Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NWJVtk60_8LJo6hpPmdRud561Xw.roa
File:                     NWJVtk60_8LJo6hpPmdRud561Xw.roa (raw, json)
Hash identifier:          qCbYT4V4Ir/xLOaEJkYFvBexOa59vj+8Ds8AeLP7PH4=
Subject key identifier:   35:62:55:B6:4E:B4:FF:C2:C9:A3:A8:69:3E:67:51:B9:DE:7A:D5:7C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018DE5A58CF4B09EDAA53F38423AB9B8D2AE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NWJVtk60_8LJo6hpPmdRud561Xw.roa
Signing time:             Mon 26 Feb 2024 13:40:48 +0000
ROA not before:           Mon 26 Feb 2024 13:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 11:04:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:a5:8c:f4:b0:9e:da:a5:3f:38:42:3a:b9:b8:d2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb 26 13:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=356255b64eb4ffc2c9a3a8693e6751b9de7ad57c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6b:0c:a8:3b:ec:cb:4b:87:5b:ce:33:08:3d:
                    f3:27:b7:d4:e8:c5:b6:60:2c:8a:88:89:57:46:e6:
                    19:f5:85:08:04:d6:e5:6d:cf:14:d0:34:8b:dc:ce:
                    1a:ef:0d:dc:78:fa:05:bd:07:cd:95:14:ac:ca:78:
                    0c:3e:51:b8:03:86:b1:a1:e3:b0:42:9d:99:cd:5b:
                    d9:72:74:fe:9c:dc:ef:f9:94:92:b9:28:f5:7c:00:
                    fa:79:9c:6e:ad:76:93:83:a6:34:aa:20:80:98:f5:
                    c0:44:15:9c:94:53:66:c3:25:43:3b:1b:ab:f7:c7:
                    fd:d4:02:e7:78:a6:4b:ef:ee:18:da:93:95:88:9c:
                    77:76:c1:74:de:3d:f0:02:63:d4:e1:16:51:fd:01:
                    2e:ff:16:40:54:ed:87:35:2d:32:f5:aa:29:60:1e:
                    ce:62:90:21:a7:eb:bd:a2:e7:a5:33:6a:99:4f:d2:
                    18:c8:90:a1:3c:13:ce:4c:06:05:3a:2f:8b:57:48:
                    54:cf:ad:87:53:06:83:f3:e6:46:0e:82:dd:cc:9e:
                    11:d8:6f:b6:be:31:b7:1e:9d:f8:ca:6b:3a:8d:c6:
                    3a:37:04:9e:56:43:29:75:ed:44:e3:db:52:8c:a1:
                    cf:5d:62:1b:9e:39:5f:9d:7b:51:5f:70:4d:bb:ca:
                    00:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:62:55:B6:4E:B4:FF:C2:C9:A3:A8:69:3E:67:51:B9:DE:7A:D5:7C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NWJVtk60_8LJo6hpPmdRud561Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8d:22:d7:86:a4:ba:0e:fd:80:19:c1:71:38:e3:9c:9a:e5:
         c3:1b:f9:6f:2f:bb:43:5f:4b:81:fc:dc:c5:4b:01:d1:08:82:
         86:85:b8:51:d6:ba:36:df:3d:6f:ae:ec:76:7f:b1:67:73:1f:
         95:ba:e3:8f:c4:a6:55:2b:d3:26:9b:11:07:a4:8e:e5:42:b5:
         bc:f4:4d:ce:a0:17:2b:df:23:1e:23:56:75:2d:c4:c8:eb:58:
         18:80:5f:5e:d7:20:19:16:d4:2a:53:57:fb:d9:71:42:4c:b3:
         26:ed:cc:fb:67:1a:46:b3:2a:fc:10:09:69:67:d0:a0:d7:e6:
         11:1a:5f:6a:96:6f:c6:46:5d:1a:95:49:97:bc:e0:2f:d9:4e:
         a8:37:40:99:fb:c8:74:65:ac:e6:d6:7e:2d:89:38:fa:3d:97:
         c7:c7:cb:6e:05:5a:50:66:1a:a2:f7:ad:74:4a:35:08:10:a8:
         e7:56:65:f0:52:83:87:04:eb:1f:d3:2d:8f:a8:5a:d2:c9:c9:
         f5:b9:99:30:32:30:cb:76:b9:a4:14:50:40:99:93:96:a0:32:
         f8:44:13:8a:8a:61:ff:a6:e4:03:4b:49:f7:e4:e0:a7:0b:5e:
         99:44:81:5f:43:e1:75:c6:fb:46:e8:c6:c1:e1:fc:16:0a:ce:
         a4:93:c0:1c
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY3lpYz0sJ7apT84Qjq5uNKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjI2MTM0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTYyNTViNjRlYjRmZmMyYzlhM2E4NjkzZTY3NTFiOWRlN2FkNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWsMqDvsy0uHW84zCD3zJ7fU6MW2
YCyKiIlXRuYZ9YUIBNblbc8U0DSL3M4a7w3cePoFvQfNlRSsyngMPlG4A4axoeOw
Qp2ZzVvZcnT+nNzv+ZSSuSj1fAD6eZxurXaTg6Y0qiCAmPXARBWclFNmwyVDOxur
98f91ALneKZL7+4Y2pOViJx3dsF03j3wAmPU4RZR/QEu/xZAVO2HNS0y9aopYB7O
YpAhp+u9ouelM2qZT9IYyJChPBPOTAYFOi+LV0hUz62HUwaD8+ZGDoLdzJ4R2G+2
vjG3Hp34yms6jcY6NwSeVkMpde1E49tSjKHPXWIbnjlfnXtRX3BNu8oAEwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDViVbZOtP/CyaOoaT5nUbneetV8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTldKVnRrNjBfOExKbzZocFBtZFJ1ZDU2MVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCUpmIMAwD
BAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCowDQYJKoZI
hvcNAQELBQADggEBAEGNIteGpLoO/YAZwXE445ya5cMb+W8vu0NfS4H83MVLAdEI
goaFuFHWujbfPW+u7HZ/sWdzH5W644/EplUr0yabEQekjuVCtbz0Tc6gFyvfIx4j
VnUtxMjrWBiAX17XIBkW1CpTV/vZcUJMsybtzPtnGkazKvwQCWln0KDX5hEaX2qW
b8ZGXRqVSZe84C/ZTqg3QJn7yHRlrObWfi2JOPo9l8fHy24FWlBmGqL3rXRKNQgQ
qOdWZfBSg4cE6x/TLY+oWtLJyfW5mTAyMMt2uaQUUECZk5agMvhEE4qKYf+m5ANL
Sffk4KcLXplEgV9D4XXG+0boxsHh/BYKzqSTwBw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org