Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZRosYsfiEgV6zB0whwOG1yRbEzo.roa
File:                     ZRosYsfiEgV6zB0whwOG1yRbEzo.roa (raw, json)
Hash identifier:          50pHZdDSeFxFd6uEsRp9LSUHNluy7VbPMKZrvZTs0eY=
Subject key identifier:   65:1A:2C:62:C7:E2:12:05:7A:CC:1D:30:87:03:86:D7:24:5B:13:3A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F3453E5ED18F27CF143F68C7A24687DD7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZRosYsfiEgV6zB0whwOG1yRbEzo.roa
Signing time:             Wed 01 May 2024 13:24:24 +0000
ROA not before:           Wed 01 May 2024 13:24:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.234.0/24 maxlen: 24
                          213.218.236.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 May 2024 07:54:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:34:53:e5:ed:18:f2:7c:f1:43:f6:8c:7a:24:68:7d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  1 13:24:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=651a2c62c7e212057acc1d30870386d7245b133a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d7:e7:a3:54:95:b8:05:89:1a:72:9a:54:49:
                    5f:ee:6b:e1:81:ed:d7:29:77:c6:f5:42:1a:72:bd:
                    23:5f:43:54:64:db:dc:cf:63:b9:20:23:78:75:3d:
                    9f:89:ad:a8:55:6b:04:e5:aa:c4:79:29:bb:a7:d6:
                    d4:e8:71:7b:e4:b4:81:e6:06:9e:1f:65:ae:e7:3c:
                    6a:7a:a7:88:82:3d:39:ed:3d:7a:0f:0f:0d:5a:e5:
                    24:03:3f:37:de:cf:3b:1f:80:ce:a5:1f:1c:91:69:
                    30:2b:37:43:00:60:78:92:81:a3:31:a9:02:57:59:
                    4d:24:5b:ed:10:4f:3b:d0:e8:d2:1e:69:cd:f7:54:
                    4b:19:7e:2b:61:b5:50:f9:90:ed:6d:91:84:8f:c7:
                    6c:3f:c5:99:73:09:81:ac:ac:04:1c:1f:af:7f:db:
                    80:17:80:5d:34:7b:8f:0d:f0:29:77:b0:91:cf:a7:
                    cb:82:7a:f5:b6:a2:a4:ee:52:fe:1e:62:ef:96:4c:
                    3d:ef:2c:c9:ec:f6:3f:78:ea:2a:6c:3a:41:bc:f5:
                    c7:52:b1:46:fc:2f:56:9a:03:ed:aa:ad:cf:f7:31:
                    2a:ec:0f:0a:ef:08:dd:61:0d:e1:e8:4d:a5:f0:e7:
                    06:8f:a4:75:40:70:13:93:1a:c9:8e:9d:46:91:50:
                    a8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:1A:2C:62:C7:E2:12:05:7A:CC:1D:30:87:03:86:D7:24:5B:13:3A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZRosYsfiEgV6zB0whwOG1yRbEzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.213.0/24
                  213.218.234.0/24
                  213.218.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:4e:3b:aa:ee:2e:51:55:43:05:d1:55:32:9e:bc:0e:88:f1:
         67:be:33:cf:38:75:3b:e3:3d:03:70:09:a4:19:42:bc:09:39:
         99:10:a1:58:ca:eb:f4:2a:b6:d9:76:13:a4:12:5d:64:23:04:
         09:37:3e:99:72:76:cb:c5:0c:bb:82:cb:49:20:9d:ed:a8:7e:
         d5:fa:ca:2e:cb:5e:76:84:bf:c2:6b:2e:83:c4:48:21:4f:f0:
         bb:c5:45:e0:31:4a:ab:88:46:5b:bb:f5:e9:f8:eb:48:59:9f:
         fc:50:27:a5:55:39:34:f8:0f:cc:66:1d:5f:57:1e:17:a2:8f:
         1f:ae:c4:eb:88:7b:a2:39:cc:b9:1c:f0:4f:52:00:65:29:a6:
         d1:31:7c:57:1c:c7:ea:f2:90:a3:af:31:2c:07:ab:47:54:20:
         9f:45:32:0f:ef:1c:0c:c3:11:0f:79:85:d0:0e:14:de:2a:a5:
         8d:1f:d3:b7:64:1c:81:09:cc:b1:33:b8:54:74:cc:6f:70:ef:
         72:24:10:37:78:37:16:e1:eb:30:18:54:0c:89:6b:f6:be:a7:
         84:c8:b4:42:d3:a6:06:2d:a4:03:47:d6:10:aa:51:5d:dc:5d:
         17:83:85:a5:7c:f9:c2:d9:9b:9d:3a:54:9c:95:1c:ec:1d:7d:
         00:3d:7f:df
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAY80U+XtGPJ88UP2jHokaH3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTAxMTMyNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTFhMmM2MmM3ZTIxMjA1N2FjYzFkMzA4NzAzODZkNzI0NWIxMzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdfno1SVuAWJGnKaVElf7mvhge3X
KXfG9UIacr0jX0NUZNvcz2O5ICN4dT2fia2oVWsE5arEeSm7p9bU6HF75LSB5gae
H2Wu5zxqeqeIgj057T16Dw8NWuUkAz833s87H4DOpR8ckWkwKzdDAGB4koGjMakC
V1lNJFvtEE870OjSHmnN91RLGX4rYbVQ+ZDtbZGEj8dsP8WZcwmBrKwEHB+vf9uA
F4BdNHuPDfApd7CRz6fLgnr1tqKk7lL+HmLvlkw97yzJ7PY/eOoqbDpBvPXHUrFG
/C9WmgPtqq3P9zEq7A8K7wjdYQ3h6E2l8OcGj6R1QHATkxrJjp1GkVCoHQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFGUaLGLH4hIFeswdMIcDhtckWxM6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWlJvc1lzZmlFZ1Y2ekIwd2h3T0cxeVJiRXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAFGofgME
AVKYsAMEAlKZiAMEAFKZ9QMEAFnVhTAMAwQCWdWUAwQFWdWAAwQCWdWsAwQAWdW0
AwQDbbAQAwQBuTF+AwQEwmlQAwQA1YKVAwQB1drSAwQA1drVAwQA1drqAwQA1drs
MA0GCSqGSIb3DQEBCwUAA4IBAQCaTjuq7i5RVUMF0VUynrwOiPFnvjPPOHU74z0D
cAmkGUK8CTmZEKFYyuv0KrbZdhOkEl1kIwQJNz6ZcnbLxQy7gstJIJ3tqH7V+sou
y152hL/Cay6DxEghT/C7xUXgMUqriEZbu/Xp+OtIWZ/8UCelVTk0+A/MZh1fVx4X
oo8frsTriHuiOcy5HPBPUgBlKabRMXxXHMfq8pCjrzEsB6tHVCCfRTIP7xwMwxEP
eYXQDhTeKqWNH9O3ZByBCcyxM7hUdMxvcO9yJBA3eDcW4eswGFQMiWv2vqeEyLRC
06YGLaQDR9YQqlFd3F0Xg4WlfPnC2ZudOlSclRzsHX0APX/f
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org