Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GkBsif_oHNzR0RFNaN7FIn_OeQA.roa
File:                     GkBsif_oHNzR0RFNaN7FIn_OeQA.roa (raw, json)
Hash identifier:          Ry89ThZ7YzI5ffbpG752BDbvpCYePRO9aFcMf2+ahuQ=
Subject key identifier:   1A:40:6C:89:FF:E8:1C:DC:D1:D1:11:4D:68:DE:C5:22:7F:CE:79:00
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F2E173137EA3CC6542FB5CCBCCEB3535D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GkBsif_oHNzR0RFNaN7FIn_OeQA.roa
Signing time:             Tue 30 Apr 2024 08:20:22 +0000
ROA not before:           Tue 30 Apr 2024 08:20:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.220.0/24 maxlen: 24
                          82.153.245.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.138.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.208.0/24 maxlen: 24
                          213.218.209.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.212.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.215.0/24 maxlen: 24
                          213.218.232.0/24 maxlen: 24
                          213.218.234.0/24 maxlen: 24
                          213.218.235.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Apr 2024 15:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:17:31:37:ea:3c:c6:54:2f:b5:cc:bc:ce:b3:53:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 30 08:20:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a406c89ffe81cdcd1d1114d68dec5227fce7900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:79:84:d8:fe:59:73:8a:a5:cf:a0:45:02:e3:
                    a1:4d:40:24:4a:53:40:16:9e:e5:90:66:fb:a1:f6:
                    db:6e:e3:1d:94:59:02:10:71:52:df:46:ee:ec:c2:
                    95:04:0f:a2:68:eb:04:c5:91:36:27:a3:88:59:4a:
                    40:3f:2e:d7:f2:30:53:a8:98:8c:1e:86:78:bb:2b:
                    6b:c8:13:37:3f:83:61:2c:77:d4:42:59:17:8f:9f:
                    3d:79:06:25:80:20:b2:70:0b:db:b4:12:25:5a:f1:
                    60:24:94:6c:38:15:5b:e2:e0:2d:0f:fb:67:96:ea:
                    85:11:52:23:fa:a1:09:a2:08:e5:4a:55:79:d9:fc:
                    ee:c2:65:2f:fc:8f:25:c0:1d:cd:84:f8:73:3f:34:
                    b3:af:f4:2c:7b:1e:4d:8c:52:47:07:02:6d:78:5b:
                    0f:c9:99:d4:9f:0a:43:2e:40:11:07:b1:75:06:8a:
                    f1:58:b2:12:67:5c:9a:3a:cf:12:78:0e:82:37:74:
                    b8:01:c8:9c:2c:90:76:09:18:04:35:2f:10:e1:eb:
                    3e:72:50:1d:0c:82:44:00:11:3b:e4:c2:8a:c4:c3:
                    7d:6a:dd:61:29:cd:da:49:eb:d7:5b:ae:34:f2:c6:
                    8b:bb:3c:09:ea:37:2a:9d:1c:6b:a2:16:3e:8f:37:
                    24:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:40:6C:89:FF:E8:1C:DC:D1:D1:11:4D:68:DE:C5:22:7F:CE:79:00
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GkBsif_oHNzR0RFNaN7FIn_OeQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.220.0/24
                  82.153.245.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.138.0/24
                  213.130.149.0/24
                  213.218.208.0-213.218.213.255
                  213.218.215.0/24
                  213.218.232.0/24
                  213.218.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:a2:d5:17:95:e2:d2:e2:9d:01:09:74:d2:de:ce:28:b6:c2:
         0b:82:84:fb:47:83:21:13:9e:60:3e:eb:17:92:0d:c5:b6:bc:
         53:a3:ce:53:fa:93:17:ff:98:44:91:0e:b9:a5:d3:e6:97:93:
         d1:14:f7:0d:65:be:7f:4f:fa:c0:24:35:3c:4e:1a:6e:51:14:
         45:0e:d1:da:7e:08:0d:06:6e:c8:2b:51:9e:44:bf:48:8f:75:
         a3:37:2f:0e:27:94:6f:86:4c:f2:b3:27:7d:f0:6f:18:d0:83:
         ff:fd:b8:ec:78:e6:84:f2:35:1f:97:4a:4c:3c:78:22:67:a4:
         4c:59:cd:18:31:5a:69:26:51:1b:a8:30:1a:02:69:db:f3:f3:
         e4:99:42:ff:0b:2c:d4:7f:f1:1d:59:ef:82:77:9b:2b:1a:9e:
         b5:2a:66:f9:1d:1d:bf:39:c2:80:c8:ed:f9:e7:d3:fb:75:61:
         b5:e5:b2:7a:a8:e4:30:45:47:57:99:60:8f:ee:ac:25:45:c1:
         6c:b8:6a:e0:9b:ce:cc:30:b6:12:19:31:64:51:6f:0d:4a:04:
         73:cf:6b:25:03:af:7f:51:df:3b:88:48:1d:38:80:d1:cb:ff:
         86:33:4e:74:dc:f3:04:f4:a9:ca:22:6d:aa:d5:d0:33:9a:1d:
         56:51:8e:4b
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAY8uFzE36jzGVC+1zLzOs1NdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDMwMDgyMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQwNmM4OWZmZTgxY2RjZDFkMTExNGQ2OGRlYzUyMjdmY2U3OTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3mE2P5Zc4qlz6BFAuOhTUAkSlNA
Fp7lkGb7ofbbbuMdlFkCEHFS30bu7MKVBA+iaOsExZE2J6OIWUpAPy7X8jBTqJiM
HoZ4uytryBM3P4NhLHfUQlkXj589eQYlgCCycAvbtBIlWvFgJJRsOBVb4uAtD/tn
luqFEVIj+qEJogjlSlV52fzuwmUv/I8lwB3NhPhzPzSzr/Qsex5NjFJHBwJteFsP
yZnUnwpDLkARB7F1BorxWLISZ1yaOs8SeA6CN3S4AcicLJB2CRgENS8Q4es+clAd
DIJEABE75MKKxMN9at1hKc3aSevXW6408saLuzwJ6jcqnRxrohY+jzckzQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFBpAbIn/6Bzc0dERTWjexSJ/znkAMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvR2tCc2lmX29ITnpSMFJGTmFON0ZJbl9PZVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAFSmLAD
BAJSmYgDBABSmdwDBABSmfUDBABZ1YUwDAMEAlnVlAMEBVnVgAMEAlnVrAMEAFnV
tAMEA22wEAMEAbkxfgMEBMJpUAMEANWCigMEANWClTAMAwQE1drQAwQB1drUAwQA
1drXAwQA1droAwQB1drqMA0GCSqGSIb3DQEBCwUAA4IBAQCVotUXleLS4p0BCXTS
3s4otsILgoT7R4MhE55gPusXkg3FtrxTo85T+pMX/5hEkQ65pdPml5PRFPcNZb5/
T/rAJDU8ThpuURRFDtHafggNBm7IK1GeRL9Ij3WjNy8OJ5Rvhkzysyd98G8Y0IP/
/bjseOaE8jUfl0pMPHgiZ6RMWc0YMVppJlEbqDAaAmnb8/PkmUL/CyzUf/EdWe+C
d5srGp61Kmb5HR2/OcKAyO3559P7dWG15bJ6qOQwRUdXmWCP7qwlRcFsuGrgm87M
MLYSGTFkUW8NSgRzz2slA69/Ud87iEgdOIDRy/+GM0503PME9KnKIm2q1dAzmh1W
UY5L
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org