Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/INvWUgDrVYDF29NkVl1NVszOfyA.roa
File:                     INvWUgDrVYDF29NkVl1NVszOfyA.roa (raw, json)
Hash identifier:          HddW1xOAuVTrEjhnTMXDOUEuWhQQnRd0gTGlXqcP1bM=
Subject key identifier:   20:DB:D6:52:00:EB:55:80:C5:DB:D3:64:56:5D:4D:56:CC:CE:7F:20
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018AD644CB40258CCC2E508A680D80A27D90
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/INvWUgDrVYDF29NkVl1NVszOfyA.roa
Signing time:             Wed 27 Sep 2023 10:52:27 +0000
ROA not before:           Wed 27 Sep 2023 10:52:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8851
IP address blocks:        89.213.64.0/18 maxlen: 24
                          37.252.24.0/21 maxlen: 24
                          80.240.80.0/20 maxlen: 20
                          77.107.64.0/18 maxlen: 24
                          213.210.0.0/18 maxlen: 24
                          85.159.128.0/21 maxlen: 24
                          212.38.64.0/19 maxlen: 24
                          37.98.144.0/22 maxlen: 24
                          37.98.144.0/21 maxlen: 24
                          109.176.0.0/16 maxlen: 16
                          89.213.48.0/20 maxlen: 24
                          89.213.192.0/25 maxlen: 25
                          89.213.192.0/18 maxlen: 24
                          213.218.208.0/20 maxlen: 24
                          89.31.232.0/21 maxlen: 24
                          185.20.34.0/24 maxlen: 24
                          185.20.35.0/24 maxlen: 24
                          79.99.72.0/21 maxlen: 24
                          185.20.32.0/22 maxlen: 24
                          213.218.224.0/19 maxlen: 24
                          81.168.0.0/17 maxlen: 17
                          82.163.0.0/19 maxlen: 24
                          217.144.144.0/20 maxlen: 24
                          217.145.64.0/20 maxlen: 24
                          185.24.84.0/22 maxlen: 24
                          194.105.64.0/19 maxlen: 24
                          213.130.128.0/19 maxlen: 24
                          82.152.0.0/16 maxlen: 16
                          81.5.128.0/18 maxlen: 18
                          82.152.0.0/15 maxlen: 15
                          195.128.138.0/24 maxlen: 24
                          213.152.32.0/19 maxlen: 19
                          2a02:21f8::/32 maxlen: 32
                          2a00:c60::/32 maxlen: 32
                          2001:1a90::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 28 Sep 2023 10:58:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d6:44:cb:40:25:8c:cc:2e:50:8a:68:0d:80:a2:7d:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 27 10:52:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20dbd65200eb5580c5dbd364565d4d56ccce7f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a3:d8:ce:3b:12:5c:cc:c7:98:4b:e4:c5:52:
                    dd:46:33:71:46:7e:94:35:d8:29:24:84:36:cc:4d:
                    e6:3b:13:36:18:1f:cb:07:4a:10:ac:b9:3c:8c:29:
                    3f:df:60:5a:55:95:68:e2:cc:78:ec:e7:f3:70:e8:
                    44:c4:97:20:8e:6d:a6:d4:4d:b6:a5:26:0a:d5:b5:
                    8b:89:ec:bd:5b:51:78:6a:25:ac:a7:38:44:b5:2d:
                    96:e2:62:3b:b3:3d:5d:bd:da:73:5c:30:7f:01:1e:
                    2a:aa:a0:b7:14:13:5d:c0:13:14:19:19:3c:e0:d6:
                    63:52:6d:f2:60:a0:29:96:40:4c:18:49:ec:34:68:
                    4e:fc:07:1a:3e:5a:11:5a:74:15:3b:d3:1b:18:a0:
                    09:fd:29:9f:2a:2e:09:1f:c7:4c:64:8e:8a:36:6e:
                    55:1e:1c:7d:65:33:70:a9:c7:30:9a:b7:c1:53:7f:
                    b0:aa:30:30:30:82:b7:26:32:3d:64:4d:57:24:67:
                    99:c6:c2:da:56:10:65:e5:7e:e8:12:06:81:a7:af:
                    2a:8a:1e:0b:64:bb:cf:44:94:92:06:7f:96:e9:c7:
                    8b:c6:e6:d7:77:78:dd:e0:2a:15:cf:01:bf:6f:f3:
                    ce:86:1a:e2:fc:ba:8e:51:38:58:83:29:30:45:97:
                    b7:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:DB:D6:52:00:EB:55:80:C5:DB:D3:64:56:5D:4D:56:CC:CE:7F:20
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/INvWUgDrVYDF29NkVl1NVszOfyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.144.0/21
                  37.252.24.0/21
                  77.107.64.0/18
                  79.99.72.0/21
                  80.240.80.0/20
                  81.5.128.0/18
                  81.168.0.0/17
                  82.152.0.0/15
                  82.163.0.0/19
                  85.159.128.0/21
                  89.31.232.0/21
                  89.213.48.0-89.213.127.255
                  89.213.192.0/18
                  109.176.0.0/16
                  185.20.32.0/22
                  185.24.84.0/22
                  194.105.64.0/19
                  195.128.138.0/24
                  212.38.64.0/19
                  213.130.128.0/19
                  213.152.32.0/19
                  213.210.0.0/18
                  213.218.208.0-213.218.255.255
                  217.144.144.0/20
                  217.145.64.0/20
                IPv6:
                  2001:1a90::/32
                  2a00:c60::/32
                  2a02:21f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:79:01:c6:ce:06:cd:42:21:9c:10:d2:a0:08:54:19:dc:71:
         34:8c:00:58:c1:06:cf:42:d8:26:df:26:de:c2:c3:6b:53:39:
         2c:3e:81:d2:a0:c4:8f:9d:02:8e:1b:f7:23:0d:79:86:4e:6d:
         11:3f:ca:17:b0:f9:8a:de:9b:e1:04:c4:60:1c:92:89:75:5e:
         d3:f0:66:c5:ca:7a:ae:10:eb:2d:7d:c9:df:3f:26:f7:85:89:
         75:f4:5d:37:29:00:78:60:bb:11:b6:f0:92:78:e8:88:b3:0b:
         2c:82:2d:e7:98:12:0c:5f:e2:ff:1d:ac:3e:99:46:93:ab:87:
         71:dc:f8:66:98:11:f9:db:51:da:51:2a:a6:ae:9f:31:31:67:
         d1:a4:61:6f:82:aa:e4:1a:12:8a:32:6b:13:49:09:d5:7f:c6:
         b6:fe:78:4b:32:c9:79:c3:a8:60:bb:43:40:47:b8:6d:b3:3d:
         13:1b:ea:bd:51:d9:77:46:05:83:01:6d:3d:2a:dc:97:f1:50:
         8a:ae:4d:d3:d9:45:9d:4e:96:e8:96:c1:88:e1:7d:f8:ad:7c:
         22:39:d9:d1:24:b4:01:0a:42:77:06:37:10:0f:d1:33:47:74:
         62:7c:4f:4f:33:22:ed:57:a3:42:77:1e:c6:e5:e1:e8:e4:83:
         6b:e5:af:12
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAYrWRMtAJYzMLlCKaA2Aon2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTI3MTA1MjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGRiZDY1MjAwZWI1NTgwYzVkYmQzNjQ1NjVkNGQ1NmNjY2U3ZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaPYzjsSXMzHmEvkxVLdRjNxRn6U
NdgpJIQ2zE3mOxM2GB/LB0oQrLk8jCk/32BaVZVo4sx47OfzcOhExJcgjm2m1E22
pSYK1bWLiey9W1F4aiWspzhEtS2W4mI7sz1dvdpzXDB/AR4qqqC3FBNdwBMUGRk8
4NZjUm3yYKAplkBMGEnsNGhO/AcaPloRWnQVO9MbGKAJ/SmfKi4JH8dMZI6KNm5V
Hhx9ZTNwqccwmrfBU3+wqjAwMIK3JjI9ZE1XJGeZxsLaVhBl5X7oEgaBp68qih4L
ZLvPRJSSBn+W6ceLxubXd3jd4CoVzwG/b/POhhri/LqOUThYgykwRZe3GwIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFCDb1lIA61WAxdvTZFZdTVbMzn8gMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSU52V1VnRHJWWURGMjlOa1ZsMU5Wc3pPZnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBqgQCAAEwgaMDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6DAMAwQEWdUwAwQHWdUAAwQGWdXAAwMAbbADBAK5FCADBAK5
GFQDBAXCaUADBADDgIoDBAXUJkADBAXVgoADBAXVmCADBAbV0gAwCwMEBNXa0AMD
ANXaAwQE2ZCQAwQE2ZFAMBsEAgACMBUDBQAgARqQAwUAKgAMYAMFACoCIfgwDQYJ
KoZIhvcNAQELBQADggEBAEF5AcbOBs1CIZwQ0qAIVBnccTSMAFjBBs9C2CbfJt7C
w2tTOSw+gdKgxI+dAo4b9yMNeYZObRE/yhew+Yrem+EExGAckol1XtPwZsXKeq4Q
6y19yd8/JveFiXX0XTcpAHhguxG28JJ46IizCyyCLeeYEgxf4v8drD6ZRpOrh3Hc
+GaYEfnbUdpRKqaunzExZ9GkYW+CquQaEooyaxNJCdV/xrb+eEsyyXnDqGC7Q0BH
uG2zPRMb6r1R2XdGBYMBbT0q3JfxUIquTdPZRZ1OluiWwYjhffitfCI52dEktAEK
QncGNxAP0TNHdGJ8T08zIu1Xo0J3Hsbl4ejkg2vlrxI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org