Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dTfIZdOUKv8ex5LQjkhThYtLDSg.roa
File:                     dTfIZdOUKv8ex5LQjkhThYtLDSg.roa (raw, json)
Hash identifier:          S7djq3bQ23CliDtFz/ND78AC/E5S7P24kF+DWcsyRXo=
Subject key identifier:   75:37:C8:65:D3:94:2A:FF:1E:C7:92:D0:8E:48:53:85:8B:4B:0D:28
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018857E461AF33BB3414C119DF446A9CE2A0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dTfIZdOUKv8ex5LQjkhThYtLDSg.roa
Signing time:             Fri 26 May 2023 11:49:24 +0000
ROA not before:           Fri 26 May 2023 11:49:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 29 May 2023 17:08:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:57:e4:61:af:33:bb:34:14:c1:19:df:44:6a:9c:e2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 11:49:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7537c865d3942aff1ec792d08e4853858b4b0d28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:82:9a:21:02:29:84:a4:c6:11:97:a4:44:77:
                    4f:60:c8:ff:d3:1f:78:03:84:61:dd:00:da:44:f4:
                    52:71:bb:25:2d:dc:17:3d:4e:f5:a4:fd:2a:0e:9a:
                    ef:b2:6b:f4:4f:fd:47:6d:04:32:3e:9a:55:aa:09:
                    61:ad:7c:86:7f:c1:e9:47:e9:87:ce:5a:9c:29:2a:
                    85:bf:33:58:45:19:7b:9f:8b:ac:ce:ec:6a:70:6e:
                    ab:fe:6c:d1:ba:08:08:bd:34:b4:eb:4b:c3:3f:ef:
                    58:b7:96:6b:7d:af:01:d0:0a:fd:48:03:2a:8a:bd:
                    7c:5c:ed:97:d9:bb:c4:bc:10:4d:16:ed:8e:fb:ca:
                    a4:d3:82:16:17:46:92:ba:04:48:2a:d5:de:96:34:
                    3d:fc:34:9c:41:62:aa:ea:ce:eb:54:84:63:c5:21:
                    a2:47:f9:42:74:48:38:a1:ef:6f:73:19:78:9e:1d:
                    68:ca:07:0c:90:55:0b:e5:19:01:d2:fe:07:c9:27:
                    90:0e:cd:12:65:2d:61:97:93:ac:51:08:17:a9:e9:
                    ef:ff:79:e3:71:f1:35:ec:f0:98:68:f5:68:38:e5:
                    14:37:e1:77:1c:8e:18:fb:b2:90:ed:f0:89:15:7e:
                    69:ca:33:2d:75:4c:e3:d6:c8:62:e8:d3:84:0e:80:
                    69:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:37:C8:65:D3:94:2A:FF:1E:C7:92:D0:8E:48:53:85:8B:4B:0D:28
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dTfIZdOUKv8ex5LQjkhThYtLDSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.152.248.0/24
                  82.153.1.0/24
                  82.153.68.0/24
                  82.153.71.0-82.153.72.255
                  82.153.78.0/24
                  82.153.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:58:f9:6e:d1:8c:78:f7:9e:55:99:8f:67:a7:83:c5:8d:b2:
         36:6f:ac:90:38:3e:de:7b:d4:ae:97:5c:2c:e0:a2:3a:c7:7f:
         48:d9:70:76:57:cd:d5:f6:fa:76:7c:bb:99:0d:34:b0:34:43:
         e2:ab:52:19:2f:99:02:55:65:6c:3d:86:b4:68:a2:89:1f:dd:
         43:c3:a9:96:72:26:91:c2:45:41:4b:99:b7:06:c4:67:ed:96:
         bd:56:9d:0f:2b:f7:dc:52:61:a0:7b:ef:ec:2b:a7:dc:3c:c6:
         3f:6b:31:0f:a7:77:81:8b:83:a6:d5:5e:3d:f6:da:3d:70:94:
         e9:77:de:10:0a:ca:c4:78:29:65:48:3a:41:2b:93:e9:ed:e2:
         cd:6a:8c:20:2c:90:a0:80:b8:55:84:09:ac:b3:32:19:98:a5:
         2f:df:23:be:b6:5e:f7:bc:4c:82:0d:97:02:73:5b:50:a0:6d:
         02:7d:bb:bd:52:77:35:d5:b7:38:ff:c8:23:2f:99:65:25:06:
         01:a4:ab:da:f4:10:82:77:5a:5f:3d:25:c5:ba:85:9d:10:8c:
         89:c0:1e:66:a4:65:08:52:30:98:ed:ad:54:27:39:4f:a7:ab:
         11:f0:22:86:f1:d7:7a:43:f5:f9:47:22:2f:f0:fe:11:8a:68:
         58:12:e1:b3
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYhX5GGvM7s0FMEZ30RqnOKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTI2MTE0OTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTM3Yzg2NWQzOTQyYWZmMWVjNzkyZDA4ZTQ4NTM4NThiNGIwZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoKaIQIphKTGEZekRHdPYMj/0x94
A4Rh3QDaRPRScbslLdwXPU71pP0qDprvsmv0T/1HbQQyPppVqglhrXyGf8HpR+mH
zlqcKSqFvzNYRRl7n4uszuxqcG6r/mzRuggIvTS060vDP+9Yt5Zrfa8B0Ar9SAMq
ir18XO2X2bvEvBBNFu2O+8qk04IWF0aSugRIKtXeljQ9/DScQWKq6s7rVIRjxSGi
R/lCdEg4oe9vcxl4nh1oygcMkFUL5RkB0v4HySeQDs0SZS1hl5OsUQgXqenv/3nj
cfE17PCYaPVoOOUUN+F3HI4Y+7KQ7fCJFX5pyjMtdUzj1shi6NOEDoBpZwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFHU3yGXTlCr/HseS0I5IU4WLSw0oMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZFRmSVpkT1VLdjhleDVMUWpraFRoWXRMRFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAUagjMAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmPgDBABSmQEDBABSmUQwDAMEAFKZ
RwMEAFKZSAMEAFKZTgMEAFKZhDANBgkqhkiG9w0BAQsFAAOCAQEAdlj5btGMePee
VZmPZ6eDxY2yNm+skDg+3nvUrpdcLOCiOsd/SNlwdlfN1fb6dny7mQ00sDRD4qtS
GS+ZAlVlbD2GtGiiiR/dQ8OplnImkcJFQUuZtwbEZ+2WvVadDyv33FJhoHvv7Cun
3DzGP2sxD6d3gYuDptVePfbaPXCU6XfeEArKxHgpZUg6QSuT6e3izWqMICyQoIC4
VYQJrLMyGZilL98jvrZe97xMgg2XAnNbUKBtAn27vVJ3NdW3OP/IIy+ZZSUGAaSr
2vQQgndaXz0lxbqFnRCMicAeZqRlCFIwmO2tVCc5T6erEfAihvHXekP1+UciL/D+
EYpoWBLhsw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org