Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fukeOb5BUtEZD6DTOesqd0pUCeo.roa
File:                     fukeOb5BUtEZD6DTOesqd0pUCeo.roa (raw, json)
Hash identifier:          nZ8QgUAt2cyWWu+92Ndufzqo9sSuoDd0mYpPq9KA4eY=
Subject key identifier:   7E:E9:1E:39:BE:41:52:D1:19:0F:A0:D3:39:EB:2A:77:4A:54:09:EA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01898C0CA421C52EEE76A29E8EDE82BC6A2A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fukeOb5BUtEZD6DTOesqd0pUCeo.roa
Signing time:             Tue 25 Jul 2023 07:56:25 +0000
ROA not before:           Tue 25 Jul 2023 07:56:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.191.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 26 Jul 2023 12:22:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8c:0c:a4:21:c5:2e:ee:76:a2:9e:8e:de:82:bc:6a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 25 07:56:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ee91e39be4152d1190fa0d339eb2a774a5409ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:05:75:e6:bf:69:8e:5c:28:69:a9:7a:7e:0f:
                    4f:1b:d5:20:d1:3f:be:3a:f8:21:ef:ff:cc:fb:4f:
                    68:02:9a:ff:74:f5:7b:18:44:99:bb:f3:be:32:c0:
                    3a:eb:89:31:3a:93:c7:44:27:64:1a:85:bd:c0:0b:
                    fa:17:0c:bc:ba:8f:18:06:97:4d:62:c7:50:0d:ab:
                    15:13:1b:3b:e7:88:9c:af:58:1f:88:88:1c:98:48:
                    9c:22:c1:4e:87:e6:ba:78:3e:8d:84:d9:c8:61:98:
                    65:5e:3e:ca:0e:3c:92:cd:e6:58:08:2c:a5:d7:98:
                    56:d1:01:b2:f7:e7:8f:28:61:2a:6b:a1:fd:08:03:
                    5f:28:0b:96:f3:d7:cf:86:98:8a:94:22:0d:3e:34:
                    74:0d:ce:75:a1:ca:b8:1b:8f:38:dc:38:04:cb:69:
                    aa:c9:ef:c8:03:8e:1e:51:82:99:9c:ed:52:07:c0:
                    fd:16:2d:3d:df:2a:02:96:4f:9f:ee:94:67:2d:90:
                    8a:a3:ce:94:5e:02:95:21:30:fa:b4:af:7f:33:66:
                    d6:59:a9:44:ae:e4:92:68:a9:17:79:a3:a9:ec:89:
                    ee:bf:fd:7f:08:eb:5b:b1:1c:a5:6a:38:cb:9e:d4:
                    71:ef:0f:90:ed:7d:6b:8e:b5:e9:97:64:1d:d1:28:
                    19:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E9:1E:39:BE:41:52:D1:19:0F:A0:D3:39:EB:2A:77:4A:54:09:EA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fukeOb5BUtEZD6DTOesqd0pUCeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.249.0/24
                  89.213.131.0/24
                  89.213.191.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:50:ca:83:08:b5:74:2f:32:83:5d:9a:e9:83:b4:52:10:eb:
         0b:d9:91:bc:8c:da:cd:3c:97:e6:fe:d5:f7:21:5c:d0:26:5b:
         0b:02:0e:f4:96:94:20:2e:a4:45:72:b0:38:32:9d:3f:7c:3b:
         64:67:6f:69:29:ed:73:bf:42:51:d8:4f:29:50:e4:61:f2:ed:
         16:0f:5e:60:3b:e8:2c:5f:f7:bb:9c:13:c8:e1:e7:55:a8:08:
         0a:a5:43:75:68:26:8b:25:39:3f:8f:cf:1e:1c:49:0a:75:b6:
         17:e4:a6:df:54:29:ba:68:cb:95:9b:4d:c4:ef:84:a5:17:d7:
         e2:b2:d2:b4:c6:50:07:c4:19:0c:a7:2d:4c:db:3d:a2:76:be:
         3e:33:7c:dc:c3:32:d7:71:09:08:92:a4:f5:a3:8d:8d:ed:aa:
         46:76:d3:bb:be:3f:73:eb:c8:8f:15:10:8e:a1:f6:30:a0:50:
         8c:da:20:a4:d7:8c:b3:76:cb:85:1a:43:d2:89:5b:d5:f2:32:
         dd:c8:75:2e:a9:9c:3f:b4:f1:c6:a8:4a:70:cf:49:99:0a:a1:
         05:85:01:06:f9:a9:10:6d:b9:69:79:62:bb:8f:e0:76:00:55:
         be:31:d6:de:69:39:90:21:3c:67:01:ef:20:7c:9c:af:d3:27:
         ea:da:75:a7
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYmMDKQhxS7udqKejt6CvGoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzI1MDc1NjI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWU5MWUzOWJlNDE1MmQxMTkwZmEwZDMzOWViMmE3NzRhNTQwOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQV15r9pjlwoaal6fg9PG9Ug0T++
Ovgh7//M+09oApr/dPV7GESZu/O+MsA664kxOpPHRCdkGoW9wAv6Fwy8uo8YBpdN
YsdQDasVExs754icr1gfiIgcmEicIsFOh+a6eD6NhNnIYZhlXj7KDjySzeZYCCyl
15hW0QGy9+ePKGEqa6H9CANfKAuW89fPhpiKlCINPjR0Dc51ocq4G4843DgEy2mq
ye/IA44eUYKZnO1SB8D9Fi093yoClk+f7pRnLZCKo86UXgKVITD6tK9/M2bWWalE
ruSSaKkXeaOp7Inuv/1/COtbsRylajjLntRx7w+Q7X1rjrXpl2Qd0SgZswIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFH7pHjm+QVLRGQ+g0znrKndKVAnqMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZnVrZU9iNUJVdEVaRDZEVE9lc3FkMHBVQ2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphvAwQBUpj8AwQAUpj/AwQAUpkBAwQAUplJAwQAUplOAwQC
UpmIAwQAUpnfAwQAUpn5AwQAWdWDAwQAWdW/AwQA1ZgqMA0GCSqGSIb3DQEBCwUA
A4IBAQBWUMqDCLV0LzKDXZrpg7RSEOsL2ZG8jNrNPJfm/tX3IVzQJlsLAg70lpQg
LqRFcrA4Mp0/fDtkZ29pKe1zv0JR2E8pUORh8u0WD15gO+gsX/e7nBPI4edVqAgK
pUN1aCaLJTk/j88eHEkKdbYX5KbfVCm6aMuVm03E74SlF9fistK0xlAHxBkMpy1M
2z2idr4+M3zcwzLXcQkIkqT1o42N7apGdtO7vj9z68iPFRCOofYwoFCM2iCk14yz
dsuFGkPSiVvV8jLdyHUuqZw/tPHGqEpwz0mZCqEFhQEG+akQbblpeWK7j+B2AFW+
MdbeaTmQITxnAe8gfJyv0yfq2nWn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org