Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K55Uea99hCobz6VsZu4qSFeKRlc.roa
File:                     K55Uea99hCobz6VsZu4qSFeKRlc.roa (raw, json)
Hash identifier:          qBA+T11NF9OdViQH8/YYnO/sGk6xiGEfSxOMdFXItis=
Subject key identifier:   2B:9E:54:79:AF:7D:84:2A:1B:CF:A5:6C:66:EE:2A:48:57:8A:46:57
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018A60074902423813B3B61954456D8EBEC7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K55Uea99hCobz6VsZu4qSFeKRlc.roa
Signing time:             Mon 04 Sep 2023 11:50:04 +0000
ROA not before:           Mon 04 Sep 2023 11:50:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.178.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.137.0/24 maxlen: 24
                          89.213.138.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.135.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.159.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          89.213.167.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 04 Sep 2023 12:14:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:60:07:49:02:42:38:13:b3:b6:19:54:45:6d:8e:be:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  4 11:50:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b9e5479af7d842a1bcfa56c66ee2a48578a4657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e6:3e:28:3f:3c:c6:02:cb:93:ad:13:08:e8:
                    db:e9:c9:1f:59:6e:73:28:59:2d:ea:c7:cb:2a:b7:
                    75:b2:00:13:1c:eb:20:0b:14:77:6a:d3:ce:de:64:
                    14:fa:87:fc:52:ec:69:07:e2:de:02:b6:80:9e:94:
                    be:6c:c9:91:2a:d2:9e:8c:42:f7:4c:41:b5:76:2e:
                    9e:cb:bd:d1:f6:2d:33:1c:29:39:05:d8:8c:e7:6a:
                    38:61:5d:c0:4e:e9:d8:60:5c:de:06:49:6d:3e:cd:
                    13:a1:41:bc:2f:fe:9b:0b:68:91:90:ee:72:83:67:
                    8d:3d:34:ab:a7:66:9c:97:c3:70:77:42:7f:7a:29:
                    7f:3d:9e:67:89:05:5b:20:7e:19:07:bd:e2:95:04:
                    ff:ab:15:aa:c2:36:90:62:d5:33:76:8b:a4:d3:f9:
                    d9:bb:37:ff:08:98:02:2e:eb:fe:13:75:65:de:20:
                    55:ba:3c:d7:32:62:b8:74:ff:91:44:eb:32:c3:34:
                    2b:01:12:d3:c0:76:c6:58:92:31:07:3c:5f:6e:6d:
                    99:ce:b0:bf:2d:7b:c8:56:59:2e:df:07:44:3e:d9:
                    6d:4e:8c:c7:7a:8f:f4:0a:c8:77:28:8b:a5:9c:e0:
                    6e:0d:9f:d0:31:8f:7f:80:f3:6b:59:14:1c:7e:7d:
                    5a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:9E:54:79:AF:7D:84:2A:1B:CF:A5:6C:66:EE:2A:48:57:8A:46:57
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K55Uea99hCobz6VsZu4qSFeKRlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0-82.153.250.255
                  89.213.5.0/24
                  89.213.133.0-89.213.141.255
                  89.213.145.0/24
                  89.213.148.0-89.213.155.255
                  89.213.157.0-89.213.160.255
                  89.213.162.0-89.213.164.255
                  89.213.167.0-89.213.168.255
                  89.213.170.0/24
                  89.213.172.0-89.213.185.255
                  89.213.188.0/23
                  109.176.208.0/23
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:54:85:60:e6:27:15:bb:3d:d0:b5:0f:1e:fe:bd:21:ba:cc:
         e1:bb:7b:e3:57:f6:06:83:86:a9:05:67:fe:5f:33:16:99:1a:
         81:58:82:3b:d9:2b:ed:53:5e:17:3f:e6:63:14:1a:96:79:11:
         b0:7f:02:f3:fa:85:11:27:f1:df:9f:41:43:0c:10:0c:99:86:
         54:c2:13:09:b3:e5:78:aa:f3:bc:41:67:d2:97:8f:27:38:1c:
         ad:01:78:bf:87:8d:a4:0b:7b:94:07:cb:e5:df:7b:47:da:c2:
         03:0f:a3:79:b0:31:d2:82:22:97:f0:42:f9:ba:66:cf:46:10:
         d7:69:74:c1:40:69:30:3a:4c:96:4b:03:a5:c2:63:5d:13:f4:
         3f:60:67:ad:6a:eb:41:39:ae:ff:b4:17:b6:a5:89:3e:58:89:
         4b:2c:ff:b7:4b:77:f0:4f:46:8a:c2:e2:3f:6a:44:3c:d0:d1:
         41:25:0e:d1:b8:37:9f:6b:61:f5:0c:7e:ea:1d:2d:6a:95:bc:
         3d:74:f2:3b:47:0f:db:af:15:5e:ff:6a:a3:e6:2a:33:75:e4:
         ef:da:40:97:a3:95:66:9b:fe:c7:29:98:ef:64:8b:9d:77:cf:
         4b:fb:c6:6d:e6:d7:c8:39:d4:0a:72:2f:90:4a:39:91:a8:ed:
         9b:91:0e:5b
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgISAYpgB0kCQjgTs7YZVEVtjr7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTA0MTE1MDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjllNTQ3OWFmN2Q4NDJhMWJjZmE1NmM2NmVlMmE0ODU3OGE0NjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuY+KD88xgLLk60TCOjb6ckfWW5z
KFkt6sfLKrd1sgATHOsgCxR3atPO3mQU+of8UuxpB+LeAraAnpS+bMmRKtKejEL3
TEG1di6ey73R9i0zHCk5BdiM52o4YV3ATunYYFzeBkltPs0ToUG8L/6bC2iRkO5y
g2eNPTSrp2acl8Nwd0J/eil/PZ5niQVbIH4ZB73ilQT/qxWqwjaQYtUzdouk0/nZ
uzf/CJgCLuv+E3Vl3iBVujzXMmK4dP+RROsywzQrARLTwHbGWJIxBzxfbm2ZzrC/
LXvIVlku3wdEPtltTozHeo/0Csh3KIulnOBuDZ/QMY9/gPNrWRQcfn1aWwIDAQAB
o4IDPTCCAzkwHQYDVR0OBBYEFCueVHmvfYQqG8+lbGbuKkhXikZXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSzU1VWVhOTloQ29iejZWc1p1NHFTRmVLUmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBUQYIKwYBBQUHAQcBAf8EggFAMIIBPDCCATgEAgABMIIB
MAMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwMAwDBABSmfkDBABSmfoDBABZ1QUwDAMEAFnVhQMEAVnV
jAMEAFnVkTAMAwQCWdWUAwQCWdWYMAwDBABZ1Z0DBABZ1aAwDAMEAVnVogMEAFnV
pDAMAwQAWdWnAwQAWdWoAwQAWdWqMAwDBAJZ1awDBAFZ1bgDBAFZ1bwDBAFtsNAD
BABtsNMDBANtsNgwDAMEAG2w9QMEAG2w9jAMAwQDbbD4AwQAbbD6MAwDBAC5MX0D
BAe5MQADBADVmCoDBADVmD0wDQYJKoZIhvcNAQELBQADggEBAFFUhWDmJxW7PdC1
Dx7+vSG6zOG7e+NX9gaDhqkFZ/5fMxaZGoFYgjvZK+1TXhc/5mMUGpZ5EbB/AvP6
hREn8d+fQUMMEAyZhlTCEwmz5Xiq87xBZ9KXjyc4HK0BeL+HjaQLe5QHy+Xfe0fa
wgMPo3mwMdKCIpfwQvm6Zs9GENdpdMFAaTA6TJZLA6XCY10T9D9gZ61q60E5rv+0
F7aliT5YiUss/7dLd/BPRorC4j9qRDzQ0UElDtG4N59rYfUMfuodLWqVvD108jtH
D9uvFV7/aqPmKjN15O/aQJejlWab/scpmO9ki513z0v7xm3m18g51ApyL5BKOZGo
7ZuRDls=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org