Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CR-_tHZ84O9iFh1mnmg54X578nI.roa
File:                     CR-_tHZ84O9iFh1mnmg54X578nI.roa (raw, json)
Hash identifier:          fOft5Vftd2g5yJ2D4+z0fSKysXWmTByqUYoAp1wPQMo=
Subject key identifier:   09:1F:BF:B4:76:7C:E0:EF:62:16:1D:66:9E:68:39:E1:7E:7B:F2:72
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CD8F425DA84F4F80282708074BBA810ED
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CR-_tHZ84O9iFh1mnmg54X578nI.roa
Signing time:             Fri 05 Jan 2024 09:28:48 +0000
ROA not before:           Fri 05 Jan 2024 09:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Jan 2024 09:52:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d8:f4:25:da:84:f4:f8:02:82:70:80:74:bb:a8:10:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  5 09:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=091fbfb4767ce0ef62161d669e6839e17e7bf272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f1:58:d1:ce:eb:3f:b8:33:a1:11:90:aa:66:
                    2a:3d:1c:61:8b:ad:ec:92:02:eb:06:ac:1c:d2:b8:
                    d9:48:f6:7e:da:57:fb:b7:cd:a2:a5:ae:f3:c3:17:
                    cd:74:1f:60:17:cf:dc:d8:51:7a:c4:dd:29:dc:0d:
                    80:d9:bb:3d:4d:64:f7:03:a9:ad:02:6b:a0:a3:07:
                    b9:77:7a:c1:91:fb:07:5b:be:01:1a:21:f6:cd:ef:
                    4b:be:87:aa:bf:f0:20:11:03:45:7a:8b:c0:2c:51:
                    a9:83:fe:5a:61:a9:ed:c0:f5:03:17:71:20:60:ff:
                    f0:b9:22:ad:f4:ef:3c:dc:83:b9:5b:0d:4b:b2:33:
                    b3:fa:db:09:76:98:50:36:f9:51:af:d3:5a:a0:e7:
                    cd:29:50:72:b2:42:a2:57:c9:a2:40:30:cd:6a:60:
                    46:4c:5c:84:7e:0f:26:ec:e6:ac:5f:42:7a:41:6a:
                    11:0b:46:f6:8c:f8:f9:69:99:ec:d6:d9:aa:21:46:
                    ed:47:fb:41:08:0b:9a:82:49:92:f3:25:a8:f0:77:
                    02:41:0c:ed:75:95:b0:26:6e:07:22:4a:36:38:ef:
                    3d:a0:ad:90:a0:11:ff:2c:3b:46:3a:20:3a:2f:ac:
                    c3:0f:ba:bb:3c:4a:f4:c0:a2:c9:b3:fc:84:2d:62:
                    d0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1F:BF:B4:76:7C:E0:EF:62:16:1D:66:9E:68:39:E1:7E:7B:F2:72
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CR-_tHZ84O9iFh1mnmg54X578nI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:e0:18:49:2a:3f:30:69:f2:9e:0d:4c:96:19:c8:e2:43:cb:
         a5:6a:46:85:1d:f7:4b:72:39:17:14:61:9b:39:24:b9:82:7c:
         ca:8a:b2:71:0d:e8:26:d6:06:1b:a7:1f:c5:07:59:29:97:fc:
         15:27:3c:43:ce:5a:50:2a:ef:c3:d5:d4:69:73:a2:14:fe:a5:
         25:ca:45:54:b9:ea:36:65:65:c1:0c:7c:d7:a0:de:15:a9:ba:
         d4:09:d8:4f:87:e2:f4:23:ab:d5:ca:7d:73:03:00:a6:9f:2d:
         f9:e8:93:2e:6e:89:b2:e0:2b:bd:51:13:57:60:34:f5:13:b7:
         18:bf:95:76:a3:a3:c3:c3:1b:ee:20:b1:20:df:5c:25:5e:22:
         a7:45:22:88:e8:62:73:c7:15:55:fb:97:9f:6d:0a:95:aa:9c:
         76:e7:fa:27:fe:1a:25:d6:c2:82:51:fb:fc:f0:b3:fa:de:86:
         83:23:f9:11:c0:a6:05:73:6d:9d:72:ef:c2:f9:14:59:cc:2b:
         06:ad:95:17:0f:1e:f7:31:2b:b0:5a:b6:46:bf:bd:64:b6:29:
         66:c8:73:ac:7a:28:51:af:a7:a2:38:79:86:0d:56:82:58:2d:
         cd:52:70:42:c3:d6:d9:35:7b:d8:93:8b:ed:17:f8:4e:6f:a3:
         f1:ec:4b:76
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzY9CXahPT4AoJwgHS7qBDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTA1MDkyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFmYmZiNDc2N2NlMGVmNjIxNjFkNjY5ZTY4MzllMTdlN2JmMjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfFY0c7rP7gzoRGQqmYqPRxhi63s
kgLrBqwc0rjZSPZ+2lf7t82ipa7zwxfNdB9gF8/c2FF6xN0p3A2A2bs9TWT3A6mt
Amugowe5d3rBkfsHW74BGiH2ze9Lvoeqv/AgEQNFeovALFGpg/5aYantwPUDF3Eg
YP/wuSKt9O883IO5Ww1LsjOz+tsJdphQNvlRr9NaoOfNKVByskKiV8miQDDNamBG
TFyEfg8m7OasX0J6QWoRC0b2jPj5aZns1tmqIUbtR/tBCAuagkmS8yWo8HcCQQzt
dZWwJm4HIko2OO89oK2QoBH/LDtGOiA6L6zDD7q7PEr0wKLJs/yELWLQPwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFAkfv7R2fODvYhYdZp5oOeF+e/JyMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ1ItX3RIWjg0TzlpRmgxbW5tZzU0WDU3OG5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAUah3AwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBAG5MX4DBADVmCowDQYJKoZI
hvcNAQELBQADggEBABXgGEkqPzBp8p4NTJYZyOJDy6VqRoUd90tyORcUYZs5JLmC
fMqKsnEN6CbWBhunH8UHWSmX/BUnPEPOWlAq78PV1GlzohT+pSXKRVS56jZlZcEM
fNeg3hWputQJ2E+H4vQjq9XKfXMDAKafLfnoky5uibLgK71RE1dgNPUTtxi/lXaj
o8PDG+4gsSDfXCVeIqdFIojoYnPHFVX7l59tCpWqnHbn+if+GiXWwoJR+/zws/re
hoMj+RHApgVzbZ1y78L5FFnMKwatlRcPHvcxK7Batka/vWS2KWbIc6x6KFGvp6I4
eYYNVoJYLc1ScELD1tk1e9iTi+0X+E5vo/HsS3Y=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:21 2024 by rpki-client on console-ams.rpki-client.org