Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7cFX8iTjuZAWwuqIYvIGCL2bop4.roa
File:                     7cFX8iTjuZAWwuqIYvIGCL2bop4.roa (raw, json)
Hash identifier:          rq7zg2CN0atdeY02XtHdLe8OoZbxW24vEyY1uPENrzg=
Subject key identifier:   ED:C1:57:F2:24:E3:B9:90:16:C2:EA:88:62:F2:06:08:BD:9B:A2:9E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189C17020C24C88379B5F8D1D8EA063C029
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7cFX8iTjuZAWwuqIYvIGCL2bop4.roa
Signing time:             Fri 04 Aug 2023 16:44:58 +0000
ROA not before:           Fri 04 Aug 2023 16:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          109.176.241.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.213.0/24 maxlen: 24
                          109.176.210.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 07 Aug 2023 07:14:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:c1:70:20:c2:4c:88:37:9b:5f:8d:1d:8e:a0:63:c0:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  4 16:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=edc157f224e3b99016c2ea8862f20608bd9ba29e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f3:6d:45:b4:58:cd:91:71:78:4b:4d:93:31:
                    8b:4b:09:97:c3:60:4d:e5:71:d0:eb:d9:d5:8c:94:
                    e1:66:a7:08:87:df:fe:97:6b:66:f9:f5:6e:cd:77:
                    69:e5:43:40:6a:1f:89:1b:c5:e0:ff:d0:c8:a0:38:
                    fd:94:4b:d9:4d:34:f4:aa:d9:b0:eb:f7:ae:7c:0e:
                    fd:33:9c:67:28:8a:0d:9c:76:ec:95:85:46:da:85:
                    12:c4:71:60:fd:e9:4b:86:26:09:92:ab:48:f5:5d:
                    21:ce:5d:f8:a4:32:b9:1c:f9:09:bc:a3:b8:be:74:
                    ad:3a:ef:cb:81:c4:02:c6:65:23:71:e3:f7:8a:8e:
                    5f:a1:80:de:6b:0f:c6:12:53:8a:b8:cb:33:88:71:
                    76:e8:fa:10:52:12:87:eb:f2:b0:67:ee:a0:8f:56:
                    9a:4d:24:95:b2:93:e3:31:11:65:f1:b5:fe:2d:2d:
                    fc:8f:47:53:98:1d:84:69:62:19:7c:67:a3:56:88:
                    57:04:ad:79:59:8f:40:ea:e3:8d:c0:b0:31:cd:11:
                    0a:2c:40:fd:d9:3a:f1:6a:d6:67:20:64:21:8a:3c:
                    ad:32:91:54:5e:ac:43:74:c5:dd:eb:9d:08:f8:b9:
                    5d:0c:51:77:d0:ca:78:ab:92:b2:55:ee:68:18:29:
                    e2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C1:57:F2:24:E3:B9:90:16:C2:EA:88:62:F2:06:08:BD:9B:A2:9E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7cFX8iTjuZAWwuqIYvIGCL2bop4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.223.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.41.0/24
                  89.213.136.0/24
                  89.213.139.0-89.213.140.255
                  89.213.150.0/24
                  89.213.152.0/24
                  89.213.155.0/24
                  89.213.163.0/24
                  89.213.168.0/24
                  89.213.173.0/24
                  89.213.176.0/24
                  89.213.180.0/24
                  89.213.182.0/24
                  89.213.184.0/22
                  109.176.210.0/23
                  109.176.213.0/24
                  109.176.240.0-109.176.244.255
                  109.176.247.0/24
                  109.176.250.0/24
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f6:f5:da:f8:3a:37:50:97:be:99:e4:2c:2c:b5:de:e0:ed:
         ac:ab:db:4f:23:ac:6b:fa:d3:bd:26:41:41:7c:57:c2:9c:2f:
         36:9f:c1:d7:c7:f6:35:92:50:90:dc:42:6b:8d:e1:5e:ed:0b:
         9f:3d:9b:ff:06:ea:9c:c6:ac:be:87:db:2f:b9:8d:2d:c2:49:
         9c:92:ba:da:8b:5a:6e:d3:5f:7d:32:32:89:00:a8:11:1e:99:
         0c:83:a6:a3:36:a4:f3:b5:46:aa:df:0c:78:55:63:65:2e:b5:
         32:7c:e2:53:74:19:42:3a:3d:5b:03:ae:ce:9f:5e:77:91:44:
         5e:0a:5f:0b:3d:3e:93:85:dd:a1:5b:1e:81:d1:23:02:ff:62:
         c6:8b:a9:7e:b2:bf:44:81:65:48:23:36:f1:65:92:35:f8:bf:
         55:ca:63:01:10:7f:b8:e4:dc:4d:57:d2:eb:24:36:60:32:00:
         0b:59:a0:9f:fa:db:b6:3c:5c:32:9f:21:e3:1d:0d:36:eb:49:
         9f:65:3e:55:f2:6b:af:6c:db:a2:c4:76:e5:02:d0:6a:13:2b:
         a3:0d:ca:64:c4:46:13:33:1e:b7:72:13:9a:cf:dc:68:d7:c1:
         66:f4:f0:e1:e8:cc:d0:65:92:10:fd:30:4a:9a:e3:b0:8e:61:
         b9:5f:21:e0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgISAYnBcCDCTIg3m1+NHY6gY8ApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODA0MTY0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGMxNTdmMjI0ZTNiOTkwMTZjMmVhODg2MmYyMDYwOGJkOWJhMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPNtRbRYzZFxeEtNkzGLSwmXw2BN
5XHQ69nVjJThZqcIh9/+l2tm+fVuzXdp5UNAah+JG8Xg/9DIoDj9lEvZTTT0qtmw
6/eufA79M5xnKIoNnHbslYVG2oUSxHFg/elLhiYJkqtI9V0hzl34pDK5HPkJvKO4
vnStOu/LgcQCxmUjceP3io5foYDeaw/GElOKuMsziHF26PoQUhKH6/KwZ+6gj1aa
TSSVspPjMRFl8bX+LS38j0dTmB2EaWIZfGejVohXBK15WY9A6uONwLAxzREKLED9
2TrxatZnIGQhijytMpFUXqxDdMXd650I+LldDFF30Mp4q5KyVe5oGCnihQIDAQAB
o4IDAzCCAv8wHQYDVR0OBBYEFO3BV/Ik47mQFsLqiGLyBgi9m6KeMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN2NGWDhpVGp1WkFXd3VxSVl2SUdDTDJib3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFwYIKwYBBQUHAQcBAf8EggEGMIIBAjCB/wQCAAEwgfgD
BABRBZwDBABRqCkDBABRqHQDBABRqHcDBABRqHsDBABSmG8DBAFSmPwDBABSmP8D
BABSmQEDBABSmUkDBABSmU4wDAMEA1KZiAMEAFKZjAMEAFKZ3wMEAFKZ4wMEAFKZ
8AMEAFKZ+QMEAFnVKQMEAFnViDAMAwQAWdWLAwQAWdWMAwQAWdWWAwQAWdWYAwQA
WdWbAwQAWdWjAwQAWdWoAwQAWdWtAwQAWdWwAwQAWdW0AwQAWdW2AwQCWdW4AwQB
bbDSAwQAbbDVMAwDBARtsPADBABtsPQDBABtsPcDBABtsPowDAMEALkxfQMEB7kx
AAMEANWYKjANBgkqhkiG9w0BAQsFAAOCAQEASfb12vg6N1CXvpnkLCy13uDtrKvb
TyOsa/rTvSZBQXxXwpwvNp/B18f2NZJQkNxCa43hXu0Lnz2b/wbqnMasvofbL7mN
LcJJnJK62otabtNffTIyiQCoER6ZDIOmozak87VGqt8MeFVjZS61MnziU3QZQjo9
WwOuzp9ed5FEXgpfCz0+k4XdoVsegdEjAv9ixoupfrK/RIFlSCM28WWSNfi/Vcpj
ARB/uOTcTVfS6yQ2YDIAC1mgn/rbtjxcMp8h4x0NNutJn2U+VfJrr2zbosR25QLQ
ahMrow3KZMRGEzMet3ITms/caNfBZvTw4ejM0GWSEP0wSprjsI5huV8h4A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org