Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XywwHzkjWSX-PErx_I1Cz40b8LQ.roa
File:                     XywwHzkjWSX-PErx_I1Cz40b8LQ.roa (raw, json)
Hash identifier:          oEYEyD4cXLoshcOZIATkf8ED7Ji2fl1MaERFgGyRF5c=
Subject key identifier:   5F:2C:30:1F:39:23:59:25:FE:3C:4A:F1:FC:8D:42:CF:8D:1B:F0:B4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC34956A7AC0A1AD8D0076ABCE334194C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XywwHzkjWSX-PErx_I1Cz40b8LQ.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24
                          89.213.178.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          89.213.4.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          89.213.161.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Jan 2024 13:29:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:56:a7:ac:0a:1a:d8:d0:07:6a:bc:e3:34:19:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f2c301f39235925fe3c4af1fc8d42cf8d1bf0b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e9:ba:95:1c:b5:f5:4c:c2:c9:f1:32:63:fc:
                    62:4b:eb:59:89:93:74:c9:8b:37:e0:77:21:05:59:
                    2c:42:9c:b8:65:21:6a:e3:a1:1e:a7:37:46:02:31:
                    ae:e5:81:a9:ee:0b:23:80:f9:3b:15:43:72:8d:64:
                    a6:24:38:9f:c9:b3:c2:e9:5a:0f:fa:4e:d9:74:c8:
                    7f:bf:4b:f2:43:78:85:5b:6f:0f:d9:c1:47:ef:48:
                    c6:2d:d1:24:be:87:ae:dc:ff:22:51:cb:0a:6f:79:
                    c8:a9:01:bb:11:2b:16:91:ed:4c:4f:30:fc:16:4c:
                    0b:63:0e:cd:9a:7b:d9:27:ea:36:e7:f4:81:b5:fc:
                    ea:77:f5:ac:72:18:67:d9:0b:d1:86:6f:dc:22:84:
                    ed:17:a8:b8:c2:2e:9c:f8:91:02:da:bf:cb:33:59:
                    90:6c:ca:7c:d6:a9:4c:1b:d5:90:7a:67:45:9a:f9:
                    5a:b8:23:00:51:dc:30:3b:94:d4:31:5e:56:bd:26:
                    2b:f9:06:fd:0a:2a:41:b4:82:c3:a1:bc:1a:0a:79:
                    4b:24:71:70:da:e8:35:aa:42:fb:f6:f1:64:ce:42:
                    5e:79:e2:83:95:82:8b:24:5d:21:a3:76:d0:d8:d3:
                    43:15:b1:7f:03:88:a7:55:75:8c:4d:e5:db:72:0d:
                    51:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:2C:30:1F:39:23:59:25:FE:3C:4A:F1:FC:8D:42:CF:8D:1B:F0:B4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XywwHzkjWSX-PErx_I1Cz40b8LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0-81.168.120.255
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/24
                  82.153.69.0/24
                  82.153.72.0/24
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/24
                  89.213.4.0/24
                  89.213.6.0/23
                  89.213.130.0/24
                  89.213.161.0/24
                  89.213.178.0/24
                  89.213.190.0/24
                  109.176.247.0/24
                  109.176.251.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:c5:af:02:c2:c1:00:82:01:d0:b0:a3:78:00:09:f6:e1:c8:
         f5:fe:4d:69:44:55:03:4f:76:06:74:af:99:f7:aa:59:c6:74:
         cd:16:a4:a6:c0:1b:7b:f5:94:b1:15:41:82:49:de:8b:bc:bb:
         cc:1d:f3:2f:ac:52:b8:73:ba:13:47:24:33:ef:5f:8a:1f:cd:
         c2:df:18:25:4f:9d:2d:62:93:8b:13:bc:bf:05:fa:c9:6f:e4:
         7d:94:3d:5b:ed:9f:2d:c1:0e:a7:a5:03:b1:99:21:51:ae:c0:
         5d:bd:13:79:3b:7a:b8:ce:b2:f1:6f:4a:14:d1:39:75:54:ae:
         7e:3a:57:82:1d:be:ac:86:2d:98:a9:58:0d:26:93:3c:3c:91:
         48:ec:31:08:6a:b7:5a:72:4f:79:cc:af:6f:d9:a2:f4:7e:83:
         39:3f:ac:02:93:36:b6:7c:f9:0a:68:c9:b9:4f:cb:46:1d:4f:
         9b:2e:ab:27:32:54:6a:7c:e3:85:dd:8c:c5:8f:97:51:86:78:
         f9:7a:d2:90:e5:17:b9:ac:56:58:85:cd:45:a5:15:5e:58:71:
         b9:fa:6c:aa:4f:58:29:bd:7f:12:4c:f7:86:0a:1b:b8:10:88:
         76:b5:ec:e5:e4:c4:5a:9e:07:ed:56:05:9b:8c:4a:20:1c:7a:
         26:45:db:54
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYzDSVanrAoa2NAHarzjNBlMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjJjMzAxZjM5MjM1OTI1ZmUzYzRhZjFmYzhkNDJjZjhkMWJmMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOm6lRy19UzCyfEyY/xiS+tZiZN0
yYs34HchBVksQpy4ZSFq46EepzdGAjGu5YGp7gsjgPk7FUNyjWSmJDifybPC6VoP
+k7ZdMh/v0vyQ3iFW28P2cFH70jGLdEkvoeu3P8iUcsKb3nIqQG7ESsWke1MTzD8
FkwLYw7NmnvZJ+o25/SBtfzqd/Wschhn2QvRhm/cIoTtF6i4wi6c+JEC2r/LM1mQ
bMp81qlMG9WQemdFmvlauCMAUdwwO5TUMV5WvSYr+Qb9CipBtILDobwaCnlLJHFw
2ug1qkL79vFkzkJeeeKDlYKLJF0ho3bQ2NNDFbF/A4inVXWMTeXbcg1RQQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFF8sMB85I1kl/jxK8fyNQs+NG/C0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHl3d0h6a2pXU1gtUEVyeF9JMUN6NDBiOExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdDAMAwQAUah3
AwQAUah4AwQAUpj4AwQAUpj7AwQAUpj+AwQAUplFAwQAUplIAwQAUplPAwQAUpmE
AwQAUpngAwQAWdUEAwQBWdUGAwQAWdWCAwQAWdWhAwQAWdWyAwQAWdW+AwQAbbD3
AwQAbbD7AwQAuTF8MA0GCSqGSIb3DQEBCwUAA4IBAQB8xa8CwsEAggHQsKN4AAn2
4cj1/k1pRFUDT3YGdK+Z96pZxnTNFqSmwBt79ZSxFUGCSd6LvLvMHfMvrFK4c7oT
RyQz71+KH83C3xglT50tYpOLE7y/BfrJb+R9lD1b7Z8twQ6npQOxmSFRrsBdvRN5
O3q4zrLxb0oU0Tl1VK5+OleCHb6shi2YqVgNJpM8PJFI7DEIardack95zK9v2aL0
foM5P6wCkza2fPkKaMm5T8tGHU+bLqsnMlRqfOOF3YzFj5dRhnj5etKQ5Re5rFZY
hc1FpRVeWHG5+myqT1gpvX8STPeGChu4EIh2tezl5MRangftVgWbjEogHHomRdtU
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org