Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KULo6t4M70hCPt_2NnYBYvgU6Q4.roa
File:                     KULo6t4M70hCPt_2NnYBYvgU6Q4.roa (raw, json)
Hash identifier:          iRLx7J5hzrD4jrbDmhWkxtjfj3S68V5MQgruU0rfY24=
Subject key identifier:   29:42:E8:EA:DE:0C:EF:48:42:3E:DF:F6:36:76:01:62:F8:14:E9:0E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F49EE2CF7BC5951F98D364032B0350279
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KULo6t4M70hCPt_2NnYBYvgU6Q4.roa
Signing time:             Sun 05 May 2024 18:04:56 +0000
ROA not before:           Sun 05 May 2024 18:04:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          82.163.15.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          212.38.74.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
                          212.38.84.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 07 May 2024 07:11:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:49:ee:2c:f7:bc:59:51:f9:8d:36:40:32:b0:35:02:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  5 18:04:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2942e8eade0cef48423edff636760162f814e90e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e8:f1:a0:78:2d:4e:a0:b2:68:74:6f:75:54:
                    67:ed:a1:d7:68:7f:c1:90:0b:82:5d:b8:12:b6:15:
                    27:d4:ad:4a:e0:e6:03:e6:bd:6c:88:b1:5e:20:d2:
                    0b:aa:ad:36:55:80:fd:f1:7b:fc:3f:63:96:da:84:
                    35:ce:6a:37:86:b9:e8:b6:4c:8b:ef:7a:37:84:fe:
                    30:77:1f:7e:92:9b:c0:cd:d5:35:2d:98:45:f9:35:
                    23:f7:d0:0a:90:6b:bc:2b:d1:49:5d:2f:ed:98:60:
                    1f:d0:b3:27:35:b1:52:0f:50:6b:cb:ff:9e:e6:a2:
                    02:12:56:90:bf:53:c6:ce:16:09:78:fd:1e:e4:7c:
                    cc:61:2a:65:1f:e4:1c:64:ac:05:52:73:bc:dc:d8:
                    58:d8:97:e0:5d:83:97:06:6a:7e:ff:79:dd:c8:99:
                    f6:f5:82:ab:25:d8:10:95:a1:77:37:52:b2:03:c8:
                    89:da:e9:a1:a2:44:47:e3:4d:e9:ca:90:be:be:5a:
                    32:3e:e4:7f:8d:34:1f:0f:15:84:49:25:5e:1f:a3:
                    99:e4:1b:fc:7c:a6:3a:15:e9:39:52:c6:d7:1e:a7:
                    14:d7:54:ff:c6:fd:11:0a:01:db:bc:24:7a:37:b1:
                    68:5d:d5:62:64:1d:01:13:6b:f9:34:fd:c0:eb:bb:
                    8e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:42:E8:EA:DE:0C:EF:48:42:3E:DF:F6:36:76:01:62:F8:14:E9:0E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KULo6t4M70hCPt_2NnYBYvgU6Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  82.163.15.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  109.176.244.0/24
                  185.49.126.0/23
                  194.105.80.0/20
                  212.38.74.0/24
                  212.38.79.0/24
                  212.38.84.0/24
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:43:77:95:c1:e6:ce:be:b2:30:02:25:48:4f:21:f4:c4:0a:
         dd:68:67:6a:46:68:90:a7:81:cd:4a:99:18:5e:91:5f:be:6f:
         04:e0:e1:41:9f:43:e8:7a:e9:6d:69:ff:ce:c2:22:8f:7d:d8:
         06:66:54:cd:f4:4b:a0:e2:70:53:5f:be:ab:c0:ee:c4:96:e0:
         d1:0c:9f:44:4e:18:9b:16:55:5f:6f:d0:01:72:e8:32:d2:86:
         71:af:cf:c3:2a:85:7c:2d:f0:e4:df:70:4c:5d:2a:de:a9:bf:
         fa:64:77:c0:90:77:5d:05:ba:2f:1a:56:e4:1e:3f:84:2f:b8:
         97:cf:36:4e:31:5b:01:1b:6b:d7:66:aa:ec:5d:c9:31:b2:dc:
         fa:6d:59:c3:cb:bb:32:72:29:01:ad:df:86:d0:15:04:69:1b:
         3c:92:e4:22:e4:df:65:e1:60:67:0b:4d:53:11:ef:58:d1:d5:
         86:40:91:4b:20:fb:af:26:b2:a9:2e:9a:fc:d0:b6:46:d1:e7:
         4e:8c:ee:52:40:da:e9:b8:e5:59:94:35:f9:af:26:d1:8d:2c:
         f5:a2:1c:93:c0:24:09:19:3d:3f:66:9e:5b:8d:91:5e:fb:6b:
         e4:80:03:6a:24:fc:98:16:55:b2:d0:84:9f:da:f8:17:a4:c1:
         4f:17:37:33
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAY9J7iz3vFlR+Y02QDKwNQJ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA1MTgwNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQyZThlYWRlMGNlZjQ4NDIzZWRmZjYzNjc2MDE2MmY4MTRlOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoejxoHgtTqCyaHRvdVRn7aHXaH/B
kAuCXbgSthUn1K1K4OYD5r1siLFeINILqq02VYD98Xv8P2OW2oQ1zmo3hrnotkyL
73o3hP4wdx9+kpvAzdU1LZhF+TUj99AKkGu8K9FJXS/tmGAf0LMnNbFSD1Bry/+e
5qICElaQv1PGzhYJeP0e5HzMYSplH+QcZKwFUnO83NhY2JfgXYOXBmp+/3ndyJn2
9YKrJdgQlaF3N1KyA8iJ2umhokRH403pypC+vloyPuR/jTQfDxWESSVeH6OZ5Bv8
fKY6Fek5UsbXHqcU11T/xv0RCgHbvCR6N7FoXdViZB0BE2v5NP3A67uOKQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFClC6OreDO9IQj7f9jZ2AWL4FOkOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS1VMbzZ0NE03MGhDUHRfMk5uWUJZdmdVNlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAFGofgME
AVKYsAMEAlKZiAMEAFKZ9QMEAFKjDzAMAwQCWdWUAwQFWdWAAwQCWdWsAwQAWdW0
AwQDbbAQAwQAbbD0AwQBuTF+AwQEwmlQAwQA1CZKAwQA1CZPAwQA1CZUAwQA1YKV
AwQB1drSAwQA1drVMA0GCSqGSIb3DQEBCwUAA4IBAQBqQ3eVwebOvrIwAiVITyH0
xArdaGdqRmiQp4HNSpkYXpFfvm8E4OFBn0Poeultaf/OwiKPfdgGZlTN9Eug4nBT
X76rwO7EluDRDJ9EThibFlVfb9ABcugy0oZxr8/DKoV8LfDk33BMXSreqb/6ZHfA
kHddBbovGlbkHj+EL7iXzzZOMVsBG2vXZqrsXckxstz6bVnDy7sycikBrd+G0BUE
aRs8kuQi5N9l4WBnC01TEe9Y0dWGQJFLIPuvJrKpLpr80LZG0edOjO5SQNrpuOVZ
lDX5rybRjSz1ohyTwCQJGT0/Zp5bjZFe+2vkgANqJPyYFlWy0ISf2vgXpMFPFzcz
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:22 2024 by rpki-client on console-ams.rpki-client.org