Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ch6-txFvGOsOh_DdCPWB6pFiiSc.roa
File:                     ch6-txFvGOsOh_DdCPWB6pFiiSc.roa (raw, json)
Hash identifier:          qMJeJkqFItb8Mrq+axQbpVuU+1ifLANRUsHtOVXvJcs=
Subject key identifier:   72:1E:BE:B7:11:6F:18:EB:0E:87:F0:DD:08:F5:81:EA:91:62:89:27
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FA078CF17C5510D5E43DBA16B1D5F6C53
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ch6-txFvGOsOh_DdCPWB6pFiiSc.roa
Signing time:             Wed 22 May 2024 13:23:42 +0000
ROA not before:           Wed 22 May 2024 13:23:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.152.176.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.98.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.196.0/22 maxlen: 24
                          89.213.200.0/22 maxlen: 24
                          89.213.204.0/22 maxlen: 24
                          89.213.232.0/22 maxlen: 24
                          89.213.236.0/22 maxlen: 24
                          89.213.238.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 23 May 2024 07:24:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:78:cf:17:c5:51:0d:5e:43:db:a1:6b:1d:5f:6c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 22 13:23:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=721ebeb7116f18eb0e87f0dd08f581ea91628927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:14:fb:d5:51:f5:53:19:8e:a0:a8:03:d3:9c:
                    29:a8:55:5d:8f:68:5e:b1:22:c5:26:6d:f2:f6:6e:
                    f5:10:cb:de:bf:6d:35:b5:96:d9:22:f7:38:41:f2:
                    31:3d:5e:0b:af:ba:97:c9:24:9a:41:8e:ea:e3:bc:
                    71:a9:b8:6d:12:64:20:39:11:32:2b:5d:66:78:46:
                    18:e3:5b:7d:9d:ac:59:bc:4b:20:e2:d6:94:4f:48:
                    dc:51:1d:71:67:ca:0c:ed:60:0b:fe:e0:62:9d:d0:
                    22:8a:c8:a4:89:a9:f2:6e:5d:82:9f:8b:52:78:7e:
                    93:d4:c6:6e:b7:50:8b:d4:0e:b7:14:7c:81:07:89:
                    49:0b:c2:1c:ce:85:5f:21:10:78:cf:bf:2a:4f:44:
                    51:fd:f3:50:d8:be:30:80:52:9e:de:32:c7:36:da:
                    db:00:63:51:e3:d6:60:43:ea:39:ad:9e:89:cd:41:
                    f0:20:9e:8a:7b:86:b9:b1:68:83:dc:37:26:58:b7:
                    f0:13:19:a6:df:30:b6:77:1f:55:b6:b4:23:4f:23:
                    20:bd:c5:69:73:f7:7b:9f:d3:71:7a:d9:ac:a6:1a:
                    09:28:cb:2c:9b:46:71:39:a5:7f:67:01:5a:b6:e5:
                    20:ad:2d:1a:c6:7e:17:e7:b2:83:64:89:2b:c5:30:
                    c5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:1E:BE:B7:11:6F:18:EB:0E:87:F0:DD:08:F5:81:EA:91:62:89:27
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ch6-txFvGOsOh_DdCPWB6pFiiSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  89.213.98.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.196.0-89.213.207.255
                  89.213.232.0/21
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.130.0/24
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:8a:f4:29:de:19:22:0b:d9:f0:ce:86:af:7d:c5:10:a1:04:
         ad:26:a7:2b:45:8a:13:21:da:54:cd:39:91:fc:c3:70:c4:8b:
         11:4b:00:bd:70:05:f8:46:8e:61:20:1d:2f:35:e0:2d:65:75:
         f3:5a:79:f1:cc:4a:cc:7a:f3:d7:42:3e:6b:9d:64:fd:1f:58:
         e1:22:75:cf:3d:4d:1c:ef:e8:59:bb:1c:f3:c3:be:b7:e4:67:
         a8:6b:fe:3a:20:78:57:9e:73:41:a3:46:78:4b:46:40:53:c5:
         d7:d1:b1:ee:18:d4:a0:19:b9:29:bd:09:c7:3a:e8:2f:2b:e9:
         6c:c7:22:84:eb:81:0a:d3:7d:42:18:d2:cb:bd:ca:bb:ae:65:
         7f:e6:ac:d5:6c:46:f5:bb:e7:6e:b5:c3:64:94:b9:4c:36:73:
         66:c7:59:0c:07:8a:98:1c:64:bd:af:70:cb:b8:12:4d:61:5b:
         02:01:27:61:60:bb:2b:08:92:f2:fd:ba:10:67:d9:64:0b:71:
         d3:ed:b3:07:ef:d6:7e:fd:c9:c7:c0:89:fd:20:46:73:36:01:
         cc:d6:05:52:29:a1:ac:94:c4:a6:b3:0e:87:bf:88:a7:60:53:
         e4:20:78:0a:a0:26:a6:89:ec:f1:c6:79:d6:dd:34:64:07:0b:
         eb:4e:38:ad
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAY+geM8XxVENXkPboWsdX2xTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIyMTMyMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjFlYmViNzExNmYxOGViMGU4N2YwZGQwOGY1ODFlYTkxNjI4OTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxT71VH1UxmOoKgD05wpqFVdj2he
sSLFJm3y9m71EMvev201tZbZIvc4QfIxPV4Lr7qXySSaQY7q47xxqbhtEmQgOREy
K11meEYY41t9naxZvEsg4taUT0jcUR1xZ8oM7WAL/uBindAiisikianybl2Cn4tS
eH6T1MZut1CL1A63FHyBB4lJC8IczoVfIRB4z78qT0RR/fNQ2L4wgFKe3jLHNtrb
AGNR49ZgQ+o5rZ6JzUHwIJ6Ke4a5sWiD3DcmWLfwExmm3zC2dx9VtrQjTyMgvcVp
c/d7n9NxetmsphoJKMssm0ZxOaV/ZwFatuUgrS0axn4X57KDZIkrxTDFVQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFHIevrcRbxjrDofw3Qj1geqRYoknMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY2g2LXR4RnZHT3NPaF9EZENQV0I2cEZpaVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQBUpiwAwQC
UpmIAwQAWdViMAwDBAJZ1ZQDBAVZ1YADBAJZ1awwDAMEAlnVxAMEBFnVwAMEA1nV
6AMEA22wEAMEAbkxfgMEBMJpUAMEANWCggMEANWClQMEAdXa0gMEANXa5zANBgkq
hkiG9w0BAQsFAAOCAQEAjYr0Kd4ZIgvZ8M6Gr33FEKEErSanK0WKEyHaVM05kfzD
cMSLEUsAvXAF+EaOYSAdLzXgLWV181p58cxKzHrz10I+a51k/R9Y4SJ1zz1NHO/o
Wbsc88O+t+RnqGv+OiB4V55zQaNGeEtGQFPF19Gx7hjUoBm5Kb0JxzroLyvpbMci
hOuBCtN9QhjSy73Ku65lf+as1WxG9bvnbrXDZJS5TDZzZsdZDAeKmBxkva9wy7gS
TWFbAgEnYWC7KwiS8v26EGfZZAtx0+2zB+/Wfv3Jx8CJ/SBGczYBzNYFUimhrJTE
prMOh7+Ip2BT5CB4CqAmpons8cZ51t00ZAcL6044rQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org