Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IG4J1hdp7T9NrtAyBuNu6U_sjBk.roa
File:                     IG4J1hdp7T9NrtAyBuNu6U_sjBk.roa (raw, json)
Hash identifier:          hLbGRgXIeG/Cgxvo0Be1dRChCKxJp1ut5ibKo7I7bCQ=
Subject key identifier:   20:6E:09:D6:17:69:ED:3F:4D:AE:D0:32:06:E3:6E:E9:4F:EC:8C:19
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F972CF20E9E78A33A5E74F25F4C680B30
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IG4J1hdp7T9NrtAyBuNu6U_sjBk.roa
Signing time:             Mon 20 May 2024 18:04:16 +0000
ROA not before:           Mon 20 May 2024 18:04:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.152.176.0/24 maxlen: 24
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.98.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.196.0/22 maxlen: 24
                          89.213.200.0/22 maxlen: 24
                          89.213.204.0/22 maxlen: 24
                          89.213.232.0/22 maxlen: 24
                          89.213.236.0/22 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.224.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 21 May 2024 07:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:97:2c:f2:0e:9e:78:a3:3a:5e:74:f2:5f:4c:68:0b:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 20 18:04:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=206e09d61769ed3f4daed03206e36ee94fec8c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:1a:93:2d:9c:ff:c9:7a:51:e6:40:9c:b4:b7:
                    78:4b:f2:ba:aa:c5:82:27:4d:d7:b6:fb:65:f0:d6:
                    ca:1b:92:07:99:3b:6a:ed:b9:58:6d:dd:31:50:61:
                    96:cc:67:65:2a:b1:fa:10:7f:5f:70:6e:ef:b9:5e:
                    c0:61:ee:c7:24:11:6c:fa:56:57:82:f3:56:94:b1:
                    3b:ce:db:c1:ed:d0:16:0c:c8:c7:f9:42:50:ba:e2:
                    ea:5d:75:ec:8e:cd:9c:f9:fc:4a:6b:50:fc:15:cb:
                    bb:b9:91:c6:5e:e0:8e:4d:73:53:1d:d1:fa:4b:ae:
                    6d:ce:44:14:75:cb:ac:08:86:47:bb:61:89:79:35:
                    97:d7:bb:04:d7:db:16:63:e8:19:79:e3:ac:fd:41:
                    6b:b3:ca:90:fb:e5:15:b5:48:6e:d3:2b:4f:4f:d0:
                    6b:c6:75:c6:a8:4f:2d:fd:93:55:8f:f9:78:2e:80:
                    6c:40:7a:2a:25:06:6f:6c:f9:2d:1b:74:db:98:61:
                    89:f4:52:ca:9d:21:e9:a9:da:08:00:02:c8:15:3d:
                    dc:2a:92:fb:92:6d:f4:4c:17:fb:51:a7:7a:ef:be:
                    e2:73:b7:24:f9:cf:85:e9:7b:5c:8d:eb:60:1f:e5:
                    8a:30:9c:fd:9a:ae:2f:04:04:42:2a:25:ae:d5:0c:
                    45:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:6E:09:D6:17:69:ED:3F:4D:AE:D0:32:06:E3:6E:E9:4F:EC:8C:19
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IG4J1hdp7T9NrtAyBuNu6U_sjBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.50.0/24
                  82.153.136.0/22
                  89.213.98.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.196.0-89.213.207.255
                  89.213.232.0/21
                  109.176.16.0/21
                  109.176.250.0/24
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.130.0/24
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.224.0/24
                  213.218.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:5c:4a:b9:cf:7d:04:c6:bc:8b:64:3c:4f:5b:fb:b0:d1:f1:
         db:eb:b0:2f:d8:e2:05:ea:bf:8b:c5:a5:39:c1:fa:49:38:e2:
         a6:79:c4:bf:1b:de:4a:ba:08:e3:35:53:42:ad:18:97:e4:5e:
         12:fb:d3:39:c1:d8:76:f8:ad:f8:c7:56:c6:b2:2f:12:cc:2c:
         d1:72:60:7c:b1:4c:ab:b1:ac:c1:27:eb:d0:43:26:b7:2a:aa:
         39:6b:9b:74:62:a0:1d:5b:66:cf:88:5b:84:e7:b8:32:98:2f:
         05:d7:5a:27:cd:b6:5d:de:89:a9:b1:0e:2d:45:b2:4d:c2:88:
         bb:41:a8:33:42:af:bb:62:f9:6e:40:2e:73:bf:87:7b:86:47:
         4d:7f:61:32:86:b1:0c:5b:96:03:fa:46:61:15:9a:c3:55:be:
         c6:3b:d9:9f:f0:7c:3c:ff:b2:f2:2e:92:0b:37:b1:cf:30:bf:
         1d:5b:9a:d5:53:39:dd:73:af:f8:0d:f2:2e:bc:52:ef:b3:ae:
         8a:8b:f5:3f:5e:bc:d6:ca:64:38:f5:c7:7e:75:ec:92:a6:88:
         06:de:ae:ad:4c:62:27:d7:c9:a0:9f:c0:e7:06:43:79:59:78:
         c7:44:21:a0:82:41:ec:82:b9:d0:01:a6:9d:a7:1d:ab:5b:25:
         ee:85:98:fd
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAY+XLPIOnnijOl508l9MaAswMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIwMTgwNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDZlMDlkNjE3NjllZDNmNGRhZWQwMzIwNmUzNmVlOTRmZWM4YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBqTLZz/yXpR5kCctLd4S/K6qsWC
J03Xtvtl8NbKG5IHmTtq7blYbd0xUGGWzGdlKrH6EH9fcG7vuV7AYe7HJBFs+lZX
gvNWlLE7ztvB7dAWDMjH+UJQuuLqXXXsjs2c+fxKa1D8Fcu7uZHGXuCOTXNTHdH6
S65tzkQUdcusCIZHu2GJeTWX17sE19sWY+gZeeOs/UFrs8qQ++UVtUhu0ytPT9Br
xnXGqE8t/ZNVj/l4LoBsQHoqJQZvbPktG3TbmGGJ9FLKnSHpqdoIAALIFT3cKpL7
km30TBf7Uad6777ic7ck+c+F6XtcjetgH+WKMJz9mq4vBARCKiWu1QxFCwIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFCBuCdYXae0/Ta7QMgbjbulP7IwZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSUc0SjFoZHA3VDlOcnRBeUJ1TnU2VV9zakJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAFSmLAD
BABSmTIDBAJSmYgDBABZ1WIwDAMEAlnVlAMEBVnVgAMEAlnVrDAMAwQCWdXEAwQE
WdXAAwQDWdXoAwQDbbAQAwQAbbD6AwQBuTF+AwQEwmlQAwQA1YKCAwQA1YKVAwQB
1drSAwQA1drgAwQA1drnMA0GCSqGSIb3DQEBCwUAA4IBAQAaXEq5z30ExryLZDxP
W/uw0fHb67Av2OIF6r+LxaU5wfpJOOKmecS/G95KugjjNVNCrRiX5F4S+9M5wdh2
+K34x1bGsi8SzCzRcmB8sUyrsazBJ+vQQya3Kqo5a5t0YqAdW2bPiFuE57gymC8F
11onzbZd3ompsQ4tRbJNwoi7QagzQq+7YvluQC5zv4d7hkdNf2EyhrEMW5YD+kZh
FZrDVb7GO9mf8Hw8/7LyLpILN7HPML8dW5rVUzndc6/4DfIuvFLvs66Ki/U/XrzW
ymQ49cd+deySpogG3q6tTGIn18mgn8DnBkN5WXjHRCGggkHsgrnQAaadpx2rWyXu
hZj9
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org