Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OJPAvWDTfQ7Gkw6NBw0HArBXQA0.roa
File:                     OJPAvWDTfQ7Gkw6NBw0HArBXQA0.roa (raw, json)
Hash identifier:          N83rTCoPYBRpC9Ks4AUIDQ6PGEzZEjVrcitqD/tZsKE=
Subject key identifier:   38:93:C0:BD:60:D3:7D:0E:C6:93:0E:8D:07:0D:07:02:B0:57:40:0D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0188DE84138E24BA77233D3A9D3015A16D3D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OJPAvWDTfQ7Gkw6NBw0HArBXQA0.roa
Signing time:             Wed 21 Jun 2023 15:12:57 +0000
ROA not before:           Wed 21 Jun 2023 15:12:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.153.249.0/24 maxlen: 24
                          82.152.108.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 26 Jun 2023 11:46:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:de:84:13:8e:24:ba:77:23:3d:3a:9d:30:15:a1:6d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 21 15:12:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3893c0bd60d37d0ec6930e8d070d0702b057400d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ec:9d:07:39:c4:0e:3a:5a:d4:7c:6e:40:e8:
                    76:a8:b0:74:15:fa:79:af:c2:cd:7c:6c:71:2a:74:
                    0f:26:23:80:6e:aa:6b:c4:76:9b:bd:63:63:61:c8:
                    21:1f:69:2e:e7:6d:07:f5:03:0a:74:d2:f9:81:6f:
                    e3:55:64:69:ad:e2:7b:e6:d4:02:d4:5a:7e:d4:3b:
                    ae:27:85:fa:ff:c3:1c:84:b8:b0:7b:83:48:b0:0f:
                    d6:5d:d3:67:92:89:33:b4:81:1a:ae:34:91:5a:44:
                    d7:96:7a:01:73:44:65:e0:c6:31:ff:42:e5:43:c8:
                    6a:53:8b:58:46:ce:78:b9:8d:f5:2a:de:95:cd:24:
                    2f:de:fa:c6:b7:9c:07:4e:33:72:31:0a:2b:93:db:
                    07:81:ba:92:86:cb:da:89:33:e9:9d:01:3d:01:d5:
                    2a:91:e6:e2:e0:05:38:92:b7:25:ba:9f:ff:b5:b4:
                    a2:a5:33:65:16:9d:6f:49:ed:59:c5:3c:bf:e7:3b:
                    14:f7:1f:6f:5a:42:fd:54:75:4d:25:a9:58:92:f4:
                    09:31:92:61:30:d7:20:4c:74:72:54:c3:85:88:d8:
                    0e:da:b9:68:15:79:7a:0a:32:e5:c1:8a:4a:33:ef:
                    80:7e:c7:4e:ac:45:4a:84:57:50:cd:ec:24:f2:18:
                    60:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:93:C0:BD:60:D3:7D:0E:C6:93:0E:8D:07:0D:07:02:B0:57:40:0D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OJPAvWDTfQ7Gkw6NBw0HArBXQA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:fc:4b:98:a4:df:42:d9:c9:c0:94:39:7e:1f:30:a5:d5:18:
         91:cc:ec:d8:df:c9:a6:70:75:3b:93:62:5c:98:1c:97:cb:48:
         6d:6c:a1:22:d7:6a:d5:a0:8a:b5:ac:31:ec:f1:a5:93:61:1e:
         b0:a2:ef:24:3b:dc:6c:eb:aa:75:cf:2e:71:6b:e8:b4:54:06:
         3a:5c:05:29:a1:d9:a3:7c:61:34:09:ad:d2:8e:7f:c8:49:90:
         e4:38:b3:f7:71:55:07:36:15:c6:72:c3:fa:f9:9e:3e:ca:e1:
         1f:6d:cb:40:4e:41:c2:99:f4:2b:fb:ed:84:27:40:a8:dc:ea:
         43:c5:3e:5d:72:ff:4c:26:cc:fb:0e:a2:b5:a8:0b:4f:cb:d9:
         46:c5:0f:cb:7d:4e:3e:f5:89:54:ba:d3:f1:71:9e:2c:07:14:
         8e:99:a0:c8:3d:9c:2e:a6:76:08:61:0d:c3:ff:a3:00:d1:fe:
         9a:02:b8:3e:57:b5:5f:34:d0:75:66:9e:48:3f:bc:8a:fb:02:
         73:26:21:ed:be:aa:6d:ba:c2:10:c5:2d:5a:ed:38:80:53:51:
         3b:1b:99:ec:f9:0b:b3:81:d7:b8:bc:13:3b:7b:a4:b9:2a:1a:
         c1:88:d6:c0:27:60:2e:88:48:df:18:12:30:6c:a6:11:78:9d:
         31:78:c5:28
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYjehBOOJLp3Iz06nTAVoW09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjIxMTUxMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODkzYzBiZDYwZDM3ZDBlYzY5MzBlOGQwNzBkMDcwMmIwNTc0MDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuydBznEDjpa1HxuQOh2qLB0Ffp5
r8LNfGxxKnQPJiOAbqprxHabvWNjYcghH2ku520H9QMKdNL5gW/jVWRpreJ75tQC
1Fp+1DuuJ4X6/8MchLiwe4NIsA/WXdNnkokztIEarjSRWkTXlnoBc0Rl4MYx/0Ll
Q8hqU4tYRs54uY31Kt6VzSQv3vrGt5wHTjNyMQork9sHgbqShsvaiTPpnQE9AdUq
kebi4AU4krclup//tbSipTNlFp1vSe1ZxTy/5zsU9x9vWkL9VHVNJalYkvQJMZJh
MNcgTHRyVMOFiNgO2rloFXl6CjLlwYpKM++AfsdOrEVKhFdQzewk8hhgVwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDiTwL1g030OxpMOjQcNBwKwV0ANMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvT0pQQXZXRFRmUTdHa3c2TkJ3MEhBckJYUUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAUah3AwQA
Uah7AwQAUphsAwQAUplJAwQCUpmIAwQAUpn5MA0GCSqGSIb3DQEBCwUAA4IBAQCl
/EuYpN9C2cnAlDl+HzCl1RiRzOzY38mmcHU7k2JcmByXy0htbKEi12rVoIq1rDHs
8aWTYR6wou8kO9xs66p1zy5xa+i0VAY6XAUpodmjfGE0Ca3Sjn/ISZDkOLP3cVUH
NhXGcsP6+Z4+yuEfbctATkHCmfQr++2EJ0Co3OpDxT5dcv9MJsz7DqK1qAtPy9lG
xQ/LfU4+9YlUutPxcZ4sBxSOmaDIPZwupnYIYQ3D/6MA0f6aArg+V7VfNNB1Zp5I
P7yK+wJzJiHtvqptusIQxS1a7TiAU1E7G5ns+Quzgde4vBM7e6S5KhrBiNbAJ2Au
iEjfGBIwbKYReJ0xeMUo
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org