Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MKMVmYwjAFnmv-KFyaIVjq1X0Fs.roa
File:                     MKMVmYwjAFnmv-KFyaIVjq1X0Fs.roa (raw, json)
Hash identifier:          aFAxl11ZRyRvs+Qglmd6Yyue4Yohn6sKdp1QtC6MaUI=
Subject key identifier:   30:A3:15:99:8C:23:00:59:E6:BF:E2:85:C9:A2:15:8E:AD:57:D0:5B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018B915173740C5DDFD2009C4C90C30E1FF6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MKMVmYwjAFnmv-KFyaIVjq1X0Fs.roa
Signing time:             Thu 02 Nov 2023 18:35:16 +0000
ROA not before:           Thu 02 Nov 2023 18:35:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8851
IP address blocks:        89.213.64.0/18 maxlen: 24
                          37.252.24.0/21 maxlen: 24
                          80.240.80.0/20 maxlen: 20
                          77.107.64.0/18 maxlen: 24
                          213.210.0.0/18 maxlen: 24
                          85.159.128.0/21 maxlen: 24
                          212.38.64.0/19 maxlen: 24
                          37.98.144.0/22 maxlen: 24
                          37.98.144.0/21 maxlen: 24
                          109.176.0.0/16 maxlen: 16
                          89.213.48.0/20 maxlen: 24
                          89.213.192.0/18 maxlen: 24
                          213.218.208.0/20 maxlen: 24
                          89.31.232.0/21 maxlen: 24
                          185.20.34.0/24 maxlen: 24
                          185.20.35.0/24 maxlen: 24
                          79.99.72.0/21 maxlen: 24
                          185.20.32.0/22 maxlen: 24
                          213.218.224.0/19 maxlen: 24
                          81.168.0.0/17 maxlen: 17
                          82.163.0.0/19 maxlen: 24
                          217.144.144.0/20 maxlen: 24
                          217.145.64.0/20 maxlen: 24
                          185.24.84.0/22 maxlen: 24
                          194.105.64.0/19 maxlen: 24
                          213.130.128.0/19 maxlen: 24
                          82.152.0.0/16 maxlen: 16
                          81.5.128.0/18 maxlen: 18
                          82.152.0.0/15 maxlen: 15
                          195.128.138.0/24 maxlen: 24
                          213.152.32.0/19 maxlen: 19
                          2a02:21f8::/32 maxlen: 32
                          2a00:c60::/32 maxlen: 32
                          2001:1a90::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 04 Dec 2023 12:08:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:91:51:73:74:0c:5d:df:d2:00:9c:4c:90:c3:0e:1f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  2 18:35:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=30a315998c230059e6bfe285c9a2158ead57d05b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4b:09:17:ff:ce:ef:70:3d:f2:0c:5f:88:f6:
                    97:47:58:59:a6:1f:b6:61:41:f7:6b:d4:5f:5c:e1:
                    79:7a:f0:13:56:29:a2:3f:b6:97:d2:92:a2:87:30:
                    0f:4f:c0:7c:25:ea:cb:4a:36:df:3a:60:7d:55:e3:
                    79:06:80:fc:38:98:05:f0:00:15:af:78:fa:88:d6:
                    b3:f3:0a:8a:e3:cd:bf:c4:33:c5:f3:16:9d:98:9d:
                    8e:5c:53:e7:fe:c2:cb:92:16:c5:79:8c:9c:71:c4:
                    ba:2c:48:28:14:18:da:36:02:17:c6:21:d6:77:1f:
                    c2:58:e1:11:61:30:18:4d:d8:f2:87:5d:12:d8:34:
                    b0:62:b3:26:b1:c0:d8:5e:b9:25:42:c9:40:83:61:
                    7d:0a:92:f4:ed:04:db:b3:92:9a:1a:29:ce:65:92:
                    d0:e7:08:23:ec:2e:90:c0:08:52:9f:3b:8e:60:fc:
                    2d:af:c4:ed:8e:41:05:de:3b:38:63:31:5d:1d:e6:
                    75:5c:d5:95:0c:39:07:1f:a8:07:16:c6:0e:56:a3:
                    29:34:10:a6:79:36:b9:c9:de:9c:45:06:c0:77:70:
                    4f:9c:59:76:07:b3:46:5b:44:0c:ca:82:95:54:9e:
                    c9:f7:e2:a3:39:09:ee:91:3c:51:a2:0c:b9:f2:2f:
                    85:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A3:15:99:8C:23:00:59:E6:BF:E2:85:C9:A2:15:8E:AD:57:D0:5B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MKMVmYwjAFnmv-KFyaIVjq1X0Fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.144.0/21
                  37.252.24.0/21
                  77.107.64.0/18
                  79.99.72.0/21
                  80.240.80.0/20
                  81.5.128.0/18
                  81.168.0.0/17
                  82.152.0.0/15
                  82.163.0.0/19
                  85.159.128.0/21
                  89.31.232.0/21
                  89.213.48.0-89.213.127.255
                  89.213.192.0/18
                  109.176.0.0/16
                  185.20.32.0/22
                  185.24.84.0/22
                  194.105.64.0/19
                  195.128.138.0/24
                  212.38.64.0/19
                  213.130.128.0/19
                  213.152.32.0/19
                  213.210.0.0/18
                  213.218.208.0-213.218.255.255
                  217.144.144.0/20
                  217.145.64.0/20
                IPv6:
                  2001:1a90::/32
                  2a00:c60::/32
                  2a02:21f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:39:79:4c:cb:de:81:60:85:5d:51:0e:e1:61:2b:53:8a:fa:
         9c:78:62:3e:ed:fe:e5:32:70:b7:51:5a:ea:a4:1a:90:c1:20:
         56:6b:99:6b:4f:e6:fb:33:a1:c2:c5:64:bb:a8:40:16:8f:fd:
         63:2e:41:ac:54:72:03:f7:98:bc:7c:e6:ef:15:60:83:7a:4a:
         5b:16:73:ab:e3:d1:78:57:1f:e7:7e:8b:59:32:f9:5b:61:73:
         2c:df:06:f2:4a:c2:3d:11:f6:60:23:e0:e9:b2:46:2a:8d:16:
         05:72:28:f4:b6:57:f3:d8:d7:2d:7b:3e:4e:fc:eb:15:7e:0d:
         a0:66:9c:ba:3a:a7:26:a7:57:02:17:2e:da:e8:5f:44:1b:4e:
         ec:cd:2a:b0:b6:f6:c4:42:24:af:99:97:55:05:bf:5d:c2:6f:
         dc:c1:d1:bc:d9:ce:71:c4:cd:3d:43:a7:12:70:4f:d6:6e:7d:
         29:ae:06:9d:f3:8b:5c:fb:b9:de:30:1f:eb:0c:9f:5c:bb:fe:
         74:16:e8:d7:88:4a:21:ac:6e:be:60:ee:69:28:9f:fd:c1:b0:
         67:a1:06:50:5a:b1:da:58:e6:b6:32:31:15:6d:62:bf:ca:9c:
         77:72:30:30:15:2f:8b:a6:6a:28:a6:0c:f4:7b:3f:1d:49:e2:
         2d:38:66:6c
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAYuRUXN0DF3f0gCcTJDDDh/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTAyMTgzNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGEzMTU5OThjMjMwMDU5ZTZiZmUyODVjOWEyMTU4ZWFkNTdkMDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0sJF//O73A98gxfiPaXR1hZph+2
YUH3a9RfXOF5evATVimiP7aX0pKihzAPT8B8JerLSjbfOmB9VeN5BoD8OJgF8AAV
r3j6iNaz8wqK482/xDPF8xadmJ2OXFPn/sLLkhbFeYycccS6LEgoFBjaNgIXxiHW
dx/CWOERYTAYTdjyh10S2DSwYrMmscDYXrklQslAg2F9CpL07QTbs5KaGinOZZLQ
5wgj7C6QwAhSnzuOYPwtr8TtjkEF3js4YzFdHeZ1XNWVDDkHH6gHFsYOVqMpNBCm
eTa5yd6cRQbAd3BPnFl2B7NGW0QMyoKVVJ7J9+KjOQnukTxRogy58i+F8wIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFDCjFZmMIwBZ5r/ihcmiFY6tV9BbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTUtNVm1Zd2pBRm5tdi1LRnlhSVZqcTFYMEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBqgQCAAEwgaMDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6DAMAwQEWdUwAwQHWdUAAwQGWdXAAwMAbbADBAK5FCADBAK5
GFQDBAXCaUADBADDgIoDBAXUJkADBAXVgoADBAXVmCADBAbV0gAwCwMEBNXa0AMD
ANXaAwQE2ZCQAwQE2ZFAMBsEAgACMBUDBQAgARqQAwUAKgAMYAMFACoCIfgwDQYJ
KoZIhvcNAQELBQADggEBADw5eUzL3oFghV1RDuFhK1OK+px4Yj7t/uUycLdRWuqk
GpDBIFZrmWtP5vszocLFZLuoQBaP/WMuQaxUcgP3mLx85u8VYIN6SlsWc6vj0XhX
H+d+i1ky+VthcyzfBvJKwj0R9mAj4OmyRiqNFgVyKPS2V/PY1y17Pk786xV+DaBm
nLo6pyanVwIXLtroX0QbTuzNKrC29sRCJK+Zl1UFv13Cb9zB0bzZznHEzT1DpxJw
T9ZufSmuBp3zi1z7ud4wH+sMn1y7/nQW6NeISiGsbr5g7mkon/3BsGehBlBasdpY
5rYyMRVtYr/KnHdyMDAVL4umaiimDPR7Px1J4i04Zmw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:22 2024 by rpki-client on console-ams.rpki-client.org