Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DQAht5Av_PdXD6oZWM8cP65CTEk.roa
File:                     DQAht5Av_PdXD6oZWM8cP65CTEk.roa (raw, json)
Hash identifier:          SQUBoLqahM1B1+EmUnf8tA6GDkdXEaY7El9+nRKehj4=
Subject key identifier:   0D:00:21:B7:90:2F:FC:F7:57:0F:AA:19:58:CF:1C:3F:AE:42:4C:49
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C34BB3C4EAED3A91B3F83E93A3C680A9C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DQAht5Av_PdXD6oZWM8cP65CTEk.roa
Signing time:             Mon 04 Dec 2023 12:08:54 +0000
ROA not before:           Mon 04 Dec 2023 12:08:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8851
IP address blocks:        89.213.64.0/18 maxlen: 24
                          37.252.24.0/21 maxlen: 24
                          80.240.80.0/20 maxlen: 20
                          77.107.64.0/18 maxlen: 24
                          213.210.0.0/18 maxlen: 24
                          85.159.128.0/21 maxlen: 24
                          212.38.64.0/19 maxlen: 24
                          37.98.144.0/22 maxlen: 24
                          37.98.144.0/21 maxlen: 24
                          109.176.0.0/16 maxlen: 16
                          89.213.48.0/20 maxlen: 24
                          89.213.192.0/24 maxlen: 24
                          89.213.192.0/18 maxlen: 24
                          213.218.208.0/20 maxlen: 24
                          89.31.232.0/21 maxlen: 24
                          185.20.34.0/24 maxlen: 24
                          185.20.35.0/24 maxlen: 24
                          79.99.72.0/21 maxlen: 24
                          185.20.32.0/22 maxlen: 24
                          213.218.224.0/19 maxlen: 24
                          81.168.0.0/17 maxlen: 17
                          82.163.0.0/19 maxlen: 24
                          217.144.144.0/20 maxlen: 24
                          217.145.64.0/20 maxlen: 24
                          185.24.84.0/22 maxlen: 24
                          194.105.64.0/19 maxlen: 24
                          213.130.128.0/19 maxlen: 24
                          82.152.0.0/16 maxlen: 16
                          81.5.128.0/18 maxlen: 18
                          82.152.0.0/15 maxlen: 15
                          195.128.138.0/24 maxlen: 24
                          213.152.32.0/19 maxlen: 19
                          2a02:21f8::/32 maxlen: 32
                          2a00:c60::/32 maxlen: 32
                          2001:1a90::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:34:bb:3c:4e:ae:d3:a9:1b:3f:83:e9:3a:3c:68:0a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec  4 12:08:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0d0021b7902ffcf7570faa1958cf1c3fae424c49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:64:4d:ac:a6:aa:6a:56:77:a5:ad:76:c0:ec:
                    0a:3d:2c:ab:a5:bc:2e:1d:51:17:98:ca:9b:44:fe:
                    5a:f2:35:27:14:2b:2a:65:0f:32:c3:5a:f9:e4:44:
                    02:0e:b7:1d:06:d8:04:8c:7c:42:e3:6d:54:4a:7e:
                    ed:ab:ac:9f:e1:09:20:c5:69:5a:15:54:51:f8:0c:
                    bd:b6:a9:9e:a3:12:62:fa:d1:26:91:f3:ef:0b:a7:
                    4e:f5:52:4a:ae:4d:e5:ad:54:2a:ea:65:33:ad:93:
                    94:10:e7:75:c7:c4:7e:0b:e3:ad:7e:ce:03:a4:be:
                    6f:2d:c4:f8:ad:cc:cb:7a:49:c1:65:89:cd:95:f3:
                    14:a4:5b:3f:15:40:49:9d:43:1f:b0:b1:ab:d1:1d:
                    ba:04:4d:04:29:6a:a3:a7:a7:ec:68:d9:b6:b2:a8:
                    1a:e4:aa:20:ad:dd:63:4c:d8:2d:ae:67:a4:12:35:
                    de:17:5e:51:39:19:9d:08:89:07:f3:6a:53:00:af:
                    10:b4:87:ed:b7:ff:18:84:7a:f2:79:97:3f:e7:10:
                    88:99:c1:5b:6c:44:f0:e4:19:49:73:bf:8c:02:dc:
                    69:dd:d9:8c:32:9c:45:89:c6:73:b6:ad:f2:67:e9:
                    fb:d6:27:8e:7c:6e:0d:69:ea:d7:77:e2:10:49:35:
                    ad:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:00:21:B7:90:2F:FC:F7:57:0F:AA:19:58:CF:1C:3F:AE:42:4C:49
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DQAht5Av_PdXD6oZWM8cP65CTEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.144.0/21
                  37.252.24.0/21
                  77.107.64.0/18
                  79.99.72.0/21
                  80.240.80.0/20
                  81.5.128.0/18
                  81.168.0.0/17
                  82.152.0.0/15
                  82.163.0.0/19
                  85.159.128.0/21
                  89.31.232.0/21
                  89.213.48.0-89.213.127.255
                  89.213.192.0/18
                  109.176.0.0/16
                  185.20.32.0/22
                  185.24.84.0/22
                  194.105.64.0/19
                  195.128.138.0/24
                  212.38.64.0/19
                  213.130.128.0/19
                  213.152.32.0/19
                  213.210.0.0/18
                  213.218.208.0-213.218.255.255
                  217.144.144.0/20
                  217.145.64.0/20
                IPv6:
                  2001:1a90::/32
                  2a00:c60::/32
                  2a02:21f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:5a:db:0f:a0:77:b0:68:5c:30:06:a6:f6:ed:53:e0:ba:87:
         3b:bd:de:05:bf:39:5a:35:97:64:61:02:d9:4f:20:72:c7:12:
         cf:bb:d0:b8:54:dd:54:c6:04:3c:74:e6:c1:60:0b:97:c1:d4:
         d6:65:23:bd:76:85:dd:46:d9:08:8d:cc:00:b6:53:d9:06:6d:
         94:e6:78:12:88:b1:a1:e1:f8:33:f8:0a:8d:b5:69:1a:cb:68:
         1d:80:13:76:0c:32:7d:e4:82:33:16:b5:99:7c:e9:07:39:bc:
         c8:ce:da:e3:1d:00:69:2f:a1:65:d4:e7:46:0a:84:37:43:4c:
         66:7c:e0:be:41:a7:2e:d4:40:cc:75:80:34:cf:6e:ae:06:f3:
         22:b6:28:2d:e6:9e:7e:0d:98:3e:76:ff:39:10:be:a1:97:8f:
         4b:00:03:36:d6:43:b4:c2:43:b5:1e:c5:1e:8b:e8:15:96:6e:
         da:99:ec:77:19:84:99:4c:01:3a:aa:ce:21:a2:1b:d2:eb:78:
         43:75:a2:4b:24:ce:ac:50:5d:76:36:07:e1:7f:41:11:5f:62:
         8f:b5:61:97:81:f4:69:c7:54:5c:bf:84:9e:90:93:d9:e2:c2:
         43:23:32:97:34:ae:0b:ad:22:81:4f:2f:8b:79:d6:4a:29:8d:
         0c:8e:69:66
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAYw0uzxOrtOpGz+D6To8aAqcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjA0MTIwODU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDAwMjFiNzkwMmZmY2Y3NTcwZmFhMTk1OGNmMWMzZmFlNDI0YzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWRNrKaqalZ3pa12wOwKPSyrpbwu
HVEXmMqbRP5a8jUnFCsqZQ8yw1r55EQCDrcdBtgEjHxC421USn7tq6yf4QkgxWla
FVRR+Ay9tqmeoxJi+tEmkfPvC6dO9VJKrk3lrVQq6mUzrZOUEOd1x8R+C+Otfs4D
pL5vLcT4rczLeknBZYnNlfMUpFs/FUBJnUMfsLGr0R26BE0EKWqjp6fsaNm2sqga
5Kogrd1jTNgtrmekEjXeF15RORmdCIkH82pTAK8QtIftt/8YhHryeZc/5xCImcFb
bETw5BlJc7+MAtxp3dmMMpxFicZztq3yZ+n71ieOfG4NaerXd+IQSTWtyQIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFA0AIbeQL/z3Vw+qGVjPHD+uQkxJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRFFBaHQ1QXZfUGRYRDZvWldNOGNQNjVDVEVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBqgQCAAEwgaMDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6DAMAwQEWdUwAwQHWdUAAwQGWdXAAwMAbbADBAK5FCADBAK5
GFQDBAXCaUADBADDgIoDBAXUJkADBAXVgoADBAXVmCADBAbV0gAwCwMEBNXa0AMD
ANXaAwQE2ZCQAwQE2ZFAMBsEAgACMBUDBQAgARqQAwUAKgAMYAMFACoCIfgwDQYJ
KoZIhvcNAQELBQADggEBAJ5a2w+gd7BoXDAGpvbtU+C6hzu93gW/OVo1l2RhAtlP
IHLHEs+70LhU3VTGBDx05sFgC5fB1NZlI712hd1G2QiNzAC2U9kGbZTmeBKIsaHh
+DP4Co21aRrLaB2AE3YMMn3kgjMWtZl86Qc5vMjO2uMdAGkvoWXU50YKhDdDTGZ8
4L5Bpy7UQMx1gDTPbq4G8yK2KC3mnn4NmD52/zkQvqGXj0sAAzbWQ7TCQ7UexR6L
6BWWbtqZ7HcZhJlMATqqziGiG9LreEN1okskzqxQXXY2B+F/QRFfYo+1YZeB9GnH
VFy/hJ6Qk9niwkMjMpc0rgutIoFPL4t51kopjQyOaWY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:21 2024 by rpki-client on console-ams.rpki-client.org