Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fOc7Sz_Rr3VX4JNzalTc6IlTwnM.roa
File:                     fOc7Sz_Rr3VX4JNzalTc6IlTwnM.roa (raw, json)
Hash identifier:          +umR6pPlrhrR/h+1Kwi0fB72kxyFoAGuf/frtV/mDFk=
Subject key identifier:   7C:E7:3B:4B:3F:D1:AF:75:57:E0:93:73:6A:54:DC:E8:89:53:C2:73
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D7A3FC5709DCE6B2FD033752AAB01FDF8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fOc7Sz_Rr3VX4JNzalTc6IlTwnM.roa
Signing time:             Mon 05 Feb 2024 17:10:16 +0000
ROA not before:           Mon 05 Feb 2024 17:10:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        81.168.120.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          82.153.132.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24
                          89.213.4.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          89.213.161.0/24 maxlen: 24
                          89.213.178.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 10 Feb 2024 09:59:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:3f:c5:70:9d:ce:6b:2f:d0:33:75:2a:ab:01:fd:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  5 17:10:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ce73b4b3fd1af7557e093736a54dce88953c273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1a:cb:f9:13:60:99:3b:bd:94:94:56:3b:75:
                    c5:84:c3:84:a2:73:c7:51:a7:9b:8a:a1:b6:29:a2:
                    42:b8:38:3f:66:6c:c1:4f:87:bc:53:8b:ea:5d:ad:
                    76:fe:ce:3b:80:b8:8a:b7:eb:80:02:2e:e7:80:54:
                    72:91:76:fb:92:3f:d6:97:9d:ec:e9:b8:dd:61:ba:
                    12:5a:38:90:ef:fe:4f:6e:25:03:ff:37:04:55:95:
                    7b:47:ed:78:5b:c6:6c:fc:ab:07:b4:83:c1:fd:d0:
                    2c:7f:de:65:43:e3:25:46:8f:81:4a:23:98:75:31:
                    a0:f8:1c:f5:3e:18:a5:c9:ba:32:a1:c7:27:5b:a5:
                    4d:a6:1c:29:85:03:54:9b:93:72:94:30:6b:4f:bd:
                    c4:b4:b7:a5:e3:f3:ac:26:3e:bd:a2:a7:ef:4f:19:
                    cb:e4:ed:e8:f8:36:1b:36:e4:87:13:50:94:83:c5:
                    9f:d2:14:6a:38:b5:08:29:b6:6d:4e:4a:fe:1c:f0:
                    85:8f:1b:65:35:19:c5:91:7e:f7:07:99:2b:10:89:
                    58:cf:80:33:c3:d5:c0:36:c9:92:5f:a8:d5:3a:42:
                    ea:80:61:eb:8a:f0:91:53:a4:8d:4d:7c:3c:f4:da:
                    11:c1:fb:7c:db:76:02:e8:f1:b7:62:fb:9f:ab:1c:
                    a4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E7:3B:4B:3F:D1:AF:75:57:E0:93:73:6A:54:DC:E8:89:53:C2:73
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fOc7Sz_Rr3VX4JNzalTc6IlTwnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.120.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/24
                  82.153.69.0/24
                  82.153.72.0/24
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/24
                  89.213.4.0/24
                  89.213.6.0/23
                  89.213.130.0/24
                  89.213.161.0/24
                  89.213.178.0/24
                  89.213.190.0/24
                  109.176.244.0/24
                  109.176.247.0/24
                  109.176.251.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:d9:85:23:54:e0:5c:2e:d2:16:c4:a7:cc:0e:f9:28:e0:71:
         93:1e:5d:b2:38:5f:07:b0:e8:2b:c0:52:27:4f:b4:e4:e0:75:
         fb:ba:b4:c9:80:2c:6f:e8:9b:41:6f:5f:cc:72:a9:02:20:71:
         a1:d0:94:23:76:18:fb:f0:40:d4:df:f8:c5:08:f9:3d:08:51:
         03:6d:b8:b6:88:38:bb:42:ba:14:e4:e3:b2:5b:22:60:b2:d1:
         00:90:cb:23:df:4d:95:8b:40:35:ea:1d:de:3b:40:3a:06:1d:
         88:59:23:e5:d5:f4:e4:e2:fd:9d:ee:43:ff:9e:2e:ac:eb:4f:
         fe:8c:fc:82:48:60:df:72:a2:52:23:2e:ec:a3:2f:61:18:cb:
         46:52:8e:ff:15:a9:6a:f8:8e:a2:e1:b3:60:f9:a8:15:1c:da:
         0e:73:7d:0c:4e:0c:a3:72:45:e3:b0:9f:d2:c5:56:f5:9b:81:
         5f:57:39:b5:c7:f7:0b:c0:93:13:33:ab:4d:08:e7:dd:22:e0:
         41:64:94:0c:b0:05:3d:d2:6a:5a:9a:db:96:f4:62:19:40:06:
         96:5e:ff:eb:76:eb:6e:3c:94:41:09:34:b1:08:ad:9f:31:e9:
         ea:7d:41:9f:71:2c:cb:17:03:4d:c7:40:a7:56:d1:a5:a0:6a:
         c5:ea:33:ed
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAY16P8Vwnc5rL9AzdSqrAf34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjA1MTcxMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2U3M2I0YjNmZDFhZjc1NTdlMDkzNzM2YTU0ZGNlODg5NTNjMjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhrL+RNgmTu9lJRWO3XFhMOEonPH
UaebiqG2KaJCuDg/ZmzBT4e8U4vqXa12/s47gLiKt+uAAi7ngFRykXb7kj/Wl53s
6bjdYboSWjiQ7/5PbiUD/zcEVZV7R+14W8Zs/KsHtIPB/dAsf95lQ+MlRo+BSiOY
dTGg+Bz1PhilyboyoccnW6VNphwphQNUm5NylDBrT73EtLel4/OsJj69oqfvTxnL
5O3o+DYbNuSHE1CUg8Wf0hRqOLUIKbZtTkr+HPCFjxtlNRnFkX73B5krEIlYz4Az
w9XANsmSX6jVOkLqgGHrivCRU6SNTXw89NoRwft823YC6PG3YvufqxykDwIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFHznO0s/0a91V+CTc2pU3OiJU8JzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZk9jN1N6X1JyM1ZYNEpOemFsVGM2SWxUd25NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcgMEAFGoeAME
AFKY+AMEAFKY+wMEAFKY/gMEAFKZRQMEAFKZSAMEAFKZTwMEAFKZhAMEAFKZ4AME
AFnVBAMEAVnVBgMEAFnVggMEAFnVoQMEAFnVsgMEAFnVvgMEAG2w9AMEAG2w9wME
AG2w+wMEALkxfDANBgkqhkiG9w0BAQsFAAOCAQEAgtmFI1TgXC7SFsSnzA75KOBx
kx5dsjhfB7DoK8BSJ0+05OB1+7q0yYAsb+ibQW9fzHKpAiBxodCUI3YY+/BA1N/4
xQj5PQhRA224tog4u0K6FOTjslsiYLLRAJDLI99NlYtANeod3jtAOgYdiFkj5dX0
5OL9ne5D/54urOtP/oz8gkhg33KiUiMu7KMvYRjLRlKO/xWpaviOouGzYPmoFRza
DnN9DE4Mo3JF47Cf0sVW9ZuBX1c5tcf3C8CTEzOrTQjn3SLgQWSUDLAFPdJqWprb
lvRiGUAGll7/63brbjyUQQk0sQitnzHp6n1Bn3EsyxcDTcdAp1bRpaBqxeoz7Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org