Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8ghfOv9lHlR4riRyyhL0m7_WSgw.roa
File:                     8ghfOv9lHlR4riRyyhL0m7_WSgw.roa (raw, json)
Hash identifier:          9lg7vAW/lbJpfASnt7zdJ5VQ3bSmARD0DwLz3enDE9E=
Subject key identifier:   F2:08:5F:3A:FF:65:1E:54:78:AE:24:72:CA:12:F4:9B:BF:D6:4A:0C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018595D8F64944F802AC94B19134D86F1ABB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8ghfOv9lHlR4riRyyhL0m7_WSgw.roa
Signing time:             Mon 09 Jan 2023 09:25:01 +0000
ROA not before:           Mon 09 Jan 2023 09:25:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.247.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 23 Mar 2023 09:09:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:95:d8:f6:49:44:f8:02:ac:94:b1:91:34:d8:6f:1a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  9 09:25:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f2085f3aff651e5478ae2472ca12f49bbfd64a0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d6:5d:1e:ab:82:08:e7:7e:29:ce:c4:72:64:
                    3f:96:4c:bf:fd:22:77:ca:0c:55:94:14:b4:e6:43:
                    d6:e5:0e:d2:da:3f:92:fd:8b:2f:e0:ef:d0:c6:2d:
                    30:68:a6:bc:b8:77:47:2d:66:26:a5:81:64:10:48:
                    a5:c0:65:22:80:d3:6c:49:57:ff:0f:11:33:6e:8f:
                    5a:5b:e5:72:d4:04:6c:93:d0:3e:47:f5:08:63:7d:
                    21:f3:23:d9:e8:6f:70:4b:9b:b8:94:43:d1:94:e6:
                    7e:0d:66:c8:f1:1b:cc:f0:e5:ec:d0:65:3a:35:c2:
                    01:05:6a:35:2d:f7:dd:da:07:5e:7f:ae:fc:49:0e:
                    cc:30:d7:35:b5:b5:c5:cf:c6:50:69:32:80:54:48:
                    0f:a5:0a:1b:ce:be:53:7f:47:19:f3:cf:fc:ac:f6:
                    48:b8:98:3b:8c:a1:ab:34:90:13:53:c6:46:65:0f:
                    86:37:a5:ce:99:36:6c:c9:bc:3d:8b:dd:2d:9f:cf:
                    dd:2e:37:46:fc:6a:a9:41:67:a0:e1:57:e6:ae:9d:
                    93:ed:b1:f9:1f:c9:06:be:99:a8:e7:d3:94:01:48:
                    a8:2f:b1:d0:a7:9d:33:1a:d8:5d:e8:47:19:27:da:
                    11:44:e6:db:98:30:a7:95:7c:ad:77:c3:9a:ea:69:
                    d7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:08:5F:3A:FF:65:1E:54:78:AE:24:72:CA:12:F4:9B:BF:D6:4A:0C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8ghfOv9lHlR4riRyyhL0m7_WSgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.224.0/24
                  82.153.247.0-82.153.249.255

    Signature Algorithm: sha256WithRSAEncryption
         08:b4:0e:17:70:81:7b:af:70:e1:43:e9:47:2e:4b:5e:34:b1:
         b5:73:14:20:e8:df:23:4d:e2:29:ce:c3:10:3f:17:f7:1f:ec:
         f7:45:e4:86:5b:4b:a5:15:7a:63:46:9d:24:e6:3b:62:d6:45:
         c6:53:8e:f4:9e:be:79:98:fb:15:9b:c8:34:d8:c8:38:40:80:
         8a:3f:e1:8a:4c:5c:27:da:66:23:28:d6:21:05:25:a8:20:6a:
         2a:43:13:c1:c8:aa:ce:c2:8a:f5:37:44:f7:72:b1:14:d5:78:
         3f:8b:68:0e:2f:8b:de:e6:5b:3a:b3:6e:d7:b5:48:88:ac:f9:
         fe:65:2f:b9:8e:8b:8f:ab:4b:aa:e3:d5:98:3f:cf:6e:a1:7c:
         85:f9:e9:e8:f2:69:93:d7:d7:db:91:16:c7:17:a8:16:ff:89:
         4e:56:84:99:45:f3:60:aa:68:a5:df:d9:40:e7:70:e6:fe:8c:
         91:c6:8b:1d:52:67:ff:4b:d2:c7:c7:6a:dc:4e:a4:72:b2:84:
         da:47:f5:a4:21:b7:de:13:96:28:48:9c:8d:40:fc:2d:fd:89:
         04:5c:dd:5b:6a:04:b4:ba:c1:e3:eb:c1:7f:42:35:78:f4:d7:
         d6:3f:36:af:2e:1b:90:22:eb:3d:72:ef:80:bc:06:82:71:a4:
         6d:83:74:39
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYWV2PZJRPgCrJSxkTTYbxq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMTA5MDkyNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjA4NWYzYWZmNjUxZTU0NzhhZTI0NzJjYTEyZjQ5YmJmZDY0YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9ZdHquCCOd+Kc7EcmQ/lky//SJ3
ygxVlBS05kPW5Q7S2j+S/Ysv4O/Qxi0waKa8uHdHLWYmpYFkEEilwGUigNNsSVf/
DxEzbo9aW+Vy1ARsk9A+R/UIY30h8yPZ6G9wS5u4lEPRlOZ+DWbI8RvM8OXs0GU6
NcIBBWo1Lffd2gdef678SQ7MMNc1tbXFz8ZQaTKAVEgPpQobzr5Tf0cZ88/8rPZI
uJg7jKGrNJATU8ZGZQ+GN6XOmTZsybw9i90tn8/dLjdG/GqpQWeg4Vfmrp2T7bH5
H8kGvpmo59OUAUioL7HQp50zGthd6EcZJ9oRRObbmDCnlXytd8Oa6mnXxQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPIIXzr/ZR5UeK4kcsoS9Ju/1koMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOGdoZk92OWxIbFI0cmlSeXloTDBtN19XU2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAUah3AwQA
Uah7AwQAUpngMAwDBABSmfcDBAFSmfgwDQYJKoZIhvcNAQELBQADggEBAAi0Dhdw
gXuvcOFD6UcuS140sbVzFCDo3yNN4inOwxA/F/cf7PdF5IZbS6UVemNGnSTmO2LW
RcZTjvSevnmY+xWbyDTYyDhAgIo/4YpMXCfaZiMo1iEFJaggaipDE8HIqs7CivU3
RPdysRTVeD+LaA4vi97mWzqzbte1SIis+f5lL7mOi4+rS6rj1Zg/z26hfIX56ejy
aZPX19uRFscXqBb/iU5WhJlF82CqaKXf2UDncOb+jJHGix1SZ/9L0sfHatxOpHKy
hNpH9aQht94TlihInI1A/C39iQRc3VtqBLS6wePrwX9CNXj019Y/Nq8uG5Ai6z1y
74C8BoJxpG2DdDk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org