Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XrMgiHOOhp5APxaUs77dBdMVP48.roa
File:                     XrMgiHOOhp5APxaUs77dBdMVP48.roa (raw, json)
Hash identifier:          2/ofBaEmxE8ahYHxAYaGkSFZqad0tCxq+tKdfUy4Xq0=
Subject key identifier:   5E:B3:20:88:73:8E:86:9E:40:3F:16:94:B3:BE:DD:05:D3:15:3F:8F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018AB74529650DE92A39A340B2F81D076B36
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XrMgiHOOhp5APxaUs77dBdMVP48.roa
Signing time:             Thu 21 Sep 2023 10:24:37 +0000
ROA not before:           Thu 21 Sep 2023 10:24:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.140.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.67.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.135.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.137.0/24 maxlen: 24
                          89.213.138.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.250.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          213.152.62.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 04 Oct 2023 10:30:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b7:45:29:65:0d:e9:2a:39:a3:40:b2:f8:1d:07:6b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 21 10:24:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5eb32088738e869e403f1694b3bedd05d3153f8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f0:29:00:e7:2c:c3:dc:ca:71:cf:78:e9:35:
                    c2:d5:9c:0a:3b:6d:e8:f6:56:4b:f5:64:5c:e3:1f:
                    db:4d:5e:d6:0c:d7:18:5c:ea:b4:73:d1:ed:aa:63:
                    38:71:8e:14:88:fd:f2:2b:be:d6:11:b6:85:ff:04:
                    71:e1:84:f6:cf:71:ac:22:ac:c2:b1:f3:98:fb:2e:
                    9e:ec:fe:55:2b:04:f5:55:76:ff:2d:20:e5:1f:49:
                    a6:79:3a:60:e1:46:1d:9b:dc:28:06:ef:25:2e:ba:
                    26:26:fd:da:5c:d7:32:6c:70:03:0d:ea:08:0d:41:
                    db:5e:71:8e:cf:cb:4b:ce:99:8e:0c:e1:c7:6e:05:
                    31:0e:9b:e5:b5:36:38:72:fb:45:eb:eb:24:81:8a:
                    49:0c:02:a3:b0:7d:ef:15:cc:24:b9:23:81:c8:c0:
                    00:06:9b:fe:63:b5:b2:d4:20:b7:a9:c9:73:11:79:
                    90:6d:59:76:ef:08:27:25:96:1e:a4:3a:08:49:ba:
                    f0:b9:b3:f3:6d:dd:04:4b:06:17:1b:67:71:02:92:
                    2e:2c:cb:ee:ed:7c:1b:7c:4e:46:0a:4a:cc:3c:cd:
                    b5:e2:a9:94:3f:e6:42:3b:31:70:8d:1b:1a:5a:16:
                    69:44:4e:d3:29:31:b5:13:2a:53:4b:85:ff:5f:70:
                    93:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:B3:20:88:73:8E:86:9E:40:3F:16:94:B3:BE:DD:05:D3:15:3F:8F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XrMgiHOOhp5APxaUs77dBdMVP48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  82.152.111.0/24
                  82.152.250.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.67.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.137.0/24
                  82.153.139.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.240.0/24
                  82.153.248.0-82.153.250.255
                  89.213.133.0-89.213.138.255
                  89.213.141.0/24
                  89.213.160.0/24
                  89.213.163.0-89.213.164.255
                  89.213.168.0/24
                  89.213.170.0/24
                  89.213.184.0/23
                  89.213.188.0/23
                  109.176.209.0/24
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.249.0-109.176.250.255
                  185.49.125.0/24
                  213.152.61.0-213.152.62.255

    Signature Algorithm: sha256WithRSAEncryption
         82:53:bb:fe:6f:c7:fa:af:eb:f8:c8:97:de:45:df:4a:09:c5:
         cf:7d:b9:8f:36:e5:28:23:cb:2c:97:ca:5b:4f:6b:07:6b:2a:
         ee:9c:4d:a8:16:bc:1c:5a:f4:ab:1e:57:cb:45:1a:3b:15:3b:
         3e:d8:4f:24:1e:a3:59:d0:12:74:3b:74:7a:1b:ee:1f:0a:6a:
         dc:2c:0d:f4:18:3c:ce:51:4b:6f:27:de:ea:ee:4a:59:9c:b4:
         27:74:9a:51:39:fb:76:60:24:16:4a:f8:04:a1:81:5b:84:db:
         79:dc:47:a8:ff:62:af:8e:ff:80:e3:98:ad:77:fc:d6:c2:d3:
         63:42:27:8a:54:83:34:9f:25:b8:b5:bd:7f:c7:a9:df:f4:6c:
         68:c3:6d:77:e2:2c:3e:85:84:8d:b0:1b:05:92:ac:d8:9d:29:
         cb:71:cc:2e:a3:c0:0a:73:b1:36:0e:f0:82:7b:53:1c:1b:00:
         6f:ee:1a:24:85:ba:23:24:a9:db:7a:9c:00:f0:0c:c5:24:f6:
         4b:1a:46:7e:cd:f8:91:6d:b4:93:d0:5b:5f:61:8a:84:34:c3:
         64:72:39:86:8f:9c:b2:0d:c3:77:77:1d:f6:06:fa:f6:b8:9f:
         5d:28:a8:0f:62:d7:a4:4c:fc:87:4c:d9:a5:36:73:d8:b5:4c:
         e3:49:dd:b3
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgISAYq3RSllDekqOaNAsvgdB2s2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTIxMTAyNDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWIzMjA4ODczOGU4NjllNDAzZjE2OTRiM2JlZGQwNWQzMTUzZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifApAOcsw9zKcc946TXC1ZwKO23o
9lZL9WRc4x/bTV7WDNcYXOq0c9HtqmM4cY4UiP3yK77WEbaF/wRx4YT2z3GsIqzC
sfOY+y6e7P5VKwT1VXb/LSDlH0mmeTpg4UYdm9woBu8lLromJv3aXNcybHADDeoI
DUHbXnGOz8tLzpmODOHHbgUxDpvltTY4cvtF6+skgYpJDAKjsH3vFcwkuSOByMAA
Bpv+Y7Wy1CC3qclzEXmQbVl27wgnJZYepDoISbrwubPzbd0ESwYXG2dxApIuLMvu
7XwbfE5GCkrMPM214qmUP+ZCOzFwjRsaWhZpRE7TKTG1EypTS4X/X3CTZQIDAQAB
o4IC5jCCAuIwHQYDVR0OBBYEFF6zIIhzjoaeQD8WlLO+3QXTFT+PMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHJNZ2lIT09ocDVBUHhhVXM3N2RCZE1WUDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH7BggrBgEFBQcBBwEB/wSB6zCB6DCB5QQCAAEwgd4DBABR
BZwDBABRqCkDBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABSmUkDBABS
mU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8DAMAwQDUpn4
AwQAUpn6MAwDBABZ1YUDBABZ1YoDBABZ1Y0DBABZ1aAwDAMEAFnVowMEAFnVpAME
AFnVqAMEAFnVqgMEAVnVuAMEAVnVvAMEAG2w0QMEAG2w0wMEA22w2DAMAwQAbbD5
AwQAbbD6AwQAuTF9MAwDBADVmD0DBADVmD4wDQYJKoZIhvcNAQELBQADggEBAIJT
u/5vx/qv6/jIl95F30oJxc99uY825SgjyyyXyltPawdrKu6cTagWvBxa9KseV8tF
GjsVOz7YTyQeo1nQEnQ7dHob7h8KatwsDfQYPM5RS28n3uruSlmctCd0mlE5+3Zg
JBZK+AShgVuE23ncR6j/Yq+O/4DjmK13/NbC02NCJ4pUgzSfJbi1vX/Hqd/0bGjD
bXfiLD6FhI2wGwWSrNidKctxzC6jwApzsTYO8IJ7UxwbAG/uGiSFuiMkqdt6nADw
DMUk9ksaRn7N+JFttJPQW19hioQ0w2RyOYaPnLINw3d3HfYG+va4n10oqA9i16RM
/IdM2aU2c9i1TONJ3bM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org