Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3v5Zl_Z0C1kAbdwIVfSsXKO_1GY.roa
File:                     3v5Zl_Z0C1kAbdwIVfSsXKO_1GY.roa (raw, json)
Hash identifier:          7g4TAHM4etg4b57HMsFpeb1BDSMGBJf4n7LNIf3Nbxc=
Subject key identifier:   DE:FE:59:97:F6:74:0B:59:00:6D:DC:08:55:F4:AC:5C:A3:BF:D4:66
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F33172F9C06550AEF2D513714BF8793FE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3v5Zl_Z0C1kAbdwIVfSsXKO_1GY.roa
Signing time:             Wed 01 May 2024 07:38:28 +0000
ROA not before:           Wed 01 May 2024 07:38:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          109.176.24.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.234.0/24 maxlen: 24
                          213.218.236.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 01 May 2024 13:24:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:33:17:2f:9c:06:55:0a:ef:2d:51:37:14:bf:87:93:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  1 07:38:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=defe5997f6740b59006ddc0855f4ac5ca3bfd466
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:59:3f:ed:21:3c:ac:7f:15:32:9b:37:d0:10:
                    bc:52:d3:fb:1b:84:49:b8:3c:01:13:e9:93:5c:79:
                    89:19:ce:51:19:a9:27:4a:f1:e6:9b:5c:14:91:89:
                    5a:31:0f:70:55:9a:c5:46:8d:da:3d:ef:34:de:5e:
                    f1:bc:43:15:54:b8:2b:be:32:e8:14:18:b2:2b:86:
                    af:9c:28:5e:20:59:fe:07:c1:94:41:22:56:f6:82:
                    03:e0:5e:c5:67:b5:dc:49:48:9a:03:08:d5:a6:9a:
                    76:53:b1:3d:e1:fa:c6:bd:a7:38:d2:60:7c:90:f6:
                    53:60:78:04:52:7d:31:be:a4:73:21:c0:e9:c0:50:
                    62:1a:c3:ca:c5:82:3d:b5:ae:2a:b6:2f:db:bf:57:
                    2d:24:66:77:3c:d5:99:e3:32:ac:9a:06:f4:5e:38:
                    22:c4:7d:eb:d7:94:3e:92:5b:72:9f:8e:ce:4b:88:
                    cb:6a:d8:dd:49:67:70:98:36:3e:dd:22:36:af:12:
                    d6:ca:a3:b7:d8:7a:4f:ac:4c:3d:97:ee:dd:80:4f:
                    ae:07:6f:e6:28:17:c2:da:96:83:2e:cb:be:1a:45:
                    62:e5:fd:00:e0:d8:05:60:d2:76:c4:51:2b:ce:81:
                    12:61:9f:28:2a:b8:ff:ad:c1:8d:12:8a:2f:47:9a:
                    7f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:FE:59:97:F6:74:0B:59:00:6D:DC:08:55:F4:AC:5C:A3:BF:D4:66
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3v5Zl_Z0C1kAbdwIVfSsXKO_1GY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0-109.176.24.255
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.213.0/24
                  213.218.234.0/24
                  213.218.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:22:f1:54:4d:49:bd:03:3e:ef:c6:53:0b:9a:2c:24:39:a8:
         f2:ce:93:d7:3f:ce:6a:f9:ec:cb:80:3b:83:fc:da:93:7e:9e:
         46:a9:25:8c:bf:2b:79:c2:14:4d:c8:62:51:d3:3e:43:43:0a:
         bd:aa:f5:aa:2e:b3:78:39:fc:17:bd:d7:02:10:a3:10:c9:30:
         b6:73:31:84:4e:3c:ca:f7:7c:76:b1:9f:5d:e6:a4:b4:1b:8b:
         39:a6:b5:37:f4:26:65:e6:2e:89:bc:32:ee:25:52:5d:5b:b5:
         27:c4:0b:77:58:5d:03:6d:da:ac:d9:81:d1:f1:77:62:0c:f5:
         8a:95:c2:ab:4a:d2:2d:6e:53:af:a4:b2:16:f5:13:15:23:af:
         4e:6a:d7:82:94:e4:45:39:58:05:56:79:69:0d:7c:e9:d9:59:
         4a:a7:8a:1e:ae:98:b4:ef:43:7a:37:6c:52:70:a8:00:24:6f:
         ad:c4:9d:32:85:ff:55:10:34:7b:73:88:db:37:d0:28:44:c5:
         28:a9:61:6a:17:cb:ee:20:b2:2a:fa:f5:3f:8b:22:85:4e:68:
         64:bd:9e:38:09:f3:ef:9b:52:c0:21:df:16:e8:9b:fb:0a:49:
         2a:89:d0:8a:d0:49:09:d8:da:f9:52:ad:6a:33:26:a9:2e:bc:
         5c:e5:5a:08
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAY8zFy+cBlUK7y1RNxS/h5P+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTAxMDczODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWZlNTk5N2Y2NzQwYjU5MDA2ZGRjMDg1NWY0YWM1Y2EzYmZkNDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Vk/7SE8rH8VMps30BC8UtP7G4RJ
uDwBE+mTXHmJGc5RGaknSvHmm1wUkYlaMQ9wVZrFRo3aPe803l7xvEMVVLgrvjLo
FBiyK4avnCheIFn+B8GUQSJW9oID4F7FZ7XcSUiaAwjVppp2U7E94frGvac40mB8
kPZTYHgEUn0xvqRzIcDpwFBiGsPKxYI9ta4qti/bv1ctJGZ3PNWZ4zKsmgb0Xjgi
xH3r15Q+kltyn47OS4jLatjdSWdwmDY+3SI2rxLWyqO32HpPrEw9l+7dgE+uB2/m
KBfC2paDLsu+GkVi5f0A4NgFYNJ2xFErzoESYZ8oKrj/rcGNEoovR5p/KwIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFN7+WZf2dAtZAG3cCFX0rFyjv9RmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM3Y1WmxfWjBDMWtBYmR3SVZmU3NYS09fMUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwdgQCAAEwcAMEAFGofgME
AVKYsAMEAlKZiAMEAFKZ9QMEAFnVhTAMAwQCWdWUAwQFWdWAAwQCWdWsAwQAWdW0
MAwDBARtsBADBABtsBgDBAG5MX4DBATCaVADBADVgpUDBAHV2tIDBADV2tUDBADV
2uoDBADV2uwwDQYJKoZIhvcNAQELBQADggEBABAi8VRNSb0DPu/GUwuaLCQ5qPLO
k9c/zmr57MuAO4P82pN+nkapJYy/K3nCFE3IYlHTPkNDCr2q9aous3g5/Be91wIQ
oxDJMLZzMYROPMr3fHaxn13mpLQbizmmtTf0JmXmLom8Mu4lUl1btSfEC3dYXQNt
2qzZgdHxd2IM9YqVwqtK0i1uU6+kshb1ExUjr05q14KU5EU5WAVWeWkNfOnZWUqn
ih6umLTvQ3o3bFJwqAAkb63EnTKF/1UQNHtziNs30ChExSipYWoXy+4gsir69T+L
IoVOaGS9njgJ8++bUsAh3xbom/sKSSqJ0IrQSQnY2vlSrWozJqkuvFzlWgg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:19 2024 by rpki-client on console-ams.rpki-client.org