Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y4r5RLL54mIw_NTbiJVJCtQbRmY.roa
File:                     Y4r5RLL54mIw_NTbiJVJCtQbRmY.roa (raw, json)
Hash identifier:          0ySoUNo7V9qTFP5Wdvy6C+3j0CKks6w1FpbuGlwMoP8=
Subject key identifier:   63:8A:F9:44:B2:F9:E2:62:30:FC:D4:DB:88:95:49:0A:D4:1B:46:66
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BDC72EEF29D33DDE45A6F6CC23FFF26CD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y4r5RLL54mIw_NTbiJVJCtQbRmY.roa
Signing time:             Fri 17 Nov 2023 08:43:21 +0000
ROA not before:           Fri 17 Nov 2023 08:43:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        89.213.43.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          89.213.161.0/24 maxlen: 24
                          82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24
                          89.213.4.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 19 Nov 2023 14:30:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:dc:72:ee:f2:9d:33:dd:e4:5a:6f:6c:c2:3f:ff:26:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 17 08:43:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=638af944b2f9e26230fcd4db8895490ad41b4666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bc:65:64:b2:fd:95:1b:dd:78:2e:d1:19:c7:
                    88:64:2c:4d:3d:f5:65:c1:50:3e:6f:a6:f2:66:a2:
                    32:df:7b:9f:10:b1:bd:12:02:7a:76:fb:9c:19:71:
                    7a:ac:03:ec:cf:d1:35:72:08:09:55:9c:46:d7:14:
                    4d:4c:54:81:9b:7b:35:98:a7:90:98:24:5a:92:0e:
                    c0:f1:fc:42:9d:0b:74:e5:8e:37:7a:87:9e:a5:94:
                    d9:35:66:19:8d:0f:cb:98:bb:24:4f:4e:7f:8c:43:
                    2a:cd:a5:a7:60:a9:36:6e:d4:b6:ea:eb:ce:e5:2b:
                    58:17:4f:b0:ec:de:1b:fa:15:cc:6a:ba:f1:53:f8:
                    57:fe:f3:e0:1d:a4:39:84:71:72:c5:4d:c1:d8:ea:
                    ab:50:13:84:d8:cb:36:0b:28:08:3d:b2:cd:89:ba:
                    cd:0b:30:f9:a7:25:22:a1:c7:d0:34:a6:4a:23:7c:
                    70:14:ba:82:7e:4d:5e:56:8e:a2:a5:2d:0a:e8:98:
                    83:5f:78:c5:81:0b:e6:a1:8c:e2:f8:a4:f1:af:b4:
                    18:4d:26:c3:f7:99:b9:1a:b6:c2:82:a7:b0:15:e7:
                    ec:c0:05:c4:85:dc:43:41:bb:eb:89:a9:d0:66:77:
                    77:18:31:c4:b4:bf:3f:12:fd:55:8f:e5:8b:e2:36:
                    cc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:8A:F9:44:B2:F9:E2:62:30:FC:D4:DB:88:95:49:0A:D4:1B:46:66
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Y4r5RLL54mIw_NTbiJVJCtQbRmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  81.168.119.0-81.168.120.255
                  81.168.126.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/24
                  82.153.1.0/24
                  82.153.69.0/24
                  82.153.72.0/24
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/23
                  89.213.4.0/24
                  89.213.6.0/23
                  89.213.43.0/24
                  89.213.130.0/24
                  89.213.145.0-89.213.146.255
                  89.213.161.0/24
                  89.213.190.0/24
                  109.176.208.0/24
                  109.176.247.0/24
                  109.176.251.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:f6:7b:32:01:c0:0e:4b:36:a3:cb:c5:08:0b:a0:9f:cf:c3:
         93:3b:9f:b5:f6:e6:05:3b:1b:7f:39:a8:19:49:a2:42:50:55:
         2a:8d:1f:16:6c:67:97:05:86:39:2c:b8:c2:a1:21:81:ea:a8:
         da:89:29:61:7f:2e:64:56:a6:e8:db:35:f8:4a:66:7a:94:a9:
         a0:76:ae:e1:b1:0d:06:57:15:6e:05:c8:70:64:db:79:59:71:
         01:63:dd:f5:17:f7:d0:a1:57:e4:0a:83:2b:80:c2:4a:28:31:
         7f:5c:d9:af:c6:43:8b:1d:4c:0e:cf:d6:07:84:0d:a5:45:44:
         bb:92:24:9b:90:5a:2b:36:53:c2:8f:e1:e3:e7:e0:44:0d:18:
         53:1d:66:1b:7f:7b:48:24:ba:b6:5e:e3:56:55:cf:ed:a6:2e:
         9f:62:c4:36:55:62:8e:65:1b:13:29:98:fc:a0:5b:26:eb:43:
         96:ca:5d:69:e1:15:4c:cb:84:f5:47:1c:a2:46:13:d6:dd:ed:
         36:e5:e1:9b:d4:15:46:ff:cd:c7:b8:4e:84:0d:17:f2:5c:11:
         9a:4e:0d:1e:7f:17:2f:88:65:d5:41:6d:ef:94:a3:52:d1:88:
         aa:9b:19:fa:c2:82:0c:26:61:35:00:1a:ea:ef:e2:3a:f6:40:
         bb:b4:6d:25
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAYvccu7ynTPd5FpvbMI//ybNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE3MDg0MzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzhhZjk0NGIyZjllMjYyMzBmY2Q0ZGI4ODk1NDkwYWQ0MWI0NjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7xlZLL9lRvdeC7RGceIZCxNPfVl
wVA+b6byZqIy33ufELG9EgJ6dvucGXF6rAPsz9E1cggJVZxG1xRNTFSBm3s1mKeQ
mCRakg7A8fxCnQt05Y43eoeepZTZNWYZjQ/LmLskT05/jEMqzaWnYKk2btS26uvO
5StYF0+w7N4b+hXMarrxU/hX/vPgHaQ5hHFyxU3B2OqrUBOE2Ms2CygIPbLNibrN
CzD5pyUiocfQNKZKI3xwFLqCfk1eVo6ipS0K6JiDX3jFgQvmoYzi+KTxr7QYTSbD
95m5GrbCgqewFefswAXEhdxDQbvrianQZnd3GDHEtL8/Ev1Vj+WL4jbM/wIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFGOK+USy+eJiMPzU24iVSQrUG0ZmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWTRyNVJMTDU0bUl3X05UYmlKVkpDdFFiUm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZoDBABR
qHQwDAMEAFGodwMEAFGoeAMEAFGofgMEAFKY+AMEAFKY+wMEAFKY/gMEAFKZAQME
AFKZRQMEAFKZSAMEAFKZTwMEAFKZhAMEAVKZ4AMEAFnVBAMEAVnVBgMEAFnVKwME
AFnVgjAMAwQAWdWRAwQAWdWSAwQAWdWhAwQAWdW+AwQAbbDQAwQAbbD3AwQAbbD7
AwQAuTF8MA0GCSqGSIb3DQEBCwUAA4IBAQAA9nsyAcAOSzajy8UIC6Cfz8OTO5+1
9uYFOxt/OagZSaJCUFUqjR8WbGeXBYY5LLjCoSGB6qjaiSlhfy5kVqbo2zX4SmZ6
lKmgdq7hsQ0GVxVuBchwZNt5WXEBY931F/fQoVfkCoMrgMJKKDF/XNmvxkOLHUwO
z9YHhA2lRUS7kiSbkForNlPCj+Hj5+BEDRhTHWYbf3tIJLq2XuNWVc/tpi6fYsQ2
VWKOZRsTKZj8oFsm60OWyl1p4RVMy4T1RxyiRhPW3e025eGb1BVG/83HuE6EDRfy
XBGaTg0efxcviGXVQW3vlKNS0Yiqmxn6woIMJmE1ABrq7+I69kC7tG0l
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org