Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HrUCmZbvtGBFIV146k8e9usjHQc.roa
File:                     HrUCmZbvtGBFIV146k8e9usjHQc.roa (raw, json)
Hash identifier:          Fa1aDngnv7rPT8LlJnmNBrZAfTPEei0yaqq0HYVaNXw=
Subject key identifier:   1E:B5:02:99:96:EF:B4:60:45:21:5D:78:EA:4F:1E:F6:EB:23:1D:07
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189E40415D433F0004A5DBA2F9F37562DEF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HrUCmZbvtGBFIV146k8e9usjHQc.roa
Signing time:             Fri 11 Aug 2023 09:53:40 +0000
ROA not before:           Fri 11 Aug 2023 09:53:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.214.0/24 maxlen: 24
                          109.176.215.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.40.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          89.213.43.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.45.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.159.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 13 Aug 2023 15:28:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e4:04:15:d4:33:f0:00:4a:5d:ba:2f:9f:37:56:2d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 11 09:53:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1eb5029996efb46045215d78ea4f1ef6eb231d07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0e:b4:f6:94:fc:45:25:cc:65:15:2f:8b:bf:
                    d0:18:17:90:1e:35:d1:ce:87:d8:db:1f:32:c4:32:
                    31:78:f1:c9:e9:c8:4a:cd:f7:79:15:24:74:91:3b:
                    83:a0:1b:86:6f:3d:53:5c:0b:db:a2:a1:8c:86:b6:
                    09:bc:46:27:92:f9:d2:6d:e0:95:af:41:f0:d5:68:
                    37:bc:64:32:77:9d:bf:bc:42:3d:b2:4c:54:03:5c:
                    10:6e:f6:d1:4b:80:f5:da:f2:7d:ba:bb:25:21:c4:
                    8d:8a:c6:98:b2:08:28:62:36:3e:d2:60:77:30:8a:
                    ac:15:80:9e:66:db:3d:49:db:c9:86:82:4e:32:6e:
                    75:d7:a1:eb:1e:47:ae:4c:b0:7c:57:12:52:c5:ef:
                    91:43:db:4d:2b:c4:b2:5c:52:91:95:bb:65:14:e6:
                    fd:90:84:ee:c5:ef:31:4a:cf:ba:84:69:a4:7a:31:
                    df:9d:09:56:56:2d:dc:a4:86:7e:20:48:b4:81:60:
                    44:0c:6d:05:a2:0a:d2:f5:c2:5e:d2:57:f4:84:e9:
                    f6:d0:2d:d5:c1:60:dc:a2:4f:f8:e2:26:47:e6:cc:
                    bc:6a:1b:3c:3d:31:c9:89:f1:8a:2f:1a:2e:2c:a5:
                    f5:cf:5f:33:f8:39:22:c8:16:18:10:a2:d4:56:18:
                    4f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B5:02:99:96:EF:B4:60:45:21:5D:78:EA:4F:1E:F6:EB:23:1D:07
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HrUCmZbvtGBFIV146k8e9usjHQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.5.0/24
                  89.213.40.0/21
                  89.213.133.0-89.213.134.255
                  89.213.136.0/24
                  89.213.139.0-89.213.141.255
                  89.213.146.0/24
                  89.213.148.0-89.213.155.255
                  89.213.157.0-89.213.160.255
                  89.213.162.0-89.213.164.255
                  89.213.168.0/23
                  89.213.172.0-89.213.177.255
                  89.213.179.0-89.213.189.255
                  109.176.211.0/24
                  109.176.214.0-109.176.223.255
                  109.176.240.0/24
                  109.176.242.0/23
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:70:c3:14:ac:f4:d9:fb:12:52:42:21:7b:65:01:cd:fb:92:
         db:79:f5:e8:c1:c5:06:80:d9:44:a1:11:a2:19:c9:62:0b:9e:
         a4:9b:d1:b7:6e:21:54:66:7b:70:8b:9b:05:78:7f:84:2a:af:
         0b:c4:6e:ea:2f:ba:7b:01:f9:42:9b:14:34:2b:34:49:30:4a:
         00:6b:01:08:71:bf:2f:3f:61:5e:3d:0f:8b:5a:29:93:cd:4a:
         4d:85:99:bb:e6:ac:93:a7:b0:8c:4b:d1:45:64:2a:81:5f:4c:
         5e:6f:bf:d6:97:33:5d:b9:d5:03:e1:01:2a:eb:24:6e:66:09:
         f2:7f:40:ff:ff:a2:69:88:69:84:66:3d:d2:e7:ba:c3:19:f7:
         08:7e:e3:73:73:94:17:3d:69:40:7e:5d:8f:b1:30:3f:d8:4b:
         fb:54:43:13:37:5b:2c:2d:da:ea:93:f5:54:16:e8:e5:55:e8:
         c8:c4:f4:6c:37:4e:35:2d:7c:42:a0:dd:2f:a8:2f:3e:da:25:
         3c:5e:f5:d8:db:a6:6d:5f:b1:21:40:f5:14:8c:3a:e4:7b:39:
         6c:5b:26:15:4f:34:f0:e4:eb:69:ae:18:c8:70:e9:d9:6f:eb:
         f1:5c:f7:90:b6:98:c0:67:e3:c9:69:6f:d5:74:b0:b8:3f:85:
         4a:94:df:8e
-----BEGIN CERTIFICATE-----
MIIGSzCCBTOgAwIBAgISAYnkBBXUM/AASl26L583Vi3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODExMDk1MzQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWI1MDI5OTk2ZWZiNDYwNDUyMTVkNzhlYTRmMWVmNmViMjMxZDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmA609pT8RSXMZRUvi7/QGBeQHjXR
zofY2x8yxDIxePHJ6chKzfd5FSR0kTuDoBuGbz1TXAvboqGMhrYJvEYnkvnSbeCV
r0Hw1Wg3vGQyd52/vEI9skxUA1wQbvbRS4D12vJ9urslIcSNisaYsggoYjY+0mB3
MIqsFYCeZts9SdvJhoJOMm5116HrHkeuTLB8VxJSxe+RQ9tNK8SyXFKRlbtlFOb9
kITuxe8xSs+6hGmkejHfnQlWVi3cpIZ+IEi0gWBEDG0FogrS9cJe0lf0hOn20C3V
wWDcok/44iZH5sy8ahs8PTHJifGKLxouLKX1z18z+DkiyBYYEKLUVhhPowIDAQAB
o4IDVzCCA1MwHQYDVR0OBBYEFB61ApmW77RgRSFdeOpPHvbrIx0HMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSHJVQ21aYnZ0R0JGSVYxNDZrOGU5dXNqSFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBawYIKwYBBQUHAQcBAf8EggFaMIIBVjCCAVIEAgABMIIB
SgMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwAwQAUpn5AwQAWdUFAwQDWdUoMAwDBABZ1YUDBABZ1YYD
BABZ1YgwDAMEAFnViwMEAVnVjAMEAFnVkjAMAwQCWdWUAwQCWdWYMAwDBABZ1Z0D
BABZ1aAwDAMEAVnVogMEAFnVpAMEAVnVqDAMAwQCWdWsAwQBWdWwMAwDBABZ1bMD
BAFZ1bwDBABtsNMwDAMEAW2w1gMEBW2wwAMEAG2w8AMEAW2w8jAMAwQAbbD1AwQA
bbD2MAwDBANtsPgDBABtsPowDAMEALkxfQMEB7kxAAMEANWYKgMEANWYPTANBgkq
hkiG9w0BAQsFAAOCAQEAJXDDFKz02fsSUkIhe2UBzfuS23n16MHFBoDZRKERohnJ
YguepJvRt24hVGZ7cIubBXh/hCqvC8Ru6i+6ewH5QpsUNCs0STBKAGsBCHG/Lz9h
Xj0Pi1opk81KTYWZu+ask6ewjEvRRWQqgV9MXm+/1pczXbnVA+EBKuskbmYJ8n9A
//+iaYhphGY90ue6wxn3CH7jc3OUFz1pQH5dj7EwP9hL+1RDEzdbLC3a6pP1VBbo
5VXoyMT0bDdONS18QqDdL6gvPtolPF712NumbV+xIUD1FIw65Hs5bFsmFU808OTr
aa4YyHDp2W/r8Vz3kLaYwGfjyWlv1XSwuD+FSpTfjg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org