Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MZkF_fYUXhIOq4Kh8JHXdfG6ec4.roa
File:                     MZkF_fYUXhIOq4Kh8JHXdfG6ec4.roa (raw, json)
Hash identifier:          tBCFQuFKRtpQS1HeDpltyITF29+neH2rvmXrD3qnC0A=
Subject key identifier:   31:99:05:FD:F6:14:5E:12:0E:AB:82:A1:F0:91:D7:75:F1:BA:79:CE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E8B6831F387FB4E5B3572CDA81B7DD0D8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MZkF_fYUXhIOq4Kh8JHXdfG6ec4.roa
Signing time:             Fri 29 Mar 2024 18:10:45 +0000
ROA not before:           Fri 29 Mar 2024 18:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.208.0/22 maxlen: 22
                          82.163.19.0/24 maxlen: 24
                          89.213.108.0/23 maxlen: 24
                          89.213.110.0/24 maxlen: 24
                          89.213.122.0/24 maxlen: 24
                          89.213.143.0/24 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.194.0/23 maxlen: 24
                          89.213.240.0/23 maxlen: 24
                          89.213.250.0/24 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.210.16.0/24 maxlen: 24
                          213.210.18.0/24 maxlen: 24
                          213.210.33.0/24 maxlen: 24
                          213.210.51.0/24 maxlen: 24
                          213.218.220.0/24 maxlen: 24
                          217.144.151.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 29 Mar 2024 19:20:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8b:68:31:f3:87:fb:4e:5b:35:72:cd:a8:1b:7d:d0:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 29 18:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=319905fdf6145e120eab82a1f091d775f1ba79ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:96:de:fc:30:38:8a:f7:c2:18:86:ea:36:91:
                    62:1f:8d:05:20:2a:81:ad:66:b3:6e:07:c0:d3:a9:
                    ec:e4:8f:7e:45:3c:83:87:ee:9f:70:74:3a:59:17:
                    a8:3d:09:85:b5:c1:77:cb:6f:03:16:d0:92:85:48:
                    28:05:24:88:6a:9e:07:97:72:02:0b:2b:ee:69:a4:
                    b4:68:db:3a:52:5b:6d:9c:54:44:4d:d1:1d:98:e2:
                    6d:dd:65:2d:b9:d3:21:aa:dd:66:82:9e:e0:ec:83:
                    cd:45:c8:bb:48:63:16:a8:6a:4f:1e:33:d9:f3:11:
                    ab:22:01:8e:54:79:63:b1:dc:9a:2e:aa:15:32:5f:
                    12:43:3b:ab:4f:4c:7e:65:7d:e3:45:47:ba:39:fe:
                    df:69:1f:f9:78:5f:88:4d:a8:b5:ee:2b:44:01:4f:
                    d5:99:5e:23:b8:29:42:de:aa:f9:3a:0b:cd:8b:69:
                    e0:6b:c0:25:14:c8:94:fc:a9:f2:83:dd:0b:73:42:
                    46:07:58:2d:29:60:6d:c8:a7:1b:1a:3f:b8:51:6c:
                    75:77:72:fc:29:08:96:a2:b6:1b:39:cb:fc:b8:2b:
                    84:1c:62:78:43:39:53:cc:4e:b4:ed:23:1d:45:71:
                    e2:5e:b9:98:af:49:67:e0:9e:de:20:d9:b1:04:12:
                    2c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:99:05:FD:F6:14:5E:12:0E:AB:82:A1:F0:91:D7:75:F1:BA:79:CE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MZkF_fYUXhIOq4Kh8JHXdfG6ec4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.174.0/23
                  82.153.208.0/22
                  82.163.19.0/24
                  89.213.108.0-89.213.110.255
                  89.213.122.0/24
                  89.213.143.0/24
                  89.213.147.0/24
                  89.213.181.0/24
                  89.213.194.0/23
                  89.213.240.0/23
                  89.213.250.0/24
                  194.105.80.0/20
                  213.210.16.0/24
                  213.210.18.0/24
                  213.210.33.0/24
                  213.210.51.0/24
                  213.218.220.0/24
                  217.144.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:5b:f8:fa:11:89:46:28:fe:b7:4c:02:83:fd:b0:78:30:a2:
         77:0c:3d:7c:a6:ba:74:36:cb:65:bb:09:11:d4:36:ef:9a:3a:
         61:50:c9:14:d8:9f:20:83:b6:af:25:d1:d6:4c:a7:df:db:75:
         f9:1f:08:94:ab:90:60:7b:79:7a:77:53:1b:7d:a2:9c:59:b5:
         1b:5d:24:84:b0:b1:ff:d9:d5:8a:49:93:a5:e1:52:f8:4f:53:
         34:a0:50:a8:c9:b4:b4:0d:27:16:e9:35:79:96:b5:e7:32:07:
         a3:3b:d0:d1:3a:e5:29:09:5b:9d:1b:a5:0d:62:b5:82:88:ba:
         7c:00:4a:ff:d8:c3:68:46:5b:ee:b7:8f:55:74:c5:f0:02:ab:
         b0:98:4d:ba:39:1e:40:50:c2:ef:0e:c1:3c:1d:d0:b7:e5:32:
         5a:5b:43:ae:d7:1d:52:aa:cb:26:7e:37:d9:42:c0:95:7f:2f:
         88:2a:58:62:d6:75:85:5d:70:0a:ab:c3:13:72:16:bb:32:63:
         8d:89:14:24:48:40:3b:d9:09:ed:65:39:27:9d:2f:ad:11:e0:
         e8:1c:a1:91:a9:1d:f5:8f:99:ce:b0:86:7d:da:76:00:17:aa:
         1f:d8:1a:e9:55:a0:19:a3:bd:3d:96:10:f7:15:46:b7:90:e1:
         f9:79:94:69
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAY6LaDHzh/tOWzVyzagbfdDYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI5MTgxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTk5MDVmZGY2MTQ1ZTEyMGVhYjgyYTFmMDkxZDc3NWYxYmE3OWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5be/DA4ivfCGIbqNpFiH40FICqB
rWazbgfA06ns5I9+RTyDh+6fcHQ6WReoPQmFtcF3y28DFtCShUgoBSSIap4Hl3IC
CyvuaaS0aNs6UlttnFRETdEdmOJt3WUtudMhqt1mgp7g7IPNRci7SGMWqGpPHjPZ
8xGrIgGOVHljsdyaLqoVMl8SQzurT0x+ZX3jRUe6Of7faR/5eF+ITai17itEAU/V
mV4juClC3qr5OgvNi2nga8AlFMiU/Knyg90Lc0JGB1gtKWBtyKcbGj+4UWx1d3L8
KQiWorYbOcv8uCuEHGJ4QzlTzE607SMdRXHiXrmYr0ln4J7eINmxBBIsdwIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFDGZBf32FF4SDquCofCR13XxunnOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTVprRl9mWVVYaElPcTRLaDhKSFhkZkc2ZWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAVKYrgME
AlKZ0AMEAFKjEzAMAwQCWdVsAwQAWdVuAwQAWdV6AwQAWdWPAwQAWdWTAwQAWdW1
AwQBWdXCAwQBWdXwAwQAWdX6AwQEwmlQAwQA1dIQAwQA1dISAwQA1dIhAwQA1dIz
AwQA1drcAwQA2ZCXMA0GCSqGSIb3DQEBCwUAA4IBAQAoW/j6EYlGKP63TAKD/bB4
MKJ3DD18prp0NstluwkR1DbvmjphUMkU2J8gg7avJdHWTKff23X5HwiUq5Bge3l6
d1MbfaKcWbUbXSSEsLH/2dWKSZOl4VL4T1M0oFCoybS0DScW6TV5lrXnMgejO9DR
OuUpCVudG6UNYrWCiLp8AEr/2MNoRlvut49VdMXwAquwmE26OR5AUMLvDsE8HdC3
5TJaW0Ou1x1SqssmfjfZQsCVfy+IKlhi1nWFXXAKq8MTcha7MmONiRQkSEA72Qnt
ZTknnS+tEeDoHKGRqR31j5nOsIZ92nYAF6of2BrpVaAZo709lhD3FUa3kOH5eZRp
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:22 2024 by rpki-client on console-ams.rpki-client.org