Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_9cha9lPH_gphWzemeTf_T7u-nU.roa
File:                     _9cha9lPH_gphWzemeTf_T7u-nU.roa (raw, json)
Hash identifier:          9/Vag2kYNRs13m3ih509VLcrt+f7gPbT3K9cDjY+Cz8=
Subject key identifier:   FF:D7:21:6B:D9:4F:1F:F8:29:85:6C:DE:99:E4:DF:FD:3E:EE:FA:75
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0188B973A2FEA573CFC4F016D418DFA2D903
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_9cha9lPH_gphWzemeTf_T7u-nU.roa
Signing time:             Wed 14 Jun 2023 10:29:03 +0000
ROA not before:           Wed 14 Jun 2023 10:29:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8851
IP address blocks:        89.213.64.0/18 maxlen: 24
                          37.252.24.0/21 maxlen: 24
                          80.240.80.0/20 maxlen: 20
                          77.107.64.0/18 maxlen: 24
                          213.210.0.0/18 maxlen: 24
                          85.159.128.0/21 maxlen: 24
                          212.38.64.0/19 maxlen: 24
                          37.98.144.0/21 maxlen: 24
                          37.98.144.0/22 maxlen: 24
                          109.176.0.0/16 maxlen: 16
                          89.213.48.0/20 maxlen: 24
                          213.218.208.0/20 maxlen: 24
                          89.31.232.0/21 maxlen: 24
                          79.99.72.0/21 maxlen: 24
                          185.20.32.0/22 maxlen: 24
                          185.20.34.0/24 maxlen: 24
                          185.20.35.0/24 maxlen: 24
                          213.218.224.0/19 maxlen: 24
                          81.168.0.0/17 maxlen: 17
                          89.213.128.0/17 maxlen: 24
                          82.163.0.0/19 maxlen: 24
                          217.144.144.0/20 maxlen: 24
                          217.145.64.0/20 maxlen: 24
                          185.49.124.0/22 maxlen: 24
                          185.24.84.0/22 maxlen: 24
                          89.213.0.0/21 maxlen: 24
                          213.130.128.0/19 maxlen: 24
                          194.105.64.0/19 maxlen: 24
                          81.5.128.0/18 maxlen: 18
                          82.152.0.0/15 maxlen: 15
                          195.128.138.0/24 maxlen: 24
                          213.152.32.0/19 maxlen: 19
                          2a02:21f8::/32 maxlen: 32
                          2a00:c60::/32 maxlen: 32
                          2001:1a90::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 16 Jun 2023 16:09:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b9:73:a2:fe:a5:73:cf:c4:f0:16:d4:18:df:a2:d9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 14 10:29:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ffd7216bd94f1ff829856cde99e4dffd3eeefa75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:2d:a9:84:1e:8c:e8:3c:17:a0:90:65:a6:bf:
                    94:0d:9b:6e:53:9d:18:4b:ed:0d:4e:15:e1:ab:9c:
                    eb:e2:36:14:8f:27:2d:bb:81:3f:bb:9c:27:ac:16:
                    3d:d4:8d:61:54:4b:48:04:83:f3:ef:13:33:df:63:
                    2d:ec:3b:fa:e4:19:6b:04:ff:69:75:4f:cb:31:86:
                    1b:b9:a2:df:f7:78:17:b9:9e:f8:2c:e4:5f:c8:56:
                    9f:5a:c3:1e:19:76:00:2b:17:8e:4e:6b:40:ac:e3:
                    ae:ba:e8:18:e2:70:f5:70:f9:d3:88:60:9d:fb:04:
                    81:d3:f2:69:88:c2:1b:40:5f:46:c4:c0:43:2e:48:
                    2a:fc:e6:73:2b:61:63:b6:2b:ef:45:37:97:66:cb:
                    9e:ea:ee:25:1a:4a:68:2e:a8:ea:39:ac:33:c2:92:
                    48:14:71:6b:b3:c6:36:e7:9d:d7:61:d5:34:52:01:
                    f4:f3:0f:68:97:b1:35:4c:fa:4e:2a:d8:29:81:cd:
                    87:3f:16:f9:2e:93:5b:37:72:a5:32:d3:65:69:20:
                    cc:41:d9:86:e2:d8:25:81:62:1b:66:50:fa:4c:f5:
                    40:ca:de:1f:ba:11:ac:f5:6b:f2:27:9e:58:7e:02:
                    50:ee:9a:42:77:e5:bd:24:05:42:2d:54:d4:fd:7e:
                    51:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:D7:21:6B:D9:4F:1F:F8:29:85:6C:DE:99:E4:DF:FD:3E:EE:FA:75
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_9cha9lPH_gphWzemeTf_T7u-nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.144.0/21
                  37.252.24.0/21
                  77.107.64.0/18
                  79.99.72.0/21
                  80.240.80.0/20
                  81.5.128.0/18
                  81.168.0.0/17
                  82.152.0.0/15
                  82.163.0.0/19
                  85.159.128.0/21
                  89.31.232.0/21
                  89.213.0.0/21
                  89.213.48.0-89.213.255.255
                  109.176.0.0/16
                  185.20.32.0/22
                  185.24.84.0/22
                  185.49.124.0/22
                  194.105.64.0/19
                  195.128.138.0/24
                  212.38.64.0/19
                  213.130.128.0/19
                  213.152.32.0/19
                  213.210.0.0/18
                  213.218.208.0-213.218.255.255
                  217.144.144.0/20
                  217.145.64.0/20
                IPv6:
                  2001:1a90::/32
                  2a00:c60::/32
                  2a02:21f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:f1:0f:c2:c9:17:8c:3e:b0:fd:cc:13:b0:c3:c9:9a:09:cd:
         b8:e8:b5:a7:17:e6:8a:0a:c3:14:22:76:a0:e1:97:4b:07:9e:
         ab:de:53:bb:c8:23:6a:86:89:a5:41:06:26:30:77:1c:3f:df:
         a5:41:24:a3:b5:00:59:63:26:c2:8d:d8:19:e7:12:24:5d:e4:
         35:81:1b:1d:95:46:a5:f7:11:89:b4:15:5e:84:66:07:50:eb:
         fa:5d:3b:90:d5:b5:c0:0a:fa:56:9f:13:98:04:84:0a:a5:39:
         c1:3b:4f:44:17:c0:a8:d4:ad:52:4a:5c:65:78:dd:02:bf:29:
         e6:69:8e:74:ef:99:1d:02:df:4d:d4:b3:eb:59:03:4d:6e:2c:
         00:06:1c:c0:06:73:c7:5e:48:01:99:3c:11:96:b6:d8:4b:f2:
         6b:09:a2:87:9f:6a:f4:70:49:63:8b:de:91:31:42:47:70:60:
         e5:50:8e:69:33:24:e0:0d:ab:0e:c9:bf:50:4d:ed:9e:42:15:
         2d:2a:48:3b:a0:38:f8:cd:c6:d6:50:42:d8:a4:e5:f9:75:1a:
         3f:7f:e6:3a:cb:be:b6:c7:b5:cd:8c:7a:0a:5c:63:4c:2f:8d:
         bd:cb:64:90:f3:a7:f6:ce:e8:de:f7:3b:3d:4e:39:a2:50:bc:
         fb:dd:53:b9
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAYi5c6L+pXPPxPAW1BjfotkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjE0MTAyOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmQ3MjE2YmQ5NGYxZmY4Mjk4NTZjZGU5OWU0ZGZmZDNlZWVmYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5S2phB6M6DwXoJBlpr+UDZtuU50Y
S+0NThXhq5zr4jYUjyctu4E/u5wnrBY91I1hVEtIBIPz7xMz32Mt7Dv65BlrBP9p
dU/LMYYbuaLf93gXuZ74LORfyFafWsMeGXYAKxeOTmtArOOuuugY4nD1cPnTiGCd
+wSB0/JpiMIbQF9GxMBDLkgq/OZzK2FjtivvRTeXZsue6u4lGkpoLqjqOawzwpJI
FHFrs8Y2553XYdU0UgH08w9ol7E1TPpOKtgpgc2HPxb5LpNbN3KlMtNlaSDMQdmG
4tglgWIbZlD6TPVAyt4fuhGs9WvyJ55YfgJQ7ppCd+W9JAVCLVTU/X5RpwIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFP/XIWvZTx/4KYVs3pnk3/0+7vp1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvXzljaGE5bFBIX2dwaFd6ZW1lVGZfVDd1LW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHiBggrBgEFBQcBBwEB/wSB0jCBzzCBrwQCAAEwgagDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6AMEA1nVADALAwQEWdUwAwMBWdQDAwBtsAMEArkUIAMEArkY
VAMEArkxfAMEBcJpQAMEAMOAigMEBdQmQAMEBdWCgAMEBdWYIAMEBtXSADALAwQE
1drQAwMA1doDBATZkJADBATZkUAwGwQCAAIwFQMFACABGpADBQAqAAxgAwUAKgIh
+DANBgkqhkiG9w0BAQsFAAOCAQEAovEPwskXjD6w/cwTsMPJmgnNuOi1pxfmigrD
FCJ2oOGXSweeq95Tu8gjaoaJpUEGJjB3HD/fpUEko7UAWWMmwo3YGecSJF3kNYEb
HZVGpfcRibQVXoRmB1Dr+l07kNW1wAr6Vp8TmASECqU5wTtPRBfAqNStUkpcZXjd
Ar8p5mmOdO+ZHQLfTdSz61kDTW4sAAYcwAZzx15IAZk8EZa22Evyawmih59q9HBJ
Y4vekTFCR3Bg5VCOaTMk4A2rDsm/UE3tnkIVLSpIO6A4+M3G1lBC2KTl+XUaP3/m
Osu+tse1zYx6ClxjTC+NvctkkPOn9s7o3vc7PU45olC8+91TuQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org