Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a-jntT9vPgu2kHiHfRCnfIwBM98.roa
File:                     a-jntT9vPgu2kHiHfRCnfIwBM98.roa (raw, json)
Hash identifier:          i2wMlNhRm9e2OD0Ulywb8RuW64/MhiXPzDfHgW940cA=
Subject key identifier:   6B:E8:E7:B5:3F:6F:3E:0B:B6:90:78:87:7D:10:A7:7C:8C:01:33:DF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0187706918EE6A14356468FD812B7F27F0A4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a-jntT9vPgu2kHiHfRCnfIwBM98.roa
Signing time:             Tue 11 Apr 2023 13:02:28 +0000
ROA not before:           Tue 11 Apr 2023 13:02:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.68.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 14 Apr 2023 08:34:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:70:69:18:ee:6a:14:35:64:68:fd:81:2b:7f:27:f0:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 11 13:02:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6be8e7b53f6f3e0bb69078877d10a77c8c0133df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:84:3a:46:90:30:27:e4:8c:00:08:47:c4:47:
                    b2:04:d3:ab:f3:51:4a:9a:27:3d:ba:b4:ab:41:a4:
                    16:df:16:af:c9:aa:98:52:d8:00:b5:7c:61:bc:c3:
                    bb:90:07:e0:e8:9c:db:a2:8d:0a:7a:e1:d3:ee:89:
                    34:4f:77:6a:45:24:33:06:13:59:0c:d6:fe:bb:8a:
                    80:fd:68:d0:3e:e9:d0:55:e0:4f:f9:ee:54:00:55:
                    1e:b5:b1:63:4f:f2:86:b9:bc:db:55:1e:ee:7f:34:
                    20:ce:9a:b5:8e:78:e2:29:99:fb:97:09:34:f4:22:
                    0b:87:92:f9:09:47:64:07:d3:4a:24:66:0d:0b:24:
                    57:d8:b2:22:22:f5:e5:92:43:74:1d:11:e6:55:80:
                    e9:89:02:33:46:b6:ac:d5:e6:12:55:26:bd:ba:a2:
                    c5:13:ba:be:0b:f1:e5:e9:12:14:83:88:44:e8:23:
                    47:13:5e:4c:4a:d9:c4:ec:ee:a4:b0:af:1d:1c:6d:
                    5e:43:2a:80:e1:1a:a8:63:ba:47:14:19:27:06:02:
                    5c:5e:81:a9:c1:d1:a2:d2:3e:8f:b4:80:da:19:bd:
                    c2:e3:1d:8d:27:d9:8f:1e:26:2a:c7:82:27:28:dd:
                    67:86:6c:69:7c:3d:1c:5c:2f:4c:62:b2:1a:c4:2b:
                    22:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E8:E7:B5:3F:6F:3E:0B:B6:90:78:87:7D:10:A7:7C:8C:01:33:DF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a-jntT9vPgu2kHiHfRCnfIwBM98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.251.0/24
                  82.152.255.0/24
                  82.153.64.0/23
                  82.153.68.0/24
                  82.153.70.0/23
                  82.153.209.0-82.153.210.255
                  82.153.222.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:00:e0:16:1d:c3:10:63:63:ad:bd:de:0f:df:a9:a5:e5:c2:
         5f:75:ac:1f:35:c0:10:14:df:7d:6c:6b:fe:2b:77:03:b8:44:
         43:32:c9:77:b7:27:29:6f:65:24:19:13:a9:0e:e2:31:12:3e:
         98:6b:81:29:4d:44:4b:36:9f:b1:3c:1f:74:54:9f:a8:d9:bc:
         9a:5b:2e:7f:4b:83:8c:c9:a7:6f:d5:f7:c4:20:84:0a:e1:13:
         c4:44:bd:6e:1c:a3:b3:54:b0:5e:48:b1:d8:7a:d6:26:0a:94:
         de:cc:7a:e0:4a:a7:6f:0b:ae:31:50:fd:6e:1e:67:34:0b:4b:
         7f:9f:e0:25:b6:a1:34:18:3d:5c:2b:3e:af:c1:3e:19:5a:06:
         eb:d2:b8:a5:e3:ef:c3:a8:00:b7:cf:3a:6c:17:ef:b0:91:e2:
         88:f0:86:11:f1:3f:b8:3c:f1:97:f9:e5:f0:e9:26:6b:df:f9:
         1a:89:81:c0:80:16:89:cf:e7:df:95:58:40:f9:52:f1:b0:af:
         1d:67:8a:85:bc:7e:3c:12:21:30:5d:43:4b:75:75:53:fb:14:
         4f:62:75:46:45:d2:2d:e6:f0:ea:a1:01:d2:61:e9:02:5a:e6:
         cf:4e:e0:b8:9f:7f:9d:9f:c7:e9:72:2d:5e:e1:19:43:0b:3c:
         fd:43:73:ce
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYdwaRjuahQ1ZGj9gSt/J/CkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDExMTMwMjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmU4ZTdiNTNmNmYzZTBiYjY5MDc4ODc3ZDEwYTc3YzhjMDEzM2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYQ6RpAwJ+SMAAhHxEeyBNOr81FK
mic9urSrQaQW3xavyaqYUtgAtXxhvMO7kAfg6Jzboo0KeuHT7ok0T3dqRSQzBhNZ
DNb+u4qA/WjQPunQVeBP+e5UAFUetbFjT/KGubzbVR7ufzQgzpq1jnjiKZn7lwk0
9CILh5L5CUdkB9NKJGYNCyRX2LIiIvXlkkN0HRHmVYDpiQIzRras1eYSVSa9uqLF
E7q+C/Hl6RIUg4hE6CNHE15MStnE7O6ksK8dHG1eQyqA4RqoY7pHFBknBgJcXoGp
wdGi0j6PtIDaGb3C4x2NJ9mPHiYqx4InKN1nhmxpfD0cXC9MYrIaxCsigwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFGvo57U/bz4LtpB4h30Qp3yMATPfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYS1qbnRUOXZQZ3Uya0hpSGZSQ25mSXdCTTk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj7AwQAUpj/AwQBUplAAwQAUplEAwQBUplGMAwDBABSmdED
BABSmdIDBABSmd4DBAFSmfgwDQYJKoZIhvcNAQELBQADggEBAGEA4BYdwxBjY629
3g/fqaXlwl91rB81wBAU331sa/4rdwO4REMyyXe3JylvZSQZE6kO4jESPphrgSlN
REs2n7E8H3RUn6jZvJpbLn9Lg4zJp2/V98QghArhE8REvW4co7NUsF5Isdh61iYK
lN7MeuBKp28LrjFQ/W4eZzQLS3+f4CW2oTQYPVwrPq/BPhlaBuvSuKXj78OoALfP
OmwX77CR4ojwhhHxP7g88Zf55fDpJmvf+RqJgcCAFonP59+VWED5UvGwrx1nioW8
fjwSITBdQ0t1dVP7FE9idUZF0i3m8OqhAdJh6QJa5s9O4Liff52fx+lyLV7hGUML
PP1Dc84=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org