Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X5FHLCrqnzGG7k1L0xZi-mPGP6w.roa
File:                     X5FHLCrqnzGG7k1L0xZi-mPGP6w.roa (raw, json)
Hash identifier:          8y1K3KpPrE8rxcm6ubtrdN83Z0o1NyPud97y9HKS79o=
Subject key identifier:   5F:91:47:2C:2A:EA:9F:31:86:EE:4D:4B:D3:16:62:FA:63:C6:3F:AC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189B7035E0FEEB9192BECABA8026888EA07
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X5FHLCrqnzGG7k1L0xZi-mPGP6w.roa
Signing time:             Wed 02 Aug 2023 16:09:58 +0000
ROA not before:           Wed 02 Aug 2023 16:09:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     140155
IP address blocks:        109.176.252.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 07 Aug 2023 07:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b7:03:5e:0f:ee:b9:19:2b:ec:ab:a8:02:68:88:ea:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  2 16:09:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f91472c2aea9f3186ee4d4bd31662fa63c63fac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7d:49:f9:bb:7f:b2:ba:53:d9:5b:50:5e:20:
                    ba:1c:9d:e4:0e:36:9b:7d:77:51:df:52:6b:f8:89:
                    61:4b:a7:2c:e9:1f:a6:49:db:b3:e3:e0:e1:30:19:
                    fa:bd:82:e3:61:0f:55:8e:21:0c:b8:5b:21:66:9e:
                    7d:13:ee:29:ee:e0:35:ce:b9:fa:7b:3c:f8:f5:62:
                    40:c0:5b:b6:bb:5c:6a:04:e7:e1:bf:4f:57:75:c2:
                    79:d0:9d:71:34:97:7f:d2:4a:08:6f:f8:db:17:10:
                    58:2a:71:48:e4:2a:b9:a2:9a:73:da:b2:09:03:58:
                    de:6d:74:ee:5a:8b:fb:af:67:10:12:4f:82:95:55:
                    0b:cc:52:c5:b6:e7:b4:e9:9b:be:b0:12:20:92:9b:
                    bd:fe:df:fa:90:75:e5:4e:4d:b6:ba:4d:85:d7:c6:
                    6d:46:83:cb:e6:be:2a:83:7f:68:f0:46:5c:53:af:
                    50:f6:4f:87:7c:24:b2:37:dc:8a:c1:37:32:1e:65:
                    da:58:65:32:86:38:75:cd:44:91:0b:73:a5:89:38:
                    28:6f:d5:53:a4:84:de:bf:c9:60:e3:d2:78:9b:df:
                    af:dd:34:1f:c8:5f:c1:35:9d:bb:25:7e:3c:91:d5:
                    53:53:46:39:04:38:e8:7f:9a:8e:33:4b:6d:6c:3e:
                    88:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:91:47:2C:2A:EA:9F:31:86:EE:4D:4B:D3:16:62:FA:63:C6:3F:AC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X5FHLCrqnzGG7k1L0xZi-mPGP6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.225.0/24
                  89.213.47.0/24
                  89.213.141.0/24
                  89.213.146.0/24
                  89.213.154.0/24
                  89.213.162.0/24
                  89.213.164.0/24
                  89.213.174.0/24
                  89.213.181.0/24
                  89.213.188.0/23
                  109.176.251.0-109.176.252.255

    Signature Algorithm: sha256WithRSAEncryption
         89:60:cc:7d:cd:5c:ee:c1:97:74:e0:c2:e8:e1:dc:73:21:16:
         f6:37:9f:37:6f:39:21:5c:2a:62:d8:53:aa:21:cb:17:61:bc:
         18:26:f8:13:c8:f3:06:fc:c9:73:bc:27:d4:29:b8:ad:a2:1a:
         5c:a1:25:fc:64:20:a4:e7:c2:58:4c:80:e5:ff:7e:a0:5f:a8:
         98:e4:5a:48:00:9b:59:de:eb:4c:36:3c:37:ad:c3:a6:8b:0f:
         a5:ee:06:47:f3:99:f5:e1:5a:cf:cb:ec:58:ae:54:45:de:69:
         0d:60:5c:19:99:5b:7b:9d:92:71:d9:6d:b6:db:fa:ac:a5:4c:
         d5:bc:f6:21:3c:e0:e9:a1:15:07:79:7b:81:15:e3:01:0c:a1:
         be:7a:0f:36:3c:90:c0:0b:2b:29:62:02:1c:a0:12:60:06:6b:
         6c:15:47:28:7e:9b:a9:a8:e5:30:63:87:11:8f:95:9e:0c:60:
         74:70:20:ab:ee:d1:77:ca:b4:fd:5c:f5:10:1c:2e:fd:e0:9a:
         c1:65:0e:fd:5e:29:1f:c3:8d:9e:0f:3b:6d:66:5f:04:09:9b:
         b0:ac:6f:69:ef:f3:50:8d:90:bd:e2:4c:6a:f3:0a:5a:03:95:
         cd:88:69:39:29:00:f5:b0:fd:56:00:fb:8a:b3:1e:54:6e:c0:
         0f:a5:cb:39
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYm3A14P7rkZK+yrqAJoiOoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODAyMTYwOTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjkxNDcyYzJhZWE5ZjMxODZlZTRkNGJkMzE2NjJmYTYzYzYzZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxH1J+bt/srpT2VtQXiC6HJ3kDjab
fXdR31Jr+IlhS6cs6R+mSduz4+DhMBn6vYLjYQ9VjiEMuFshZp59E+4p7uA1zrn6
ezz49WJAwFu2u1xqBOfhv09XdcJ50J1xNJd/0koIb/jbFxBYKnFI5Cq5oppz2rIJ
A1jebXTuWov7r2cQEk+ClVULzFLFtue06Zu+sBIgkpu9/t/6kHXlTk22uk2F18Zt
RoPL5r4qg39o8EZcU69Q9k+HfCSyN9yKwTcyHmXaWGUyhjh1zUSRC3OliTgob9VT
pITev8lg49J4m9+v3TQfyF/BNZ27JX48kdVTU0Y5BDjof5qOM0ttbD6IMQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFF+RRywq6p8xhu5NS9MWYvpjxj+sMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWDVGSExDcnFuekdHN2sxTDB4WmktbVBHUDZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUpnhAwQA
WdUvAwQAWdWNAwQAWdWSAwQAWdWaAwQAWdWiAwQAWdWkAwQAWdWuAwQAWdW1AwQB
WdW8MAwDBABtsPsDBABtsPwwDQYJKoZIhvcNAQELBQADggEBAIlgzH3NXO7Bl3Tg
wujh3HMhFvY3nzdvOSFcKmLYU6ohyxdhvBgm+BPI8wb8yXO8J9QpuK2iGlyhJfxk
IKTnwlhMgOX/fqBfqJjkWkgAm1ne60w2PDetw6aLD6XuBkfzmfXhWs/L7FiuVEXe
aQ1gXBmZW3udknHZbbbb+qylTNW89iE84OmhFQd5e4EV4wEMob56DzY8kMALKyli
AhygEmAGa2wVRyh+m6mo5TBjhxGPlZ4MYHRwIKvu0XfKtP1c9RAcLv3gmsFlDv1e
KR/DjZ4PO21mXwQJm7Csb2nv81CNkL3iTGrzCloDlc2IaTkpAPWw/VYA+4qzHlRu
wA+lyzk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org