Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kTRCbfN8HruDEtfMR8P9T97KKP4.roa
File:                     kTRCbfN8HruDEtfMR8P9T97KKP4.roa (raw, json)
Hash identifier:          AXiUmB6Shb0cjveKEW3hCowss2NdudI5BYJwU7YrdAs=
Subject key identifier:   91:34:42:6D:F3:7C:1E:BB:83:12:D7:CC:47:C3:FD:4F:DE:CA:28:FE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F5CD77B8EC73A3DCF5E32989F8EACB888
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kTRCbfN8HruDEtfMR8P9T97KKP4.roa
Signing time:             Thu 09 May 2024 10:12:56 +0000
ROA not before:           Thu 09 May 2024 10:12:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.152.54.0/24 maxlen: 24
                          82.152.160.0/21 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.98.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          109.176.201.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.130.156.0/24 maxlen: 24
                          213.210.59.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.227.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24
                          217.144.158.0/24 maxlen: 24
                          217.145.66.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 09 May 2024 15:18:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5c:d7:7b:8e:c7:3a:3d:cf:5e:32:98:9f:8e:ac:b8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  9 10:12:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9134426df37c1ebb8312d7cc47c3fd4fdeca28fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:55:7e:a2:39:ae:e1:f4:ca:04:40:42:f5:4d:
                    28:13:7f:9b:7e:43:36:5c:1f:d6:f7:71:3b:5e:5d:
                    5e:50:e8:1c:55:64:c2:01:31:45:1d:ec:5c:79:95:
                    40:24:34:6c:24:10:0e:c1:53:56:6c:0f:8e:fe:25:
                    77:c7:89:dd:4c:35:e2:15:1c:4f:c0:28:17:22:20:
                    8d:f6:9e:5a:2b:ca:3c:aa:f6:0d:14:cb:76:4d:f6:
                    de:75:95:31:e5:4f:71:56:68:29:d1:99:0a:f8:8a:
                    07:a1:9e:1b:71:82:6c:1f:62:5c:28:67:b5:4d:1d:
                    71:12:d8:69:d9:90:df:32:8c:10:41:9d:39:8d:97:
                    62:56:09:f5:2f:ec:cf:7d:be:90:df:27:fb:29:0b:
                    a7:7c:04:8c:01:28:ab:3f:2f:41:6f:93:4d:ae:21:
                    67:dc:6e:67:10:37:54:23:8e:ac:8b:36:26:bf:c8:
                    15:99:cb:33:16:da:68:5b:55:a9:87:ba:f1:04:ca:
                    24:34:0b:55:d3:f5:8a:55:f8:1b:e0:4a:8c:11:0e:
                    df:d0:1b:27:d1:27:9e:93:8b:4b:5b:07:c7:fa:62:
                    8c:e6:35:0f:09:9f:b7:c9:b9:7e:4d:31:ad:9a:58:
                    30:40:9d:22:5e:96:d9:cc:06:96:b8:5f:2b:66:71:
                    85:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:34:42:6D:F3:7C:1E:BB:83:12:D7:CC:47:C3:FD:4F:DE:CA:28:FE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kTRCbfN8HruDEtfMR8P9T97KKP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.152.54.0/24
                  82.152.160.0/21
                  82.152.176.0/23
                  82.153.50.0/24
                  82.153.136.0/22
                  89.213.98.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  109.176.201.0/24
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.130.0/24
                  213.130.149.0/24
                  213.130.156.0/24
                  213.210.59.0/24
                  213.218.210.0/23
                  213.218.213.0/24
                  213.218.227.0/24
                  213.218.231.0/24
                  217.144.158.0/24
                  217.145.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:70:fa:9e:23:8a:30:9a:bd:3e:bb:ad:b5:44:8e:eb:e3:7d:
         0c:5e:15:8c:28:49:7c:53:c9:15:81:46:7d:f1:ed:a5:93:a4:
         1e:53:34:08:fb:45:b7:c7:39:9b:d8:b3:15:0e:b8:be:f0:9d:
         97:67:69:b2:0e:22:f1:7f:7a:5b:7a:24:1f:ae:13:63:3e:ec:
         1e:53:ec:f2:99:c1:f7:b3:dd:bd:4b:2f:5e:bb:21:3f:9a:e1:
         2b:d3:5b:b5:b7:6b:f0:2f:19:32:b0:cb:b2:b3:50:b8:19:4f:
         25:02:f7:a9:53:d0:21:5b:db:31:9f:90:64:8f:c4:ec:f5:1a:
         32:3d:89:97:5e:94:43:a9:35:1e:3b:61:38:b3:6c:55:29:c6:
         f0:17:9e:7b:5b:19:ba:68:5b:a6:20:1e:30:c7:fc:67:62:3e:
         71:63:d9:2c:f9:05:c7:02:66:f9:57:16:20:96:4d:b6:01:08:
         4b:51:c4:e2:2e:1c:07:e3:1e:3f:01:a2:f4:3d:49:fd:25:d7:
         81:65:f8:cd:2e:b7:46:78:97:17:79:d0:09:f6:88:71:be:9b:
         af:a5:84:e9:3e:e6:da:c9:63:c5:09:21:55:7a:45:51:a9:14:
         ef:a6:20:35:d3:27:91:af:23:52:46:80:e2:1d:91:fb:7d:9e:
         22:74:cc:ff
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY9c13uOxzo9z14ymJ+OrLiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA5MTAxMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTM0NDI2ZGYzN2MxZWJiODMxMmQ3Y2M0N2MzZmQ0ZmRlY2EyOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFV+ojmu4fTKBEBC9U0oE3+bfkM2
XB/W93E7Xl1eUOgcVWTCATFFHexceZVAJDRsJBAOwVNWbA+O/iV3x4ndTDXiFRxP
wCgXIiCN9p5aK8o8qvYNFMt2TfbedZUx5U9xVmgp0ZkK+IoHoZ4bcYJsH2JcKGe1
TR1xEthp2ZDfMowQQZ05jZdiVgn1L+zPfb6Q3yf7KQunfASMASirPy9Bb5NNriFn
3G5nEDdUI46sizYmv8gVmcszFtpoW1Wph7rxBMokNAtV0/WKVfgb4EqMEQ7f0Bsn
0Seek4tLWwfH+mKM5jUPCZ+3ybl+TTGtmlgwQJ0iXpbZzAaWuF8rZnGFrwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFJE0Qm3zfB67gxLXzEfD/U/eyij+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva1RSQ2JmTjhIcnVERXRmTVI4UDlUOTdLS1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG1BggrBgEFBQcBBwEB/wSBpTCBojCBnwQCAAEwgZgDBABR
qH4DBABSmDYDBANSmKADBAFSmLADBABSmTIDBAJSmYgDBABZ1WIwDAMEAlnVlAME
BVnVgAMEAlnVrAMEAFnVtAMEA22wEAMEAG2wyQMEAbkxfgMEBMJpUAMEANWCggME
ANWClQMEANWCnAMEANXSOwMEAdXa0gMEANXa1QMEANXa4wMEANXa5wMEANmQngME
ANmRQjANBgkqhkiG9w0BAQsFAAOCAQEAYHD6niOKMJq9PruttUSO6+N9DF4VjChJ
fFPJFYFGffHtpZOkHlM0CPtFt8c5m9izFQ64vvCdl2dpsg4i8X96W3okH64TYz7s
HlPs8pnB97PdvUsvXrshP5rhK9Nbtbdr8C8ZMrDLsrNQuBlPJQL3qVPQIVvbMZ+Q
ZI/E7PUaMj2Jl16UQ6k1HjthOLNsVSnG8Beee1sZumhbpiAeMMf8Z2I+cWPZLPkF
xwJm+VcWIJZNtgEIS1HE4i4cB+MePwGi9D1J/SXXgWX4zS63RniXF3nQCfaIcb6b
r6WE6T7m2sljxQkhVXpFUakU76YgNdMnka8jUkaA4h2R+32eInTM/w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org