Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9Ki0yR6uFjZGAP3OCfDBCyZdtIE.roa
File:                     9Ki0yR6uFjZGAP3OCfDBCyZdtIE.roa (raw, json)
Hash identifier:          HXLAnsG5yy+YfEoo3gEeaDRT8gNjEW4xks+DmDkXUWE=
Subject key identifier:   F4:A8:B4:C9:1E:AE:16:36:46:00:FD:CE:09:F0:C1:0B:26:5D:B4:81
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189EF84B5C6E190D71FD3ADD26D683AE4CC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9Ki0yR6uFjZGAP3OCfDBCyZdtIE.roa
Signing time:             Sun 13 Aug 2023 15:29:59 +0000
ROA not before:           Sun 13 Aug 2023 15:29:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.40.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          89.213.43.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.45.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.159.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 14 Aug 2023 11:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ef:84:b5:c6:e1:90:d7:1f:d3:ad:d2:6d:68:3a:e4:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 13 15:29:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f4a8b4c91eae16364600fdce09f0c10b265db481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b7:5f:ab:eb:df:72:d9:25:d8:2b:b4:46:89:
                    18:de:44:29:b3:b1:6a:78:55:9b:e6:83:75:ac:f4:
                    91:b4:0c:5e:a4:fd:ee:ca:78:04:f1:13:ae:8d:13:
                    bf:7c:d2:5c:2a:a3:1f:5f:0b:77:40:f2:bb:f6:64:
                    88:80:69:14:83:d3:20:93:db:3d:c4:35:a4:75:5a:
                    4e:48:b7:0f:0b:c6:9e:6a:96:fd:3f:dc:5a:f9:4d:
                    58:80:c2:db:ca:f7:3e:17:37:aa:27:20:13:5a:97:
                    00:03:39:bc:21:da:07:c4:80:b1:cd:ca:10:a1:b0:
                    cc:8f:f2:a0:d5:48:be:14:59:ba:a2:b3:7d:a8:84:
                    57:3b:ef:e7:8f:02:8e:58:de:59:bd:16:8d:b8:e4:
                    34:c6:f3:3c:59:21:ab:85:37:7b:e5:df:7f:1e:21:
                    f5:88:a7:2d:3e:c8:36:9e:6f:54:e7:5b:27:87:aa:
                    a8:ff:a4:95:79:0e:10:18:49:c4:9a:ff:e3:ae:cd:
                    6d:c1:8c:40:94:74:0c:5f:90:94:40:49:0e:58:dd:
                    78:14:85:f2:cb:39:dc:2e:08:6f:7c:00:50:d6:25:
                    e9:e9:e2:80:22:07:4b:fb:12:ec:4e:19:ea:4e:b5:
                    84:72:d9:51:1a:92:47:76:de:4e:37:63:12:3e:28:
                    8e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:A8:B4:C9:1E:AE:16:36:46:00:FD:CE:09:F0:C1:0B:26:5D:B4:81
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9Ki0yR6uFjZGAP3OCfDBCyZdtIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0-82.153.250.255
                  89.213.5.0/24
                  89.213.40.0/21
                  89.213.133.0-89.213.134.255
                  89.213.136.0/24
                  89.213.139.0-89.213.141.255
                  89.213.146.0/24
                  89.213.148.0-89.213.155.255
                  89.213.157.0-89.213.160.255
                  89.213.162.0-89.213.164.255
                  89.213.168.0/23
                  89.213.172.0-89.213.177.255
                  89.213.179.0-89.213.189.255
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.240.0/24
                  109.176.242.0/23
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:2b:aa:32:16:70:ba:8e:91:97:1e:15:8b:8a:06:ac:83:bf:
         29:e6:f3:37:5d:f7:03:11:ac:3b:f3:37:fc:63:42:84:2f:88:
         03:c8:3b:25:73:f0:7f:18:11:84:43:dc:26:a1:81:9e:e6:25:
         52:f5:2d:93:20:3c:59:ec:3e:90:39:63:84:ae:33:c1:fb:25:
         75:6a:b8:bf:a3:ff:f7:79:c0:d3:f5:12:96:8e:80:84:10:e7:
         1f:88:06:cd:07:78:6f:fa:ee:9f:15:27:27:36:ce:ef:11:88:
         5c:ac:00:2d:35:de:74:35:bf:b8:3a:26:5e:2b:cd:c3:7e:0d:
         cc:54:73:3d:c5:dc:c8:3a:00:46:05:2e:5e:ae:3e:fa:65:b4:
         5a:5b:5f:a0:99:e7:aa:da:07:5d:14:e6:7b:98:7d:c1:cd:14:
         c0:0a:fa:1b:08:b5:1a:18:b2:db:34:0b:f9:8a:78:9a:f8:d8:
         10:5b:f9:9d:a1:b8:c4:f8:a8:c2:88:79:a6:d4:01:cc:c1:cf:
         3e:cc:e7:4a:34:c3:9d:ea:1c:03:ee:b1:1b:b5:1f:40:56:f9:
         ef:8c:f8:a5:c5:59:16:e9:85:b3:b0:14:bb:b4:a0:b8:41:92:
         f2:68:59:da:fa:6f:2e:0a:42:14:4b:21:51:94:e2:06:6c:98:
         ba:42:e0:2e
-----BEGIN CERTIFICATE-----
MIIGSzCCBTOgAwIBAgISAYnvhLXG4ZDXH9Ot0m1oOuTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODEzMTUyOTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGE4YjRjOTFlYWUxNjM2NDYwMGZkY2UwOWYwYzEwYjI2NWRiNDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7dfq+vfctkl2Cu0RokY3kQps7Fq
eFWb5oN1rPSRtAxepP3uyngE8ROujRO/fNJcKqMfXwt3QPK79mSIgGkUg9Mgk9s9
xDWkdVpOSLcPC8aeapb9P9xa+U1YgMLbyvc+FzeqJyATWpcAAzm8IdoHxICxzcoQ
obDMj/Kg1Ui+FFm6orN9qIRXO+/njwKOWN5ZvRaNuOQ0xvM8WSGrhTd75d9/HiH1
iKctPsg2nm9U51snh6qo/6SVeQ4QGEnEmv/jrs1twYxAlHQMX5CUQEkOWN14FIXy
yzncLghvfABQ1iXp6eKAIgdL+xLsThnqTrWEctlRGpJHdt5ON2MSPiiOVwIDAQAB
o4IDVzCCA1MwHQYDVR0OBBYEFPSotMkerhY2RgD9zgnwwQsmXbSBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOUtpMHlSNnVGalpHQVAzT0NmREJDeVpkdElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBawYIKwYBBQUHAQcBAf8EggFaMIIBVjCCAVIEAgABMIIB
SgMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwMAwDBABSmfkDBABSmfoDBABZ1QUDBANZ1SgwDAMEAFnV
hQMEAFnVhgMEAFnViDAMAwQAWdWLAwQBWdWMAwQAWdWSMAwDBAJZ1ZQDBAJZ1Zgw
DAMEAFnVnQMEAFnVoDAMAwQBWdWiAwQAWdWkAwQBWdWoMAwDBAJZ1awDBAFZ1bAw
DAMEAFnVswMEAVnVvAMEAG2w0wMEA22w2AMEAG2w8AMEAW2w8jAMAwQAbbD1AwQA
bbD2MAwDBANtsPgDBABtsPowDAMEALkxfQMEB7kxAAMEANWYKgMEANWYPTANBgkq
hkiG9w0BAQsFAAOCAQEAKiuqMhZwuo6Rlx4Vi4oGrIO/KebzN133AxGsO/M3/GNC
hC+IA8g7JXPwfxgRhEPcJqGBnuYlUvUtkyA8Wew+kDljhK4zwfsldWq4v6P/93nA
0/USlo6AhBDnH4gGzQd4b/runxUnJzbO7xGIXKwALTXedDW/uDomXivNw34NzFRz
PcXcyDoARgUuXq4++mW0WltfoJnnqtoHXRTme5h9wc0UwAr6Gwi1Ghiy2zQL+Yp4
mvjYEFv5naG4xPiowoh5ptQBzMHPPsznSjTDneocA+6xG7UfQFb574z4pcVZFumF
s7AUu7SguEGS8mhZ2vpvLgpCFEshUZTiBmyYukLgLg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org