Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2yNVHXTMX99wtsFLMEZOyCks4wM.roa
File:                     2yNVHXTMX99wtsFLMEZOyCks4wM.roa (raw, json)
Hash identifier:          PdaI7b+7x0hYcPXbm5r9jXaKv1Gz3zUx0mU5fJYivas=
Subject key identifier:   DB:23:55:1D:74:CC:5F:DF:70:B6:C1:4B:30:46:4E:C8:29:2C:E3:03
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F8AB53FCCC7D1FAC21D5C28156EA54211
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2yNVHXTMX99wtsFLMEZOyCks4wM.roa
Signing time:             Sat 18 May 2024 07:58:05 +0000
ROA not before:           Sat 18 May 2024 07:58:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.152.176.0/24 maxlen: 24
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.97.0/24 maxlen: 24
                          89.213.98.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.210.59.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24
                          213.218.249.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 May 2024 07:18:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8a:b5:3f:cc:c7:d1:fa:c2:1d:5c:28:15:6e:a5:42:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 18 07:58:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db23551d74cc5fdf70b6c14b30464ec8292ce303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:47:20:c2:e9:a1:33:2d:78:5b:99:31:0b:3a:
                    e0:b2:a6:c7:ee:f8:59:58:d7:31:56:41:9b:99:93:
                    a5:55:b9:15:c9:4f:60:d3:67:55:08:0f:ba:f6:41:
                    9d:c2:73:72:fb:2a:d7:99:d4:5a:d3:a0:51:30:0b:
                    29:2a:47:56:84:cf:81:c8:2a:ad:07:7e:d0:9d:d2:
                    63:26:1b:41:a0:2c:a2:fb:c8:d4:d3:33:89:b2:f8:
                    10:f8:7f:70:6a:78:4d:39:e5:f3:28:0c:17:42:b5:
                    c4:92:b3:46:5f:de:eb:2c:01:47:81:c5:a2:6b:26:
                    72:82:1b:e3:82:26:c8:5f:9c:29:37:30:ab:6a:1c:
                    ad:66:64:66:7a:2b:d4:72:06:8f:37:80:4b:22:93:
                    ea:4c:00:5a:4a:3e:a3:a9:b0:82:fa:dd:81:17:bc:
                    92:8d:8c:a7:11:05:b0:16:10:85:a2:e1:5b:c0:57:
                    8a:81:ce:d1:cf:a0:ee:44:20:8c:c1:52:ce:2b:13:
                    47:4e:0c:b8:f8:59:af:68:77:c1:20:57:4d:e5:c3:
                    dd:27:99:f4:36:b8:08:11:00:66:c9:50:4b:32:17:
                    2e:bb:b2:bd:03:63:49:14:61:b2:bf:08:01:8c:56:
                    b3:f3:2e:fd:e4:18:4e:6e:8e:85:f2:7c:fc:d4:f8:
                    ca:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:23:55:1D:74:CC:5F:DF:70:B6:C1:4B:30:46:4E:C8:29:2C:E3:03
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2yNVHXTMX99wtsFLMEZOyCks4wM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.50.0/24
                  82.153.136.0/22
                  89.213.97.0-89.213.98.255
                  89.213.134.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.130.0/24
                  213.130.149.0/24
                  213.210.59.0/24
                  213.218.210.0/23
                  213.218.213.0/24
                  213.218.231.0/24
                  213.218.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:2d:0f:1b:86:b3:ad:9c:02:7e:88:9e:e7:eb:8c:29:6c:14:
         c4:35:5e:48:2c:ce:9e:63:5b:ee:92:30:55:46:0c:16:95:e8:
         32:bb:d5:ee:cc:b0:e8:ea:d0:6d:02:27:f2:d6:7a:58:0c:4d:
         9a:0a:4c:e2:8a:63:28:f1:01:0e:b0:1b:9d:73:2e:de:9c:f1:
         ee:e1:35:2e:6e:9b:d2:cc:6f:b9:30:04:67:5d:13:5e:b2:a9:
         4c:5d:7e:b7:31:03:50:a9:6e:64:03:46:cb:3c:32:a4:e4:c5:
         99:66:79:6d:f9:55:44:cb:36:67:a5:f1:3f:38:98:72:20:6b:
         66:7e:58:51:ee:af:e6:45:ac:73:a3:95:b4:2c:ae:aa:f2:54:
         9f:16:95:10:4b:42:95:06:e5:a4:c5:f8:87:9d:19:d6:aa:a1:
         ff:11:96:33:c8:d5:4f:2a:fd:43:84:2c:0f:2c:14:cf:11:31:
         dd:96:2c:ae:33:83:cb:0a:6e:d4:2e:17:a9:f5:d8:3e:8e:0b:
         45:72:0c:35:df:b0:35:cf:c7:54:4e:4b:21:90:ba:c7:ee:3f:
         17:d5:e9:89:d4:b4:e4:6e:9c:4f:3b:4b:0a:99:66:ec:74:81:
         40:5e:73:8e:21:e4:1c:f7:63:e0:7a:9e:ca:f8:1b:f6:b6:a9:
         fa:23:31:7a
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAY+KtT/Mx9H6wh1cKBVupUIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTE4MDc1ODA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjIzNTUxZDc0Y2M1ZmRmNzBiNmMxNGIzMDQ2NGVjODI5MmNlMzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEcgwumhMy14W5kxCzrgsqbH7vhZ
WNcxVkGbmZOlVbkVyU9g02dVCA+69kGdwnNy+yrXmdRa06BRMAspKkdWhM+ByCqt
B37QndJjJhtBoCyi+8jU0zOJsvgQ+H9wanhNOeXzKAwXQrXEkrNGX97rLAFHgcWi
ayZyghvjgibIX5wpNzCrahytZmRmeivUcgaPN4BLIpPqTABaSj6jqbCC+t2BF7yS
jYynEQWwFhCFouFbwFeKgc7Rz6DuRCCMwVLOKxNHTgy4+FmvaHfBIFdN5cPdJ5n0
NrgIEQBmyVBLMhcuu7K9A2NJFGGyvwgBjFaz8y795BhObo6F8nz81PjKVQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFNsjVR10zF/fcLbBSzBGTsgpLOMDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMnlOVkhYVE1YOTl3dHNGTE1FWk95Q2tzNHdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAFSmLAD
BABSmTIDBAJSmYgwDAMEAFnVYQMEAFnVYgMEAFnVhjAMAwQCWdWUAwQFWdWAAwQC
WdWsAwQDbbAQAwQBuTF+AwQEwmlQAwQA1YKCAwQA1YKVAwQA1dI7AwQB1drSAwQA
1drVAwQA1drnAwQA1dr5MA0GCSqGSIb3DQEBCwUAA4IBAQBILQ8bhrOtnAJ+iJ7n
64wpbBTENV5ILM6eY1vukjBVRgwWlegyu9XuzLDo6tBtAify1npYDE2aCkziimMo
8QEOsBudcy7enPHu4TUubpvSzG+5MARnXRNesqlMXX63MQNQqW5kA0bLPDKk5MWZ
Znlt+VVEyzZnpfE/OJhyIGtmflhR7q/mRaxzo5W0LK6q8lSfFpUQS0KVBuWkxfiH
nRnWqqH/EZYzyNVPKv1DhCwPLBTPETHdliyuM4PLCm7ULhep9dg+jgtFcgw137A1
z8dUTkshkLrH7j8X1emJ1LTkbpxPO0sKmWbsdIFAXnOOIeQc92Pgep7K+Bv2tqn6
IzF6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:13 2024 by rpki-client on console-fra.rpki-client.org