Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3mVtd22bCesN44uZtBL9CVJEcPA.roa
File:                     3mVtd22bCesN44uZtBL9CVJEcPA.roa (raw, json)
Hash identifier:          8zQKD8ivk4n23wjN6zHX+D7ReKU5pEPFlnfmo53g4bk=
Subject key identifier:   DE:65:6D:77:6D:9B:09:EB:0D:E3:8B:99:B4:12:FD:09:52:44:70:F0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01895DF03CC55B8A219A101B1B11C221C505
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3mVtd22bCesN44uZtBL9CVJEcPA.roa
Signing time:             Sun 16 Jul 2023 09:02:52 +0000
ROA not before:           Sun 16 Jul 2023 09:02:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.62.0/24 maxlen: 24
                          82.153.242.0/24 maxlen: 24
                          89.213.191.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 19 Jul 2023 10:55:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5d:f0:3c:c5:5b:8a:21:9a:10:1b:1b:11:c2:21:c5:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 16 09:02:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de656d776d9b09eb0de38b99b412fd09524470f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a2:15:b4:ec:46:ca:4c:b2:3e:df:63:2c:88:
                    e5:e3:45:8b:f1:d6:26:8f:8e:46:2b:76:43:2f:c6:
                    d1:db:01:60:52:fc:04:c6:f7:9e:a3:b3:77:a7:31:
                    ee:76:23:4e:f1:ca:73:7f:a3:be:71:c2:ba:b3:1f:
                    49:b8:d9:23:10:4f:6f:ea:19:bf:d4:0d:23:30:9a:
                    74:89:f4:50:6a:26:cd:f0:e3:6d:10:00:75:07:28:
                    12:ee:72:6b:78:12:f1:64:c6:4e:8f:cd:eb:63:1e:
                    f0:b4:e6:8c:85:d9:31:dd:5b:2c:33:7c:ed:be:ad:
                    37:2d:48:a7:b6:16:0a:45:80:3c:15:2f:93:f4:67:
                    60:0a:e1:80:38:ca:ad:73:82:99:ed:a4:59:fa:c4:
                    18:1a:07:ce:c1:17:73:ba:54:9f:e5:2d:08:1a:e0:
                    f6:97:e8:8d:fe:04:e4:2d:e2:45:e5:18:ec:fb:4c:
                    f0:43:18:aa:83:59:74:6e:61:6b:2f:1d:96:72:22:
                    69:cf:da:fd:99:8f:8d:b7:a6:66:2b:10:ef:3a:00:
                    bb:b8:57:40:e1:a8:c8:89:52:a4:2d:6d:18:52:d4:
                    8f:66:30:42:82:e1:a4:22:85:6e:0e:84:db:08:f4:
                    25:7e:64:03:26:70:7a:bc:3a:1b:d8:f9:af:ee:21:
                    2e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:65:6D:77:6D:9B:09:EB:0D:E3:8B:99:B4:12:FD:09:52:44:70:F0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3mVtd22bCesN44uZtBL9CVJEcPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.248.0/23
                  89.213.131.0/24
                  89.213.191.0/24
                  213.152.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:6f:43:0a:c4:7a:6c:9d:03:c5:bc:e2:42:3c:1a:62:59:5a:
         e5:c4:68:81:99:ef:c6:db:f5:22:4f:c3:6a:b5:5e:34:f2:81:
         2d:68:f5:07:1c:16:38:f7:95:a9:b3:31:5b:7c:78:f0:1a:71:
         27:2e:ad:c1:1a:6e:89:59:a6:4b:80:e9:e2:c8:67:58:08:24:
         67:c1:fc:40:b9:9a:10:cd:30:35:c3:66:5d:8e:ed:45:ea:d7:
         76:85:54:32:c2:75:34:87:c2:c0:39:4d:8c:9a:b0:f9:aa:a6:
         e2:e0:c7:08:98:85:e1:7a:ec:55:17:8e:75:dc:06:f7:2e:42:
         6b:72:b7:9e:88:39:b9:25:4a:17:67:16:97:c8:0f:c9:a5:03:
         03:c3:ed:fc:ee:16:a7:36:27:98:b0:09:24:a3:42:ab:0b:bd:
         cf:16:50:2d:48:a8:8a:b1:74:ad:ce:15:fd:3a:f3:5e:f3:8d:
         51:be:39:9f:76:a4:bb:8e:c9:3a:85:49:65:df:ad:36:23:b8:
         11:93:91:c2:cc:78:df:82:78:58:c8:c8:31:c0:bf:ba:81:04:
         26:ac:72:aa:d2:77:d4:64:7b:07:9e:c1:1c:13:f0:09:23:09:
         0e:a3:56:99:51:01:60:22:f2:fb:84:a3:c5:a5:f7:a0:53:ed:
         f6:ed:64:06
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYld8DzFW4ohmhAbGxHCIcUFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzE2MDkwMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTY1NmQ3NzZkOWIwOWViMGRlMzhiOTliNDEyZmQwOTUyNDQ3MGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKIVtOxGykyyPt9jLIjl40WL8dYm
j45GK3ZDL8bR2wFgUvwExveeo7N3pzHudiNO8cpzf6O+ccK6sx9JuNkjEE9v6hm/
1A0jMJp0ifRQaibN8ONtEAB1BygS7nJreBLxZMZOj83rYx7wtOaMhdkx3VssM3zt
vq03LUinthYKRYA8FS+T9GdgCuGAOMqtc4KZ7aRZ+sQYGgfOwRdzulSf5S0IGuD2
l+iN/gTkLeJF5Rjs+0zwQxiqg1l0bmFrLx2WciJpz9r9mY+Nt6ZmKxDvOgC7uFdA
4ajIiVKkLW0YUtSPZjBCguGkIoVuDoTbCPQlfmQDJnB6vDob2Pmv7iEujQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFN5lbXdtmwnrDeOLmbQS/QlSRHDwMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM21WdGQyMmJDZXNONDR1WnRCTDlDVkpFY1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphsAwQAUphvAwQBUpj8AwQAUpj/AwQAUplJAwQAUplOAwQC
UpmIAwQAUpnfAwQAUpnyAwQBUpn4AwQAWdWDAwQAWdW/AwQA1Zg+MA0GCSqGSIb3
DQEBCwUAA4IBAQBMb0MKxHpsnQPFvOJCPBpiWVrlxGiBme/G2/UiT8NqtV408oEt
aPUHHBY495WpszFbfHjwGnEnLq3BGm6JWaZLgOniyGdYCCRnwfxAuZoQzTA1w2Zd
ju1F6td2hVQywnU0h8LAOU2MmrD5qqbi4McImIXheuxVF4513Ab3LkJrcreeiDm5
JUoXZxaXyA/JpQMDw+387hanNieYsAkko0KrC73PFlAtSKiKsXStzhX9OvNe841R
vjmfdqS7jsk6hUll3602I7gRk5HCzHjfgnhYyMgxwL+6gQQmrHKq0nfUZHsHnsEc
E/AJIwkOo1aZUQFgIvL7hKPFpfegU+327WQG
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:13 2024 by rpki-client on console-fra.rpki-client.org