Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LnPfF-T5zkoxGDpJ5JKGOgQuTB4.roa
File:                     LnPfF-T5zkoxGDpJ5JKGOgQuTB4.roa (raw, json)
Hash identifier:          e6FdrW/72KJC7zCAMaA7FWl1xT/p7LEwsV1rIr9Yd40=
Subject key identifier:   2E:73:DF:17:E4:F9:CE:4A:31:18:3A:49:E4:92:86:3A:04:2E:4C:1E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FA57C61A68CE64D8560B7887AB8B7A55C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LnPfF-T5zkoxGDpJ5JKGOgQuTB4.roa
Signing time:             Thu 23 May 2024 12:45:43 +0000
ROA not before:           Thu 23 May 2024 12:45:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        82.153.152.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          89.213.43.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.161.0/24 maxlen: 24
                          109.176.32.0/21 maxlen: 24
                          109.176.40.0/21 maxlen: 24
                          109.176.48.0/21 maxlen: 24
                          109.176.56.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Sun 26 May 2024 07:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:7c:61:a6:8c:e6:4d:85:60:b7:88:7a:b8:b7:a5:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 23 12:45:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e73df17e4f9ce4a31183a49e492863a042e4c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:02:f2:d9:1b:64:2b:3a:06:ff:be:95:d2:65:
                    4d:b3:ce:e9:b7:56:c8:0c:43:a3:88:ff:b3:0d:d2:
                    03:16:b1:08:cc:8a:14:c6:2f:8d:99:77:40:bb:47:
                    b5:e2:cf:5d:bb:52:c9:7f:5a:9c:63:36:ed:e9:45:
                    a5:d9:18:07:9b:56:1c:0d:ea:38:5b:4e:83:61:c7:
                    30:6c:96:55:ed:97:e4:4e:20:17:f7:09:a1:89:b9:
                    72:cf:88:9b:db:66:b5:55:4c:f4:e1:51:bc:b9:7a:
                    80:be:80:6c:8d:eb:81:39:c5:5a:e3:e7:c2:6f:96:
                    23:55:2a:a6:c2:23:0d:75:f8:9b:3a:c9:bf:0b:38:
                    a1:69:a2:b0:a6:5e:98:d7:b1:50:cb:5f:d9:91:35:
                    e0:75:da:05:3e:cb:98:48:a5:03:ed:72:a8:e1:71:
                    8e:5a:75:45:bc:f6:9f:6b:59:96:b0:d5:15:c4:df:
                    d0:27:8c:31:ad:35:5a:2e:15:8b:df:51:f6:81:4d:
                    1f:fb:a2:67:38:85:93:24:cb:04:a6:7c:c1:a4:d6:
                    ec:7b:aa:24:0f:6f:d0:3c:62:e1:9f:ae:fe:50:f3:
                    0b:c0:a8:95:c5:10:26:80:99:61:03:62:a8:d5:41:
                    86:7a:b5:5f:bd:2e:87:c3:3d:0a:c9:ab:04:27:6c:
                    1c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:73:DF:17:E4:F9:CE:4A:31:18:3A:49:E4:92:86:3A:04:2E:4C:1E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LnPfF-T5zkoxGDpJ5JKGOgQuTB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.152.0/24
                  82.153.225.0/24
                  89.213.43.0/24
                  89.213.145.0-89.213.146.255
                  89.213.161.0/24
                  109.176.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         78:04:6b:e7:63:16:72:1f:0e:d0:91:09:27:7b:a0:ec:b6:ba:
         ff:0c:9e:0c:6e:5e:f7:ba:3a:b5:7a:5a:f2:1a:61:14:4b:72:
         82:fc:c8:c6:b1:b0:be:77:8f:4c:5f:7d:cb:10:7d:68:16:ce:
         1f:76:6f:93:49:66:54:38:a4:54:bf:50:bf:43:57:a0:0f:e6:
         f9:ad:a6:5b:00:0c:65:65:2d:15:2f:45:82:7a:30:47:8f:33:
         66:e9:af:d7:d4:e1:63:1c:59:67:46:df:47:75:b1:7e:e9:37:
         92:70:47:ce:57:31:1b:eb:fb:3b:0d:59:de:c5:6c:fd:8e:0b:
         b6:82:a0:fd:fc:dc:e8:6f:2c:3a:2a:42:21:3b:f7:ee:43:75:
         a1:35:22:04:67:65:0c:8e:55:d3:1d:38:26:6f:c9:8e:82:a7:
         b3:e0:e0:1f:93:a1:0b:f9:6c:b1:dd:7a:15:64:43:be:72:8f:
         b8:24:08:ee:fb:36:81:94:bf:19:bb:bd:c9:e3:d6:b8:87:c5:
         b4:3a:15:f2:07:4b:56:7c:59:d3:e0:10:bb:e2:29:64:99:7e:
         d6:2d:93:56:2d:4d:01:3d:7b:65:23:e5:e1:e6:9a:a5:60:b8:
         62:e4:d1:bf:75:32:74:77:7f:cf:b0:6e:1f:14:9d:d6:0c:f3:
         25:7f:5d:cd
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY+lfGGmjOZNhWC3iHq4t6VcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIzMTI0NTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTczZGYxN2U0ZjljZTRhMzExODNhNDllNDkyODYzYTA0MmU0YzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgLy2RtkKzoG/76V0mVNs87pt1bI
DEOjiP+zDdIDFrEIzIoUxi+NmXdAu0e14s9du1LJf1qcYzbt6UWl2RgHm1YcDeo4
W06DYccwbJZV7ZfkTiAX9wmhiblyz4ib22a1VUz04VG8uXqAvoBsjeuBOcVa4+fC
b5YjVSqmwiMNdfibOsm/CzihaaKwpl6Y17FQy1/ZkTXgddoFPsuYSKUD7XKo4XGO
WnVFvPafa1mWsNUVxN/QJ4wxrTVaLhWL31H2gU0f+6JnOIWTJMsEpnzBpNbse6ok
D2/QPGLhn67+UPMLwKiVxRAmgJlhA2Ko1UGGerVfvS6Hwz0KyasEJ2wcyQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFC5z3xfk+c5KMRg6SeSShjoELkweMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTG5QZkYtVDV6a294R0RwSjVKS0dPZ1F1VEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAUpmYAwQA
UpnhAwQAWdUrMAwDBABZ1ZEDBABZ1ZIDBABZ1aEDBAVtsCAwDQYJKoZIhvcNAQEL
BQADggEBAHgEa+djFnIfDtCRCSd7oOy2uv8MngxuXve6OrV6WvIaYRRLcoL8yMax
sL53j0xffcsQfWgWzh92b5NJZlQ4pFS/UL9DV6AP5vmtplsADGVlLRUvRYJ6MEeP
M2bpr9fU4WMcWWdG30d1sX7pN5JwR85XMRvr+zsNWd7FbP2OC7aCoP383OhvLDoq
QiE79+5DdaE1IgRnZQyOVdMdOCZvyY6Cp7Pg4B+ToQv5bLHdehVkQ75yj7gkCO77
NoGUvxm7vcnj1riHxbQ6FfIHS1Z8WdPgELviKWSZftYtk1YtTQE9e2Uj5eHmmqVg
uGLk0b91MnR3f8+wbh8UndYM8yV/Xc0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org