Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_1MxiBog38hNXuJ2yO8p7t25BHI.roa
File:                     _1MxiBog38hNXuJ2yO8p7t25BHI.roa (raw, json)
Hash identifier:          feu4/ypaAowv+aIwtWOr8C6/gyKT/mvKl4W64tXMLIA=
Subject key identifier:   FF:53:31:88:1A:20:DF:C8:4D:5E:E2:76:C8:EF:29:EE:DD:B9:04:72
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189B030104FF23CD426C3E542D37998A927
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_1MxiBog38hNXuJ2yO8p7t25BHI.roa
Signing time:             Tue 01 Aug 2023 08:21:27 +0000
ROA not before:           Tue 01 Aug 2023 08:21:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.111.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.210.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.65.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 01 Aug 2023 08:33:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b0:30:10:4f:f2:3c:d4:26:c3:e5:42:d3:79:98:a9:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  1 08:21:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff5331881a20dfc84d5ee276c8ef29eeddb90472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0b:24:5a:b6:25:e9:7a:18:1c:99:3e:be:3e:
                    5a:c8:b2:2d:2a:e7:84:c9:ec:0c:a2:8f:9c:61:68:
                    97:0c:cd:94:ea:2b:ce:dd:23:a9:74:5c:1a:be:40:
                    e8:6c:de:c0:f3:be:2d:a4:fc:3b:6a:e5:60:f2:36:
                    6b:ef:0a:d6:97:5e:98:97:3b:36:e6:8c:c2:97:7b:
                    cb:7b:0d:08:4c:64:2e:87:bc:9d:f8:df:f2:21:b4:
                    18:ab:ab:55:02:55:74:74:6b:0c:7d:15:fc:f1:3f:
                    59:f4:15:2d:c1:e5:32:e1:05:75:6a:f7:31:89:a5:
                    81:3d:ec:92:62:77:7d:b5:64:c9:c2:87:b8:11:83:
                    dc:7a:9c:22:10:e8:ea:47:dd:48:4f:07:38:d3:ff:
                    12:28:59:97:ab:63:99:2a:fd:28:5d:f1:13:32:6f:
                    e1:ac:04:34:e0:68:ee:db:96:a7:db:2b:a6:a2:01:
                    94:f9:fd:f9:2d:fd:ee:93:3e:20:96:cd:73:04:aa:
                    c1:cc:49:76:84:cc:e8:23:8c:5d:9d:8c:b8:b4:5f:
                    73:21:3e:27:7d:35:fd:fd:34:fe:06:4c:bc:a0:7b:
                    9f:05:79:a2:a4:17:49:1b:b8:34:f5:80:c2:73:16:
                    07:71:31:2f:6d:c8:26:ce:2e:2c:0f:8c:e6:af:b5:
                    ad:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:53:31:88:1A:20:DF:C8:4D:5E:E2:76:C8:EF:29:EE:DD:B9:04:72
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_1MxiBog38hNXuJ2yO8p7t25BHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.65.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.130.0/24
                  89.213.136.0/24
                  89.213.139.0-89.213.140.255
                  89.213.184.0/24
                  89.213.190.0/24
                  109.176.210.0/23
                  109.176.240.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:dd:9e:a0:1e:51:72:3e:1f:f0:e4:b8:f2:a1:4d:15:32:eb:
         61:72:33:82:1d:d7:09:4c:33:4c:71:c3:e2:19:c6:cc:7e:0f:
         aa:35:1c:01:6c:88:43:c6:ce:83:e2:78:0f:d5:62:84:8d:57:
         b9:69:ae:59:36:f0:22:b0:42:67:94:a3:91:fb:10:f4:67:93:
         13:46:72:5d:ba:b4:e7:34:6a:4a:5f:2f:00:08:0f:4a:e2:45:
         20:50:ef:3d:ad:42:70:d6:f0:52:05:09:cd:81:47:b9:dc:bf:
         5d:a1:a1:dd:4d:08:59:64:bd:56:b1:33:de:98:e9:4a:c4:66:
         fd:05:18:c4:9a:db:e7:4f:53:ba:b0:03:c2:89:32:57:05:62:
         d9:c1:a5:b3:9b:d7:ed:f1:08:3a:df:79:8d:88:15:40:3d:49:
         e8:69:bb:d8:de:86:57:ee:1f:a5:d5:ed:48:74:4c:9a:e9:d4:
         d7:71:ab:57:ef:87:9f:9f:a6:59:d8:ce:3c:c9:fa:0f:17:11:
         84:ee:a7:5d:72:b2:f9:69:15:cd:17:fc:32:1d:e3:41:a4:4b:
         c3:37:5d:af:18:2c:12:a4:87:09:1c:5f:06:e3:c8:26:6c:48:
         5b:81:f2:03:d1:5b:fe:74:55:b1:71:4a:ef:b8:15:79:1a:bc:
         ca:9f:50:84
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYmwMBBP8jzUJsPlQtN5mKknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODAxMDgyMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjUzMzE4ODFhMjBkZmM4NGQ1ZWUyNzZjOGVmMjllZWRkYjkwNDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQskWrYl6XoYHJk+vj5ayLItKueE
yewMoo+cYWiXDM2U6ivO3SOpdFwavkDobN7A874tpPw7auVg8jZr7wrWl16Ylzs2
5ozCl3vLew0ITGQuh7yd+N/yIbQYq6tVAlV0dGsMfRX88T9Z9BUtweUy4QV1avcx
iaWBPeySYnd9tWTJwoe4EYPcepwiEOjqR91ITwc40/8SKFmXq2OZKv0oXfETMm/h
rAQ04Gju25an2yumogGU+f35Lf3ukz4gls1zBKrBzEl2hMzoI4xdnYy4tF9zIT4n
fTX9/TT+Bky8oHufBXmipBdJG7g09YDCcxYHcTEvbcgmzi4sD4zmr7Wt+QIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFP9TMYgaIN/ITV7idsjvKe7duQRyMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvXzFNeGlCb2czOGhOWHVKMnlPOHA3dDI1QkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBABR
BZwDBABRqHcDBABRqHsDBABSmG8DBAFSmPwDBABSmP8DBABSmQEDBABSmUEDBABS
mUkDBABSmU4DBAJSmYgDBABSmd8DBABSmfADBABSmfkDBABZ1YIDBABZ1YgwDAME
AFnViwMEAFnVjAMEAFnVuAMEAFnVvgMEAW2w0gMEAG2w8AMEANWYKjANBgkqhkiG
9w0BAQsFAAOCAQEAJ92eoB5Rcj4f8OS48qFNFTLrYXIzgh3XCUwzTHHD4hnGzH4P
qjUcAWyIQ8bOg+J4D9VihI1XuWmuWTbwIrBCZ5SjkfsQ9GeTE0ZyXbq05zRqSl8v
AAgPSuJFIFDvPa1CcNbwUgUJzYFHudy/XaGh3U0IWWS9VrEz3pjpSsRm/QUYxJrb
509TurADwokyVwVi2cGls5vX7fEIOt95jYgVQD1J6Gm72N6GV+4fpdXtSHRMmunU
13GrV++Hn5+mWdjOPMn6DxcRhO6nXXKy+WkVzRf8Mh3jQaRLwzddrxgsEqSHCRxf
BuPIJmxIW4HyA9Fb/nRVsXFK77gVeRq8yp9QhA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org