Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k4ui6opYioH34i0rK3etNvE8mBo.roa
File:                     k4ui6opYioH34i0rK3etNvE8mBo.roa (raw, json)
Hash identifier:          iqXG4HNB2MfWMQP4KA5t/zmXPb49S0Z8d03pv6BcjLs=
Subject key identifier:   93:8B:A2:EA:8A:58:8A:81:F7:E2:2D:2B:2B:77:AD:36:F1:3C:98:1A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01892C0FDA544758E33D74C0ECB5D7BADB8F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k4ui6opYioH34i0rK3etNvE8mBo.roa
Signing time:             Thu 06 Jul 2023 16:36:23 +0000
ROA not before:           Thu 06 Jul 2023 16:36:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200482
IP address blocks:        82.153.137.0/24 maxlen: 24
                          82.153.140.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          89.213.191.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 11 Jul 2023 15:48:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2c:0f:da:54:47:58:e3:3d:74:c0:ec:b5:d7:ba:db:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  6 16:36:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=938ba2ea8a588a81f7e22d2b2b77ad36f13c981a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:25:5d:4c:a2:bc:90:63:da:b0:f6:f7:8b:aa:
                    07:bc:7b:09:13:a9:4e:23:6b:6b:d5:0f:87:ee:fc:
                    66:cb:66:f0:f0:36:42:e1:f0:aa:f3:99:f1:d7:b4:
                    ab:20:32:13:a2:cc:f0:af:84:63:0d:9e:a1:bd:71:
                    ef:ca:ad:18:0f:e3:e7:26:ee:0b:3a:ab:9f:c9:cc:
                    45:d2:18:8d:50:11:56:ee:ba:bc:9c:a6:28:7c:7e:
                    35:4e:a0:64:eb:c4:56:8f:73:b3:0c:66:3d:11:e2:
                    89:d4:e2:1a:5d:bd:17:59:9f:4f:e3:bc:1d:9f:c0:
                    77:0f:78:30:49:ee:e2:15:80:91:4f:77:40:fc:b8:
                    a4:a3:51:5e:23:c9:5d:e8:8a:3b:3e:a0:06:7b:59:
                    ce:6d:61:59:34:70:a2:6f:72:f2:eb:db:4d:7b:2c:
                    7b:08:66:05:88:ef:d2:cd:4b:b8:06:41:2e:45:c8:
                    1a:ae:a5:9d:f9:8c:15:4b:46:62:de:9d:c1:fd:b0:
                    28:f5:c9:a5:49:79:b8:0d:c7:e9:0c:39:ef:0e:d6:
                    7c:35:43:f5:1b:09:8b:4d:9f:fc:48:6b:76:30:8c:
                    c2:6e:c6:95:a5:3d:cf:ac:71:02:02:75:70:6d:fe:
                    90:61:aa:4f:fa:6c:2c:7c:c2:fe:2b:fc:85:1f:34:
                    58:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8B:A2:EA:8A:58:8A:81:F7:E2:2D:2B:2B:77:AD:36:F1:3C:98:1A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/k4ui6opYioH34i0rK3etNvE8mBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.137.0/24
                  82.153.140.0/24
                  89.213.6.0/23
                  89.213.150.0/24
                  89.213.152.0/24
                  89.213.163.0/24
                  89.213.168.0/24
                  89.213.173.0/24
                  89.213.180.0/24
                  89.213.182.0/24
                  89.213.184.0/22
                  89.213.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:e1:01:11:f4:1f:7f:e4:61:b5:3b:44:32:5d:b9:f1:2c:a8:
         8d:c0:5f:bb:2a:47:1d:6c:53:4b:d8:22:7d:e8:9c:0b:72:b2:
         c5:62:8f:3e:7b:40:1a:88:3b:b1:34:6b:b8:69:0f:b5:a9:ab:
         af:0e:17:ce:43:88:4c:e3:4e:34:3a:c2:42:ad:17:0b:ac:37:
         c9:41:f7:37:10:ee:41:41:93:c1:fe:f1:b8:16:c2:b8:a2:58:
         d9:db:46:4c:8f:a5:e2:08:e1:9d:28:01:cf:f8:1f:06:05:25:
         36:43:90:9b:a8:0c:f8:8b:c9:26:64:26:a9:2b:d3:b4:72:1d:
         57:aa:64:92:a5:3d:c6:29:80:94:da:33:8f:fd:2c:5c:78:8c:
         a1:1c:55:c6:e5:af:99:e0:22:c4:6f:31:d8:8b:17:95:b8:e2:
         5a:cd:92:f2:ef:6b:b8:b0:5a:25:b1:ba:58:91:26:2c:1f:f4:
         99:0a:c3:9e:69:3c:c7:ea:d1:e5:6c:db:38:b2:84:ce:59:85:
         7e:ef:29:ec:4b:f2:cd:17:bf:48:e0:4a:2e:c8:f1:e5:9f:1e:
         23:52:87:c6:47:58:14:0b:09:1c:f3:e0:2f:0c:c5:4a:1e:29:
         d7:e3:b6:89:04:c8:bb:61:4f:71:a9:a4:10:50:37:6d:1d:bc:
         31:ef:e5:45
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYksD9pUR1jjPXTA7LXXutuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA2MTYzNjIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhiYTJlYThhNTg4YTgxZjdlMjJkMmIyYjc3YWQzNmYxM2M5ODFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iVdTKK8kGPasPb3i6oHvHsJE6lO
I2tr1Q+H7vxmy2bw8DZC4fCq85nx17SrIDIToszwr4RjDZ6hvXHvyq0YD+PnJu4L
OqufycxF0hiNUBFW7rq8nKYofH41TqBk68RWj3OzDGY9EeKJ1OIaXb0XWZ9P47wd
n8B3D3gwSe7iFYCRT3dA/Liko1FeI8ld6Io7PqAGe1nObWFZNHCib3Ly69tNeyx7
CGYFiO/SzUu4BkEuRcgarqWd+YwVS0Zi3p3B/bAo9cmlSXm4DcfpDDnvDtZ8NUP1
GwmLTZ/8SGt2MIzCbsaVpT3PrHECAnVwbf6QYapP+mwsfML+K/yFHzRYIwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJOLouqKWIqB9+ItKyt3rTbxPJgaMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvazR1aTZvcFlpb0gzNGkwckszZXROdkU4bUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAUpmJAwQA
UpmMAwQBWdUGAwQAWdWWAwQAWdWYAwQAWdWjAwQAWdWoAwQAWdWtAwQAWdW0AwQA
WdW2AwQCWdW4AwQBWdW+MA0GCSqGSIb3DQEBCwUAA4IBAQBw4QER9B9/5GG1O0Qy
XbnxLKiNwF+7KkcdbFNL2CJ96JwLcrLFYo8+e0AaiDuxNGu4aQ+1qauvDhfOQ4hM
4040OsJCrRcLrDfJQfc3EO5BQZPB/vG4FsK4oljZ20ZMj6XiCOGdKAHP+B8GBSU2
Q5CbqAz4i8kmZCapK9O0ch1XqmSSpT3GKYCU2jOP/SxceIyhHFXG5a+Z4CLEbzHY
ixeVuOJazZLy72u4sFolsbpYkSYsH/SZCsOeaTzH6tHlbNs4soTOWYV+7ynsS/LN
F79I4EouyPHlnx4jUofGR1gUCwkc8+AvDMVKHinX47aJBMi7YU9xqaQQUDdtHbwx
7+VF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org