:46:c5:d3:3a:7b:7b:b8:ca:82:34:86:53:74:ce:a0:9a:f5:
         21:a2:25:ff:03:55:a7:1c:85:c1:be:47:ad:54:fd:7e:d8:fd:
         fd:8a:2f:be:7a:67:65:a8:a3:4d:ab:40:31:df:71:48:07:b5:
         4b:60:06:ab:93:02:ae:47:aa:0a:44:35:e4:2e:40:fc:fb:d9:
         5e:f9:1c:98:f3:56:3a:47:76:2b:34:cc:45:6c:01:2a:9b:1b:
         e2:d3:17:72:ad:7c:7e:72:c8:a3:d5:1d:3d:ec:1f:91:b3:58:
         09:44:29:fc:3d:be:80:63:4b:46:39:34:3f:23:6b:93:1e:30:
         59:ec:df:59:db:0b:e8:50:2f:43:20:bc:12:2d:b4:d1:5c:ea:
         e7:8a:94:a4:60:a5:44:21:ab:21:8e:17:09:8c:74:34:c8:ae:
         30:31:30:3c:6e:4c:94:c3:01:86:89:ab:58:23:c1:31:ec:f5:
         94:2b:26:ef:f4:54:7c:b5:58:c8:64:02:7a:a0:09:8c:62:3e:
         e3:39:08:54
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY+rZb52Wty07R0Jz0J+NxirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI0MTYxODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjMzZTc0Mjg5OTdmZGYyMTc1MTkxYjQxNmJiZDk0ODYwYTcyZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9JMDLMdLyFvchBlqjhcyEVciusK9
NuzN1iCQQ+o/GxOEIWl815ReJcgE4YeZE9/pAbjgLKUd7NDq4mu4Rt+zIXmI81Oe
reTBlPVlvTtVl6I2xfaCpq7psA0682N14JNb3O7RFPmgRgm96L8W65Wb29ynSQNF
jQAqY9ymcmVNVU0uF+Hq/U0lmTWNBbVchUlwPT/S9O52sY2aHP2it3yeGeR9EVA4
tXj5k+0+5qCDy6svWbdQ4J9zlBUrw7aC8ZMdLjQBZjYVxkyMr6PjkmBpJX61qT49
e7BPqzL7NAg1HoU9JswwXTvEbPNt5eP7sGa8hr9/vDvnEd0TCO1DgKxAoQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFPsz50KJl/3yF1GRtBa72Uhgpy3zMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS16UG5Rb21YX2ZJWFVaRzBGcnZaU0dDbkxmTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBkwYIKwYBBQUHAQcBAf8EgYMwgYAwfgQCAAEweAMEAFGo
UwMEAFGoeAMEAFKYCAMEAFKY+AMEAFKY+wMEAFKY/gMEAFKZJQMEAFKZRQMEAFKZ
SAMEAFKZTwMEAFKZhAMEAFKZ4AMEAFnVBAMEAVnVBgMEAFnVggMEAFnVvgMEAFnV
xAMEAG2w9wMEAG2w+wMEALkxfDANBgkqhkiG9w0BAQsFAAOCAQEALQsIohndZGHC
eCWqVUzk4dttzaGNj+P4H+eQncSRUkgCGhyL1EUZXfaQL+y7HEsGN4Y1jZCIQEbF
0zp7e7jKgjSGU3TOoJr1IaIl/wNVpxyFwb5HrVT9ftj9/YovvnpnZaijTatAMd9x
SAe1S2AGq5MCrkeqCkQ15C5A/PvZXvkcmPNWOkd2KzTMRWwBKpsb4tMXcq18fnLI
o9UdPewfkbNYCUQp/D2+gGNLRjk0PyNrkx4wWezfWdsL6FAvQyC8Ei200Vzq54qU
pGClRCGrIY4XCYx0NMiuMDEwPG5MlMMBhomrWCPBMez1lCsm7/RUfLVYyGQCeqAJ
jGI+4zkIVA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:19 2024 by rpki-client on console-ams.rpki-client.org