Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k2hLTIUXwQvRngcmqsQ6PK0OyJ0.roa
File:                     k2hLTIUXwQvRngcmqsQ6PK0OyJ0.roa (raw, json)
Hash identifier:          2CjIpxRk5y694dCt5K6sfOFWEnUhEE4haOoo1MTyVXU=
Subject key identifier:   93:68:4B:4C:85:17:C1:0B:D1:9E:07:26:AA:C4:3A:3C:AD:0E:C8:9D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189963869AC0F69F48DFC67AFFCB6F4EF11
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k2hLTIUXwQvRngcmqsQ6PK0OyJ0.roa
Signing time:             Thu 27 Jul 2023 07:20:26 +0000
ROA not before:           Thu 27 Jul 2023 07:20:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 28 Jul 2023 16:20:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:96:38:69:ac:0f:69:f4:8d:fc:67:af:fc:b6:f4:ef:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 27 07:20:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=93684b4c8517c10bd19e0726aac43a3cad0ec89d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e5:56:78:a2:26:13:f4:52:5b:76:2a:d8:a0:
                    38:27:3c:f0:8b:b4:da:35:07:f4:dd:af:99:93:dc:
                    ad:24:c3:86:cc:6d:89:b9:3e:2a:74:1e:70:e9:d6:
                    9b:33:6f:d4:c9:81:38:02:53:33:a7:74:49:7a:d9:
                    39:5c:40:e6:e3:8a:85:7f:bf:b5:8f:bf:ee:ab:b0:
                    8c:31:23:e5:8a:fa:fe:70:db:30:b0:ad:d4:42:b0:
                    27:8f:34:ae:0e:80:0c:8b:7c:81:17:bb:b6:1a:7e:
                    0e:bc:09:e8:dd:55:35:3b:ed:0b:7a:5a:78:35:b1:
                    e7:a3:49:02:71:1e:6c:ba:74:ab:57:22:1d:44:d7:
                    3f:a9:d0:28:51:45:e9:1c:5b:cf:b0:07:13:5f:c4:
                    55:d1:3c:06:d8:21:da:19:02:7e:dc:5a:31:44:20:
                    77:18:3c:69:8d:da:c2:8a:40:4c:ee:4a:fc:19:89:
                    c6:7c:bf:67:b4:11:01:ca:73:65:87:b2:8a:62:55:
                    9d:3d:fb:48:8e:34:b7:b7:1d:05:f3:ce:ca:aa:f4:
                    f9:94:47:74:e5:c9:77:01:35:72:bb:c4:42:bd:75:
                    af:2f:3e:c8:fc:ec:93:f3:a6:9d:15:ae:3d:fe:04:
                    cb:8b:1b:87:e5:d0:3a:31:39:7f:ba:4c:af:44:72:
                    cf:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:68:4B:4C:85:17:C1:0B:D1:9E:07:26:AA:C4:3A:3C:AD:0E:C8:9D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k2hLTIUXwQvRngcmqsQ6PK0OyJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  109.176.211.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:ee:8d:b2:64:93:fa:fe:a7:98:08:a4:b3:fa:33:fd:55:d2:
         08:fe:09:46:27:64:40:6a:e4:09:28:ef:a0:20:10:0c:fe:50:
         ec:2b:c4:f9:30:08:2c:2c:d1:8a:7d:a8:8b:da:98:52:4f:4d:
         20:e1:76:be:b4:45:e6:34:15:fa:88:39:1f:42:45:7d:42:00:
         84:31:1a:b9:e7:45:71:ba:f8:49:2e:9d:c8:dd:07:49:3f:b6:
         6b:d7:70:6a:7f:3a:f4:2b:b4:0c:ea:23:4a:ac:9d:9e:68:14:
         05:49:f5:c7:50:d7:99:ac:72:1c:2d:15:91:c1:eb:ee:00:68:
         6a:ac:e9:8d:e1:f4:5a:f8:32:4a:d1:81:2e:af:40:ee:e6:fa:
         f8:82:6b:9d:e9:8f:2e:f4:eb:73:d4:26:1b:27:3b:71:69:e1:
         b2:22:08:58:1e:b1:63:71:4d:3a:f9:cc:12:ac:c1:83:79:12:
         5c:e1:33:5e:a6:a0:f1:1f:16:51:59:ac:3d:e7:6d:7f:60:90:
         4a:50:6d:be:27:b9:2b:2a:03:39:cc:af:62:a1:27:3e:4a:ff:
         bc:d8:5c:fb:bc:27:a4:3e:1d:37:62:5d:b0:03:78:26:89:92:
         d6:0b:57:cc:f0:17:21:18:a7:a4:e4:44:9c:a1:16:64:0e:75:
         07:d8:f4:ac
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYmWOGmsD2n0jfxnr/y29O8RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzI3MDcyMDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzY4NGI0Yzg1MTdjMTBiZDE5ZTA3MjZhYWM0M2EzY2FkMGVjODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+VWeKImE/RSW3Yq2KA4Jzzwi7Ta
NQf03a+Zk9ytJMOGzG2JuT4qdB5w6dabM2/UyYE4AlMzp3RJetk5XEDm44qFf7+1
j7/uq7CMMSPlivr+cNswsK3UQrAnjzSuDoAMi3yBF7u2Gn4OvAno3VU1O+0Lelp4
NbHno0kCcR5sunSrVyIdRNc/qdAoUUXpHFvPsAcTX8RV0TwG2CHaGQJ+3FoxRCB3
GDxpjdrCikBM7kr8GYnGfL9ntBEBynNlh7KKYlWdPftIjjS3tx0F887KqvT5lEd0
5cl3ATVyu8RCvXWvLz7I/OyT86adFa49/gTLixuH5dA6MTl/ukyvRHLPvwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFJNoS0yFF8EL0Z4HJqrEOjytDsidMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvazJoTFRJVVh3UXZSbmdjbXFzUTZQSzBPeUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphvAwQBUpj8AwQAUpj/AwQAUpkBAwQAUplJAwQAUplOAwQC
UpmIAwQAUpnfAwQAUpnwAwQAUpn5AwQAbbDTAwQA1ZgqMA0GCSqGSIb3DQEBCwUA
A4IBAQA57o2yZJP6/qeYCKSz+jP9VdII/glGJ2RAauQJKO+gIBAM/lDsK8T5MAgs
LNGKfaiL2phST00g4Xa+tEXmNBX6iDkfQkV9QgCEMRq550VxuvhJLp3I3QdJP7Zr
13Bqfzr0K7QM6iNKrJ2eaBQFSfXHUNeZrHIcLRWRwevuAGhqrOmN4fRa+DJK0YEu
r0Du5vr4gmud6Y8u9Otz1CYbJztxaeGyIghYHrFjcU06+cwSrMGDeRJc4TNepqDx
HxZRWaw9521/YJBKUG2+J7krKgM5zK9ioSc+Sv+82Fz7vCekPh03Yl2wA3gmiZLW
C1fM8BchGKek5EScoRZkDnUH2PSs
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:30 2024 by rpki-client on console-ams.rpki-client.org