Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gfO9Qh4b_idhn1-ZBFvk3lXkPeY.roa
File:                     gfO9Qh4b_idhn1-ZBFvk3lXkPeY.roa (raw, json)
Hash identifier:          iMdr0pKHNr98yGoeWWPZP+pYc8ZkgydfaFVnbr1DuJw=
Subject key identifier:   81:F3:BD:42:1E:1B:FE:27:61:9F:5F:99:04:5B:E4:DE:55:E4:3D:E6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F9A2015FD30FAF574E439CFB2A1CC30E0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gfO9Qh4b_idhn1-ZBFvk3lXkPeY.roa
Signing time:             Tue 21 May 2024 07:49:05 +0000
ROA not before:           Tue 21 May 2024 07:49:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        37.252.27.0/24 maxlen: 24
                          79.99.76.0/24 maxlen: 24
                          81.168.50.0/24 maxlen: 24
                          81.168.67.0/24 maxlen: 24
                          81.168.122.0/24 maxlen: 24
                          82.152.4.0/24 maxlen: 24
                          82.152.5.0/24 maxlen: 24
                          82.152.6.0/24 maxlen: 24
                          82.152.12.0/24 maxlen: 24
                          82.152.98.0/24 maxlen: 24
                          82.152.105.0/24 maxlen: 24
                          82.152.140.0/24 maxlen: 24
                          82.152.142.0/24 maxlen: 24
                          82.153.34.0/24 maxlen: 24
                          82.153.35.0/24 maxlen: 24
                          82.153.135.0/24 maxlen: 24
                          82.153.153.0/24 maxlen: 24
                          82.153.156.0/24 maxlen: 24
                          82.153.159.0/24 maxlen: 24
                          82.153.200.0/24 maxlen: 24
                          82.153.201.0/24 maxlen: 24
                          82.153.202.0/24 maxlen: 24
                          82.153.205.0/24 maxlen: 24
                          82.153.207.0/24 maxlen: 24
                          82.153.226.0/24 maxlen: 24
                          82.163.0.0/24 maxlen: 24
                          82.163.15.0/24 maxlen: 24
                          89.213.97.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          109.176.193.0/24 maxlen: 24
                          109.176.202.0/24 maxlen: 24
                          109.176.229.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
                          212.38.84.0/24 maxlen: 24
                          213.130.150.0/24 maxlen: 24
                          213.130.151.0/24 maxlen: 24
                          213.210.58.0/24 maxlen: 24
                          213.210.63.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.224.0/24 maxlen: 24
                          213.218.233.0/24 maxlen: 24
                          213.218.249.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 22 May 2024 06:31:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:20:15:fd:30:fa:f5:74:e4:39:cf:b2:a1:cc:30:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 21 07:49:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81f3bd421e1bfe27619f5f99045be4de55e43de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:46:49:ed:20:67:20:9d:40:d7:d2:96:d8:e5:
                    cb:2c:a5:d7:74:ce:81:58:c6:bb:49:b0:3b:f9:5a:
                    ce:c0:e4:e9:7d:94:b3:74:aa:bc:93:0d:94:a9:1b:
                    11:be:93:56:84:32:5b:43:26:8a:db:39:2f:ac:b8:
                    6b:50:38:e0:8a:77:dc:9d:b0:7a:7e:38:b1:b5:29:
                    fd:4f:45:56:75:f8:23:ba:38:a9:5b:16:24:db:f1:
                    14:48:78:be:fd:fe:e3:a4:ed:8a:33:8e:cc:00:5b:
                    61:9f:31:e3:91:f6:bf:60:74:ff:26:f5:79:11:82:
                    29:7c:4e:41:76:8c:fd:e8:bb:14:c5:a9:16:cf:06:
                    d5:5a:11:b7:f0:09:97:ce:45:f8:5b:d9:da:cb:d1:
                    c6:cf:d4:5e:c8:c4:12:68:32:14:49:13:9b:44:04:
                    33:e8:9b:0e:fe:d3:42:8f:1a:e7:90:91:f1:3d:98:
                    3b:b9:b8:74:c4:5b:59:91:27:6c:32:68:70:fe:51:
                    f0:4e:90:ec:4f:63:2c:57:f4:eb:0d:07:5a:08:a7:
                    2e:1a:8e:71:53:54:40:c9:4c:76:3f:c7:49:f1:52:
                    08:39:0d:b0:be:78:5b:ed:53:f2:e2:4f:5d:7d:7f:
                    0f:9d:c2:d8:fc:b0:fa:a2:45:99:6f:6b:48:2e:ea:
                    83:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:F3:BD:42:1E:1B:FE:27:61:9F:5F:99:04:5B:E4:DE:55:E4:3D:E6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gfO9Qh4b_idhn1-ZBFvk3lXkPeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.27.0/24
                  79.99.76.0/24
                  81.168.50.0/24
                  81.168.67.0/24
                  81.168.122.0/24
                  82.152.4.0-82.152.6.255
                  82.152.12.0/24
                  82.152.98.0/24
                  82.152.105.0/24
                  82.152.140.0/24
                  82.152.142.0/24
                  82.153.34.0/23
                  82.153.135.0/24
                  82.153.153.0/24
                  82.153.156.0/24
                  82.153.159.0/24
                  82.153.200.0-82.153.202.255
                  82.153.205.0/24
                  82.153.207.0/24
                  82.153.226.0/24
                  82.163.0.0/24
                  82.163.15.0/24
                  89.213.97.0/24
                  89.213.134.0/24
                  109.176.193.0/24
                  109.176.202.0/24
                  109.176.229.0/24
                  109.176.244.0/24
                  212.38.79.0/24
                  212.38.84.0/24
                  213.130.150.0/23
                  213.210.58.0/24
                  213.210.63.0/24
                  213.218.211.0/24
                  213.218.224.0/24
                  213.218.233.0/24
                  213.218.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d0:13:59:d8:74:1c:00:d4:dc:ab:f4:5a:61:47:e5:eb:39:
         c7:40:d6:39:dd:ed:18:dd:6f:f3:bd:f3:44:37:44:9c:18:31:
         58:b6:9b:dc:f5:4a:4d:a4:e4:c9:1a:8a:32:5f:12:cd:9e:e9:
         50:9b:bf:c1:d3:bc:87:5a:46:0a:8f:6d:bf:d3:f6:35:17:d6:
         00:2d:95:05:11:44:51:14:1b:fe:30:8c:9a:61:f8:cc:44:96:
         a4:2c:61:90:61:81:29:7c:30:6b:53:c1:83:d3:f9:8a:4f:c0:
         2d:6f:5f:b4:42:11:f0:c0:a9:e7:15:1b:74:86:45:72:77:f3:
         e6:df:6e:97:e4:de:8f:a6:5c:9a:22:51:6a:5f:58:79:b4:7f:
         2d:40:45:b7:ac:8c:02:8f:dd:b3:05:95:d6:6d:ae:da:99:62:
         ea:ba:8d:a4:85:de:ea:95:e8:76:15:d7:38:64:22:eb:81:2f:
         a8:c3:e9:7e:b6:99:4b:89:64:24:8d:cd:ae:19:ac:d3:e2:5c:
         67:6b:8a:d1:a1:5c:ea:b7:4e:3f:03:38:de:ec:b6:b2:ed:43:
         b7:f8:b1:f2:92:7d:bc:41:97:85:6d:62:11:b5:c5:4d:ec:51:
         16:56:2b:d7:e2:90:d3:28:12:0d:ff:cc:8e:1d:ae:1c:13:31:
         9b:d0:d9:92
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgISAY+aIBX9MPr1dOQ5z7KhzDDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIxMDc0OTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWYzYmQ0MjFlMWJmZTI3NjE5ZjVmOTkwNDViZTRkZTU1ZTQzZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0ZJ7SBnIJ1A19KW2OXLLKXXdM6B
WMa7SbA7+VrOwOTpfZSzdKq8kw2UqRsRvpNWhDJbQyaK2zkvrLhrUDjginfcnbB6
fjixtSn9T0VWdfgjujipWxYk2/EUSHi+/f7jpO2KM47MAFthnzHjkfa/YHT/JvV5
EYIpfE5Bdoz96LsUxakWzwbVWhG38AmXzkX4W9nay9HGz9ReyMQSaDIUSRObRAQz
6JsO/tNCjxrnkJHxPZg7ubh0xFtZkSdsMmhw/lHwTpDsT2MsV/TrDQdaCKcuGo5x
U1RAyUx2P8dJ8VIIOQ2wvnhb7VPy4k9dfX8PncLY/LD6okWZb2tILuqDlQIDAQAB
o4IC9zCCAvMwHQYDVR0OBBYEFIHzvUIeG/4nYZ9fmQRb5N5V5D3mMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ2ZPOVFoNGJfaWRobjEtWkJGdmszbFhrUGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCwYIKwYBBQUHAQcBAf8EgfswgfgwgfUEAgABMIHuAwQA
JfwbAwQAT2NMAwQAUagyAwQAUahDAwQAUah6MAwDBAJSmAQDBABSmAYDBABSmAwD
BABSmGIDBABSmGkDBABSmIwDBABSmI4DBAFSmSIDBABSmYcDBABSmZkDBABSmZwD
BABSmZ8wDAMEA1KZyAMEAFKZygMEAFKZzQMEAFKZzwMEAFKZ4gMEAFKjAAMEAFKj
DwMEAFnVYQMEAFnVhgMEAG2wwQMEAG2wygMEAG2w5QMEAG2w9AMEANQmTwMEANQm
VAMEAdWClgMEANXSOgMEANXSPwMEANXa0wMEANXa4AMEANXa6QMEANXa+TANBgkq
hkiG9w0BAQsFAAOCAQEAPtATWdh0HADU3Kv0WmFH5es5x0DWOd3tGN1v873zRDdE
nBgxWLab3PVKTaTkyRqKMl8SzZ7pUJu/wdO8h1pGCo9tv9P2NRfWAC2VBRFEURQb
/jCMmmH4zESWpCxhkGGBKXwwa1PBg9P5ik/ALW9ftEIR8MCp5xUbdIZFcnfz5t9u
l+Tej6ZcmiJRal9YebR/LUBFt6yMAo/dswWV1m2u2pli6rqNpIXe6pXodhXXOGQi
64EvqMPpfraZS4lkJI3Nrhms0+JcZ2uK0aFc6rdOPwM43uy2su1Dt/ix8pJ9vEGX
hW1iEbXFTexRFlYr1+KQ0ygSDf/Mjh2uHBMxm9DZkg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:30 2024 by rpki-client on console-ams.rpki-client.org