Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/adUwNh0kSjpmQiE89kPH4qPcfZA.roa
File:                     adUwNh0kSjpmQiE89kPH4qPcfZA.roa (raw, json)
Hash identifier:          P3uqoRFIhK0mBWwXNJGxgsviDqFTCqrfXJ1eyce3He0=
Subject key identifier:   69:D5:30:36:1D:24:4A:3A:66:42:21:3C:F6:43:C7:E2:A3:DC:7D:90
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0188539C7D6F3A34C8BB714A1986A5611C97
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/adUwNh0kSjpmQiE89kPH4qPcfZA.roa
Signing time:             Thu 25 May 2023 15:52:24 +0000
ROA not before:           Thu 25 May 2023 15:52:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.70.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.208.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.153.211.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 26 May 2023 14:30:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:53:9c:7d:6f:3a:34:c8:bb:71:4a:19:86:a5:61:1c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 25 15:52:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=69d530361d244a3a6642213cf643c7e2a3dc7d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:84:d0:27:d0:c7:de:1d:e7:e6:0c:d0:50:e1:
                    35:8e:a3:88:d1:b4:9a:98:f7:e5:38:83:9c:d3:81:
                    38:e2:a9:ce:d3:a1:21:67:be:48:cc:c5:13:a5:ec:
                    dc:68:c2:32:45:c7:de:60:e0:60:e3:f2:2b:bd:d5:
                    95:37:0b:2c:f5:79:08:9a:18:ed:fd:ed:39:6e:61:
                    fc:b1:c0:4d:77:f8:27:6f:cb:fd:ac:28:30:ad:97:
                    ff:df:9c:6e:93:17:4e:ce:63:b7:11:b2:fa:18:6d:
                    3c:2c:23:15:99:0f:5a:64:4d:9b:32:6d:57:bc:13:
                    d2:6d:d6:ea:34:22:aa:b7:56:36:11:f6:a1:07:bf:
                    2e:eb:8c:c0:29:c3:93:eb:1c:a2:b0:06:15:b0:60:
                    96:6f:fb:05:ec:05:63:81:62:a2:2b:f6:3b:d1:98:
                    57:cb:f2:70:cb:a3:fa:e8:13:3e:a2:ac:2f:15:62:
                    5b:0b:56:6c:47:57:72:37:d6:f6:9b:68:5a:a9:b4:
                    a5:22:2a:f9:f0:1b:b3:3d:3d:5f:05:8d:a7:1e:47:
                    d8:20:03:30:3a:a1:50:fd:c7:c8:d8:5c:e9:75:38:
                    ea:12:69:23:42:0d:4e:ea:2d:d5:b5:b2:f2:79:44:
                    81:33:a5:55:c0:68:53:30:06:7f:28:d8:ea:51:8f:
                    dd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D5:30:36:1D:24:4A:3A:66:42:21:3C:F6:43:C7:E2:A3:DC:7D:90
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/adUwNh0kSjpmQiE89kPH4qPcfZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.253.0-82.152.255.255
                  82.153.4.0/24
                  82.153.64.0/24
                  82.153.70.0/24
                  82.153.73.0/24
                  82.153.208.0/22
                  82.153.222.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:bc:16:00:18:36:1c:27:0d:42:1c:b6:ae:a1:72:49:2e:ec:
         08:2f:88:8f:59:0c:1c:73:36:ca:82:19:79:fb:d3:8c:a5:ad:
         81:b6:0a:70:52:2f:70:c8:05:c6:c5:e9:64:bc:09:60:7b:b0:
         ba:e2:99:ed:a4:2a:35:60:b6:1f:c9:ad:c8:09:31:58:7c:99:
         db:6e:f4:7e:b6:2d:8b:dc:26:58:ae:61:52:67:be:26:a0:fe:
         2f:17:26:5e:5e:25:f6:66:e5:05:2a:9a:64:9e:37:c9:2c:fc:
         90:5e:ca:c0:d9:99:f5:d2:8f:2a:ac:48:a1:f9:8d:be:d2:45:
         fe:29:93:7b:23:af:23:df:80:c5:c5:29:7c:61:07:ba:6a:13:
         98:e5:a3:33:b3:bc:56:d8:36:a9:56:52:5a:87:be:44:72:9a:
         f7:41:35:9c:f3:5f:02:ac:9b:77:3a:f0:40:f9:a1:2d:ad:aa:
         4c:06:d3:ee:9a:ff:74:d5:b7:b5:37:8f:f2:99:71:12:9a:ff:
         f0:d9:39:2d:a7:d9:cb:7d:d1:b8:5c:1a:7d:4d:dc:35:b5:ae:
         d4:70:3d:37:73:71:63:4f:e2:6a:8e:2e:a8:e2:44:70:cf:da:
         76:85:74:05:9b:02:a9:67:a8:4c:fe:89:7a:66:e2:65:75:83:
         65:c1:11:9e
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYhTnH1vOjTIu3FKGYalYRyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTI1MTU1MjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWQ1MzAzNjFkMjQ0YTNhNjY0MjIxM2NmNjQzYzdlMmEzZGM3ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoTQJ9DH3h3n5gzQUOE1jqOI0bSa
mPflOIOc04E44qnO06EhZ75IzMUTpezcaMIyRcfeYOBg4/IrvdWVNwss9XkImhjt
/e05bmH8scBNd/gnb8v9rCgwrZf/35xukxdOzmO3EbL6GG08LCMVmQ9aZE2bMm1X
vBPSbdbqNCKqt1Y2EfahB78u64zAKcOT6xyisAYVsGCWb/sF7AVjgWKiK/Y70ZhX
y/Jwy6P66BM+oqwvFWJbC1ZsR1dyN9b2m2haqbSlIir58BuzPT1fBY2nHkfYIAMw
OqFQ/cfI2FzpdTjqEmkjQg1O6i3VtbLyeUSBM6VVwGhTMAZ/KNjqUY/dGQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFGnVMDYdJEo6ZkIhPPZDx+Kj3H2QMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYWRVd05oMGtTanBtUWlFODlrUEg0cVBjZlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAATBbAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj5AwQAUpj7MAsDBABSmP0DAwBSmAMEAFKZBAMEAFKZQAME
AFKZRgMEAFKZSQMEAlKZ0AMEAFKZ3gMEAFKZ9gMEAVKZ+DANBgkqhkiG9w0BAQsF
AAOCAQEAU7wWABg2HCcNQhy2rqFySS7sCC+Ij1kMHHM2yoIZefvTjKWtgbYKcFIv
cMgFxsXpZLwJYHuwuuKZ7aQqNWC2H8mtyAkxWHyZ2270frYti9wmWK5hUme+JqD+
LxcmXl4l9mblBSqaZJ43ySz8kF7KwNmZ9dKPKqxIofmNvtJF/imTeyOvI9+AxcUp
fGEHumoTmOWjM7O8Vtg2qVZSWoe+RHKa90E1nPNfAqybdzrwQPmhLa2qTAbT7pr/
dNW3tTeP8plxEpr/8Nk5LafZy33RuFwafU3cNbWu1HA9N3NxY0/iao4uqOJEcM/a
doV0BZsCqWeoTP6JembiZXWDZcERng==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org