Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/M_-wa1kbnc8ljFdQjEvYJg3-b_c.roa
File:                     M_-wa1kbnc8ljFdQjEvYJg3-b_c.roa (raw, json)
Hash identifier:          ChUkv3m6C7UCyiEL51dThpC/RzfTbNb+dQJPeoA+fiY=
Subject key identifier:   33:FF:B0:6B:59:1B:9D:CF:25:8C:57:50:8C:4B:D8:26:0D:FE:6F:F7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01895DF03D24BA1C2D3EEB2F5CE1B2C3B82D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/M_-wa1kbnc8ljFdQjEvYJg3-b_c.roa
Signing time:             Sun 16 Jul 2023 09:02:52 +0000
ROA not before:           Sun 16 Jul 2023 09:02:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200482
IP address blocks:        82.153.137.0/24 maxlen: 24
                          82.153.140.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 30 Jul 2023 08:56:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5d:f0:3d:24:ba:1c:2d:3e:eb:2f:5c:e1:b2:c3:b8:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 16 09:02:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33ffb06b591b9dcf258c57508c4bd8260dfe6ff7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d2:79:63:5d:57:42:39:be:37:31:76:43:b6:
                    df:65:76:da:45:f4:dc:6d:c4:47:0b:20:dc:81:eb:
                    a1:b7:b2:a0:15:75:19:bb:4c:7c:e6:12:53:34:2e:
                    b4:2c:cf:68:a2:3b:aa:74:b7:53:2b:aa:c2:48:54:
                    43:90:56:01:bd:c7:89:bb:c3:fe:f6:07:1a:3f:8d:
                    77:fe:26:09:0e:a2:8c:64:89:4c:7c:a9:b1:21:d3:
                    3a:77:c9:6e:38:08:91:5a:6c:d4:55:c3:1a:a0:3f:
                    42:0b:21:38:98:2a:8a:8b:b2:64:b5:0d:e9:40:ea:
                    c9:c3:6d:67:fd:f4:a8:a9:0e:d2:3b:c0:b6:0e:02:
                    17:ef:5a:c3:54:ad:ae:b4:a4:4a:ab:f7:e1:24:af:
                    16:45:31:0d:9e:2b:2a:42:9f:cc:1d:c2:59:3f:da:
                    85:d7:4f:da:23:b8:a6:ee:1c:3d:3d:0f:29:c4:90:
                    2c:37:49:3a:6a:cc:e0:91:5b:1d:46:54:7d:c7:c0:
                    5a:5e:e0:dc:00:56:bd:43:2b:92:84:92:5b:27:83:
                    53:68:6b:1a:70:01:a6:d2:a4:0d:1f:7e:f3:c7:77:
                    08:8e:47:56:97:c3:72:42:8b:a3:f0:c5:2d:26:e9:
                    7e:de:f5:e1:c5:e8:10:79:c2:52:a2:53:f9:b2:77:
                    bc:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:FF:B0:6B:59:1B:9D:CF:25:8C:57:50:8C:4B:D8:26:0D:FE:6F:F7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/M_-wa1kbnc8ljFdQjEvYJg3-b_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.4.0/24
                  82.153.137.0/24
                  82.153.140.0/24
                  89.213.6.0/23
                  89.213.150.0/24
                  89.213.152.0/24
                  89.213.163.0/24
                  89.213.168.0/24
                  89.213.172.0/23
                  89.213.176.0/24
                  89.213.180.0/24
                  89.213.182.0/24
                  89.213.184.0/22
                  89.213.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:fe:83:4d:a6:b0:f5:c8:a4:1c:65:6a:8a:d9:52:9f:c3:46:
         ca:38:be:9b:8b:bc:d1:75:f5:a6:e2:fd:a0:4f:56:f5:e4:f5:
         f0:ea:6b:91:fc:6f:63:16:e8:38:5c:73:26:12:82:64:8b:71:
         73:f7:06:04:c7:2d:6a:f2:63:06:d3:ad:b9:c1:46:73:e0:3b:
         39:1d:24:34:87:a0:69:82:a4:20:04:a3:cd:9d:2b:1e:22:8b:
         16:c3:d1:d4:bc:49:06:af:cd:a8:65:b0:17:4a:3c:71:58:ca:
         01:eb:39:53:c6:b6:fe:af:7f:8f:99:4e:9b:35:e2:28:70:f0:
         d3:2f:e5:1b:4b:65:7c:1d:2e:19:39:3f:37:bd:cd:c2:4e:48:
         53:ce:d1:a7:cd:33:de:9b:b4:2d:f0:99:91:2a:5a:b0:04:27:
         61:ce:36:cb:b6:ba:23:c7:80:c7:30:25:fa:c5:45:79:7a:9b:
         61:83:0d:ce:c3:13:73:61:cd:02:e9:f9:52:62:f5:8e:ff:bd:
         cf:28:c9:13:df:ec:3f:e3:09:53:1d:c6:6c:0b:7c:eb:90:65:
         b2:aa:e8:4f:15:19:11:f7:8c:8a:15:30:d0:93:67:67:4b:3f:
         df:20:05:97:b1:bd:7e:2b:de:96:4e:12:b6:9a:9f:f7:88:41:
         e5:12:fb:53
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYld8D0kuhwtPusvXOGyw7gtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzE2MDkwMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2ZmYjA2YjU5MWI5ZGNmMjU4YzU3NTA4YzRiZDgyNjBkZmU2ZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNJ5Y11XQjm+NzF2Q7bfZXbaRfTc
bcRHCyDcgeuht7KgFXUZu0x85hJTNC60LM9oojuqdLdTK6rCSFRDkFYBvceJu8P+
9gcaP413/iYJDqKMZIlMfKmxIdM6d8luOAiRWmzUVcMaoD9CCyE4mCqKi7JktQ3p
QOrJw21n/fSoqQ7SO8C2DgIX71rDVK2utKRKq/fhJK8WRTENnisqQp/MHcJZP9qF
10/aI7im7hw9PQ8pxJAsN0k6aszgkVsdRlR9x8BaXuDcAFa9QyuShJJbJ4NTaGsa
cAGm0qQNH37zx3cIjkdWl8NyQouj8MUtJul+3vXhxegQecJSolP5sne87QIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFDP/sGtZG53PJYxXUIxL2CYN/m/3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTV8td2Exa2JuYzhsakZkUWpFdllKZzMtYl9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAUpkEAwQA
UpmJAwQAUpmMAwQBWdUGAwQAWdWWAwQAWdWYAwQAWdWjAwQAWdWoAwQBWdWsAwQA
WdWwAwQAWdW0AwQAWdW2AwQCWdW4AwQAWdW+MA0GCSqGSIb3DQEBCwUAA4IBAQCs
/oNNprD1yKQcZWqK2VKfw0bKOL6bi7zRdfWm4v2gT1b15PXw6muR/G9jFug4XHMm
EoJki3Fz9wYExy1q8mMG0625wUZz4Ds5HSQ0h6BpgqQgBKPNnSseIosWw9HUvEkG
r82oZbAXSjxxWMoB6zlTxrb+r3+PmU6bNeIocPDTL+UbS2V8HS4ZOT83vc3CTkhT
ztGnzTPem7Qt8JmRKlqwBCdhzjbLtrojx4DHMCX6xUV5epthgw3OwxNzYc0C6flS
YvWO/73PKMkT3+w/4wlTHcZsC3zrkGWyquhPFRkR94yKFTDQk2dnSz/fIAWXsb1+
K96WThK2mp/3iEHlEvtT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:22 2024 by rpki-client on console-ams.rpki-client.org