Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SF75ur9SBd_MNxgDSn6wXCAnYk4.roa
File:                     SF75ur9SBd_MNxgDSn6wXCAnYk4.roa (raw, json)
Hash identifier:          md6Q48s07NirHu/JUzR2bvkayYI/FL0ZKSrETu1HiVo=
Subject key identifier:   48:5E:F9:BA:BF:52:05:DF:CC:37:18:03:4A:7E:B0:5C:20:27:62:4E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018571FA2768D64A21B06A899AF6580326CA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SF75ur9SBd_MNxgDSn6wXCAnYk4.roa
Signing time:             Mon 02 Jan 2023 10:14:57 +0000
ROA not before:           Mon 02 Jan 2023 10:14:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.245.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 17 Jan 2023 16:06:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:fa:27:68:d6:4a:21:b0:6a:89:9a:f6:58:03:26:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  2 10:14:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=485ef9babf5205dfcc3718034a7eb05c2027624e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a5:50:45:79:e1:f1:a0:89:69:bf:b1:a5:65:
                    5b:c3:9b:fc:7d:89:b6:81:42:1c:f6:71:3c:b3:57:
                    f6:44:e7:4d:38:78:4a:18:85:19:e1:6d:c0:95:0f:
                    11:21:27:99:f0:81:3a:e9:a4:b9:39:b3:06:87:37:
                    34:e4:3e:7f:bf:52:7f:dd:64:ec:a1:85:25:6e:27:
                    f1:34:cd:00:72:92:4b:61:d7:c0:80:42:e8:04:3b:
                    be:d1:fb:a4:79:47:5a:b8:c5:8b:92:06:c9:12:72:
                    f3:e7:64:91:27:7b:ea:f5:d9:53:fc:5c:64:22:d6:
                    b7:8b:32:1a:20:d8:d4:44:75:17:6d:ee:83:c2:65:
                    f1:14:39:ab:5e:67:ae:de:8f:21:05:61:f3:2b:a7:
                    f3:9e:4e:d4:33:77:53:1c:cb:92:f3:f4:28:9f:a0:
                    e0:5c:66:19:d2:86:7b:06:e8:c3:da:68:ba:54:ab:
                    69:b3:2d:3f:54:83:91:71:ee:b9:7b:24:9a:1e:f8:
                    94:60:64:47:dc:6f:c0:cb:05:ba:c0:4b:7e:b9:72:
                    b2:70:9c:1b:f8:6d:15:03:ad:15:33:3e:2c:fd:78:
                    ce:aa:12:08:5f:bb:90:6a:7f:d0:a1:da:86:6f:21:
                    99:31:e8:4c:69:59:dc:9d:4f:85:9d:fa:1a:12:5f:
                    33:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:5E:F9:BA:BF:52:05:DF:CC:37:18:03:4A:7E:B0:5C:20:27:62:4E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SF75ur9SBd_MNxgDSn6wXCAnYk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.153.1.0/24
                  82.153.64.0/24
                  82.153.72.0/24
                  82.153.78.0/24
                  82.153.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:d9:b3:ad:32:6b:d7:b5:72:a1:f6:82:00:2a:d7:20:51:8f:
         d3:c7:71:a2:75:eb:ab:67:5e:12:23:77:61:b3:92:89:6d:f7:
         86:52:b5:9b:41:3a:bd:93:01:f6:75:63:41:ee:86:29:6a:29:
         ca:74:aa:4a:d1:9f:ec:c0:ce:e0:fa:a3:54:a3:0e:20:da:69:
         83:c4:0b:53:ae:2a:f6:62:dd:30:6f:b6:9f:58:eb:95:57:36:
         70:90:e9:1c:f9:48:bb:a6:fc:f9:e6:0f:5e:bd:57:e4:09:a1:
         ac:7b:c2:03:c1:74:d9:59:7c:24:89:25:14:a8:d5:f2:d3:2b:
         3f:ca:eb:a9:66:0c:9b:83:0c:4a:1f:cd:ba:ae:b7:12:0a:9e:
         d0:1c:30:a3:92:e1:e2:44:4f:b1:ec:c4:62:8d:e4:c3:ad:14:
         e5:75:a9:d7:8d:b6:b3:2f:79:f1:25:6e:52:bd:83:49:44:4c:
         8e:17:3c:2a:4c:a5:23:36:0c:03:49:5c:76:ee:81:8d:fd:33:
         3f:46:cf:01:67:43:fc:3a:a6:f7:bd:0e:76:a3:d3:a8:9a:05:
         d7:68:3a:80:38:f7:c8:39:4b:63:06:b4:f6:03:d3:ab:c4:b2:
         74:7a:a5:b4:5a:f8:f5:46:88:92:d2:b5:f7:60:3e:f0:b8:66:
         53:a6:c5:5a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVx+ido1kohsGqJmvZYAybKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMTAyMTAxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODVlZjliYWJmNTIwNWRmY2MzNzE4MDM0YTdlYjA1YzIwMjc2MjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqVQRXnh8aCJab+xpWVbw5v8fYm2
gUIc9nE8s1f2ROdNOHhKGIUZ4W3AlQ8RISeZ8IE66aS5ObMGhzc05D5/v1J/3WTs
oYUlbifxNM0AcpJLYdfAgELoBDu+0fukeUdauMWLkgbJEnLz52SRJ3vq9dlT/Fxk
Ita3izIaINjURHUXbe6DwmXxFDmrXmeu3o8hBWHzK6fznk7UM3dTHMuS8/Qon6Dg
XGYZ0oZ7BujD2mi6VKtpsy0/VIORce65eySaHviUYGRH3G/AywW6wEt+uXKycJwb
+G0VA60VMz4s/XjOqhIIX7uQan/QodqGbyGZMehMaVncnU+FnfoaEl8zWQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEhe+bq/UgXfzDcYA0p+sFwgJ2JOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvU0Y3NXVyOVNCZF9NTnhnRFNuNndYQ0FuWWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBABRqHcD
BABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUADBABSmUgDBABSmU4DBABSmfUw
DQYJKoZIhvcNAQELBQADggEBAJLZs60ya9e1cqH2ggAq1yBRj9PHcaJ166tnXhIj
d2Gzkolt94ZStZtBOr2TAfZ1Y0HuhilqKcp0qkrRn+zAzuD6o1SjDiDaaYPEC1Ou
KvZi3TBvtp9Y65VXNnCQ6Rz5SLum/PnmD169V+QJoax7wgPBdNlZfCSJJRSo1fLT
Kz/K66lmDJuDDEofzbqutxIKntAcMKOS4eJET7HsxGKN5MOtFOV1qdeNtrMvefEl
blK9g0lETI4XPCpMpSM2DANJXHbugY39Mz9GzwFnQ/w6pve9Dnaj06iaBddoOoA4
98g5S2MGtPYD06vEsnR6pbRa+PVGiJLStfdgPvC4ZlOmxVo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org