Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BsfsRi0oKEPblncPLhqcm7xqQds.roa
File:                     BsfsRi0oKEPblncPLhqcm7xqQds.roa (raw, json)
Hash identifier:          N1DXIdPG45mTkcL0TpDLxxyeUO6gsD/6uZCvKY0GUSQ=
Subject key identifier:   06:C7:EC:46:2D:28:28:43:DB:96:77:0F:2E:1A:9C:9B:BC:6A:41:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01886881EC48774C9988508D66BF2E05C990
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BsfsRi0oKEPblncPLhqcm7xqQds.roa
Signing time:             Mon 29 May 2023 17:15:24 +0000
ROA not before:           Mon 29 May 2023 17:15:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.69.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 31 May 2023 08:07:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:68:81:ec:48:77:4c:99:88:50:8d:66:bf:2e:05:c9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 29 17:15:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=06c7ec462d282843db96770f2e1a9c9bbc6a41db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c5:d3:bb:54:8d:1b:ce:83:7f:4d:15:40:68:
                    0d:3a:7e:d8:70:38:3d:b8:a4:5d:15:fc:ee:f7:15:
                    39:50:15:bb:8d:d9:4e:2f:19:2c:f0:53:d7:0c:4f:
                    48:47:fb:09:cb:08:b9:b3:05:bb:35:b5:e0:7b:a8:
                    ee:83:e4:f3:74:84:d7:e6:f2:8b:20:20:9e:25:37:
                    4b:58:70:ae:90:8e:5b:82:74:e0:9a:eb:48:05:17:
                    18:26:2a:db:a1:07:26:84:f9:47:a0:12:fa:b3:9d:
                    63:f8:75:a2:1d:5c:47:da:01:71:5f:a4:4f:27:fd:
                    36:81:24:c2:b1:a3:20:41:41:36:27:c8:88:92:e7:
                    dd:c0:b1:e8:45:c3:fe:01:bd:81:23:04:fe:86:6b:
                    02:dc:5f:9f:d4:f3:8d:9e:1c:bb:19:be:08:30:8b:
                    74:9c:d2:7e:42:b7:d7:62:34:0f:6e:f6:15:b2:ea:
                    1a:52:bd:7d:8a:c8:e5:8c:b1:50:11:a4:af:45:9c:
                    4f:25:37:30:91:04:ae:ab:38:b2:63:5c:24:81:95:
                    a0:0e:9c:48:8e:91:8a:b3:bc:58:f1:31:ba:30:72:
                    0e:1c:2b:bf:8a:d0:aa:3a:8f:73:f4:a2:31:b5:a0:
                    be:87:08:e1:fb:f1:81:10:d5:26:4a:80:34:57:04:
                    4e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C7:EC:46:2D:28:28:43:DB:96:77:0F:2E:1A:9C:9B:BC:6A:41:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BsfsRi0oKEPblncPLhqcm7xqQds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.253.0/24
                  82.152.255.0/24
                  82.153.64.0/24
                  82.153.69.0/24
                  82.153.73.0/24
                  82.153.222.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:6f:11:41:39:38:d8:53:90:8d:17:06:6d:85:d7:82:ab:a0:
         01:ae:a2:8d:e9:81:84:0a:54:48:8a:c4:18:ed:11:00:d9:d2:
         da:4a:a0:d3:74:de:21:81:dc:cc:99:42:ec:7e:0c:81:2a:ed:
         5d:b3:ef:1c:01:a0:fe:4b:c1:1c:b2:9d:5c:c5:22:e6:74:f6:
         80:7e:d5:29:8d:68:34:d6:94:23:29:bc:59:85:a5:b2:95:fe:
         11:7c:4d:71:35:91:87:3d:ef:b0:b5:02:31:b6:ea:2b:ad:61:
         93:fa:71:4d:59:6d:f8:08:99:26:5d:a8:be:51:65:1f:af:1c:
         6b:39:8d:da:0c:f6:1e:1c:59:04:74:8c:2e:53:2d:8c:6e:0c:
         e5:eb:8a:3e:e2:23:f8:54:6d:6d:8a:27:fe:bb:e8:61:83:3b:
         8e:34:d4:39:67:1a:56:02:ec:c1:1d:4e:a6:9a:42:11:16:64:
         87:a5:4e:b8:1b:65:a6:92:37:64:d3:82:7a:26:6b:66:bc:e3:
         33:f8:14:56:42:cd:a2:8b:3c:79:1a:7d:42:a6:b3:26:37:a4:
         b7:c2:c4:e0:3f:ac:98:2e:ad:15:1f:c2:79:a4:b1:23:45:64:
         e6:1e:b2:5c:b0:39:51:96:47:96:29:c8:52:e8:0b:d3:55:db:
         e6:27:e7:a5
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYhogexId0yZiFCNZr8uBcmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTI5MTcxNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmM3ZWM0NjJkMjgyODQzZGI5Njc3MGYyZTFhOWM5YmJjNmE0MWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8XTu1SNG86Df00VQGgNOn7YcDg9
uKRdFfzu9xU5UBW7jdlOLxks8FPXDE9IR/sJywi5swW7NbXge6jug+TzdITX5vKL
ICCeJTdLWHCukI5bgnTgmutIBRcYJirboQcmhPlHoBL6s51j+HWiHVxH2gFxX6RP
J/02gSTCsaMgQUE2J8iIkufdwLHoRcP+Ab2BIwT+hmsC3F+f1PONnhy7Gb4IMIt0
nNJ+QrfXYjQPbvYVsuoaUr19isjljLFQEaSvRZxPJTcwkQSuqziyY1wkgZWgDpxI
jpGKs7xY8TG6MHIOHCu/itCqOo9z9KIxtaC+hwjh+/GBENUmSoA0VwROEQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAbH7EYtKChD25Z3Dy4anJu8akHbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQnNmc1JpMG9LRVBibG5jUExocWNtN3hxUWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj5AwQAUpj7AwQAUpj9AwQAUpj/AwQAUplAAwQAUplFAwQA
UplJAwQAUpneAwQBUpn4MA0GCSqGSIb3DQEBCwUAA4IBAQARbxFBOTjYU5CNFwZt
hdeCq6ABrqKN6YGEClRIisQY7REA2dLaSqDTdN4hgdzMmULsfgyBKu1ds+8cAaD+
S8Ecsp1cxSLmdPaAftUpjWg01pQjKbxZhaWylf4RfE1xNZGHPe+wtQIxtuorrWGT
+nFNWW34CJkmXai+UWUfrxxrOY3aDPYeHFkEdIwuUy2Mbgzl64o+4iP4VG1tiif+
u+hhgzuONNQ5ZxpWAuzBHU6mmkIRFmSHpU64G2Wmkjdk04J6JmtmvOMz+BRWQs2i
izx5Gn1CprMmN6S3wsTgP6yYLq0VH8J5pLEjRWTmHrJcsDlRlkeWKchS6AvTVdvm
J+el
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:21 2024 by rpki-client on console-ams.rpki-client.org