Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_Scb-dYDXXcl5MbgzbxEtfe4qt0.roa
File:                     _Scb-dYDXXcl5MbgzbxEtfe4qt0.roa (raw, json)
Hash identifier:          zltfUd+NJc/BJFQ38k3GNafwAvsgy72VQC1xB/7ssFg=
Subject key identifier:   FD:27:1B:F9:D6:03:5D:77:25:E4:C6:E0:CD:BC:44:B5:F7:B8:AA:DD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01877EE9C28F122E880B845A2552E099E40D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_Scb-dYDXXcl5MbgzbxEtfe4qt0.roa
Signing time:             Fri 14 Apr 2023 08:37:41 +0000
ROA not before:           Fri 14 Apr 2023 08:37:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.68.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 17 Apr 2023 08:32:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7e:e9:c2:8f:12:2e:88:0b:84:5a:25:52:e0:99:e4:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 14 08:37:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fd271bf9d6035d7725e4c6e0cdbc44b5f7b8aadd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:66:44:39:8a:11:84:5f:0d:e4:b9:bb:9b:c9:
                    bd:8e:23:44:1a:31:e4:d7:ad:51:15:ee:93:20:19:
                    f2:17:8f:65:b7:2b:c3:b3:56:e2:ec:b1:d6:d0:09:
                    f1:20:0c:90:3e:10:ad:8a:4f:40:0a:00:44:e1:83:
                    81:51:41:66:5a:ee:b5:a9:d4:8c:45:84:54:32:e1:
                    b8:49:08:7f:fd:2a:a5:ae:14:87:8b:88:76:c5:f0:
                    d9:05:c8:6a:46:67:bc:92:a2:ab:ae:4a:e2:f7:de:
                    4a:e4:e1:00:f0:db:e1:bc:8a:b5:96:7a:75:c0:26:
                    ee:be:18:67:4f:02:99:12:12:e9:45:03:74:46:38:
                    71:eb:9d:42:1f:94:76:82:5f:0b:55:f7:b3:08:6b:
                    88:05:17:54:fe:54:ab:93:2c:b5:36:53:11:3b:92:
                    5c:b7:d2:c6:d9:b1:b2:8a:13:9c:f7:29:1f:df:79:
                    4f:18:d3:4a:15:a7:d7:8b:ef:a0:fc:5d:0f:dd:55:
                    c1:2f:99:2b:0d:8d:0f:09:0a:5c:37:68:d2:1b:51:
                    dd:6d:d1:d4:d5:7a:f1:4b:2f:b4:bf:7e:e2:4c:97:
                    5f:f4:d5:10:97:14:af:d5:c1:d4:d8:7a:e8:aa:cf:
                    b0:e4:1c:14:c0:79:97:38:2a:66:a4:6f:3c:ac:2e:
                    5b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:27:1B:F9:D6:03:5D:77:25:E4:C6:E0:CD:BC:44:B5:F7:B8:AA:DD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_Scb-dYDXXcl5MbgzbxEtfe4qt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.254.0/23
                  82.153.4.0/24
                  82.153.64.0/23
                  82.153.68.0/24
                  82.153.70.0/23
                  82.153.209.0-82.153.210.255
                  82.153.222.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:35:21:1d:00:59:02:e2:e9:a0:98:62:dd:a3:47:c0:c8:c7:
         04:2a:b4:ba:a4:df:d2:f3:7b:a0:0b:7b:f3:53:30:9d:40:de:
         97:a0:cd:8b:f4:80:de:3e:aa:d0:a8:bd:2f:41:5a:69:45:0a:
         82:68:f8:80:bf:66:24:51:cf:60:ed:60:87:84:79:d1:df:4c:
         eb:b0:5e:39:08:92:03:cd:61:c7:48:69:5b:c8:e5:f8:a8:70:
         b7:cc:82:48:40:8b:c2:37:38:35:e6:fb:57:c8:83:1f:5e:19:
         39:66:ed:d5:f2:fb:e2:55:f8:fa:ba:ac:55:06:c6:e4:5e:34:
         1c:21:64:be:e7:08:31:fb:65:60:d7:d4:f7:12:8a:54:2a:cb:
         0d:1c:86:b0:6f:b1:fe:98:b1:e8:3b:39:4e:dd:cc:e3:10:76:
         2c:36:c6:58:48:fc:b0:ea:3c:49:9f:40:06:b1:7f:c6:1b:9e:
         0d:c0:0c:b0:7a:46:d7:25:b9:28:29:71:98:89:88:25:5b:e7:
         79:31:7b:5e:2d:52:08:ad:31:70:47:91:0e:e2:ac:d7:c8:64:
         da:47:c3:f3:70:a8:0d:e9:04:f1:64:5b:f9:d6:35:65:26:68:
         3b:8f:da:d0:5b:39:ca:4c:b1:7a:f7:fd:a9:dc:1d:67:84:3c:
         bf:f4:af:2f
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYd+6cKPEi6IC4RaJVLgmeQNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDE0MDgzNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDI3MWJmOWQ2MDM1ZDc3MjVlNGM2ZTBjZGJjNDRiNWY3YjhhYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWZEOYoRhF8N5Lm7m8m9jiNEGjHk
161RFe6TIBnyF49ltyvDs1bi7LHW0AnxIAyQPhCtik9ACgBE4YOBUUFmWu61qdSM
RYRUMuG4SQh//SqlrhSHi4h2xfDZBchqRme8kqKrrkri995K5OEA8NvhvIq1lnp1
wCbuvhhnTwKZEhLpRQN0Rjhx651CH5R2gl8LVfezCGuIBRdU/lSrkyy1NlMRO5Jc
t9LG2bGyihOc9ykf33lPGNNKFafXi++g/F0P3VXBL5krDY0PCQpcN2jSG1HdbdHU
1XrxSy+0v37iTJdf9NUQlxSv1cHU2Hroqs+w5BwUwHmXOCpmpG88rC5b9QIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFP0nG/nWA113JeTG4M28RLX3uKrdMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX1NjYi1kWURYWGNsNU1iZ3pieEV0ZmU0cXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj5AwQAUpj7AwQBUpj+AwQAUpkEAwQBUplAAwQAUplEAwQB
UplGMAwDBABSmdEDBABSmdIDBABSmd4DBABSmfYDBAFSmfgwDQYJKoZIhvcNAQEL
BQADggEBAA01IR0AWQLi6aCYYt2jR8DIxwQqtLqk39Lze6ALe/NTMJ1A3pegzYv0
gN4+qtCovS9BWmlFCoJo+IC/ZiRRz2DtYIeEedHfTOuwXjkIkgPNYcdIaVvI5fio
cLfMgkhAi8I3ODXm+1fIgx9eGTlm7dXy++JV+Pq6rFUGxuReNBwhZL7nCDH7ZWDX
1PcSilQqyw0chrBvsf6Yseg7OU7dzOMQdiw2xlhI/LDqPEmfQAaxf8Ybng3ADLB6
RtcluSgpcZiJiCVb53kxe14tUgitMXBHkQ7irNfIZNpHw/NwqA3pBPFkW/nWNWUm
aDuP2tBbOcpMsXr3/ancHWeEPL/0ry8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org