Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hNI6BeHcD8vApptsoOA-11uXA9Q.roa
File:                     hNI6BeHcD8vApptsoOA-11uXA9Q.roa (raw, json)
Hash identifier:          2AtDyLjG4jcLTpCmVQKBskH1/dTIBB8ctWQC89Ssmtc=
Subject key identifier:   84:D2:3A:05:E1:DC:0F:CB:C0:A6:9B:6C:A0:E0:3E:D7:5B:97:03:D4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FA9775CEA2496F67636AB6CFF6848F14F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hNI6BeHcD8vApptsoOA-11uXA9Q.roa
Signing time:             Fri 24 May 2024 07:18:43 +0000
ROA not before:           Fri 24 May 2024 07:18:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197537
IP address blocks:        82.152.176.0/24 maxlen: 24
                          89.213.206.0/23 maxlen: 24
                          89.213.212.0/24 maxlen: 24
                          89.213.214.0/24 maxlen: 24
                          89.213.215.0/24 maxlen: 24
                          89.213.228.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Sat 25 May 2024 09:56:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a9:77:5c:ea:24:96:f6:76:36:ab:6c:ff:68:48:f1:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 24 07:18:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84d23a05e1dc0fcbc0a69b6ca0e03ed75b9703d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:76:f7:e0:26:a1:5a:eb:16:f9:7f:24:6a:39:
                    72:6d:7e:48:1c:71:81:e4:d9:ef:ed:95:35:ae:7e:
                    ab:22:ee:10:33:18:32:3e:2b:85:c2:58:49:17:5e:
                    09:ae:f3:33:ce:ba:c1:96:4d:cd:a2:d3:7b:79:dd:
                    ac:9c:16:58:3e:e7:2f:78:de:c4:96:c2:13:60:f9:
                    98:52:18:d7:26:dd:68:a3:a3:ef:b8:77:3a:9f:f8:
                    8d:90:ae:ae:72:ea:e2:d1:fc:14:2a:35:67:c9:8f:
                    7f:1d:e2:11:35:98:9b:cf:1a:f7:bc:e6:8e:0a:c1:
                    f7:bb:49:7f:fa:fe:7e:67:df:ff:14:08:22:7a:2e:
                    af:e4:2a:70:fe:60:36:8c:1f:82:d1:f6:01:12:b6:
                    0b:b4:57:b3:9d:d3:0e:50:31:bc:d0:6d:5d:1b:6b:
                    10:d8:d6:f4:d1:83:73:b0:02:c7:5e:62:dc:b6:00:
                    2f:a6:d0:20:f8:93:67:c2:ab:61:65:dc:1f:2f:c2:
                    0f:22:d9:59:32:89:3b:f7:4b:c6:3c:3e:68:ab:d6:
                    2c:d9:87:73:10:b9:78:3f:20:95:89:be:71:33:e2:
                    cc:86:d8:aa:48:bd:23:17:ba:b0:d9:a6:4d:8b:bd:
                    c8:2c:7f:d1:21:48:9d:5b:4b:49:08:c4:7d:26:85:
                    49:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:D2:3A:05:E1:DC:0F:CB:C0:A6:9B:6C:A0:E0:3E:D7:5B:97:03:D4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hNI6BeHcD8vApptsoOA-11uXA9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/24
                  89.213.206.0/23
                  89.213.212.0/24
                  89.213.214.0/23
                  89.213.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:03:ef:37:38:af:77:29:cd:24:fe:92:31:ae:37:92:8b:14:
         e6:7a:5d:56:da:ed:8f:63:d7:c8:c1:3f:92:b7:94:1d:fb:ec:
         f5:f5:05:e8:12:9b:e7:5a:80:52:ce:34:a5:b6:ef:71:0c:e8:
         a2:b3:86:af:ba:0f:47:c4:3d:f3:6a:aa:fd:24:a0:f0:02:f5:
         ba:fc:4c:b9:1a:83:90:90:6d:ea:74:1c:6b:e9:85:0f:b8:08:
         0e:fc:0b:e4:3e:b7:30:f7:84:85:d8:85:1c:5d:f8:34:13:ca:
         e1:e3:7a:8c:9b:2c:80:fd:c5:4d:4b:4d:e4:07:e1:94:e4:53:
         03:f8:55:cc:cf:24:a9:10:ed:ee:4b:60:a0:02:bb:31:08:70:
         4a:25:e1:c3:76:c9:60:bd:89:5b:b2:98:21:04:4a:fe:7e:e6:
         94:e3:e3:af:cc:ac:44:b1:d9:23:8d:d5:bb:2f:fd:22:de:81:
         70:92:d4:7a:7d:ae:0b:77:c7:6e:03:aa:f0:19:24:95:0d:12:
         31:43:5b:96:f9:f8:8f:0b:a8:28:51:1e:28:25:6b:51:7d:bf:
         82:7d:e1:45:6c:b6:1e:1a:8d:55:ed:e5:3c:27:09:9d:5a:dd:
         f1:24:4f:d7:e8:65:6e:df:5a:d8:ee:fc:0a:2a:36:93:e5:1a:
         56:a7:62:9a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY+pd1zqJJb2djarbP9oSPFPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI0MDcxODQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGQyM2EwNWUxZGMwZmNiYzBhNjliNmNhMGUwM2VkNzViOTcwM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXb34CahWusW+X8kajlybX5IHHGB
5Nnv7ZU1rn6rIu4QMxgyPiuFwlhJF14JrvMzzrrBlk3NotN7ed2snBZYPucveN7E
lsITYPmYUhjXJt1oo6PvuHc6n/iNkK6ucuri0fwUKjVnyY9/HeIRNZibzxr3vOaO
CsH3u0l/+v5+Z9//FAgiei6v5Cpw/mA2jB+C0fYBErYLtFezndMOUDG80G1dG2sQ
2Nb00YNzsALHXmLctgAvptAg+JNnwqthZdwfL8IPItlZMok790vGPD5oq9Ys2Ydz
ELl4PyCVib5xM+LMhtiqSL0jF7qw2aZNi73ILH/RIUidW0tJCMR9JoVJdQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFITSOgXh3A/LwKabbKDgPtdblwPUMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaE5JNkJlSGNEOHZBcHB0c29PQS0xMXVYQTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUpiwAwQB
WdXOAwQAWdXUAwQBWdXWAwQCWdXkMA0GCSqGSIb3DQEBCwUAA4IBAQBiA+83OK93
Kc0k/pIxrjeSixTmel1W2u2PY9fIwT+St5Qd++z19QXoEpvnWoBSzjSltu9xDOii
s4avug9HxD3zaqr9JKDwAvW6/Ey5GoOQkG3qdBxr6YUPuAgO/AvkPrcw94SF2IUc
Xfg0E8rh43qMmyyA/cVNS03kB+GU5FMD+FXMzySpEO3uS2CgArsxCHBKJeHDdslg
vYlbspghBEr+fuaU4+OvzKxEsdkjjdW7L/0i3oFwktR6fa4Ld8duA6rwGSSVDRIx
Q1uW+fiPC6goUR4oJWtRfb+CfeFFbLYeGo1V7eU8JwmdWt3xJE/X6GVu31rY7vwK
KjaT5RpWp2Ka
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org