Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cV1m_YWx11s7FhkfqiOeqBgg_is.roa
File:                     cV1m_YWx11s7FhkfqiOeqBgg_is.roa (raw, json)
Hash identifier:          08t2PGwRrZ6db2KnJsh+bmxUxqGrnalrfuGMVb78TT8=
Subject key identifier:   71:5D:66:FD:85:B1:D7:5B:3B:16:19:1F:AA:23:9E:A8:18:20:FE:2B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01879DB29F4CCFA14048865849D643F74441
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cV1m_YWx11s7FhkfqiOeqBgg_is.roa
Signing time:             Thu 20 Apr 2023 08:05:41 +0000
ROA not before:           Thu 20 Apr 2023 08:05:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.68.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 20 Apr 2023 14:51:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9d:b2:9f:4c:cf:a1:40:48:86:58:49:d6:43:f7:44:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 20 08:05:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=715d66fd85b1d75b3b16191faa239ea81820fe2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:51:a0:7c:de:bf:46:4f:5e:af:b4:a8:23:0f:
                    81:88:df:4f:fc:74:56:08:9b:b0:24:1c:d9:f2:47:
                    ef:c6:25:6f:10:82:00:e7:42:e5:2b:f7:18:06:73:
                    d5:10:54:c0:55:a0:32:82:ab:c2:95:61:5a:02:d0:
                    64:67:db:0a:98:06:a3:21:46:45:1e:36:89:9f:8c:
                    0c:74:dc:15:d5:26:1a:83:29:3c:e0:fd:6a:0d:60:
                    69:d6:75:84:5a:30:9f:78:02:1c:dd:04:f1:dc:ad:
                    9f:df:8f:39:ff:19:d7:41:93:b9:eb:da:b2:87:4c:
                    f5:a8:53:f4:f5:4b:ca:a4:3c:bc:d0:e2:cf:a5:2f:
                    ba:b3:99:a2:3e:95:ee:ce:38:86:44:25:a7:9f:89:
                    a0:b4:59:d3:30:04:14:21:3e:1a:c3:f5:bc:19:09:
                    13:5b:e8:7f:73:c3:54:98:e2:cc:2c:b0:7e:ea:04:
                    c1:86:6d:59:3e:a6:bb:b4:50:4b:6c:31:7a:6e:53:
                    0f:53:bb:cd:45:20:76:fb:95:e5:da:c3:ee:15:68:
                    d9:1c:75:5d:bc:e2:ec:84:f0:15:2d:31:d3:2f:4d:
                    a3:a2:f3:2f:31:ab:1b:d9:92:4a:04:12:a4:8c:65:
                    62:12:49:e0:ad:81:94:88:90:94:39:18:03:7c:ef:
                    33:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:5D:66:FD:85:B1:D7:5B:3B:16:19:1F:AA:23:9E:A8:18:20:FE:2B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cV1m_YWx11s7FhkfqiOeqBgg_is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.254.0/23
                  82.153.4.0/24
                  82.153.64.0/23
                  82.153.68.0/24
                  82.153.70.0/23
                  82.153.209.0-82.153.210.255
                  82.153.222.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:6d:39:11:a9:ae:50:7d:34:6d:8b:be:ac:a1:09:9f:69:ac:
         91:d1:ea:ea:4f:b3:ba:f4:cc:0c:f0:33:2a:58:38:4e:71:7b:
         69:35:65:58:8e:bb:71:ed:a6:6a:8c:79:94:b7:69:6f:17:66:
         9c:59:c7:f0:3a:58:e7:b5:79:69:29:ce:d1:1b:f9:67:8c:b5:
         b3:d3:7a:80:3c:90:7b:76:6f:6a:21:ae:64:a4:78:b4:d8:d9:
         49:82:3d:64:6d:cd:24:46:48:9c:3c:05:cd:86:ca:5f:6a:9b:
         89:24:40:c0:b6:34:cd:47:87:53:f9:63:3d:2e:99:fa:e8:c1:
         7f:07:4e:07:81:92:76:30:73:95:4e:67:4d:f5:9d:56:32:87:
         09:23:e4:27:28:92:b1:c5:9b:76:57:9f:6b:05:50:28:8a:19:
         f7:5a:c0:32:e8:f5:c3:58:f2:fa:5a:1d:69:07:6d:5b:46:97:
         fc:1c:9a:8d:3e:32:b2:fd:3e:c8:91:c6:1f:09:98:6c:dd:f8:
         39:9b:3c:3f:f8:6f:75:e9:a2:d7:fe:28:cd:68:0f:fe:38:59:
         89:d3:29:31:d8:b9:7c:97:c8:5a:33:a8:13:c5:70:88:8d:f9:
         b5:be:dc:57:4b:72:1d:79:43:60:df:0b:a7:fc:40:6d:61:4b:
         5b:88:da:fb
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYedsp9Mz6FASIZYSdZD90RBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDIwMDgwNTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTVkNjZmZDg1YjFkNzViM2IxNjE5MWZhYTIzOWVhODE4MjBmZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulGgfN6/Rk9er7SoIw+BiN9P/HRW
CJuwJBzZ8kfvxiVvEIIA50LlK/cYBnPVEFTAVaAygqvClWFaAtBkZ9sKmAajIUZF
HjaJn4wMdNwV1SYagyk84P1qDWBp1nWEWjCfeAIc3QTx3K2f3485/xnXQZO569qy
h0z1qFP09UvKpDy80OLPpS+6s5miPpXuzjiGRCWnn4mgtFnTMAQUIT4aw/W8GQkT
W+h/c8NUmOLMLLB+6gTBhm1ZPqa7tFBLbDF6blMPU7vNRSB2+5Xl2sPuFWjZHHVd
vOLshPAVLTHTL02jovMvMasb2ZJKBBKkjGViEkngrYGUiJCUORgDfO8zLQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFHFdZv2FsddbOxYZH6ojnqgYIP4rMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY1YxbV9ZV3gxMXM3RmhrZnFpT2VxQmdnX2lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj5AwQAUpj7AwQBUpj+AwQAUpkEAwQBUplAAwQAUplEAwQB
UplGMAwDBABSmdEDBABSmdIDBABSmd4DBABSmfYDBAFSmfgwDQYJKoZIhvcNAQEL
BQADggEBAIFtORGprlB9NG2LvqyhCZ9prJHR6upPs7r0zAzwMypYOE5xe2k1ZViO
u3HtpmqMeZS3aW8XZpxZx/A6WOe1eWkpztEb+WeMtbPTeoA8kHt2b2ohrmSkeLTY
2UmCPWRtzSRGSJw8Bc2Gyl9qm4kkQMC2NM1Hh1P5Yz0umfrowX8HTgeBknYwc5VO
Z031nVYyhwkj5CcokrHFm3ZXn2sFUCiKGfdawDLo9cNY8vpaHWkHbVtGl/wcmo0+
MrL9PsiRxh8JmGzd+DmbPD/4b3Xpotf+KM1oD/44WYnTKTHYuXyXyFozqBPFcIiN
+bW+3FdLch15Q2DfC6f8QG1hS1uI2vs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org