Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DbaTHreSUQmwiHJptvzbIGWS_MY.roa
File:                     DbaTHreSUQmwiHJptvzbIGWS_MY.roa (raw, json)
Hash identifier:          YFTtTqjX/ob7BeqYE7JhcjQ8GOUw7e4qAk0OxRbWyI8=
Subject key identifier:   0D:B6:93:1E:B7:92:51:09:B0:88:72:69:B6:FC:DB:20:65:92:FC:C6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01878E584263F583AD67925D560593DCBDF4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DbaTHreSUQmwiHJptvzbIGWS_MY.roa
Signing time:             Mon 17 Apr 2023 08:32:41 +0000
ROA not before:           Mon 17 Apr 2023 08:32:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.68.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.243.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 20 Apr 2023 08:05:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8e:58:42:63:f5:83:ad:67:92:5d:56:05:93:dc:bd:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 17 08:32:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0db6931eb7925109b0887269b6fcdb206592fcc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8f:4f:9a:da:8d:22:40:37:e5:b5:7a:f1:1f:
                    b0:49:23:98:d0:23:15:20:63:71:72:d3:44:78:6f:
                    eb:2b:46:2c:21:55:0a:09:81:63:9b:72:89:4f:9b:
                    fd:39:eb:01:e3:5e:5d:ab:ba:53:28:6a:f0:40:a8:
                    33:54:b0:87:58:28:69:64:50:2f:b6:95:0b:50:77:
                    ab:80:0d:76:28:2b:bd:f0:f9:ef:1b:75:ff:b9:6f:
                    45:aa:e0:f8:c0:b3:6e:4e:64:9c:e9:99:37:8e:67:
                    de:db:20:93:a0:91:87:c3:a0:6a:01:04:a2:02:c8:
                    06:56:50:d3:09:57:4e:62:bb:d2:6e:e7:1f:67:50:
                    2d:65:e4:3a:59:a5:2f:a5:8f:e6:ba:c8:47:3b:bf:
                    76:bf:a8:e4:51:e2:64:a3:22:3d:db:76:4a:45:fb:
                    61:6d:28:97:bc:a8:ba:e8:05:45:fe:1f:e8:18:1d:
                    83:b8:90:41:a5:ac:97:74:e4:df:91:f5:f3:09:21:
                    2f:57:8e:eb:dd:73:bf:5e:91:83:70:51:cb:b0:86:
                    d9:b1:61:ee:65:80:66:44:27:7a:94:03:d2:86:04:
                    33:fe:83:7b:54:53:5a:a6:e3:99:d2:30:b5:93:83:
                    fd:61:50:0a:3a:9a:93:0a:b3:14:57:34:10:91:34:
                    b2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B6:93:1E:B7:92:51:09:B0:88:72:69:B6:FC:DB:20:65:92:FC:C6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DbaTHreSUQmwiHJptvzbIGWS_MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.254.0/23
                  82.153.4.0/24
                  82.153.64.0/23
                  82.153.68.0/24
                  82.153.70.0/23
                  82.153.209.0-82.153.210.255
                  82.153.222.0/24
                  82.153.243.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:ce:46:86:e3:29:d3:df:62:53:01:4f:58:e4:59:1c:8e:82:
         5c:39:f7:cb:0e:32:4b:f9:8f:e5:e4:b9:86:70:07:d6:4e:d0:
         78:2a:7e:3a:1e:63:df:95:82:fa:fc:88:f8:30:29:5a:85:ec:
         f7:c0:aa:9b:bd:e5:8e:d0:66:1c:1c:84:d9:c9:09:ff:4e:fc:
         c3:31:5f:19:07:96:42:ed:4d:b7:02:08:68:9d:81:82:09:8f:
         4b:47:74:46:5f:82:de:1d:8c:c0:c5:6f:46:75:9b:6b:4c:66:
         fd:33:58:f7:f1:b7:63:ba:16:00:67:fc:85:5a:9b:4c:6f:b7:
         9d:cd:e6:23:7d:44:38:03:20:8a:dd:62:97:96:98:e3:7d:d0:
         72:85:31:35:90:b1:0e:05:82:94:6a:99:6c:e2:56:a4:25:33:
         08:25:b2:b7:cc:ae:3a:c0:c8:94:3a:87:78:8e:a0:87:a0:61:
         0b:ef:a1:fc:2b:58:c9:39:c0:64:67:c5:1e:eb:cc:f8:a8:82:
         ce:11:30:1a:3a:07:e1:a2:3b:da:0d:e3:12:00:1c:ad:89:dc:
         0f:20:13:72:f0:2f:49:8c:78:36:2d:47:c4:31:48:f6:86:3e:
         8a:b6:56:5c:db:6d:87:49:cb:74:90:c1:70:c1:96:d3:9a:46:
         c4:cd:3e:e1
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYeOWEJj9YOtZ5JdVgWT3L30MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDE3MDgzMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI2OTMxZWI3OTI1MTA5YjA4ODcyNjliNmZjZGIyMDY1OTJmY2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmI9PmtqNIkA35bV68R+wSSOY0CMV
IGNxctNEeG/rK0YsIVUKCYFjm3KJT5v9OesB415dq7pTKGrwQKgzVLCHWChpZFAv
tpULUHergA12KCu98PnvG3X/uW9FquD4wLNuTmSc6Zk3jmfe2yCToJGHw6BqAQSi
AsgGVlDTCVdOYrvSbucfZ1AtZeQ6WaUvpY/mushHO792v6jkUeJkoyI923ZKRfth
bSiXvKi66AVF/h/oGB2DuJBBpayXdOTfkfXzCSEvV47r3XO/XpGDcFHLsIbZsWHu
ZYBmRCd6lAPShgQz/oN7VFNapuOZ0jC1k4P9YVAKOpqTCrMUVzQQkTSytwIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFA22kx63klEJsIhyabb82yBlkvzGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRGJhVEhyZVNVUW13aUhKcHR2emJJR1dTX01ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj5AwQAUpj7AwQBUpj+AwQAUpkEAwQBUplAAwQAUplEAwQB
UplGMAwDBABSmdEDBABSmdIDBABSmd4DBABSmfMDBABSmfYDBAFSmfgwDQYJKoZI
hvcNAQELBQADggEBAKfORobjKdPfYlMBT1jkWRyOglw598sOMkv5j+XkuYZwB9ZO
0HgqfjoeY9+Vgvr8iPgwKVqF7PfAqpu95Y7QZhwchNnJCf9O/MMxXxkHlkLtTbcC
CGidgYIJj0tHdEZfgt4djMDFb0Z1m2tMZv0zWPfxt2O6FgBn/IVam0xvt53N5iN9
RDgDIIrdYpeWmON90HKFMTWQsQ4FgpRqmWziVqQlMwglsrfMrjrAyJQ6h3iOoIeg
YQvvofwrWMk5wGRnxR7rzPiogs4RMBo6B+GiO9oN4xIAHK2J3A8gE3LwL0mMeDYt
R8QxSPaGPoq2VlzbbYdJy3SQwXDBltOaRsTNPuE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org