Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aCulOdIEAAPOPSiyohHvhGncM70.roa
File:                     aCulOdIEAAPOPSiyohHvhGncM70.roa (raw, json)
Hash identifier:          0noRhdO5HubPnZ643oifo4wbuV36o44tWEEFoUdQ2k8=
Subject key identifier:   68:2B:A5:39:D2:04:00:03:CE:3D:28:B2:A2:11:EF:84:69:DC:33:BD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E8F3651D9442DC862D2F0C6DC61F17CA7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aCulOdIEAAPOPSiyohHvhGncM70.roa
Signing time:             Sat 30 Mar 2024 11:54:45 +0000
ROA not before:           Sat 30 Mar 2024 11:54:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        80.240.84.0/24 maxlen: 24
                          81.5.189.0/24 maxlen: 24
                          82.152.49.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 31 Mar 2024 20:04:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8f:36:51:d9:44:2d:c8:62:d2:f0:c6:dc:61:f1:7c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 30 11:54:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=682ba539d2040003ce3d28b2a211ef8469dc33bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:20:c3:77:e7:a0:49:17:f9:61:5a:bf:e0:e5:
                    61:7a:c9:5d:40:36:f5:38:e4:80:8b:5e:1c:d2:61:
                    af:2a:88:aa:b0:3b:bc:0a:ff:6e:64:75:b4:e6:f8:
                    50:77:df:b0:71:db:5a:8a:d4:79:02:06:fc:20:38:
                    7d:b1:03:1a:49:5f:a5:90:b6:29:02:59:2f:00:c9:
                    83:d0:e2:c2:98:a9:cd:c9:4a:40:9b:3d:cf:e6:53:
                    06:2c:bf:62:54:de:8e:8c:5e:24:c7:d8:a7:9d:fe:
                    b6:c8:d7:d3:85:56:02:72:29:89:af:e4:e3:87:11:
                    1a:bd:d6:72:bd:70:95:2c:ff:93:9f:f9:8b:aa:04:
                    be:19:fb:59:34:4e:5e:80:68:f6:11:26:74:e2:c5:
                    14:26:f9:8a:01:4d:fe:14:9f:48:d7:73:17:26:55:
                    f6:5a:8c:20:fa:2c:21:b0:4d:b1:c4:56:92:cf:3d:
                    3d:9f:b5:3a:1f:80:5f:41:3d:76:92:88:3a:b5:f3:
                    5c:21:38:7a:54:73:9a:1c:d9:28:7e:9a:5b:09:5f:
                    55:52:02:60:92:17:2d:6b:22:a8:49:b2:dd:9a:04:
                    55:99:5a:6c:e7:d1:4e:37:d1:59:a7:d5:97:88:ea:
                    41:0b:41:16:c9:26:d6:b3:df:4a:51:59:be:bc:76:
                    68:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:2B:A5:39:D2:04:00:03:CE:3D:28:B2:A2:11:EF:84:69:DC:33:BD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aCulOdIEAAPOPSiyohHvhGncM70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.84.0/24
                  81.5.189.0/24
                  82.152.49.0/24
                  82.153.65.0/24
                  89.213.152.0/24
                  89.213.176.0/24
                  89.213.183.0/24
                  213.130.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:2a:cb:76:0d:85:80:9d:b6:da:56:eb:3b:5d:a7:d2:05:df:
         05:44:3c:c6:86:cb:88:ea:4f:e5:f4:7e:f8:4a:ae:15:36:66:
         6b:52:aa:da:27:c0:8e:05:ec:46:b3:b1:68:28:e4:a6:2b:b4:
         d6:6a:36:1b:1a:7b:de:9f:ae:99:cd:d5:d9:95:a4:2e:d4:7c:
         c7:9d:b4:e8:61:65:5e:f9:44:e0:2e:5b:26:24:88:fa:ce:c6:
         9d:5c:6b:1a:36:1e:f5:b8:ea:95:ff:81:a6:e7:26:26:28:ad:
         f3:2c:af:8c:7c:f4:8c:10:a0:e0:1a:74:ad:b5:e6:9d:25:c8:
         81:ca:96:f7:9f:75:de:db:48:fe:e1:17:26:6f:48:d3:e4:ed:
         f1:5f:47:fb:a2:c3:55:90:8b:1a:f2:12:89:e8:a5:7b:42:36:
         52:11:fa:0d:13:a1:96:51:1b:06:f7:6a:c5:b7:c7:2b:b2:58:
         af:56:30:cd:b6:67:ac:2f:9b:a9:62:52:bd:2f:38:39:c1:8a:
         68:9e:3b:a5:82:d3:d4:e2:86:f5:ff:3f:97:d7:13:ae:92:27:
         a4:1b:8e:bf:8f:73:13:69:10:74:62:20:63:6c:61:57:c7:62:
         d7:23:f4:f5:46:74:99:8f:9f:96:17:eb:f4:72:1a:1d:58:4e:
         06:fa:96:79
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY6PNlHZRC3IYtLwxtxh8XynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzMwMTE1NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODJiYTUzOWQyMDQwMDAzY2UzZDI4YjJhMjExZWY4NDY5ZGMzM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyDDd+egSRf5YVq/4OVhesldQDb1
OOSAi14c0mGvKoiqsDu8Cv9uZHW05vhQd9+wcdtaitR5Agb8IDh9sQMaSV+lkLYp
AlkvAMmD0OLCmKnNyUpAmz3P5lMGLL9iVN6OjF4kx9innf62yNfThVYCcimJr+Tj
hxEavdZyvXCVLP+Tn/mLqgS+GftZNE5egGj2ESZ04sUUJvmKAU3+FJ9I13MXJlX2
Wowg+iwhsE2xxFaSzz09n7U6H4BfQT12kog6tfNcITh6VHOaHNkofppbCV9VUgJg
khctayKoSbLdmgRVmVps59FON9FZp9WXiOpBC0EWySbWs99KUVm+vHZoqwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGgrpTnSBAADzj0osqIR74Rp3DO9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYUN1bE9kSUVBQVBPUFNpeW9oSHZoR25jTTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUPBUAwQA
UQW9AwQAUpgxAwQAUplBAwQAWdWYAwQAWdWwAwQAWdW3AwQA1YKVMA0GCSqGSIb3
DQEBCwUAA4IBAQBPKst2DYWAnbbaVus7XafSBd8FRDzGhsuI6k/l9H74Sq4VNmZr
UqraJ8COBexGs7FoKOSmK7TWajYbGnven66ZzdXZlaQu1HzHnbToYWVe+UTgLlsm
JIj6zsadXGsaNh71uOqV/4Gm5yYmKK3zLK+MfPSMEKDgGnStteadJciBypb3n3Xe
20j+4Rcmb0jT5O3xX0f7osNVkIsa8hKJ6KV7QjZSEfoNE6GWURsG92rFt8crsliv
VjDNtmesL5upYlK9Lzg5wYponjulgtPU4ob1/z+X1xOukiekG46/j3MTaRB0YiBj
bGFXx2LXI/T1RnSZj5+WF+v0chodWE4G+pZ5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org