Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d2Pk7pxN9mJKlPVgBwzxCLXYexA.roa
File:                     d2Pk7pxN9mJKlPVgBwzxCLXYexA.roa (raw, json)
Hash identifier:          VUV48IshL/s+VQ/4FLsRtyiAIlFWXRol9E9wd/QNHl4=
Subject key identifier:   77:63:E4:EE:9C:4D:F6:62:4A:94:F5:60:07:0C:F1:08:B5:D8:7B:10
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D184416AA7B159E881430DFBACA8FE1D6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d2Pk7pxN9mJKlPVgBwzxCLXYexA.roa
Signing time:             Wed 17 Jan 2024 16:32:11 +0000
ROA not before:           Wed 17 Jan 2024 16:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        81.5.156.0/24 maxlen: 24
                          81.168.41.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.152.250.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.67.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.140.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.135.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.137.0/24 maxlen: 24
                          89.213.138.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          213.152.62.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 02 Feb 2024 11:25:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:44:16:aa:7b:15:9e:88:14:30:df:ba:ca:8f:e1:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 17 16:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7763e4ee9c4df6624a94f560070cf108b5d87b10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d4:40:63:a7:5f:88:6e:20:b6:2f:d4:0b:0d:
                    3e:0b:ee:59:53:29:a0:8c:16:b6:5a:00:c0:dc:12:
                    30:b0:b8:03:0a:e9:99:a0:bb:36:df:7c:44:db:54:
                    d5:e5:2c:ce:82:0e:7a:f0:4a:da:dc:6a:e6:15:74:
                    bc:16:84:b8:65:74:7b:db:6a:ea:bd:5e:a0:e5:c4:
                    e4:69:9a:3b:0d:3e:67:17:f8:50:dd:22:61:c7:1c:
                    ce:85:24:ba:53:bd:e1:3a:ae:d5:17:06:9f:d2:e6:
                    97:f9:e4:29:d1:2b:d4:e5:e5:29:dd:9e:7f:ab:93:
                    df:ee:8d:8b:8f:1f:f0:42:c6:17:89:af:98:fe:f6:
                    b8:be:73:bb:7f:ce:dc:a6:23:68:21:36:d6:a7:81:
                    5c:64:d6:6c:3e:43:23:40:3f:89:dd:79:67:f0:6e:
                    aa:63:28:28:b2:e9:65:14:c8:f4:63:4f:56:82:e2:
                    9b:c2:aa:70:f9:57:88:27:f2:7e:80:b9:22:dc:ea:
                    5f:70:e7:88:a0:37:d0:84:75:f5:c9:5f:c1:ed:35:
                    52:71:57:3b:fa:86:3b:16:76:6e:9b:19:8e:98:86:
                    eb:63:67:26:45:72:69:28:6b:32:9b:96:61:29:7f:
                    32:29:05:b3:ca:59:48:5e:2a:de:96:88:8f:12:af:
                    72:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:63:E4:EE:9C:4D:F6:62:4A:94:F5:60:07:0C:F1:08:B5:D8:7B:10
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d2Pk7pxN9mJKlPVgBwzxCLXYexA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  82.152.111.0/24
                  82.152.250.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.67.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.137.0/24
                  82.153.139.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.240.0/24
                  82.153.248.0/24
                  82.153.250.0/24
                  89.213.133.0/24
                  89.213.135.0-89.213.138.255
                  89.213.141.0/24
                  89.213.153.0/24
                  89.213.163.0/24
                  89.213.168.0/24
                  89.213.170.0/24
                  89.213.185.0/24
                  89.213.188.0/23
                  109.176.209.0/24
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.249.0/24
                  185.49.125.0/24
                  213.152.61.0-213.152.62.255

    Signature Algorithm: sha256WithRSAEncryption
         79:a2:b4:f5:aa:f4:8b:60:cb:ce:1e:dc:5c:27:63:6e:6a:f6:
         27:93:e4:54:c3:24:65:2d:39:34:d3:79:a4:f7:61:9d:ff:84:
         f9:73:a2:27:5b:40:66:fb:2e:72:c9:e2:bd:30:f9:ea:2f:ac:
         db:d6:80:e6:77:86:69:92:89:2a:9b:ef:e7:d3:20:25:0f:17:
         27:64:31:5f:de:98:34:a3:77:2d:d5:75:84:65:85:2b:bf:5b:
         1b:cc:10:9d:e6:ab:f0:45:ad:0a:69:e5:5e:ed:c9:78:89:03:
         5a:f0:f8:05:36:25:89:96:87:f8:9f:45:22:54:59:be:7c:cd:
         a5:f2:0d:09:de:c3:ea:c6:79:65:b0:03:6d:74:da:71:bf:51:
         08:bf:9a:e1:6f:e2:cc:8a:ea:cf:fa:f9:16:59:2e:44:cf:8b:
         d3:dd:97:8c:d3:b0:dd:fb:53:db:c5:f6:cf:fd:21:91:f4:89:
         62:eb:fd:9d:0f:12:fc:aa:fa:46:9a:47:0c:9a:08:ba:6f:b2:
         15:64:52:8d:2f:25:b4:fc:64:83:4a:81:78:62:d7:5a:66:ed:
         d2:bf:52:3d:96:9a:51:43:75:ef:6e:c4:96:c6:f1:5d:57:58:
         7f:82:d6:39:53:a8:b0:69:7e:c3:be:a7:2e:dc:f9:39:4b:8b:
         e4:73:40:92
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgISAY0YRBaqexWeiBQw37rKj+HWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTE3MTYzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzYzZTRlZTljNGRmNjYyNGE5NGY1NjAwNzBjZjEwOGI1ZDg3YjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNRAY6dfiG4gti/UCw0+C+5ZUymg
jBa2WgDA3BIwsLgDCumZoLs233xE21TV5SzOgg568Era3GrmFXS8FoS4ZXR722rq
vV6g5cTkaZo7DT5nF/hQ3SJhxxzOhSS6U73hOq7VFwaf0uaX+eQp0SvU5eUp3Z5/
q5Pf7o2Ljx/wQsYXia+Y/va4vnO7f87cpiNoITbWp4FcZNZsPkMjQD+J3Xln8G6q
YygosullFMj0Y09WguKbwqpw+VeIJ/J+gLki3OpfcOeIoDfQhHX1yV/B7TVScVc7
+oY7FnZumxmOmIbrY2cmRXJpKGsym5ZhKX8yKQWzyllIXireloiPEq9ypQIDAQAB
o4IC2jCCAtYwHQYDVR0OBBYEFHdj5O6cTfZiSpT1YAcM8Qi12HsQMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZDJQazdweE45bUpLbFBWZ0J3enhDTFhZZXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHvBggrBgEFBQcBBwEB/wSB3zCB3DCB2QQCAAEwgdIDBABR
BZwDBABRqCkDBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABSmUkDBABS
mU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AMEAFKZ+AME
AFKZ+gMEAFnVhTAMAwQAWdWHAwQAWdWKAwQAWdWNAwQAWdWZAwQAWdWjAwQAWdWo
AwQAWdWqAwQAWdW5AwQBWdW8AwQAbbDRAwQAbbDTAwQDbbDYAwQAbbD5AwQAuTF9
MAwDBADVmD0DBADVmD4wDQYJKoZIhvcNAQELBQADggEBAHmitPWq9Itgy84e3Fwn
Y25q9ieT5FTDJGUtOTTTeaT3YZ3/hPlzoidbQGb7LnLJ4r0w+eovrNvWgOZ3hmmS
iSqb7+fTICUPFydkMV/emDSjdy3VdYRlhSu/WxvMEJ3mq/BFrQpp5V7tyXiJA1rw
+AU2JYmWh/ifRSJUWb58zaXyDQnew+rGeWWwA2102nG/UQi/muFv4syK6s/6+RZZ
LkTPi9Pdl4zTsN37U9vF9s/9IZH0iWLr/Z0PEvyq+kaaRwyaCLpvshVkUo0vJbT8
ZINKgXhi11pm7dK/Uj2WmlFDde9uxJbG8V1XWH+C1jlTqLBpfsO+py7c+TlLi+Rz
QJI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org