Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cuhUfx15mNxTIugcdfWcpvlSc-4.roa
File:                     cuhUfx15mNxTIugcdfWcpvlSc-4.roa (raw, json)
Hash identifier:          zwRZhc6C69t3K5oV3SXoSG2gMOPo10zmywJz6vXKsno=
Subject key identifier:   72:E8:54:7F:1D:79:98:DC:53:22:E8:1C:75:F5:9C:A6:F9:52:73:EE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189DB1908E9C06E2E58979ADA346A645B54
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cuhUfx15mNxTIugcdfWcpvlSc-4.roa
Signing time:             Wed 09 Aug 2023 16:19:58 +0000
ROA not before:           Wed 09 Aug 2023 16:19:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.214.0/24 maxlen: 24
                          109.176.215.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.212.0/24 maxlen: 24
                          109.176.213.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 10 Aug 2023 07:22:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:db:19:08:e9:c0:6e:2e:58:97:9a:da:34:6a:64:5b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  9 16:19:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72e8547f1d7998dc5322e81c75f59ca6f95273ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:79:04:2d:93:e9:4e:e8:08:57:7f:82:fa:07:
                    1b:12:52:64:2d:99:f7:c1:12:fe:f5:c8:76:5c:41:
                    d3:3f:9b:c4:32:33:3d:60:88:d5:29:cf:e3:fe:cb:
                    b5:e3:bb:2b:13:a4:27:28:13:a4:e1:5f:f3:dc:02:
                    9b:d4:f9:3e:a7:58:da:1b:b7:26:4b:70:53:29:11:
                    5c:23:54:47:d3:8e:fc:f9:cd:89:79:9a:49:74:88:
                    a0:1f:2a:d3:5c:e9:f2:22:46:a9:2a:61:ce:05:b2:
                    03:89:f6:49:55:9f:d5:6d:1c:c5:70:86:c3:25:75:
                    f8:cc:19:c9:2e:f3:14:f6:df:ef:7f:1c:6e:58:50:
                    7c:72:03:30:28:b0:bb:21:4b:42:40:14:b0:7d:d0:
                    fe:f6:5e:a2:89:ba:12:0b:a6:29:6e:10:c5:fd:d4:
                    a3:8e:72:c9:f8:bc:86:ac:ec:27:b1:55:47:c6:ae:
                    80:bf:dc:ec:c5:d2:95:3e:64:5b:c6:5a:5b:ec:f3:
                    74:03:26:30:e6:ed:21:98:1c:c6:ea:0b:54:02:82:
                    18:cf:32:cf:87:cb:6e:eb:a7:7c:0d:9e:87:17:e7:
                    6b:5b:ee:d0:d5:55:75:1f:6b:de:20:d0:0e:3f:16:
                    07:5b:22:02:1a:90:73:1e:c5:4e:7f:1d:5b:3f:c2:
                    14:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E8:54:7F:1D:79:98:DC:53:22:E8:1C:75:F5:9C:A6:F9:52:73:EE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cuhUfx15mNxTIugcdfWcpvlSc-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.5.0/24
                  89.213.41.0-89.213.42.255
                  89.213.44.0/24
                  89.213.46.0/23
                  89.213.136.0/24
                  89.213.139.0-89.213.141.255
                  89.213.146.0/24
                  89.213.148.0-89.213.155.255
                  89.213.157.0-89.213.158.255
                  89.213.160.0/24
                  89.213.162.0-89.213.164.255
                  89.213.168.0/23
                  89.213.173.0-89.213.177.255
                  89.213.179.0-89.213.182.255
                  89.213.184.0-89.213.189.255
                  109.176.211.0-109.176.223.255
                  109.176.240.0/24
                  109.176.242.0/23
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:f8:8f:e3:50:63:df:e9:17:57:86:a7:39:7c:76:e7:1c:64:
         2d:68:4b:15:90:06:8a:4e:52:87:24:bf:93:bb:61:77:68:37:
         1a:79:d1:94:cf:29:12:42:ff:e5:be:69:d0:b4:7a:b0:72:88:
         f9:a3:3d:9a:42:a4:c8:31:0b:3c:0d:03:5a:01:6a:22:d3:2e:
         14:98:94:e2:43:30:9d:cb:b5:28:b5:92:bb:e7:57:5a:ea:14:
         be:21:af:0f:0b:e1:b7:1a:4c:60:14:55:8e:d9:d3:ba:c0:d7:
         a7:0b:63:8f:35:0b:57:a9:21:5f:4e:ff:db:db:27:5d:29:f1:
         6a:b1:f4:9d:5a:82:3d:8f:d1:59:c2:48:f4:9f:b4:95:6d:99:
         b2:5a:8d:c9:4a:05:3b:30:67:85:49:c8:0a:1c:3a:b1:1e:d7:
         58:fb:7e:96:7d:8f:af:a8:03:76:b7:ef:06:c2:ea:79:40:95:
         15:21:86:0c:21:34:6c:ea:7a:2d:8f:e8:5f:ac:79:24:ac:5c:
         89:7b:d6:71:b3:d6:a6:06:84:aa:e5:84:ad:cf:41:ca:82:02:
         0c:65:f2:18:99:db:a2:3b:b2:b6:82:53:af:0b:94:db:8b:39:
         ba:7b:c0:94:41:06:6f:c4:c9:3d:e8:a8:fe:fc:0b:4d:b0:69:
         d3:1a:2a:f4
-----BEGIN CERTIFICATE-----
MIIGXzCCBUegAwIBAgISAYnbGQjpwG4uWJea2jRqZFtUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODA5MTYxOTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU4NTQ3ZjFkNzk5OGRjNTMyMmU4MWM3NWY1OWNhNmY5NTI3M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHkELZPpTugIV3+C+gcbElJkLZn3
wRL+9ch2XEHTP5vEMjM9YIjVKc/j/su147srE6QnKBOk4V/z3AKb1Pk+p1jaG7cm
S3BTKRFcI1RH0478+c2JeZpJdIigHyrTXOnyIkapKmHOBbIDifZJVZ/VbRzFcIbD
JXX4zBnJLvMU9t/vfxxuWFB8cgMwKLC7IUtCQBSwfdD+9l6iiboSC6YpbhDF/dSj
jnLJ+LyGrOwnsVVHxq6Av9zsxdKVPmRbxlpb7PN0AyYw5u0hmBzG6gtUAoIYzzLP
h8tu66d8DZ6HF+drW+7Q1VV1H2veINAOPxYHWyICGpBzHsVOfx1bP8IUmQIDAQAB
o4IDazCCA2cwHQYDVR0OBBYEFHLoVH8deZjcUyLoHHX1nKb5UnPuMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY3VoVWZ4MTVtTnhUSXVnY2RmV2NwdmxTYy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBfwYIKwYBBQUHAQcBAf8EggFuMIIBajCCAWYEAgABMIIB
XgMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwAwQAUpn5AwQAWdUFMAwDBABZ1SkDBABZ1SoDBABZ1SwD
BAFZ1S4DBABZ1YgwDAMEAFnViwMEAVnVjAMEAFnVkjAMAwQCWdWUAwQCWdWYMAwD
BABZ1Z0DBABZ1Z4DBABZ1aAwDAMEAVnVogMEAFnVpAMEAVnVqDAMAwQAWdWtAwQB
WdWwMAwDBABZ1bMDBABZ1bYwDAMEA1nVuAMEAVnVvDAMAwQAbbDTAwQFbbDAAwQA
bbDwAwQBbbDyMAwDBABtsPUDBABtsPYwDAMEA22w+AMEAG2w+jAMAwQAuTF9AwQH
uTEAAwQA1ZgqAwQA1Zg9MA0GCSqGSIb3DQEBCwUAA4IBAQBX+I/jUGPf6RdXhqc5
fHbnHGQtaEsVkAaKTlKHJL+Tu2F3aDcaedGUzykSQv/lvmnQtHqwcoj5oz2aQqTI
MQs8DQNaAWoi0y4UmJTiQzCdy7UotZK751da6hS+Ia8PC+G3GkxgFFWO2dO6wNen
C2OPNQtXqSFfTv/b2yddKfFqsfSdWoI9j9FZwkj0n7SVbZmyWo3JSgU7MGeFScgK
HDqxHtdY+36WfY+vqAN2t+8Gwup5QJUVIYYMITRs6notj+hfrHkkrFyJe9Zxs9am
BoSq5YStz0HKggIMZfIYmduiO7K2glOvC5Tbizm6e8CUQQZvxMk96Kj+/AtNsGnT
Gir0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org