Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HbKfQVY3g3GnysDpcvTj3qTJfdU.roa
File:                     HbKfQVY3g3GnysDpcvTj3qTJfdU.roa (raw, json)
Hash identifier:          lq3WKqRjLtYnFkFh7HQQfH+kq9dUxKz5wYRH3b+5qv4=
Subject key identifier:   1D:B2:9F:41:56:37:83:71:A7:CA:C0:E9:72:F4:E3:DE:A4:C9:7D:D5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018872384CDE3C2E33A9F582350512BBDA8F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HbKfQVY3g3GnysDpcvTj3qTJfdU.roa
Signing time:             Wed 31 May 2023 14:31:12 +0000
ROA not before:           Wed 31 May 2023 14:31:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.5.189.0/24 maxlen: 24
                          82.152.174.0/23 maxlen: 23
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 31 May 2023 15:24:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:72:38:4c:de:3c:2e:33:a9:f5:82:35:05:12:bb:da:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 31 14:31:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1db29f4156378371a7cac0e972f4e3dea4c97dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:39:29:c0:a3:0e:82:64:1e:19:3d:c0:1a:2e:
                    c8:cf:84:cc:1a:5e:fe:41:f2:01:f4:7b:8d:68:0d:
                    2e:2c:d6:02:52:e7:51:72:8c:1d:07:ae:f4:88:76:
                    9f:b9:06:f3:52:0b:43:35:df:51:a1:1a:ad:be:28:
                    2b:11:21:38:e0:fe:71:30:48:83:ea:b3:48:f3:7d:
                    9f:b4:34:90:db:c8:ef:17:ca:a4:57:9b:39:1e:01:
                    c6:31:36:15:e6:51:84:76:45:75:87:aa:ed:8a:4c:
                    2f:b9:95:bd:4e:ed:18:63:54:96:73:14:81:67:12:
                    16:da:3f:c1:58:b4:5f:d7:e2:91:9d:1c:53:89:4f:
                    64:de:cc:ff:29:e7:fb:3c:db:08:96:f6:2e:7b:75:
                    5a:80:4c:a4:28:11:a9:9c:f0:a6:a2:e0:60:48:68:
                    fd:f3:5a:1b:b4:6d:60:6d:28:2a:07:e4:fd:93:e3:
                    dc:9e:a5:c8:5e:1f:ef:63:ad:7d:dd:a9:66:9f:03:
                    34:0b:99:d4:b4:f1:1a:04:23:a3:85:24:21:fc:a8:
                    ad:fa:e5:db:b6:b9:29:41:37:78:2d:e8:a6:4b:00:
                    ac:61:b6:8d:73:88:0e:2b:63:43:61:38:9e:c1:33:
                    a1:44:26:f3:77:80:f5:1b:61:e2:34:dd:a7:d6:2f:
                    e9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B2:9F:41:56:37:83:71:A7:CA:C0:E9:72:F4:E3:DE:A4:C9:7D:D5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HbKfQVY3g3GnysDpcvTj3qTJfdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.255.0/24
                  82.153.73.0/24
                  82.153.222.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:b3:12:11:ed:f4:00:10:2a:6c:37:b3:ed:31:75:c2:27:f6:
         2b:cb:a5:f0:d7:38:52:0b:58:fd:0e:4e:b2:fe:50:51:fd:4c:
         88:25:cd:dd:79:95:32:77:f8:ca:fb:c9:77:25:15:d1:e8:0a:
         d9:3a:55:7c:f3:f4:91:cc:9e:d2:a9:d5:06:28:bb:a6:16:03:
         4b:e9:99:c1:41:4f:99:ee:e1:52:a1:6b:10:77:2b:a7:a6:a4:
         0c:25:97:32:f0:77:1a:a9:88:33:4c:8e:cb:35:e8:89:3f:64:
         2d:94:81:8c:c6:34:0c:20:af:ae:f8:d0:02:e8:38:95:5b:0c:
         59:4f:9d:9a:4a:10:ff:71:c2:ca:0d:86:6e:23:d0:1c:a6:8d:
         6f:07:8f:0a:cb:cd:e9:b6:72:fd:27:93:0b:ea:c6:3f:54:69:
         d7:75:87:a0:69:23:b4:4c:fb:b6:9c:7e:e3:76:35:03:c9:e4:
         08:68:2f:b9:19:9e:ca:6a:e4:06:4a:78:dc:11:c9:83:91:5c:
         0f:2b:f2:cd:1c:f9:38:90:17:88:cb:d0:15:fe:14:17:be:ef:
         b6:93:36:f4:04:77:6a:0c:7c:44:d8:e1:c6:ac:eb:e1:74:d9:
         2e:ef:d3:d0:53:92:ae:54:5b:52:7c:02:0b:96:02:49:14:6b:
         4e:d3:a2:1a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYhyOEzePC4zqfWCNQUSu9qPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTMxMTQzMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGIyOWY0MTU2Mzc4MzcxYTdjYWMwZTk3MmY0ZTNkZWE0Yzk3ZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zkpwKMOgmQeGT3AGi7Iz4TMGl7+
QfIB9HuNaA0uLNYCUudRcowdB670iHafuQbzUgtDNd9RoRqtvigrESE44P5xMEiD
6rNI832ftDSQ28jvF8qkV5s5HgHGMTYV5lGEdkV1h6rtikwvuZW9Tu0YY1SWcxSB
ZxIW2j/BWLRf1+KRnRxTiU9k3sz/Kef7PNsIlvYue3VagEykKBGpnPCmouBgSGj9
81obtG1gbSgqB+T9k+PcnqXIXh/vY6193almnwM0C5nUtPEaBCOjhSQh/Kit+uXb
trkpQTd4LeimSwCsYbaNc4gOK2NDYTiewTOhRCbzd4D1G2HiNN2n1i/pmwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFB2yn0FWN4Nxp8rA6XL0496kyX3VMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSGJLZlFWWTNnM0dueXNEcGN2VGozcVRKZmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAUQW9AwQA
Uah0AwQAUah3AwQAUah7AwQBUpiuAwQAUpj5AwQAUpj/AwQAUplJAwQAUpneAwQB
Upn4MA0GCSqGSIb3DQEBCwUAA4IBAQBbsxIR7fQAECpsN7PtMXXCJ/Yry6Xw1zhS
C1j9Dk6y/lBR/UyIJc3deZUyd/jK+8l3JRXR6ArZOlV88/SRzJ7SqdUGKLumFgNL
6ZnBQU+Z7uFSoWsQdyunpqQMJZcy8HcaqYgzTI7LNeiJP2QtlIGMxjQMIK+u+NAC
6DiVWwxZT52aShD/ccLKDYZuI9Acpo1vB48Ky83ptnL9J5ML6sY/VGnXdYegaSO0
TPu2nH7jdjUDyeQIaC+5GZ7KauQGSnjcEcmDkVwPK/LNHPk4kBeIy9AV/hQXvu+2
kzb0BHdqDHxE2OHGrOvhdNku79PQU5KuVFtSfAILlgJJFGtO06Ia
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:21 2024 by rpki-client on console-ams.rpki-client.org