Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_WKiodMdIL7t6jTO02J_bdFnuEg.roa
File:                     _WKiodMdIL7t6jTO02J_bdFnuEg.roa (raw, json)
Hash identifier:          Cz1jsazXU3Q/m2lB/Ob8GC1b6SqYtTP9096apOwD28c=
Subject key identifier:   FD:62:A2:A1:D3:1D:20:BE:ED:EA:34:CE:D3:62:7F:6D:D1:67:B8:48
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018A6AB30F73D1BC127758047F4B47AD719A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_WKiodMdIL7t6jTO02J_bdFnuEg.roa
Signing time:             Wed 06 Sep 2023 13:33:54 +0000
ROA not before:           Wed 06 Sep 2023 13:33:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          82.153.67.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.137.0/24 maxlen: 24
                          89.213.138.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.135.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.156.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          213.152.62.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 13 Sep 2023 07:50:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:6a:b3:0f:73:d1:bc:12:77:58:04:7f:4b:47:ad:71:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  6 13:33:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fd62a2a1d31d20beedea34ced3627f6dd167b848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:70:88:12:b6:1e:ad:b6:bf:70:f2:dd:cc:a0:
                    a2:f1:4d:e4:b2:61:d8:16:73:ea:bf:f6:43:5b:44:
                    46:3e:03:55:12:05:e2:c7:b1:49:29:d5:3f:6c:53:
                    38:eb:d7:49:ff:11:17:74:2a:a7:32:75:ec:6f:6b:
                    ae:60:94:7d:5b:6e:93:aa:7a:11:40:df:d9:94:3e:
                    b6:2b:84:73:2e:d8:c3:c9:d4:98:f7:85:35:c2:0e:
                    6d:e7:45:0f:fd:ac:b8:7d:36:eb:6c:2f:7e:ee:fe:
                    e1:f3:f1:4a:61:f8:cd:99:fb:96:e9:b7:a5:81:2b:
                    20:35:ec:a0:c3:69:f2:d5:bc:e0:2c:0f:21:65:ca:
                    6c:c2:d1:88:00:b6:0d:12:80:17:b7:26:aa:01:9a:
                    2b:9b:a3:65:3d:d5:e8:08:5f:d5:8f:14:73:3d:3e:
                    8e:72:34:d5:5a:bb:fd:79:dc:ab:4d:81:f2:47:f1:
                    89:95:d1:76:81:a1:56:21:4d:e0:63:ad:63:89:6d:
                    2a:9f:c1:41:63:33:d8:e2:ff:29:04:38:f4:31:52:
                    78:eb:e1:76:21:12:4d:c2:f6:74:0c:dc:58:19:bd:
                    14:1f:a8:72:a8:b0:07:3a:54:d5:37:b7:d4:38:c9:
                    eb:b0:7c:25:94:72:cb:53:ce:52:d6:31:f2:71:a8:
                    34:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:62:A2:A1:D3:1D:20:BE:ED:EA:34:CE:D3:62:7F:6D:D1:67:B8:48
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_WKiodMdIL7t6jTO02J_bdFnuEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.67.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0-82.153.250.255
                  89.213.133.0-89.213.139.255
                  89.213.141.0/24
                  89.213.145.0-89.213.146.255
                  89.213.156.0-89.213.158.255
                  89.213.160.0/24
                  89.213.162.0-89.213.164.255
                  89.213.168.0/24
                  89.213.170.0/24
                  89.213.172.0-89.213.174.255
                  89.213.184.0/23
                  89.213.188.0/23
                  109.176.208.0/23
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24
                  213.152.61.0-213.152.62.255

    Signature Algorithm: sha256WithRSAEncryption
         07:bd:3c:b3:c9:54:7d:3b:21:21:e9:d3:59:f6:67:e6:d2:88:
         4c:0d:03:ae:28:ab:56:88:ee:da:54:bc:d8:6a:63:7a:c7:c4:
         02:5c:62:97:b0:cc:9c:8d:9c:b0:21:5f:84:4c:17:a5:b3:ea:
         a0:07:c5:36:dc:e6:80:cf:67:13:65:01:92:9b:83:29:e8:65:
         b2:d7:f0:46:e6:dc:16:21:13:1f:57:08:34:49:fd:8e:9b:d1:
         37:ae:1f:a7:3b:3f:be:60:72:13:6c:c0:ee:2c:5e:6f:40:b9:
         7a:c3:16:28:db:91:de:00:d8:14:22:f5:73:af:c7:4e:2d:ab:
         a3:8d:c6:86:e3:8f:4a:f1:df:58:c7:3d:6a:63:95:d2:52:16:
         8a:7a:3d:bb:17:06:f4:85:44:15:10:69:6b:e9:98:6e:3c:b1:
         7a:56:cd:b5:ec:61:98:2d:b4:59:45:6b:67:9d:a5:e4:b3:c9:
         64:0c:e5:a6:9d:4c:72:cc:84:e7:6d:33:46:c5:a7:a7:c8:8c:
         6a:ea:67:de:35:54:ad:86:81:58:d7:fe:c4:5b:cb:bb:14:7f:
         8c:de:b2:97:84:ed:9c:ce:c8:03:7e:bd:5a:c9:d9:0f:85:e1:
         a6:da:0d:9b:1f:1d:fc:bc:74:86:ca:7d:d6:f7:1f:4a:e2:50:
         02:be:0e:32
-----BEGIN CERTIFICATE-----
MIIGPTCCBSWgAwIBAgISAYpqsw9z0bwSd1gEf0tHrXGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTA2MTMzMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDYyYTJhMWQzMWQyMGJlZWRlYTM0Y2VkMzYyN2Y2ZGQxNjdiODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9XCIErYerba/cPLdzKCi8U3ksmHY
FnPqv/ZDW0RGPgNVEgXix7FJKdU/bFM469dJ/xEXdCqnMnXsb2uuYJR9W26TqnoR
QN/ZlD62K4RzLtjDydSY94U1wg5t50UP/ay4fTbrbC9+7v7h8/FKYfjNmfuW6bel
gSsgNeygw2ny1bzgLA8hZcpswtGIALYNEoAXtyaqAZorm6NlPdXoCF/VjxRzPT6O
cjTVWrv9edyrTYHyR/GJldF2gaFWIU3gY61jiW0qn8FBYzPY4v8pBDj0MVJ46+F2
IRJNwvZ0DNxYGb0UH6hyqLAHOlTVN7fUOMnrsHwllHLLU85S1jHycag0QQIDAQAB
o4IDSTCCA0UwHQYDVR0OBBYEFP1ioqHTHSC+7eo0ztNif23RZ7hIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX1dLaW9kTWRJTDd0NmpUTzAySl9iZEZudUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBXQYIKwYBBQUHAQcBAf8EggFMMIIBSDCCAUQEAgABMIIB
PAMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZQwMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQA
UpnfAwQAUpnhAwQAUpnjAwQAUpnwMAwDBABSmfkDBABSmfowDAMEAFnVhQMEAlnV
iAMEAFnVjTAMAwQAWdWRAwQAWdWSMAwDBAJZ1ZwDBABZ1Z4DBABZ1aAwDAMEAVnV
ogMEAFnVpAMEAFnVqAMEAFnVqjAMAwQCWdWsAwQAWdWuAwQBWdW4AwQBWdW8AwQB
bbDQAwQAbbDTAwQDbbDYMAwDBABtsPUDBABtsPYwDAMEA22w+AMEAG2w+jAMAwQA
uTF9AwQHuTEAAwQA1ZgqMAwDBADVmD0DBADVmD4wDQYJKoZIhvcNAQELBQADggEB
AAe9PLPJVH07ISHp01n2Z+bSiEwNA64oq1aI7tpUvNhqY3rHxAJcYpewzJyNnLAh
X4RMF6Wz6qAHxTbc5oDPZxNlAZKbgynoZbLX8Ebm3BYhEx9XCDRJ/Y6b0TeuH6c7
P75gchNswO4sXm9AuXrDFijbkd4A2BQi9XOvx04tq6ONxobjj0rx31jHPWpjldJS
Fop6PbsXBvSFRBUQaWvpmG48sXpWzbXsYZgttFlFa2edpeSzyWQM5aadTHLMhOdt
M0bFp6fIjGrqZ941VK2GgVjX/sRby7sUf4zespeE7ZzOyAN+vVrJ2Q+F4abaDZsf
Hfy8dIbKfdb3H0riUAK+DjI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org