Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CPOCltIpHt3fTbOghb135-x8s3U.roa
File:                     CPOCltIpHt3fTbOghb135-x8s3U.roa (raw, json)
Hash identifier:          qVJt/MgrT9LgutCc7UOENflwxbBvOqh/HlCxoAba0qA=
Subject key identifier:   08:F3:82:96:D2:29:1E:DD:DF:4D:B3:A0:85:BD:77:E7:EC:7C:B3:75
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D7D8663653CAF7EFFF7F33DA5333A2789
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CPOCltIpHt3fTbOghb135-x8s3U.roa
Signing time:             Tue 06 Feb 2024 08:26:15 +0000
ROA not before:           Tue 06 Feb 2024 08:26:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 09 Feb 2024 08:25:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:86:63:65:3c:af:7e:ff:f7:f3:3d:a5:33:3a:27:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  6 08:26:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08f38296d2291edddf4db3a085bd77e7ec7cb375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:45:2e:82:8b:69:d4:65:92:fb:18:ae:2b:a5:
                    b8:bb:6a:83:62:4c:be:23:1f:41:bc:bb:28:ea:16:
                    0b:b4:0a:2c:d1:2a:55:4a:ac:50:d9:5c:8b:6a:83:
                    4f:28:74:6b:c0:9a:6e:4b:11:30:e8:32:f0:54:8f:
                    f7:e7:b9:e2:43:3f:b5:9d:4c:31:e1:87:9d:3d:92:
                    d7:6f:28:a9:8d:57:a8:13:43:38:10:33:eb:d5:a9:
                    12:e3:88:d1:06:ec:0a:07:c3:62:69:c6:4e:4c:37:
                    7d:3d:a9:d3:8a:40:a2:2c:cb:2c:a0:b6:a6:5c:fd:
                    f1:f6:60:da:8a:65:47:1b:af:9a:15:98:86:6b:25:
                    8c:26:47:d9:96:b8:e7:7f:d5:a3:d3:93:8d:65:1e:
                    c7:b1:d2:2a:83:94:24:b4:a9:03:9f:01:e6:83:2e:
                    ec:8a:28:ce:27:fa:7a:eb:17:17:f2:8f:a2:68:55:
                    4e:55:e1:75:29:b2:74:3f:63:8e:28:73:50:6f:9f:
                    db:34:d6:17:64:63:f1:3f:37:58:91:6b:1b:61:32:
                    33:48:5a:fc:73:2c:00:01:27:75:04:a8:dd:49:49:
                    ab:74:d7:9f:5d:22:89:76:12:4c:75:27:0e:97:79:
                    70:b3:83:1c:9f:12:46:df:d5:0f:c7:6a:f2:39:11:
                    4b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F3:82:96:D2:29:1E:DD:DF:4D:B3:A0:85:BD:77:E7:EC:7C:B3:75
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CPOCltIpHt3fTbOghb135-x8s3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:54:44:43:5d:c6:6f:93:40:18:3e:2c:b5:b7:d7:1d:7b:99:
         9a:3f:34:3a:68:2e:6d:86:5f:79:1c:ea:2f:9e:da:51:b8:ab:
         63:c3:cd:5d:1c:8f:7d:cc:30:12:dd:59:e4:d2:60:97:5c:3d:
         08:9a:1e:ca:b6:85:ac:85:aa:1a:b0:21:d9:6c:d7:ae:52:ca:
         25:d1:8c:fc:bc:99:e6:34:7a:47:1a:96:6e:10:34:29:4e:73:
         0e:c8:54:24:8e:e9:57:2c:8e:74:10:7c:2d:5a:0c:1b:36:ef:
         a5:10:a1:40:89:f8:41:90:60:68:1b:47:41:cd:24:f3:30:61:
         2c:c5:c9:aa:94:bc:00:72:26:02:61:4a:a0:74:3e:f2:fc:e5:
         49:ee:ca:8d:c5:a3:55:11:30:4a:65:11:8e:dc:b5:6b:94:ff:
         bb:ff:a8:fe:8d:31:c3:03:f6:f1:a4:70:08:23:4c:7b:f8:47:
         02:5e:03:45:54:29:5c:51:b7:1a:ca:e8:0f:49:23:80:72:4b:
         eb:34:cb:3f:94:b9:a0:a1:b5:27:b6:fa:a5:5a:62:f5:2e:ea:
         24:95:ab:b2:84:8b:71:36:9d:5c:c9:af:fb:43:3e:0a:94:ab:
         33:dc:d0:09:cd:7e:da:a4:3b:89:d5:05:5b:0b:66:06:9f:f9:
         af:5c:9e:81
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY19hmNlPK9+//fzPaUzOieJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjA2MDgyNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGYzODI5NmQyMjkxZWRkZGY0ZGIzYTA4NWJkNzdlN2VjN2NiMzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUUugotp1GWS+xiuK6W4u2qDYky+
Ix9BvLso6hYLtAos0SpVSqxQ2VyLaoNPKHRrwJpuSxEw6DLwVI/357niQz+1nUwx
4YedPZLXbyipjVeoE0M4EDPr1akS44jRBuwKB8NiacZOTDd9PanTikCiLMssoLam
XP3x9mDaimVHG6+aFZiGayWMJkfZlrjnf9Wj05ONZR7HsdIqg5QktKkDnwHmgy7s
iijOJ/p66xcX8o+iaFVOVeF1KbJ0P2OOKHNQb5/bNNYXZGPxPzdYkWsbYTIzSFr8
cywAASd1BKjdSUmrdNefXSKJdhJMdScOl3lws4McnxJG39UPx2ryORFLYwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFAjzgpbSKR7d302zoIW9d+fsfLN1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ1BPQ2x0SXBIdDNmVGJPZ2hiMTM1LXg4czNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCUpmIMAwD
BAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCowDQYJKoZI
hvcNAQELBQADggEBAI5URENdxm+TQBg+LLW31x17mZo/NDpoLm2GX3kc6i+e2lG4
q2PDzV0cj33MMBLdWeTSYJdcPQiaHsq2hayFqhqwIdls165SyiXRjPy8meY0ekca
lm4QNClOcw7IVCSO6VcsjnQQfC1aDBs276UQoUCJ+EGQYGgbR0HNJPMwYSzFyaqU
vAByJgJhSqB0PvL85Unuyo3Fo1URMEplEY7ctWuU/7v/qP6NMcMD9vGkcAgjTHv4
RwJeA0VUKVxRtxrK6A9JI4ByS+s0yz+UuaChtSe2+qVaYvUu6iSVq7KEi3E2nVzJ
r/tDPgqUqzPc0AnNftqkO4nVBVsLZgaf+a9cnoE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org