Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bczXHYqAz1yPkh8Z9u3GPOW8AzY.roa
File:                     bczXHYqAz1yPkh8Z9u3GPOW8AzY.roa (raw, json)
Hash identifier:          KLNyY2VP2dXOuAgzTLb+KwQdr3tVDpvPkCqO8aHQhJk=
Subject key identifier:   6D:CC:D7:1D:8A:80:CF:5C:8F:92:1F:19:F6:ED:C6:3C:E5:BC:03:36
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC349497031E628DCD5EE640F7A1D32C2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bczXHYqAz1yPkh8Z9u3GPOW8AzY.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.140.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.67.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.135.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.137.0/24 maxlen: 24
                          89.213.138.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.250.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          213.152.62.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Jan 2024 16:31:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:49:70:31:e6:28:dc:d5:ee:64:0f:7a:1d:32:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dccd71d8a80cf5c8f921f19f6edc63ce5bc0336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:45:38:3c:19:d7:2a:cc:aa:a0:0f:84:f4:d6:
                    8f:dc:40:7b:fb:5d:2b:10:fc:52:f9:a8:c7:9b:c2:
                    0d:6a:11:e4:fe:a5:00:df:f3:0d:9b:92:33:ec:05:
                    0b:29:2e:a9:f0:72:79:66:99:ec:0f:ba:09:f5:50:
                    98:30:70:17:4b:c4:eb:3f:ac:dc:e2:4d:bb:6c:1b:
                    b4:b5:ca:66:4b:b8:36:e0:ca:34:7b:c0:f3:4b:13:
                    49:70:44:c0:8b:d4:95:b5:9f:de:3c:34:2d:8e:85:
                    58:27:29:2d:00:b7:62:69:cc:88:22:e0:e6:f8:ff:
                    63:ed:82:09:d2:f8:4a:6f:67:62:52:67:52:2f:47:
                    52:ca:3e:68:96:22:7c:2e:da:a6:e8:61:49:80:a3:
                    63:f3:94:65:b7:49:29:b7:92:9d:3f:e2:96:47:c6:
                    5b:10:5c:26:4f:22:69:11:c9:02:dd:20:35:c3:83:
                    e7:a2:a9:0a:71:13:52:7b:f6:27:7b:48:45:f4:b4:
                    69:5b:81:8b:24:46:50:90:c5:d0:0d:76:4e:cd:ab:
                    33:fe:ba:2f:86:fa:7c:61:2b:75:fa:03:aa:87:3d:
                    ec:d8:04:3b:20:3c:37:7c:45:2d:b1:c8:4d:9b:81:
                    54:d6:bb:3b:e9:24:40:13:aa:5e:f0:79:e3:ac:cd:
                    31:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:CC:D7:1D:8A:80:CF:5C:8F:92:1F:19:F6:ED:C6:3C:E5:BC:03:36
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bczXHYqAz1yPkh8Z9u3GPOW8AzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  82.152.111.0/24
                  82.152.250.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.67.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.137.0/24
                  82.153.139.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.240.0/24
                  82.153.248.0/24
                  82.153.250.0/24
                  89.213.133.0-89.213.138.255
                  89.213.141.0/24
                  89.213.153.0/24
                  89.213.160.0/24
                  89.213.163.0-89.213.164.255
                  89.213.168.0/24
                  89.213.170.0/24
                  89.213.184.0/23
                  89.213.188.0/23
                  109.176.209.0/24
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.249.0-109.176.250.255
                  185.49.125.0/24
                  213.152.61.0-213.152.62.255

    Signature Algorithm: sha256WithRSAEncryption
         82:8a:29:31:15:c7:68:af:ba:e5:e4:c9:e6:dc:26:72:e9:61:
         6f:60:f1:21:4c:e7:5e:ff:31:c9:6e:99:14:61:3c:18:65:a7:
         5c:9b:47:77:2c:7c:df:b1:d5:62:8f:9d:18:8d:28:9c:c8:47:
         2d:8a:ff:50:be:dc:01:17:45:56:1a:6f:ba:46:75:57:b9:5d:
         3f:85:a0:40:c3:0c:50:59:03:60:e8:b7:24:00:02:35:dd:56:
         05:9a:00:cb:ba:ea:1e:ef:d4:3f:50:3f:90:52:f6:de:2f:02:
         02:2b:30:11:71:e3:8e:c9:01:b5:a5:a0:cd:60:a9:52:8e:8c:
         f0:3a:aa:de:94:d3:42:22:c1:1e:10:ab:0a:db:d0:31:8f:b7:
         cb:50:a2:df:33:82:7e:d8:02:94:fc:47:c4:a3:5f:f1:4e:bc:
         28:24:dc:72:7b:f6:83:9e:68:fc:48:09:1d:fd:f6:6e:65:7b:
         9c:e5:3b:ea:0c:a2:f5:8b:b3:8c:a0:17:25:02:6e:62:66:21:
         35:92:fd:d9:38:e8:84:97:da:29:38:d6:3a:28:b0:f6:0f:da:
         c0:22:cf:14:4a:4b:ea:e7:af:6d:c7:99:b9:a5:84:1b:49:a0:
         20:4c:63:d3:d2:a1:d9:93:20:cc:f4:55:21:1d:a0:c2:4d:d1:
         61:07:41:bb
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAYzDSUlwMeYo3NXuZA96HTLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGNjZDcxZDhhODBjZjVjOGY5MjFmMTlmNmVkYzYzY2U1YmMwMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkU4PBnXKsyqoA+E9NaP3EB7+10r
EPxS+ajHm8INahHk/qUA3/MNm5Iz7AULKS6p8HJ5ZpnsD7oJ9VCYMHAXS8TrP6zc
4k27bBu0tcpmS7g24Mo0e8DzSxNJcETAi9SVtZ/ePDQtjoVYJyktALdiacyIIuDm
+P9j7YIJ0vhKb2diUmdSL0dSyj5oliJ8Ltqm6GFJgKNj85Rlt0kpt5KdP+KWR8Zb
EFwmTyJpEckC3SA1w4PnoqkKcRNSe/Yne0hF9LRpW4GLJEZQkMXQDXZOzasz/rov
hvp8YSt1+gOqhz3s2AQ7IDw3fEUtschNm4FU1rs76SRAE6pe8HnjrM0x7wIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFG3M1x2KgM9cj5IfGfbtxjzlvAM2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYmN6WEhZcUF6MXlQa2g4Wjl1M0dQT1c4QXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB6QQCAAEwgeIDBABR
BZwDBABRqCkDBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABSmUkDBABS
mU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AMEAFKZ+AME
AFKZ+jAMAwQAWdWFAwQAWdWKAwQAWdWNAwQAWdWZAwQAWdWgMAwDBABZ1aMDBABZ
1aQDBABZ1agDBABZ1aoDBAFZ1bgDBAFZ1bwDBABtsNEDBABtsNMDBANtsNgwDAME
AG2w+QMEAG2w+gMEALkxfTAMAwQA1Zg9AwQA1Zg+MA0GCSqGSIb3DQEBCwUAA4IB
AQCCiikxFcdor7rl5Mnm3CZy6WFvYPEhTOde/zHJbpkUYTwYZadcm0d3LHzfsdVi
j50YjSicyEctiv9QvtwBF0VWGm+6RnVXuV0/haBAwwxQWQNg6LckAAI13VYFmgDL
uuoe79Q/UD+QUvbeLwICKzARceOOyQG1paDNYKlSjozwOqrelNNCIsEeEKsK29Ax
j7fLUKLfM4J+2AKU/EfEo1/xTrwoJNxye/aDnmj8SAkd/fZuZXuc5TvqDKL1i7OM
oBclAm5iZiE1kv3ZOOiEl9opONY6KLD2D9rAIs8USkvq569tx5m5pYQbSaAgTGPT
0qHZkyDM9FUhHaDCTdFhB0G7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org