Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NVG2AhA1DSfc9j0R4kIm9fnOpwI.roa
File:                     NVG2AhA1DSfc9j0R4kIm9fnOpwI.roa (raw, json)
Hash identifier:          fKF0cIQ2lWsFDNPKeB0yXeJU97V/BvunIVv940gK50I=
Subject key identifier:   35:51:B6:02:10:35:0D:27:DC:F6:3D:11:E2:42:26:F5:F9:CE:A7:02
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018930FC06995973AE33B19D9E070DD40733
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NVG2AhA1DSfc9j0R4kIm9fnOpwI.roa
Signing time:             Fri 07 Jul 2023 15:32:50 +0000
ROA not before:           Fri 07 Jul 2023 15:32:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     140155
IP address blocks:        109.176.252.0/24 maxlen: 24
                          109.176.253.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 10 Jul 2023 15:13:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:30:fc:06:99:59:73:ae:33:b1:9d:9e:07:0d:d4:07:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  7 15:32:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3551b60210350d27dcf63d11e24226f5f9cea702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:7a:92:d1:04:ec:73:a5:ca:08:af:c4:4e:3d:
                    ab:f2:df:d8:f4:7a:4f:c6:39:a8:41:4d:41:53:c7:
                    e3:0c:1f:ed:d9:98:f5:04:44:03:de:6f:df:5e:89:
                    ed:db:c7:f7:90:a9:d1:0e:8a:8b:c6:ef:11:38:22:
                    46:82:78:9a:16:ca:d0:84:b7:dc:ca:51:3c:50:b4:
                    b2:98:20:37:73:a0:e8:0e:e7:57:f5:76:71:e6:ec:
                    8b:00:d1:1f:b7:d0:bc:ac:0a:81:87:cd:e2:07:6a:
                    31:d8:8e:5a:79:72:60:24:21:b4:12:ab:5e:a4:fb:
                    56:67:ba:b8:de:be:50:55:7f:1d:35:c2:14:58:a4:
                    4c:9e:b5:8c:6f:b6:a4:99:3b:e4:df:fc:11:07:69:
                    a6:e7:95:a9:be:35:75:c1:41:ee:1d:d8:1a:bd:da:
                    74:f8:a4:7e:00:72:9c:4c:2c:18:53:96:5f:22:fd:
                    bd:73:02:99:00:f2:c5:c8:ee:3f:a0:a8:7b:ae:8d:
                    ab:77:04:f6:e1:bd:82:0c:27:7e:69:ee:06:bc:41:
                    33:7d:2d:5f:47:2a:70:60:0c:0e:6c:ce:22:9c:fe:
                    7b:4a:02:e9:ee:79:0f:10:37:54:1a:5b:29:51:71:
                    09:7f:54:dc:95:f2:12:b3:81:36:4c:03:32:8d:04:
                    ae:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:51:B6:02:10:35:0D:27:DC:F6:3D:11:E2:42:26:F5:F9:CE:A7:02
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NVG2AhA1DSfc9j0R4kIm9fnOpwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.225.0/24
                  82.153.227.0/24
                  89.213.47.0/24
                  89.213.141.0/24
                  89.213.146.0/24
                  89.213.154.0/24
                  89.213.162.0/24
                  89.213.164.0/24
                  89.213.174.0/24
                  89.213.181.0/24
                  89.213.188.0/23
                  109.176.251.0-109.176.253.255

    Signature Algorithm: sha256WithRSAEncryption
         0e:ed:56:19:31:ea:09:23:88:81:5c:58:b3:7f:00:a8:f4:91:
         b5:c6:a7:68:d1:6c:b1:cd:24:57:ab:93:c9:aa:e0:43:99:bb:
         1e:d9:61:7f:42:86:77:29:78:aa:e9:4f:21:14:fd:35:8b:31:
         35:4e:04:5e:dc:22:06:5c:c8:da:08:1a:f4:13:96:b7:f7:7c:
         6d:21:85:25:4f:26:44:53:2d:95:4c:95:35:c6:0d:59:05:e6:
         19:01:9f:18:3d:46:d4:e4:2e:8b:56:b1:35:73:9b:28:14:1d:
         a0:d5:fd:c8:45:c2:50:35:b5:e8:3b:52:c5:e6:e8:ce:06:b9:
         34:e0:95:fa:24:c4:99:07:f9:c0:4f:45:42:ad:d5:83:40:3a:
         1b:64:a3:16:d8:8d:ce:0d:e4:31:9a:af:0a:26:a5:71:b5:59:
         a1:9c:78:a3:ce:29:6f:4c:be:eb:c3:e9:65:3f:e6:57:0c:9f:
         80:53:2a:a4:6d:38:b6:6a:14:ea:1e:86:76:91:69:f4:f0:86:
         96:67:f9:de:13:b3:19:a8:af:c2:d5:ce:c9:db:22:d6:30:93:
         eb:4a:5b:8b:d1:5a:ab:ce:bd:5b:c9:6a:1b:06:15:52:bb:7f:
         5e:a2:a9:0f:0c:1c:a8:08:7d:e1:16:7e:82:21:3b:6b:a4:39:
         fb:12:2c:75
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYkw/AaZWXOuM7GdngcN1AczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA3MTUzMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTUxYjYwMjEwMzUwZDI3ZGNmNjNkMTFlMjQyMjZmNWY5Y2VhNzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HqS0QTsc6XKCK/ETj2r8t/Y9HpP
xjmoQU1BU8fjDB/t2Zj1BEQD3m/fXont28f3kKnRDoqLxu8ROCJGgniaFsrQhLfc
ylE8ULSymCA3c6DoDudX9XZx5uyLANEft9C8rAqBh83iB2ox2I5aeXJgJCG0Eqte
pPtWZ7q43r5QVX8dNcIUWKRMnrWMb7akmTvk3/wRB2mm55WpvjV1wUHuHdgavdp0
+KR+AHKcTCwYU5ZfIv29cwKZAPLFyO4/oKh7ro2rdwT24b2CDCd+ae4GvEEzfS1f
RypwYAwObM4inP57SgLp7nkPEDdUGlspUXEJf1TclfISs4E2TAMyjQSuywIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFDVRtgIQNQ0n3PY9EeJCJvX5zqcCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTlZHMkFoQTFEU2ZjOWowUjRrSW05Zm5PcHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAUpnhAwQA
UpnjAwQAWdUvAwQAWdWNAwQAWdWSAwQAWdWaAwQAWdWiAwQAWdWkAwQAWdWuAwQA
WdW1AwQBWdW8MAwDBABtsPsDBAFtsPwwDQYJKoZIhvcNAQELBQADggEBAA7tVhkx
6gkjiIFcWLN/AKj0kbXGp2jRbLHNJFerk8mq4EOZux7ZYX9ChncpeKrpTyEU/TWL
MTVOBF7cIgZcyNoIGvQTlrf3fG0hhSVPJkRTLZVMlTXGDVkF5hkBnxg9RtTkLotW
sTVzmygUHaDV/chFwlA1teg7UsXm6M4GuTTglfokxJkH+cBPRUKt1YNAOhtkoxbY
jc4N5DGarwompXG1WaGceKPOKW9MvuvD6WU/5lcMn4BTKqRtOLZqFOoehnaRafTw
hpZn+d4Tsxmor8LVzsnbItYwk+tKW4vRWqvOvVvJahsGFVK7f16iqQ8MHKgIfeEW
foIhO2ukOfsSLHU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org