Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LQTOiZ8XCJihRzKLdfGcEuxC1k.roa
File:                     4LQTOiZ8XCJihRzKLdfGcEuxC1k.roa (raw, json)
Hash identifier:          WBCCdWQsZG7PL7p4Dnxl5z00ZdWKtO0lbWQn1bDaL3w=
Subject key identifier:   E0:B4:13:3A:26:7C:5C:22:62:85:1C:CA:2D:D7:C6:70:4B:B1:0B:59
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01874C0D5441413A55698DC0F75DF1429B08
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LQTOiZ8XCJihRzKLdfGcEuxC1k.roa
Signing time:             Tue 04 Apr 2023 11:35:54 +0000
ROA not before:           Tue 04 Apr 2023 11:35:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8851
IP address blocks:        89.213.64.0/18 maxlen: 24
                          37.252.24.0/21 maxlen: 24
                          80.240.80.0/20 maxlen: 20
                          77.107.64.0/18 maxlen: 24
                          213.210.0.0/18 maxlen: 24
                          85.159.128.0/21 maxlen: 24
                          212.38.64.0/19 maxlen: 24
                          37.98.144.0/21 maxlen: 24
                          37.98.144.0/22 maxlen: 24
                          109.176.0.0/16 maxlen: 16
                          89.213.40.0/21 maxlen: 24
                          89.213.48.0/20 maxlen: 24
                          213.218.208.0/20 maxlen: 24
                          89.31.232.0/21 maxlen: 24
                          79.99.72.0/21 maxlen: 24
                          185.20.32.0/22 maxlen: 24
                          185.20.34.0/24 maxlen: 24
                          185.20.35.0/24 maxlen: 24
                          213.218.224.0/19 maxlen: 24
                          81.168.0.0/17 maxlen: 17
                          89.213.128.0/17 maxlen: 24
                          82.163.0.0/19 maxlen: 24
                          217.144.144.0/20 maxlen: 24
                          217.145.64.0/20 maxlen: 24
                          185.49.124.0/22 maxlen: 24
                          185.24.84.0/22 maxlen: 24
                          89.213.0.0/21 maxlen: 24
                          213.130.128.0/19 maxlen: 24
                          194.105.64.0/19 maxlen: 24
                          81.5.128.0/18 maxlen: 18
                          82.152.0.0/15 maxlen: 15
                          195.128.138.0/24 maxlen: 24
                          213.152.32.0/19 maxlen: 19
                          2a02:21f8::/32 maxlen: 32
                          2a00:c60::/32 maxlen: 32
                          2001:1a90::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 14 Jun 2023 10:29:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4c:0d:54:41:41:3a:55:69:8d:c0:f7:5d:f1:42:9b:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  4 11:35:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e0b4133a267c5c2262851cca2dd7c6704bb10b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9a:81:e2:a7:97:17:8a:a7:ee:d5:22:1e:e0:
                    3e:fd:50:6e:7f:0e:78:ab:27:c5:67:4f:3a:f9:d5:
                    d8:c3:11:1b:96:1c:94:e5:27:d6:97:63:57:c3:00:
                    1e:e0:a9:16:3b:be:cb:9d:89:36:21:b5:0e:6f:f2:
                    97:a7:4b:ef:5e:79:ff:91:5d:24:60:22:18:4b:f3:
                    fe:8f:4b:b5:e0:5e:bc:f8:66:ff:1a:4c:8f:fb:41:
                    0b:a5:4c:94:41:ad:13:06:65:fd:0a:20:46:87:e3:
                    b1:b9:a3:bd:e8:8f:8a:2f:98:7d:cd:d0:ee:37:cb:
                    6f:06:47:ec:14:25:04:46:2a:ae:37:c7:d0:af:47:
                    93:1f:bc:e5:34:b8:40:f8:00:61:9a:b6:52:73:e4:
                    f8:3d:f4:20:23:7f:43:05:28:c3:92:72:9b:4e:e4:
                    69:33:88:71:1b:83:1a:b6:75:d0:4f:59:eb:99:08:
                    b9:66:02:b2:b3:af:ae:e8:2f:f0:f8:dc:f7:67:05:
                    1c:e4:24:50:40:98:3c:43:51:22:04:49:c3:9b:64:
                    26:18:61:4a:af:42:9a:fb:a9:1b:67:89:32:83:31:
                    e8:d6:10:de:a7:ec:2c:d1:94:6e:2c:58:57:64:c3:
                    9d:4b:0f:1f:2e:e5:15:d6:5a:21:04:24:fc:f5:dd:
                    07:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B4:13:3A:26:7C:5C:22:62:85:1C:CA:2D:D7:C6:70:4B:B1:0B:59
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LQTOiZ8XCJihRzKLdfGcEuxC1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.144.0/21
                  37.252.24.0/21
                  77.107.64.0/18
                  79.99.72.0/21
                  80.240.80.0/20
                  81.5.128.0/18
                  81.168.0.0/17
                  82.152.0.0/15
                  82.163.0.0/19
                  85.159.128.0/21
                  89.31.232.0/21
                  89.213.0.0/21
                  89.213.40.0-89.213.255.255
                  109.176.0.0/16
                  185.20.32.0/22
                  185.24.84.0/22
                  185.49.124.0/22
                  194.105.64.0/19
                  195.128.138.0/24
                  212.38.64.0/19
                  213.130.128.0/19
                  213.152.32.0/19
                  213.210.0.0/18
                  213.218.208.0-213.218.255.255
                  217.144.144.0/20
                  217.145.64.0/20
                IPv6:
                  2001:1a90::/32
                  2a00:c60::/32
                  2a02:21f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:1b:9f:26:2f:34:05:59:06:1d:65:57:15:e0:9c:e9:5f:16:
         9e:a4:2a:92:d9:26:51:de:92:6d:e8:ab:3f:6e:90:74:04:aa:
         dd:59:b4:ae:4b:af:83:80:bf:50:a2:08:a8:c7:52:17:8f:6d:
         8a:20:1b:f5:0a:8c:0c:69:b0:75:3f:5b:81:16:8f:c7:f0:99:
         05:fc:f1:f2:9a:ab:53:73:9d:ee:01:39:19:30:74:ea:6b:eb:
         0f:53:f8:da:9c:cc:7d:cf:1d:75:c4:19:2d:50:96:f6:ab:91:
         e2:8e:83:66:7f:db:c9:e6:aa:3f:6e:1d:8c:bf:0f:77:9f:8f:
         7b:77:4d:4d:8b:43:12:42:27:01:c7:af:af:9e:0a:cd:b4:f0:
         c1:26:b4:fe:25:a8:df:f2:e6:e9:17:30:7e:cf:48:34:a6:fe:
         52:ea:f6:a1:dc:e7:6f:36:29:07:a0:06:e0:b5:fa:e7:cd:67:
         2a:bb:9e:04:df:8c:d8:13:6a:96:26:f3:bd:56:81:fc:cb:b1:
         7f:91:45:f0:a7:3e:4f:3d:d4:56:63:bc:2e:bb:b4:2c:c5:b6:
         2e:48:cd:14:46:d3:0d:30:03:d7:5d:87:2f:19:e1:4c:5f:87:
         fa:c2:8d:ba:93:75:10:d3:c2:a7:dd:1b:a6:4b:c8:db:04:26:
         fa:8b:8b:2d
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAYdMDVRBQTpVaY3A913xQpsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDA0MTEzNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI0MTMzYTI2N2M1YzIyNjI4NTFjY2EyZGQ3YzY3MDRiYjEwYjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5qB4qeXF4qn7tUiHuA+/VBufw54
qyfFZ086+dXYwxEblhyU5SfWl2NXwwAe4KkWO77LnYk2IbUOb/KXp0vvXnn/kV0k
YCIYS/P+j0u14F68+Gb/GkyP+0ELpUyUQa0TBmX9CiBGh+OxuaO96I+KL5h9zdDu
N8tvBkfsFCUERiquN8fQr0eTH7zlNLhA+ABhmrZSc+T4PfQgI39DBSjDknKbTuRp
M4hxG4MatnXQT1nrmQi5ZgKys6+u6C/w+Nz3ZwUc5CRQQJg8Q1EiBEnDm2QmGGFK
r0Ka+6kbZ4kygzHo1hDep+ws0ZRuLFhXZMOdSw8fLuUV1lohBCT89d0H7wIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFOC0EzomfFwiYoUcyi3XxnBLsQtZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNExRVE9pWjhYQ0ppaFJ6S0xkZkdjRXV4QzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHiBggrBgEFBQcBBwEB/wSB0jCBzzCBrwQCAAEwgagDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6AMEA1nVADALAwQDWdUoAwMBWdQDAwBtsAMEArkUIAMEArkY
VAMEArkxfAMEBcJpQAMEAMOAigMEBdQmQAMEBdWCgAMEBdWYIAMEBtXSADALAwQE
1drQAwMA1doDBATZkJADBATZkUAwGwQCAAIwFQMFACABGpADBQAqAAxgAwUAKgIh
+DANBgkqhkiG9w0BAQsFAAOCAQEAkhufJi80BVkGHWVXFeCc6V8WnqQqktkmUd6S
beirP26QdASq3Vm0rkuvg4C/UKIIqMdSF49tiiAb9QqMDGmwdT9bgRaPx/CZBfzx
8pqrU3Od7gE5GTB06mvrD1P42pzMfc8ddcQZLVCW9quR4o6DZn/byeaqP24djL8P
d5+Pe3dNTYtDEkInAcevr54KzbTwwSa0/iWo3/Lm6Rcwfs9INKb+Uur2odznbzYp
B6AG4LX6581nKrueBN+M2BNqlibzvVaB/Muxf5FF8Kc+Tz3UVmO8Lru0LMW2LkjN
FEbTDTAD112HLxnhTF+H+sKNupN1ENPCp90bpkvI2wQm+ouLLQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:19 2024 by rpki-client on console-ams.rpki-client.org