Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ctMvD974FOC5B_q4SGPnawkvUng.roa
File:                     ctMvD974FOC5B_q4SGPnawkvUng.roa (raw, json)
Hash identifier:          w91Q3vF1TzE2gg8zab5z2Ve57Y9r+v26XdE93KdOxI8=
Subject key identifier:   72:D3:2F:0F:DE:F8:14:E0:B9:07:FA:B8:48:63:E7:6B:09:2F:52:78
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018926C017EBA9277AB8F93C66B56D34D8FD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ctMvD974FOC5B_q4SGPnawkvUng.roa
Signing time:             Wed 05 Jul 2023 15:51:10 +0000
ROA not before:           Wed 05 Jul 2023 15:51:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24
                          81.5.189.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          89.213.161.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 16 Jul 2023 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:26:c0:17:eb:a9:27:7a:b8:f9:3c:66:b5:6d:34:d8:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  5 15:51:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72d32f0fdef814e0b907fab84863e76b092f5278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:90:f5:37:bb:48:3b:df:f8:40:6b:6d:5c:25:
                    97:09:84:b8:a4:70:ea:b1:17:46:16:3c:88:b6:21:
                    c5:87:e2:c1:98:81:93:76:94:20:84:18:e7:f6:4a:
                    aa:0e:32:02:e2:0e:77:19:9c:e0:52:6a:94:88:5b:
                    d9:ce:57:bf:40:e5:79:3c:d2:d0:72:d9:f9:bf:b3:
                    05:0d:7d:a3:04:e5:db:cf:3e:d3:34:c1:a2:c6:4e:
                    30:48:99:04:56:d4:d4:dd:90:ad:09:c0:d0:64:85:
                    87:9e:ad:8a:50:8b:a7:d0:5e:09:59:11:e4:78:7d:
                    36:3c:5d:cc:cf:0b:a8:09:8e:00:85:14:7b:17:24:
                    78:d0:26:45:f7:8f:33:80:17:4a:56:dd:2b:42:cc:
                    85:bb:07:62:bc:eb:dd:35:d2:57:0b:98:41:5c:08:
                    41:55:7b:3c:3a:b0:14:fc:bb:9d:15:3a:12:00:c7:
                    49:af:7d:f9:e3:45:cf:a5:a5:0c:04:6c:eb:b1:62:
                    76:b2:87:77:78:0f:78:f0:5b:92:51:f7:cd:99:bd:
                    17:a9:63:17:0f:ee:1f:8d:15:1b:d6:6e:35:70:88:
                    1b:9f:71:90:3d:33:1d:fb:5e:fd:a7:bc:bd:c1:a4:
                    33:89:77:18:4d:c3:33:53:e0:5b:3e:6f:df:0d:fa:
                    93:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D3:2F:0F:DE:F8:14:E0:B9:07:FA:B8:48:63:E7:6B:09:2F:52:78
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ctMvD974FOC5B_q4SGPnawkvUng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24
                  81.168.35.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/23
                  82.153.1.0/24
                  82.153.68.0/23
                  82.153.71.0-82.153.72.255
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/24
                  89.213.161.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:9c:a4:5c:95:8d:b8:8a:d4:c8:27:6b:d4:8b:0c:aa:ae:1c:
         86:4f:cf:6f:e8:e4:e1:23:f7:8a:3a:83:ee:ea:6b:4a:69:7c:
         06:bf:19:c3:3b:4c:1a:db:20:e2:5b:21:5f:9a:9b:4f:09:c8:
         70:4a:89:d4:15:d8:1e:80:54:da:7f:09:53:09:2d:1f:ad:0a:
         dd:c3:f9:d3:a5:f6:12:48:04:c6:b5:e9:5c:9a:f8:9e:11:86:
         bf:57:1e:50:66:c8:34:7d:1e:c6:60:c2:fc:fd:18:9f:5d:f2:
         09:e3:76:86:69:eb:4b:7f:9c:b4:0b:32:99:2c:80:35:62:5a:
         91:f6:67:5a:3c:c5:16:e2:a7:a4:d8:50:36:b2:67:83:31:e5:
         33:21:97:af:cd:db:2a:5e:66:e3:1f:55:c2:8d:f1:6a:f1:56:
         a8:32:b0:97:c9:f5:9a:6d:cb:af:b9:74:12:3b:58:3d:56:90:
         e0:31:c4:82:27:e5:28:8e:d1:b3:c1:f6:ab:06:3f:17:c4:1c:
         1b:f0:8c:85:43:7a:0a:2e:5c:46:95:60:a9:69:00:e8:d0:f1:
         27:9c:8e:bd:18:a9:25:57:dc:1e:b4:da:e3:37:9f:ff:42:f5:
         a4:06:69:44:8b:79:e0:ba:d3:b9:d4:6c:19:5a:84:78:3d:eb:
         ea:dd:b2:5d
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAYkmwBfrqSd6uPk8ZrVtNNj9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA1MTU1MTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQzMmYwZmRlZjgxNGUwYjkwN2ZhYjg0ODYzZTc2YjA5MmY1Mjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJD1N7tIO9/4QGttXCWXCYS4pHDq
sRdGFjyItiHFh+LBmIGTdpQghBjn9kqqDjIC4g53GZzgUmqUiFvZzle/QOV5PNLQ
ctn5v7MFDX2jBOXbzz7TNMGixk4wSJkEVtTU3ZCtCcDQZIWHnq2KUIun0F4JWRHk
eH02PF3MzwuoCY4AhRR7FyR40CZF948zgBdKVt0rQsyFuwdivOvdNdJXC5hBXAhB
VXs8OrAU/LudFToSAMdJr33540XPpaUMBGzrsWJ2sod3eA948FuSUffNmb0XqWMX
D+4fjRUb1m41cIgbn3GQPTMd+179p7y9waQziXcYTcMzU+BbPm/fDfqTRwIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFHLTLw/e+BTguQf6uEhj52sJL1J4MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY3RNdkQ5NzRGT0M1Ql9xNFNHUG5hd2t2VW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwdgQCAAEwcAMEAFEFvQME
AFGoIzAMAwQAUah3AwQAUah4AwQAUah7AwQAUah+AwQAUpj4AwQAUpj7AwQBUpj+
AwQAUpkBAwQBUplEMAwDBABSmUcDBABSmUgDBABSmU8DBABSmYQDBABSmeADBABZ
1aEDBAC5MXwwDQYJKoZIhvcNAQELBQADggEBAJqcpFyVjbiK1Mgna9SLDKquHIZP
z2/o5OEj94o6g+7qa0ppfAa/GcM7TBrbIOJbIV+am08JyHBKidQV2B6AVNp/CVMJ
LR+tCt3D+dOl9hJIBMa16Vya+J4Rhr9XHlBmyDR9HsZgwvz9GJ9d8gnjdoZp60t/
nLQLMpksgDViWpH2Z1o8xRbip6TYUDayZ4Mx5TMhl6/N2ypeZuMfVcKN8WrxVqgy
sJfJ9Zpty6+5dBI7WD1WkOAxxIIn5SiO0bPB9qsGPxfEHBvwjIVDegouXEaVYKlp
AOjQ8Secjr0YqSVX3B602uM3n/9C9aQGaUSLeeC607nUbBlahHg96+rdsl0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org