Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hwefdE5yQZtZUW6013MUyaS2M8o.roa
File:                     hwefdE5yQZtZUW6013MUyaS2M8o.roa (raw, json)
Hash identifier:          +Xv25Hf7Oq4LCh6fM14V3z4N4OwNF99LRrNCsr+se3w=
Subject key identifier:   87:07:9F:74:4E:72:41:9B:59:51:6E:B4:D7:73:14:C9:A4:B6:33:CA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E8BA847BCC8106484C8D0BA009A26C923
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hwefdE5yQZtZUW6013MUyaS2M8o.roa
Signing time:             Fri 29 Mar 2024 19:20:45 +0000
ROA not before:           Fri 29 Mar 2024 19:20:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.208.0/22 maxlen: 22
                          82.163.19.0/24 maxlen: 24
                          89.213.108.0/23 maxlen: 24
                          89.213.110.0/24 maxlen: 24
                          89.213.122.0/24 maxlen: 24
                          89.213.126.0/24 maxlen: 24
                          89.213.143.0/24 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.194.0/23 maxlen: 24
                          89.213.240.0/23 maxlen: 24
                          89.213.250.0/24 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.210.16.0/24 maxlen: 24
                          213.210.18.0/24 maxlen: 24
                          213.210.33.0/24 maxlen: 24
                          213.210.51.0/24 maxlen: 24
                          213.218.220.0/24 maxlen: 24
                          217.144.151.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 31 Mar 2024 18:53:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8b:a8:47:bc:c8:10:64:84:c8:d0:ba:00:9a:26:c9:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 29 19:20:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87079f744e72419b59516eb4d77314c9a4b633ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d6:70:05:f1:41:5d:8b:cf:73:48:41:2a:23:
                    4a:22:fc:17:df:95:99:34:66:9d:6c:cf:b4:85:6d:
                    58:da:cb:e2:9b:62:81:f2:14:19:d5:ed:c8:fe:52:
                    d3:bd:ff:d4:be:87:fc:c0:7e:a2:42:c6:a8:49:73:
                    c9:21:2e:fb:58:fb:c3:31:24:44:69:3b:4d:36:7d:
                    c3:39:d9:de:59:f5:8c:df:cb:fc:54:86:cd:24:72:
                    c1:d5:d7:da:5e:62:ef:a5:cc:b0:44:d3:cd:a8:3f:
                    6a:dc:37:28:1a:74:d3:90:51:f1:38:3c:1f:5d:ac:
                    e5:c6:99:86:27:46:89:4a:0b:18:b4:f7:57:cf:ed:
                    56:fa:28:ae:d0:a6:1c:91:a3:eb:31:4c:eb:65:6d:
                    a5:ca:d8:5c:80:1e:2b:6d:3e:c5:6d:88:21:81:70:
                    2a:9a:6d:17:95:ba:4c:db:bc:b5:6f:fe:bb:04:6d:
                    da:a1:05:47:be:b9:66:bf:5f:f2:21:c0:a7:a7:9f:
                    c0:c7:b2:91:8c:81:fc:1d:89:bb:2d:ae:f3:a8:50:
                    4c:29:81:65:d3:58:34:87:19:b4:40:63:97:56:97:
                    ce:4d:fe:a1:02:a6:ae:ad:e7:79:e6:e5:bb:51:dc:
                    02:98:8b:c5:2a:c0:88:fd:e1:bf:c6:11:3c:12:b3:
                    68:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:07:9F:74:4E:72:41:9B:59:51:6E:B4:D7:73:14:C9:A4:B6:33:CA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hwefdE5yQZtZUW6013MUyaS2M8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.174.0/23
                  82.153.208.0/22
                  82.163.19.0/24
                  89.213.108.0-89.213.110.255
                  89.213.122.0/24
                  89.213.126.0/24
                  89.213.143.0/24
                  89.213.147.0/24
                  89.213.181.0/24
                  89.213.194.0/23
                  89.213.240.0/23
                  89.213.250.0/24
                  194.105.80.0/20
                  213.210.16.0/24
                  213.210.18.0/24
                  213.210.33.0/24
                  213.210.51.0/24
                  213.218.220.0/24
                  217.144.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:99:78:4e:43:ca:43:ac:43:46:72:35:58:67:fd:b0:30:2f:
         a6:3d:74:a3:38:55:02:e4:2d:a7:1d:d8:2a:35:e5:e2:4b:47:
         57:a8:02:54:6f:aa:d3:4a:18:1d:87:32:b2:8a:df:b1:4f:49:
         f0:45:92:63:b6:d7:6b:f5:fc:57:9a:d0:8c:96:91:13:75:38:
         ff:5d:98:63:2b:5c:00:f7:44:e4:68:c0:64:21:4b:15:e8:29:
         56:7c:cd:04:94:62:b7:9e:1a:77:1a:5b:e4:09:3e:f4:0b:d1:
         57:3d:fe:c8:07:f5:ee:fb:80:64:9d:99:b2:e4:b4:1b:8b:69:
         d5:a3:7b:32:4a:7d:ef:b8:d6:6c:21:a3:ff:21:2f:29:ed:33:
         7a:70:85:67:85:49:99:22:13:d1:41:9d:25:39:4c:b1:a6:64:
         ce:be:77:66:e6:7b:77:fa:4d:63:64:a9:2d:53:f8:26:b2:e3:
         25:f7:0a:8d:d7:24:46:cd:f3:5f:99:73:c6:a0:61:fc:80:ea:
         52:73:fe:a2:9c:3a:37:ee:2b:5c:76:63:ec:22:5d:fc:d1:78:
         c7:72:1f:4d:c8:19:71:c1:bb:b1:db:89:32:22:b2:7d:fa:0e:
         91:e8:92:76:5b:d3:81:11:88:d7:47:60:8e:76:fe:22:5f:d7:
         90:1b:bb:db
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAY6LqEe8yBBkhMjQugCaJskjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI5MTkyMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzA3OWY3NDRlNzI0MTliNTk1MTZlYjRkNzczMTRjOWE0YjYzM2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNZwBfFBXYvPc0hBKiNKIvwX35WZ
NGadbM+0hW1Y2svim2KB8hQZ1e3I/lLTvf/Uvof8wH6iQsaoSXPJIS77WPvDMSRE
aTtNNn3DOdneWfWM38v8VIbNJHLB1dfaXmLvpcywRNPNqD9q3DcoGnTTkFHxODwf
XazlxpmGJ0aJSgsYtPdXz+1W+iiu0KYckaPrMUzrZW2lythcgB4rbT7FbYghgXAq
mm0XlbpM27y1b/67BG3aoQVHvrlmv1/yIcCnp5/Ax7KRjIH8HYm7La7zqFBMKYFl
01g0hxm0QGOXVpfOTf6hAqaured55uW7UdwCmIvFKsCI/eG/xhE8ErNoHwIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFIcHn3ROckGbWVFutNdzFMmktjPKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaHdlZmRFNXlRWnRaVVc2MDEzTVV5YVMyTThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzCBgAQCAAEwegMEAVKY
rgMEAlKZ0AMEAFKjEzAMAwQCWdVsAwQAWdVuAwQAWdV6AwQAWdV+AwQAWdWPAwQA
WdWTAwQAWdW1AwQBWdXCAwQBWdXwAwQAWdX6AwQEwmlQAwQA1dIQAwQA1dISAwQA
1dIhAwQA1dIzAwQA1drcAwQA2ZCXMA0GCSqGSIb3DQEBCwUAA4IBAQBZmXhOQ8pD
rENGcjVYZ/2wMC+mPXSjOFUC5C2nHdgqNeXiS0dXqAJUb6rTShgdhzKyit+xT0nw
RZJjttdr9fxXmtCMlpETdTj/XZhjK1wA90TkaMBkIUsV6ClWfM0ElGK3nhp3Glvk
CT70C9FXPf7IB/Xu+4BknZmy5LQbi2nVo3sySn3vuNZsIaP/IS8p7TN6cIVnhUmZ
IhPRQZ0lOUyxpmTOvndm5nt3+k1jZKktU/gmsuMl9wqN1yRGzfNfmXPGoGH8gOpS
c/6inDo37itcdmPsIl380XjHch9NyBlxwbux24kyIrJ9+g6R6JJ2W9OBEYjXR2CO
dv4iX9eQG7vb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org