Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_ZOJyXU080_R8lsef_PfiqeKv8E.roa
File:                     _ZOJyXU080_R8lsef_PfiqeKv8E.roa (raw, json)
Hash identifier:          Q/cH29m1gv5bR/45Z7JnLmQX4e3NWL8xyUeP0nzRzMg=
Subject key identifier:   FD:93:89:C9:75:34:F3:4F:D1:F2:5B:1E:7F:F3:DF:8A:A7:8A:BF:C1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0187C6AF79935BD4A798B94D26362B0204A3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_ZOJyXU080_R8lsef_PfiqeKv8E.roa
Signing time:             Fri 28 Apr 2023 07:06:41 +0000
ROA not before:           Fri 28 Apr 2023 07:06:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.68.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 30 Apr 2023 20:21:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c6:af:79:93:5b:d4:a7:98:b9:4d:26:36:2b:02:04:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 28 07:06:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fd9389c97534f34fd1f25b1e7ff3df8aa78abfc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:91:7b:60:1d:87:90:91:4d:78:fd:9a:fb:32:
                    59:fd:27:e7:46:61:b5:f5:1d:2e:25:c0:5d:16:b3:
                    ef:6f:3a:ef:e5:fd:ae:ff:3f:12:b5:ea:24:35:ad:
                    dc:02:08:e4:d0:a4:f6:8c:8d:9e:e0:ca:3e:76:b7:
                    e8:f8:b8:c6:66:31:e4:c7:9f:dc:c5:81:e6:01:f1:
                    3a:03:5d:c3:41:62:b2:71:17:fa:86:0d:cf:be:d3:
                    86:18:23:40:6c:6b:3c:cd:4b:11:14:e3:b9:ea:4a:
                    9d:8d:77:93:fa:58:13:8e:91:f0:d5:35:7c:6f:d9:
                    ce:26:87:b1:57:70:ce:48:3a:4f:cd:f9:e0:7f:81:
                    18:78:01:70:9e:14:6f:ea:8c:65:f5:56:06:19:08:
                    c5:28:cf:ee:f3:db:e0:73:bd:37:89:f8:21:63:78:
                    65:66:36:b8:50:94:2c:da:53:b3:ac:df:ed:5a:62:
                    5c:cb:08:58:b6:b2:8c:a3:bd:41:cd:d4:a7:b7:f6:
                    32:79:6d:60:a2:cc:72:07:df:54:13:93:f6:a0:03:
                    b4:17:6a:35:ae:22:a6:02:cd:40:5d:f7:69:25:ec:
                    2a:9d:1e:ef:1d:c2:72:d7:30:c6:d0:92:0f:e3:86:
                    2c:8a:ce:a6:17:11:da:bb:32:c5:27:5c:44:84:cf:
                    91:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:93:89:C9:75:34:F3:4F:D1:F2:5B:1E:7F:F3:DF:8A:A7:8A:BF:C1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_ZOJyXU080_R8lsef_PfiqeKv8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.254.0/23
                  82.153.4.0/24
                  82.153.65.0/24
                  82.153.68.0/24
                  82.153.70.0/23
                  82.153.209.0-82.153.210.255
                  82.153.222.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:4a:1f:a4:cf:4a:a9:06:36:98:46:b5:c8:64:23:b0:17:55:
         40:8e:14:52:78:74:ad:3d:ef:b5:b2:e8:f6:92:f2:7e:ad:c2:
         af:6a:9f:2b:85:d8:93:1f:19:20:d7:5d:b6:0d:a5:4a:d6:ce:
         7c:47:7d:8e:24:05:92:0b:03:77:0d:34:ad:c4:d3:53:45:22:
         46:94:4c:3b:d6:1e:79:bf:5a:58:b4:98:c7:fd:35:24:a3:c7:
         5d:92:c3:61:d1:01:94:73:9b:49:42:6d:44:95:d8:1f:22:8f:
         56:f6:7f:99:bc:5b:75:b7:44:30:1b:c1:45:c7:82:32:10:41:
         ce:bd:19:7e:97:60:60:5c:6f:e0:59:bb:b1:bf:b6:32:58:96:
         d7:ad:4d:69:90:0f:8b:43:f3:cc:34:82:38:1c:39:bb:97:ba:
         c2:4b:04:af:a5:f6:b8:fa:11:31:4b:c2:94:dc:88:2e:2d:aa:
         a6:45:c2:89:aa:11:38:85:f0:ef:4f:97:c0:54:f9:16:63:da:
         60:7d:f3:1f:91:a6:6c:1b:f3:b5:26:0f:46:77:b2:ab:63:a8:
         02:34:c0:90:b2:aa:fe:d4:cc:3a:58:05:de:73:ba:9a:3f:08:
         01:c3:ad:49:54:47:a7:af:58:1a:fa:b2:17:5a:73:dd:c4:80:
         81:91:07:15
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYfGr3mTW9SnmLlNJjYrAgSjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDI4MDcwNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDkzODljOTc1MzRmMzRmZDFmMjViMWU3ZmYzZGY4YWE3OGFiZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJF7YB2HkJFNeP2a+zJZ/SfnRmG1
9R0uJcBdFrPvbzrv5f2u/z8SteokNa3cAgjk0KT2jI2e4Mo+drfo+LjGZjHkx5/c
xYHmAfE6A13DQWKycRf6hg3PvtOGGCNAbGs8zUsRFOO56kqdjXeT+lgTjpHw1TV8
b9nOJoexV3DOSDpPzfngf4EYeAFwnhRv6oxl9VYGGQjFKM/u89vgc703ifghY3hl
Zja4UJQs2lOzrN/tWmJcywhYtrKMo71BzdSnt/YyeW1gosxyB99UE5P2oAO0F2o1
riKmAs1AXfdpJewqnR7vHcJy1zDG0JIP44Ysis6mFxHauzLFJ1xEhM+R5wIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFP2Ticl1NPNP0fJbHn/z34qnir/BMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX1pPSnlYVTA4MF9SOGxzZWZfUGZpcWVLdjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQAUagjAwQA
Uah3AwQAUah7AwQBUpiuAwQAUpj5AwQAUpj7AwQBUpj+AwQAUpkEAwQAUplBAwQA
UplEAwQBUplGMAwDBABSmdEDBABSmdIDBABSmd4DBABSmfYDBAFSmfgwDQYJKoZI
hvcNAQELBQADggEBAH9KH6TPSqkGNphGtchkI7AXVUCOFFJ4dK0977Wy6PaS8n6t
wq9qnyuF2JMfGSDXXbYNpUrWznxHfY4kBZILA3cNNK3E01NFIkaUTDvWHnm/Wli0
mMf9NSSjx12Sw2HRAZRzm0lCbUSV2B8ij1b2f5m8W3W3RDAbwUXHgjIQQc69GX6X
YGBcb+BZu7G/tjJYltetTWmQD4tD88w0gjgcObuXusJLBK+l9rj6ETFLwpTciC4t
qqZFwomqETiF8O9Pl8BU+RZj2mB98x+Rpmwb87UmD0Z3sqtjqAI0wJCyqv7UzDpY
Bd5zupo/CAHDrUlUR6evWBr6shdac93EgIGRBxU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org