Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Pj9j0cEgh-zv_S86uCFDYARdGtk.roa
File:                     Pj9j0cEgh-zv_S86uCFDYARdGtk.roa (raw, json)
Hash identifier:          jnWWw7Oh5O0XNOiUPyV2jMxoExdy8ilaHtjPTjyBAO4=
Subject key identifier:   3E:3F:63:D1:C1:20:87:EC:EF:FD:2F:3A:B8:21:43:60:04:5D:1A:D9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189D47EF78EEBA0E997362817845C3B8257
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Pj9j0cEgh-zv_S86uCFDYARdGtk.roa
Signing time:             Tue 08 Aug 2023 09:33:57 +0000
ROA not before:           Tue 08 Aug 2023 09:33:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.214.0/24 maxlen: 24
                          109.176.215.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.212.0/24 maxlen: 24
                          109.176.213.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 08 Aug 2023 10:11:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d4:7e:f7:8e:eb:a0:e9:97:36:28:17:84:5c:3b:82:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  8 09:33:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3e3f63d1c12087eceffd2f3ab8214360045d1ad9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2e:69:e3:b6:d2:95:99:92:e7:aa:10:93:13:
                    cd:3a:19:4f:75:97:b1:f8:97:ef:e5:bf:6b:2b:d5:
                    36:a4:4c:aa:f7:d4:85:de:34:08:1c:bb:7f:b6:69:
                    2a:35:ae:76:ef:32:b0:d8:8e:55:09:46:29:cf:90:
                    52:2e:9e:4e:04:51:2f:2c:71:f7:e4:8e:36:7b:80:
                    e6:b2:c6:e6:5d:c1:c8:68:f7:39:01:2d:89:9f:45:
                    5d:c2:ca:3d:63:ae:55:04:82:29:22:46:17:01:00:
                    74:75:d7:5f:9f:a4:6d:dc:c8:cf:df:67:9f:68:34:
                    08:e7:7d:cd:30:06:d3:ec:ca:fa:57:52:ca:ef:fc:
                    46:f9:84:ed:62:48:cb:f9:71:b8:8e:f3:8e:58:3d:
                    ad:1e:8d:5b:f4:ca:8b:a7:09:22:11:66:6c:8b:00:
                    72:5b:2f:dc:a1:c0:97:b1:15:8e:df:22:d4:29:1d:
                    d2:e2:bb:bd:d4:bf:5b:b4:27:29:2f:c6:3f:57:66:
                    82:17:15:07:39:0b:de:2c:02:4f:61:ba:fe:3a:ba:
                    38:e1:0f:5f:20:c2:43:cc:05:25:a9:31:7c:04:54:
                    c2:5b:ef:4d:e6:3a:c9:b2:e8:61:ab:ce:44:80:29:
                    af:ef:c0:2f:63:21:10:36:a1:f9:09:a0:d0:e5:0f:
                    2c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:3F:63:D1:C1:20:87:EC:EF:FD:2F:3A:B8:21:43:60:04:5D:1A:D9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Pj9j0cEgh-zv_S86uCFDYARdGtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.5.0/24
                  89.213.41.0-89.213.42.255
                  89.213.44.0/24
                  89.213.46.0/23
                  89.213.136.0/24
                  89.213.139.0-89.213.141.255
                  89.213.146.0/24
                  89.213.148.0-89.213.152.255
                  89.213.154.0/23
                  89.213.157.0-89.213.158.255
                  89.213.160.0/24
                  89.213.162.0-89.213.164.255
                  89.213.168.0/23
                  89.213.173.0-89.213.177.255
                  89.213.179.0-89.213.182.255
                  89.213.184.0-89.213.189.255
                  109.176.211.0-109.176.223.255
                  109.176.240.0/24
                  109.176.242.0/23
                  109.176.245.0/24
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:8a:fb:1e:06:d5:02:75:aa:9a:a2:8c:c5:90:6b:07:d3:2b:
         9c:c2:58:92:dc:24:92:38:20:5b:59:97:77:70:2c:de:b9:03:
         2f:44:1a:4d:74:36:c3:bd:6a:66:db:0c:87:15:da:2e:bd:d0:
         2f:ac:71:c6:7a:b6:0f:13:9c:98:bd:e9:80:da:2b:e4:a0:76:
         97:49:45:76:34:c2:1a:b4:9b:f6:b3:69:6b:5e:18:4a:99:87:
         1c:7e:b7:53:a2:34:bd:6e:a1:52:f3:19:9d:8d:a7:8e:5b:a2:
         a6:67:52:39:05:28:1f:4f:67:a5:2e:a4:65:c1:72:c0:f7:4c:
         94:a3:fd:65:aa:31:c5:07:d4:01:78:9f:af:fd:bc:93:3d:2e:
         ad:97:8d:ed:46:e1:b1:75:6d:a9:8b:59:ac:20:0c:38:eb:9f:
         9d:81:8a:0c:b6:d3:f0:e5:71:f6:b9:9c:0c:30:1d:8e:89:6c:
         63:a6:c2:c4:d0:bb:45:f8:86:b2:8e:10:df:1e:0b:c9:d8:c4:
         50:18:2e:64:d9:8c:a0:fa:dd:32:5f:0b:2d:86:53:0a:c2:52:
         e5:a9:e9:a1:b6:ea:68:df:c8:70:ad:f3:b7:0e:ae:aa:88:a2:
         6a:f3:cf:46:f2:24:9f:81:11:1e:19:6b:c2:fb:ca:fd:f5:27:
         bc:3e:df:e9
-----BEGIN CERTIFICATE-----
MIIGVzCCBT+gAwIBAgISAYnUfveO66DplzYoF4RcO4JXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODA4MDkzMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTNmNjNkMWMxMjA4N2VjZWZmZDJmM2FiODIxNDM2MDA0NWQxYWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjy5p47bSlZmS56oQkxPNOhlPdZex
+Jfv5b9rK9U2pEyq99SF3jQIHLt/tmkqNa527zKw2I5VCUYpz5BSLp5OBFEvLHH3
5I42e4DmssbmXcHIaPc5AS2Jn0Vdwso9Y65VBIIpIkYXAQB0dddfn6Rt3MjP32ef
aDQI533NMAbT7Mr6V1LK7/xG+YTtYkjL+XG4jvOOWD2tHo1b9MqLpwkiEWZsiwBy
Wy/cocCXsRWO3yLUKR3S4ru91L9btCcpL8Y/V2aCFxUHOQveLAJPYbr+Oro44Q9f
IMJDzAUlqTF8BFTCW+9N5jrJsuhhq85EgCmv78AvYyEQNqH5CaDQ5Q8suwIDAQAB
o4IDYzCCA18wHQYDVR0OBBYEFD4/Y9HBIIfs7/0vOrghQ2AEXRrZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUGo5ajBjRWdoLXp2X1M4NnVDRkRZQVJkR3RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBdwYIKwYBBQUHAQcBAf8EggFmMIIBYjCCAV4EAgABMIIB
VgMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwAwQAUpn5AwQAWdUFMAwDBABZ1SkDBABZ1SoDBABZ1SwD
BAFZ1S4DBABZ1YgwDAMEAFnViwMEAVnVjAMEAFnVkjAMAwQCWdWUAwQAWdWYAwQB
WdWaMAwDBABZ1Z0DBABZ1Z4DBABZ1aAwDAMEAVnVogMEAFnVpAMEAVnVqDAMAwQA
WdWtAwQBWdWwMAwDBABZ1bMDBABZ1bYwDAMEA1nVuAMEAVnVvDAMAwQAbbDTAwQF
bbDAAwQAbbDwAwQBbbDyAwQAbbD1MAwDBANtsPgDBABtsPowDAMEALkxfQMEB7kx
AAMEANWYKjANBgkqhkiG9w0BAQsFAAOCAQEAKor7HgbVAnWqmqKMxZBrB9MrnMJY
ktwkkjggW1mXd3As3rkDL0QaTXQ2w71qZtsMhxXaLr3QL6xxxnq2DxOcmL3pgNor
5KB2l0lFdjTCGrSb9rNpa14YSpmHHH63U6I0vW6hUvMZnY2njluipmdSOQUoH09n
pS6kZcFywPdMlKP9ZaoxxQfUAXifr/28kz0urZeN7UbhsXVtqYtZrCAMOOufnYGK
DLbT8OVx9rmcDDAdjolsY6bCxNC7RfiGso4Q3x4LydjEUBguZNmMoPrdMl8LLYZT
CsJS5anpobbqaN/IcK3ztw6uqoiiavPPRvIkn4ERHhlrwvvK/fUnvD7f6Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org