Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RhUIE-VQxzPP_jH33QQftJycpMk.roa
File:                     RhUIE-VQxzPP_jH33QQftJycpMk.roa (raw, json)
Hash identifier:          qfvqFdVRo6uoBNuylTHgXNYTcyi3epoXiR8kMkfHbFM=
Subject key identifier:   46:15:08:13:E5:50:C7:33:CF:FE:31:F7:DD:04:1F:B4:9C:9C:A4:C9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F82257BDD488A210876207FC51DA38CC6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RhUIE-VQxzPP_jH33QQftJycpMk.roa
Signing time:             Thu 16 May 2024 16:04:05 +0000
ROA not before:           Thu 16 May 2024 16:04:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        81.168.120.0/24 maxlen: 24
                          82.152.8.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          82.153.132.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24
                          89.213.4.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 May 2024 09:04:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:82:25:7b:dd:48:8a:21:08:76:20:7f:c5:1d:a3:8c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 16 16:04:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46150813e550c733cffe31f7dd041fb49c9ca4c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:51:0f:19:b6:43:2b:d4:e8:1a:ad:b1:d1:26:
                    15:e1:85:68:eb:af:e7:62:b0:80:a5:c1:30:34:cd:
                    a5:38:6b:11:f6:2d:bd:a8:ac:90:86:b0:2c:6b:8a:
                    6d:9f:6b:dc:78:09:16:f3:9e:a7:5b:c1:a5:83:b1:
                    2c:6f:7a:1b:ef:87:36:aa:5e:11:7d:73:cf:43:73:
                    57:aa:99:ed:da:bf:53:14:1c:4f:ce:1d:29:3d:dd:
                    5d:c3:8a:a9:75:e3:dc:97:14:49:f7:5d:d4:8e:f5:
                    a5:f0:45:42:52:60:16:b6:8c:22:0e:bb:55:0f:d1:
                    54:6b:08:ab:15:cd:3f:cd:94:8c:84:d9:4b:88:ea:
                    61:98:6d:6b:d7:ec:28:97:1d:93:08:90:98:1d:40:
                    1f:51:e0:fa:d1:26:87:e8:5a:ae:9b:e4:83:6f:c5:
                    f1:1f:64:13:89:8e:eb:56:65:b8:43:83:92:9c:33:
                    f5:af:63:65:89:f1:d2:09:20:2e:f0:7b:47:aa:a1:
                    77:59:ec:02:26:bc:78:ba:49:5e:6b:1d:62:0c:5e:
                    ff:93:ed:00:60:c0:c3:64:61:f1:cd:63:88:cd:16:
                    6d:12:0c:96:a3:5b:08:c7:15:98:db:7c:c5:1d:d6:
                    58:77:9b:31:53:91:27:bc:9f:15:3e:ce:f3:8b:5a:
                    b4:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:15:08:13:E5:50:C7:33:CF:FE:31:F7:DD:04:1F:B4:9C:9C:A4:C9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RhUIE-VQxzPP_jH33QQftJycpMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.120.0/24
                  82.152.8.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/24
                  82.153.69.0/24
                  82.153.72.0/24
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/24
                  89.213.4.0/24
                  89.213.6.0/23
                  89.213.130.0/24
                  89.213.190.0/24
                  109.176.247.0/24
                  109.176.251.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:44:6e:6a:5f:dc:37:7b:86:d4:c6:47:34:28:c1:86:b2:ce:
         03:23:ce:1b:fb:a8:62:e0:d1:02:43:45:8d:dd:59:26:c4:f5:
         c4:1b:2d:4e:9e:09:3a:1e:61:3a:9f:dc:f8:18:36:c5:86:0a:
         ce:8d:31:c4:1a:8b:a3:dc:c3:ce:ee:a6:31:ee:b8:e0:5d:91:
         45:da:20:1d:41:90:58:84:41:99:4a:6d:05:db:5e:04:c6:38:
         c0:47:d3:21:f8:f0:8c:4b:de:85:64:35:28:c7:e1:36:79:db:
         f8:72:d1:59:a7:d8:e2:bb:8a:1e:4f:8b:f0:9d:18:f2:11:ad:
         9e:cb:73:64:81:11:e5:20:49:cb:b1:99:1f:d0:6b:bf:d2:ec:
         ee:32:62:4f:2f:d0:21:7a:7c:d6:ba:28:d0:68:30:f2:01:b4:
         0a:e1:c0:7b:44:ae:b6:2c:32:f0:28:0b:0b:61:01:65:06:9f:
         a8:b9:a7:9f:fb:13:5b:ad:10:46:21:2b:2e:39:fc:6f:ab:c7:
         a1:80:4e:d5:27:79:24:f0:09:b0:1a:66:76:36:88:41:b5:5c:
         23:cc:1a:34:20:7a:10:de:67:f8:e6:a9:48:d5:e6:3a:ae:a3:
         93:f7:e9:88:8a:31:73:31:93:90:af:a5:00:02:a1:67:cc:87:
         73:7f:27:0f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAY+CJXvdSIohCHYgf8Udo4zGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTE2MTYwNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjE1MDgxM2U1NTBjNzMzY2ZmZTMxZjdkZDA0MWZiNDljOWNhNGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVEPGbZDK9ToGq2x0SYV4YVo66/n
YrCApcEwNM2lOGsR9i29qKyQhrAsa4ptn2vceAkW856nW8Glg7Esb3ob74c2ql4R
fXPPQ3NXqpnt2r9TFBxPzh0pPd1dw4qpdePclxRJ913UjvWl8EVCUmAWtowiDrtV
D9FUawirFc0/zZSMhNlLiOphmG1r1+wolx2TCJCYHUAfUeD60SaH6Fqum+SDb8Xx
H2QTiY7rVmW4Q4OSnDP1r2NlifHSCSAu8HtHqqF3WewCJrx4ukleax1iDF7/k+0A
YMDDZGHxzWOIzRZtEgyWo1sIxxWY23zFHdZYd5sxU5EnvJ8VPs7zi1q08QIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFEYVCBPlUMczz/4x990EH7ScnKTJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUmhVSUUtVlF4elBQX2pIMzNRUWZ0SnljcE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQAUah4AwQA
UpgIAwQAUpj4AwQAUpj7AwQAUpj+AwQAUplFAwQAUplIAwQAUplPAwQAUpmEAwQA
UpngAwQAWdUEAwQBWdUGAwQAWdWCAwQAWdW+AwQAbbD3AwQAbbD7AwQAuTF8MA0G
CSqGSIb3DQEBCwUAA4IBAQBkRG5qX9w3e4bUxkc0KMGGss4DI84b+6hi4NECQ0WN
3VkmxPXEGy1Ongk6HmE6n9z4GDbFhgrOjTHEGouj3MPO7qYx7rjgXZFF2iAdQZBY
hEGZSm0F214ExjjAR9Mh+PCMS96FZDUox+E2edv4ctFZp9jiu4oeT4vwnRjyEa2e
y3NkgRHlIEnLsZkf0Gu/0uzuMmJPL9AhenzWuijQaDDyAbQK4cB7RK62LDLwKAsL
YQFlBp+ouaef+xNbrRBGISsuOfxvq8ehgE7VJ3kk8AmwGmZ2NohBtVwjzBo0IHoQ
3mf45qlI1eY6rqOT9+mIijFzMZOQr6UAAqFnzIdzfycP
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:23 2024 by rpki-client on console-ams.rpki-client.org