Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K6YraR7b4-rKEXhuqy3zDlmmxYo.roa
File:                     K6YraR7b4-rKEXhuqy3zDlmmxYo.roa (raw, json)
Hash identifier:          3n8CIkz38wAw2okh9sKIQr1LHOJPWbNeHVDN8XHWhkk=
Subject key identifier:   2B:A6:2B:69:1E:DB:E3:EA:CA:11:78:6E:AB:2D:F3:0E:59:A6:C5:8A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189A60450E065982866B551AD6E46FEDEFA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K6YraR7b4-rKEXhuqy3zDlmmxYo.roa
Signing time:             Sun 30 Jul 2023 08:57:27 +0000
ROA not before:           Sun 30 Jul 2023 08:57:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200482
IP address blocks:        82.153.137.0/24 maxlen: 24
                          82.153.140.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 01 Aug 2023 08:47:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:a6:04:50:e0:65:98:28:66:b5:51:ad:6e:46:fe:de:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 30 08:57:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2ba62b691edbe3eaca11786eab2df30e59a6c58a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:93:95:78:ce:c1:72:8c:48:a7:ac:e0:62:31:
                    4f:72:0c:0e:ae:95:37:8a:cc:ac:b1:ca:42:85:3f:
                    36:d8:b9:7f:5d:71:a7:75:c7:75:a7:23:2d:a3:49:
                    d3:e4:32:b0:fb:3a:a4:6a:cd:b1:8b:8f:63:bc:b2:
                    fb:ce:ff:0c:83:1c:4a:1f:95:ad:c3:91:9e:4d:2b:
                    b8:ef:b5:c5:c7:38:d3:53:f7:49:6b:cf:42:83:8e:
                    da:4b:e3:ce:8b:d6:34:5e:56:c2:39:75:35:4f:15:
                    97:36:85:26:cf:1c:40:f1:50:b4:56:27:7d:29:fe:
                    9a:e7:53:b0:5e:3b:aa:c8:c4:d4:a7:a4:0c:1e:f0:
                    2b:25:33:6b:38:69:8f:f2:6f:4e:fc:b7:82:fb:d3:
                    38:fe:f1:99:cb:d9:b7:1a:3a:56:c4:87:90:c8:63:
                    09:3f:a5:74:45:ac:15:d9:a8:3a:25:4b:92:84:8b:
                    31:df:ef:8a:2b:0f:25:f5:78:4b:d4:00:92:b9:d7:
                    1b:42:fa:0a:42:e2:0b:b8:96:f7:ec:21:a5:8a:4e:
                    23:a6:35:9f:3e:50:c6:78:c8:5a:03:cb:c6:e6:57:
                    ab:64:48:fe:ae:25:86:4c:fd:57:51:a3:89:05:1f:
                    d2:61:63:d9:44:05:c3:e8:fb:f3:78:51:38:44:fa:
                    35:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:A6:2B:69:1E:DB:E3:EA:CA:11:78:6E:AB:2D:F3:0E:59:A6:C5:8A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/K6YraR7b4-rKEXhuqy3zDlmmxYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.4.0/24
                  82.153.137.0/24
                  82.153.140.0/24
                  89.213.6.0/23
                  89.213.150.0/24
                  89.213.152.0/24
                  89.213.163.0/24
                  89.213.168.0/24
                  89.213.172.0/23
                  89.213.176.0/24
                  89.213.180.0/24
                  89.213.182.0/24
                  89.213.185.0-89.213.187.255

    Signature Algorithm: sha256WithRSAEncryption
         0b:80:59:60:d1:08:a7:3d:f0:45:c6:a3:9b:37:2b:95:07:63:
         2e:39:04:c2:61:1a:32:91:c8:85:41:c3:28:75:18:cb:50:5e:
         94:24:a6:49:36:9e:41:72:cd:40:19:08:93:5d:58:8f:ec:8c:
         85:b5:0b:f4:ec:11:cb:fb:9d:48:ee:d3:69:e3:b5:e8:c5:1f:
         2c:43:b3:78:56:7d:6f:17:2f:4b:64:52:1c:c6:ac:90:c1:ea:
         d3:c5:bb:61:67:87:70:36:08:7b:68:7f:a1:10:95:70:16:c4:
         bf:15:21:f0:4e:94:62:ce:fc:79:ac:02:d1:80:63:ce:50:d1:
         8b:f1:f7:b9:84:e1:00:ec:52:21:fa:e7:32:4f:54:12:80:6f:
         7a:b8:69:ce:66:40:e8:d3:79:06:6d:cb:80:60:c1:40:bc:51:
         8d:4d:8d:1e:3a:f0:84:68:da:08:16:8f:3e:b0:6c:fc:9c:b6:
         66:c2:63:b7:4f:17:c8:65:a1:08:f7:e9:61:44:5f:bc:c0:29:
         c1:52:52:45:21:e1:93:44:74:84:60:ab:81:0b:2b:61:bb:51:
         38:12:83:f5:3d:3d:7f:3a:af:a5:f2:b1:50:7a:ce:48:f2:1f:
         ef:89:ed:01:2c:b9:4a:e0:b9:92:6a:92:61:ba:94:f1:28:0f:
         aa:f6:63:09
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYmmBFDgZZgoZrVRrW5G/t76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzMwMDg1NzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmE2MmI2OTFlZGJlM2VhY2ExMTc4NmVhYjJkZjMwZTU5YTZjNThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJOVeM7BcoxIp6zgYjFPcgwOrpU3
isysscpChT822Ll/XXGndcd1pyMto0nT5DKw+zqkas2xi49jvLL7zv8MgxxKH5Wt
w5GeTSu477XFxzjTU/dJa89Cg47aS+POi9Y0XlbCOXU1TxWXNoUmzxxA8VC0Vid9
Kf6a51OwXjuqyMTUp6QMHvArJTNrOGmP8m9O/LeC+9M4/vGZy9m3GjpWxIeQyGMJ
P6V0RawV2ag6JUuShIsx3++KKw8l9XhL1ACSudcbQvoKQuILuJb37CGlik4jpjWf
PlDGeMhaA8vG5lerZEj+riWGTP1XUaOJBR/SYWPZRAXD6PvzeFE4RPo1iwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFCumK2ke2+PqyhF4bqst8w5ZpsWKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSzZZcmFSN2I0LXJLRVhodXF5M3pEbG1teFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAUpkEAwQA
UpmJAwQAUpmMAwQBWdUGAwQAWdWWAwQAWdWYAwQAWdWjAwQAWdWoAwQBWdWsAwQA
WdWwAwQAWdW0AwQAWdW2MAwDBABZ1bkDBAJZ1bgwDQYJKoZIhvcNAQELBQADggEB
AAuAWWDRCKc98EXGo5s3K5UHYy45BMJhGjKRyIVBwyh1GMtQXpQkpkk2nkFyzUAZ
CJNdWI/sjIW1C/TsEcv7nUju02njtejFHyxDs3hWfW8XL0tkUhzGrJDB6tPFu2Fn
h3A2CHtof6EQlXAWxL8VIfBOlGLO/HmsAtGAY85Q0Yvx97mE4QDsUiH65zJPVBKA
b3q4ac5mQOjTeQZty4BgwUC8UY1NjR468IRo2ggWjz6wbPyctmbCY7dPF8hloQj3
6WFEX7zAKcFSUkUh4ZNEdIRgq4ELK2G7UTgSg/U9PX86r6XysVB6zkjyH++J7QEs
uUrguZJqkmG6lPEoD6r2Ywk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org