Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bd7HiIeG3Qb318RcuGPV7URvrOI.roa
File:                     Bd7HiIeG3Qb318RcuGPV7URvrOI.roa (raw, json)
Hash identifier:          36DAIyMUIdka6m62pmVrlbuiCJRd+OP+Pb9RjCTL+6w=
Subject key identifier:   05:DE:C7:88:87:86:DD:06:F7:D7:C4:5C:B8:63:D5:ED:44:6F:AC:E2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018571FA226CADD944DE653A0299531852D0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bd7HiIeG3Qb318RcuGPV7URvrOI.roa
Signing time:             Mon 02 Jan 2023 10:14:56 +0000
ROA not before:           Mon 02 Jan 2023 10:14:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.247.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 09 Jan 2023 09:25:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:fa:22:6c:ad:d9:44:de:65:3a:02:99:53:18:52:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  2 10:14:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=05dec7888786dd06f7d7c45cb863d5ed446face2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:40:53:d0:1a:53:66:18:a3:b2:ce:bb:64:93:
                    9a:33:db:83:aa:d2:64:82:d9:5e:80:a4:8b:9b:72:
                    ba:1d:62:f4:2c:c3:33:ef:71:17:26:26:46:3e:3c:
                    eb:9c:5b:35:c3:44:d2:07:d0:30:74:74:f1:bc:ee:
                    54:70:78:2f:c4:a0:6d:86:83:ea:93:1e:d3:2e:2f:
                    de:3a:1d:55:23:26:f7:ae:25:3c:ac:63:dc:8a:08:
                    09:7b:04:b9:d5:03:67:90:35:f8:22:4e:af:f7:11:
                    86:6f:c8:aa:45:64:04:9c:d0:c3:8e:bc:6e:94:42:
                    d7:00:26:39:40:98:b9:83:e2:4a:62:dc:eb:eb:83:
                    0c:95:f8:9c:ce:d1:0a:65:df:71:72:48:6f:bf:10:
                    e0:70:4e:be:d0:33:10:38:8a:2d:a8:e1:00:ec:64:
                    51:69:2a:99:da:33:1e:0d:0f:7b:23:d8:36:7c:51:
                    1c:6f:fd:1f:20:d5:f3:ad:60:46:86:20:7d:bf:b2:
                    d6:6c:8e:6c:a2:3b:f5:14:b7:11:cb:f7:10:b7:3b:
                    9b:eb:9b:5f:39:92:50:c1:57:cf:85:be:8b:31:7e:
                    87:96:cd:4b:ea:a9:9e:69:72:2f:d9:b8:31:5a:f1:
                    29:68:97:68:59:55:6d:c3:ab:5b:22:26:c9:45:70:
                    ed:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:DE:C7:88:87:86:DD:06:F7:D7:C4:5C:B8:63:D5:ED:44:6F:AC:E2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bd7HiIeG3Qb318RcuGPV7URvrOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.224.0/24
                  82.153.247.0-82.153.249.255

    Signature Algorithm: sha256WithRSAEncryption
         0a:9e:8a:81:d2:c5:63:f8:f3:93:7e:59:41:19:31:4d:14:bf:
         8d:44:76:9a:5a:8d:d8:a6:23:63:91:47:32:df:3f:df:76:04:
         5e:95:e5:2d:17:21:ea:fd:0c:2a:d7:99:99:89:94:46:83:f5:
         6c:1a:05:3d:ff:92:5f:8e:91:57:5c:63:6a:1a:5e:2f:89:21:
         f6:f5:80:81:ad:b5:8b:b2:2d:8e:8b:5d:a0:84:3d:eb:4c:29:
         06:f9:69:2a:17:61:4e:6c:68:df:aa:dd:34:b6:85:9a:6f:19:
         e3:28:e3:ca:d3:8b:c0:79:f5:c7:9f:57:f9:7a:51:61:39:78:
         3e:1b:7d:6c:18:11:e3:f4:e7:e3:f6:57:53:44:73:7c:00:83:
         d0:f8:ae:35:cc:d3:ce:31:83:eb:8e:ad:ff:4c:71:60:2b:97:
         f3:6e:cb:c6:b7:45:4e:8f:c5:0f:55:af:5a:0a:98:34:33:b8:
         5c:86:3a:97:d3:78:04:ca:65:e2:11:96:53:87:76:2b:63:66:
         b9:c6:e8:90:2b:b0:3b:34:23:5b:55:65:58:43:b3:35:1b:cc:
         dd:6f:1f:b9:90:95:2b:28:77:c2:59:6c:3f:f3:0a:ac:38:67:
         7f:f3:01:e9:ed:f6:a8:3e:27:7a:89:e4:c9:fd:a9:8e:4b:7a:
         29:63:85:17
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYVx+iJsrdlE3mU6AplTGFLQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMTAyMTAxNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWRlYzc4ODg3ODZkZDA2ZjdkN2M0NWNiODYzZDVlZDQ0NmZhY2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUBT0BpTZhijss67ZJOaM9uDqtJk
gtlegKSLm3K6HWL0LMMz73EXJiZGPjzrnFs1w0TSB9AwdHTxvO5UcHgvxKBthoPq
kx7TLi/eOh1VIyb3riU8rGPciggJewS51QNnkDX4Ik6v9xGGb8iqRWQEnNDDjrxu
lELXACY5QJi5g+JKYtzr64MMlficztEKZd9xckhvvxDgcE6+0DMQOIotqOEA7GRR
aSqZ2jMeDQ97I9g2fFEcb/0fINXzrWBGhiB9v7LWbI5sojv1FLcRy/cQtzub65tf
OZJQwVfPhb6LMX6Hls1L6qmeaXIv2bgxWvEpaJdoWVVtw6tbIibJRXDtBwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFAXex4iHht0G99fEXLhj1e1Eb6ziMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQmQ3SGlJZUczUWIzMThSY3VHUFY3VVJ2ck9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAUQWcAwQA
Uah3AwQAUah7AwQAUpngMAwDBABSmfcDBAFSmfgwDQYJKoZIhvcNAQELBQADggEB
AAqeioHSxWP485N+WUEZMU0Uv41EdppajdimI2ORRzLfP992BF6V5S0XIer9DCrX
mZmJlEaD9WwaBT3/kl+OkVdcY2oaXi+JIfb1gIGttYuyLY6LXaCEPetMKQb5aSoX
YU5saN+q3TS2hZpvGeMo48rTi8B59cefV/l6UWE5eD4bfWwYEeP05+P2V1NEc3wA
g9D4rjXM084xg+uOrf9McWArl/Nuy8a3RU6PxQ9Vr1oKmDQzuFyGOpfTeATKZeIR
llOHditjZrnG6JArsDs0I1tVZVhDszUbzN1vH7mQlSsod8JZbD/zCqw4Z3/zAent
9qg+J3qJ5Mn9qY5LeiljhRc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:21 2024 by rpki-client on console-ams.rpki-client.org