Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eWEesW0qHN-YvjtVFdhIwzyHOpg.roa
File:                     eWEesW0qHN-YvjtVFdhIwzyHOpg.roa (raw, json)
Hash identifier:          O/32pszlue+iZMQa3+1PjUszJdg7mjwQ6/U6IgHMWPA=
Subject key identifier:   79:61:1E:B1:6D:2A:1C:DF:98:BE:3B:55:15:D8:48:C3:3C:87:3A:98
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189BAB259F121A906EE87E5C5D0E5733424
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eWEesW0qHN-YvjtVFdhIwzyHOpg.roa
Signing time:             Thu 03 Aug 2023 09:19:57 +0000
ROA not before:           Thu 03 Aug 2023 09:19:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.111.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.213.0/24 maxlen: 24
                          109.176.210.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          81.168.41.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          109.176.241.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 04 Aug 2023 16:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ba:b2:59:f1:21:a9:06:ee:87:e5:c5:d0:e5:73:34:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  3 09:19:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=79611eb16d2a1cdf98be3b5515d848c33c873a98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:42:7c:89:1d:79:75:c5:15:7e:86:c2:a6:db:
                    c7:3a:de:c7:f4:e6:07:d7:76:bb:92:e2:a5:72:5c:
                    7d:6a:e7:8c:a3:50:a9:0b:60:30:e1:05:a0:c9:44:
                    46:3e:43:8b:23:4e:fe:dd:f8:64:c4:0b:a6:e5:c3:
                    f5:e2:4a:48:b2:51:41:88:de:1b:33:fa:05:62:1b:
                    de:11:ac:6d:f4:08:c8:6d:61:51:be:da:04:06:e2:
                    40:a5:8c:7e:4e:f5:d5:26:95:fd:f1:cf:6b:81:2b:
                    41:35:63:40:ed:7f:e8:d1:8a:9c:29:44:92:4c:44:
                    de:45:75:f2:97:ba:8a:a0:2c:f2:20:56:1d:40:00:
                    29:01:e9:7f:3a:37:f7:ba:48:3a:f4:e8:c0:e9:18:
                    64:8b:74:c6:23:8b:dc:e5:98:88:0c:67:46:51:80:
                    59:97:71:23:fd:fa:9c:0d:09:83:77:77:86:40:ee:
                    de:ba:5c:d6:1e:53:af:3f:2d:e7:97:50:84:7b:36:
                    28:49:df:c5:80:7e:15:24:d5:7b:b3:ed:e7:0c:2b:
                    7f:82:21:f9:9d:59:9c:6b:45:1a:7b:7c:8c:1c:2d:
                    f5:29:48:29:3f:fe:c9:21:b2:25:da:46:0e:3f:f0:
                    e9:bb:df:87:cd:55:c8:19:61:da:b0:c4:ff:54:cf:
                    ee:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:61:1E:B1:6D:2A:1C:DF:98:BE:3B:55:15:D8:48:C3:3C:87:3A:98
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eWEesW0qHN-YvjtVFdhIwzyHOpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.223.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.41.0/24
                  89.213.136.0/24
                  89.213.139.0-89.213.140.255
                  89.213.145.0/24
                  89.213.152.0/24
                  89.213.155.0/24
                  89.213.168.0/24
                  89.213.173.0/24
                  89.213.176.0/24
                  89.213.180.0/24
                  89.213.182.0/24
                  89.213.184.0/22
                  109.176.210.0/23
                  109.176.213.0/24
                  109.176.240.0-109.176.244.255
                  109.176.247.0/24
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:7a:95:42:7c:f2:b6:2e:14:bc:38:bb:46:b5:fc:51:23:e0:
         b8:76:42:e7:70:24:3f:40:0a:e2:32:71:de:ba:99:43:6e:e5:
         45:ba:4b:ca:69:b8:6c:19:29:57:b9:be:bb:6d:aa:3f:cf:0e:
         91:46:9e:3a:cd:82:6c:4c:01:1e:1c:bf:d4:43:98:82:71:be:
         69:90:56:5e:fb:c3:ce:f2:37:d0:b6:aa:be:00:7b:e4:73:b5:
         5c:1b:f9:1a:24:87:cd:c4:da:8c:8e:df:20:81:e2:55:00:fc:
         dd:ee:e4:88:eb:f7:49:c6:40:2f:3f:53:e8:2b:25:53:8e:4f:
         94:2b:2d:b8:cf:47:6f:4e:32:5f:aa:5a:3e:f3:28:7c:b6:54:
         a6:93:81:ff:bd:01:8f:b8:6b:18:18:b5:83:ed:c7:69:ab:af:
         31:bd:29:b7:5c:c2:f8:3e:93:ee:b9:5b:6a:2f:ed:b9:16:cd:
         41:f7:3d:b4:0a:12:e7:36:60:c0:d2:27:68:e2:7d:8d:7c:2b:
         19:28:16:31:99:de:16:6e:dc:02:90:c3:66:4b:1a:1b:50:01:
         8c:7f:b2:18:0f:e1:07:5b:38:85:33:61:9b:f5:eb:9a:1e:28:
         5d:7d:5f:cc:a5:cd:bb:bc:4c:fb:07:33:2b:65:cc:59:6c:0e:
         da:9a:c3:57
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgISAYm6slnxIakG7oflxdDlczQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODAzMDkxOTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTYxMWViMTZkMmExY2RmOThiZTNiNTUxNWQ4NDhjMzNjODczYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUJ8iR15dcUVfobCptvHOt7H9OYH
13a7kuKlclx9aueMo1CpC2Aw4QWgyURGPkOLI07+3fhkxAum5cP14kpIslFBiN4b
M/oFYhveEaxt9AjIbWFRvtoEBuJApYx+TvXVJpX98c9rgStBNWNA7X/o0YqcKUSS
TETeRXXyl7qKoCzyIFYdQAApAel/Ojf3ukg69OjA6Rhki3TGI4vc5ZiIDGdGUYBZ
l3Ej/fqcDQmDd3eGQO7eulzWHlOvPy3nl1CEezYoSd/FgH4VJNV7s+3nDCt/giH5
nVmca0Uae3yMHC31KUgpP/7JIbIl2kYOP/Dpu9+HzVXIGWHasMT/VM/ubQIDAQAB
o4IC9TCCAvEwHQYDVR0OBBYEFHlhHrFtKhzfmL47VRXYSMM8hzqYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZVdFZXNXMHFITi1Zdmp0VkZkaEl3enlIT3BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCQYIKwYBBQUHAQcBAf8EgfkwgfYwgfMEAgABMIHsAwQA
UQWcAwQAUagpAwQAUah0AwQAUah3AwQAUah7AwQAUphvAwQBUpj8AwQAUpj/AwQA
UpkBAwQAUplJAwQAUplOMAwDBANSmYgDBABSmYwDBABSmd8DBABSmeMDBABSmfAD
BABSmfkDBABZ1SkDBABZ1YgwDAMEAFnViwMEAFnVjAMEAFnVkQMEAFnVmAMEAFnV
mwMEAFnVqAMEAFnVrQMEAFnVsAMEAFnVtAMEAFnVtgMEAlnVuAMEAW2w0gMEAG2w
1TAMAwQEbbDwAwQAbbD0AwQAbbD3MAwDBAC5MX0DBAe5MQADBADVmCowDQYJKoZI
hvcNAQELBQADggEBAHB6lUJ88rYuFLw4u0a1/FEj4Lh2QudwJD9ACuIycd66mUNu
5UW6S8ppuGwZKVe5vrttqj/PDpFGnjrNgmxMAR4cv9RDmIJxvmmQVl77w87yN9C2
qr4Ae+RztVwb+Rokh83E2oyO3yCB4lUA/N3u5Ijr90nGQC8/U+grJVOOT5QrLbjP
R29OMl+qWj7zKHy2VKaTgf+9AY+4axgYtYPtx2mrrzG9Kbdcwvg+k+65W2ov7bkW
zUH3PbQKEuc2YMDSJ2jifY18KxkoFjGZ3hZu3AKQw2ZLGhtQAYx/shgP4QdbOIUz
YZv165oeKF19X8ylzbu8TPsHMytlzFlsDtqaw1c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org