Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cdIUlZ66yuWPeeIx-l2WbvVK6N0.roa
File:                     cdIUlZ66yuWPeeIx-l2WbvVK6N0.roa (raw, json)
Hash identifier:          aQ10sAap2M4ZPGinaSDpRY9XVFi1ttAz/9YydMCVbaI=
Subject key identifier:   71:D2:14:95:9E:BA:CA:E5:8F:79:E2:31:FA:5D:96:6E:F5:4A:E8:DD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F5331649F71B6195EA42D6BA2D9D20728
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cdIUlZ66yuWPeeIx-l2WbvVK6N0.roa
Signing time:             Tue 07 May 2024 13:14:56 +0000
ROA not before:           Tue 07 May 2024 13:14:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        37.252.27.0/24 maxlen: 24
                          79.99.76.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.163.0.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          109.176.193.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          212.38.79.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 07 May 2024 19:04:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:31:64:9f:71:b6:19:5e:a4:2d:6b:a2:d9:d2:07:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  7 13:14:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71d214959ebacae58f79e231fa5d966ef54ae8dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0b:75:22:e6:29:94:49:39:9e:de:58:46:31:
                    df:b6:1e:26:fa:31:92:a1:91:df:19:a2:51:47:78:
                    60:0a:8b:73:fa:1e:e2:b3:8a:99:a1:34:97:11:29:
                    3d:09:d3:13:b0:10:25:41:f0:fe:85:71:86:b7:27:
                    43:bf:5a:5b:76:13:c1:9f:e1:4c:63:12:6d:cf:43:
                    67:2c:7f:00:72:d7:25:40:9a:e7:30:80:c4:f1:d5:
                    b4:e6:28:d0:62:1d:97:06:35:b7:cd:58:e0:08:6a:
                    f1:a3:a4:fe:3b:ef:72:7b:2b:90:33:b3:90:7c:17:
                    ea:e9:40:23:b9:e5:0d:24:65:3c:c5:75:0b:0a:cd:
                    f6:41:f7:f7:dc:db:e3:7e:9a:04:57:6d:52:63:83:
                    36:7f:26:f1:cf:3e:90:53:6f:97:0b:d3:5c:c9:66:
                    d5:5d:38:1d:ac:04:31:a2:cc:0a:0d:02:5e:cf:c4:
                    46:14:38:90:e7:ac:cb:93:4c:e1:47:cb:13:3c:57:
                    07:10:c5:7d:a5:fd:40:e0:7b:38:69:2f:e7:0f:a0:
                    8b:da:d3:84:e4:24:cb:4d:4f:92:60:f9:bc:97:20:
                    cc:9a:c3:e5:35:c6:c6:23:a7:76:e5:84:81:07:63:
                    ea:94:2b:08:ef:c7:90:2a:c1:87:0c:43:fb:f6:09:
                    cf:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D2:14:95:9E:BA:CA:E5:8F:79:E2:31:FA:5D:96:6E:F5:4A:E8:DD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cdIUlZ66yuWPeeIx-l2WbvVK6N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.27.0/24
                  79.99.76.0/24
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.50.0/24
                  82.153.136.0/22
                  82.163.0.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  109.176.193.0/24
                  109.176.244.0/24
                  185.49.126.0/23
                  194.105.80.0/20
                  212.38.79.0/24
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:bf:1f:e6:a3:e6:65:c6:b7:88:90:84:4d:f5:73:c0:4c:4e:
         21:8a:64:78:00:4f:ae:fb:52:19:c3:41:a7:43:ea:66:6c:30:
         4e:18:b8:61:4d:ce:ad:86:e9:60:35:46:b4:5c:56:62:b4:89:
         ad:65:29:c3:77:a1:86:39:e7:69:7e:98:e4:11:82:8c:8b:88:
         ef:38:9e:6c:a2:09:db:56:94:5c:95:04:65:6f:4d:c9:2c:e2:
         1d:ea:d8:cd:a9:71:04:06:a9:57:3e:32:14:3f:5c:fa:39:39:
         27:59:5a:b7:a7:92:98:bd:86:88:d2:57:72:82:7f:9f:2f:f2:
         85:29:86:7b:d8:e8:1d:40:84:99:f2:c0:c2:bb:d2:44:dc:ea:
         d3:58:02:35:03:54:02:7b:ef:61:57:89:d9:84:68:ec:47:80:
         b9:3b:c4:19:b5:c4:59:b1:b1:15:1d:e8:bc:03:27:39:6f:e0:
         83:7f:b1:78:4c:f2:c3:a3:56:b2:f4:48:43:1e:44:81:a4:a2:
         02:15:75:17:65:bb:6f:ac:f7:3e:88:bb:5a:96:14:a7:85:2d:
         b4:c2:5e:f8:bb:ec:8a:9b:78:4f:b0:28:aa:2f:35:a8:ae:5b:
         22:49:3c:e0:57:2e:ce:a1:de:42:01:c6:9a:f1:66:2f:9f:0b:
         97:f1:6b:d7
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAY9TMWSfcbYZXqQta6LZ0gcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA3MTMxNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQyMTQ5NTllYmFjYWU1OGY3OWUyMzFmYTVkOTY2ZWY1NGFlOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwt1IuYplEk5nt5YRjHfth4m+jGS
oZHfGaJRR3hgCotz+h7is4qZoTSXESk9CdMTsBAlQfD+hXGGtydDv1pbdhPBn+FM
YxJtz0NnLH8ActclQJrnMIDE8dW05ijQYh2XBjW3zVjgCGrxo6T+O+9yeyuQM7OQ
fBfq6UAjueUNJGU8xXULCs32Qff33NvjfpoEV21SY4M2fybxzz6QU2+XC9NcyWbV
XTgdrAQxoswKDQJez8RGFDiQ56zLk0zhR8sTPFcHEMV9pf1A4Hs4aS/nD6CL2tOE
5CTLTU+SYPm8lyDMmsPlNcbGI6d25YSBB2PqlCsI78eQKsGHDEP79gnP0wIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFHHSFJWeusrlj3niMfpdlm71SujdMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY2RJVWxaNjZ5dVdQZWVJeC1sMldidlZLNk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzCBgAQCAAEwegMEACX8
GwMEAE9jTAMEAFGofgMEAVKYsAMEAFKZMgMEAlKZiAMEAFKjADAMAwQCWdWUAwQF
WdWAAwQCWdWsAwQAWdW0AwQDbbAQAwQAbbDBAwQAbbD0AwQBuTF+AwQEwmlQAwQA
1CZPAwQA1YKVAwQB1drSAwQA1drVMA0GCSqGSIb3DQEBCwUAA4IBAQBjvx/mo+Zl
xreIkIRN9XPATE4himR4AE+u+1IZw0GnQ+pmbDBOGLhhTc6thulgNUa0XFZitImt
ZSnDd6GGOedpfpjkEYKMi4jvOJ5sognbVpRclQRlb03JLOId6tjNqXEEBqlXPjIU
P1z6OTknWVq3p5KYvYaI0ldygn+fL/KFKYZ72OgdQISZ8sDCu9JE3OrTWAI1A1QC
e+9hV4nZhGjsR4C5O8QZtcRZsbEVHei8Ayc5b+CDf7F4TPLDo1ay9EhDHkSBpKIC
FXUXZbtvrPc+iLtalhSnhS20wl74u+yKm3hPsCiqLzWorlsiSTzgVy7Ood5CAcaa
8WYvnwuX8WvX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org