Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lYk3MQhTJEcp8k3H1XPyRTlFCoQ.roa
File:                     lYk3MQhTJEcp8k3H1XPyRTlFCoQ.roa (raw, json)
Hash identifier:          5BGl30MOzGtM+ffHtx8rH6ZXQALDKPwJAUu2RKgaKfQ=
Subject key identifier:   95:89:37:31:08:53:24:47:29:F2:4D:C7:D5:73:F2:45:39:45:0A:84
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F5764380B49F71BAA60FA78F4FBB8F4D5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lYk3MQhTJEcp8k3H1XPyRTlFCoQ.roa
Signing time:             Wed 08 May 2024 08:48:56 +0000
ROA not before:           Wed 08 May 2024 08:48:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        37.252.27.0/24 maxlen: 24
                          79.99.76.0/24 maxlen: 24
                          81.168.50.0/24 maxlen: 24
                          81.168.67.0/24 maxlen: 24
                          82.152.54.0/24 maxlen: 24
                          82.152.98.0/24 maxlen: 24
                          82.153.35.0/24 maxlen: 24
                          82.153.205.0/24 maxlen: 24
                          82.153.226.0/24 maxlen: 24
                          82.163.0.0/24 maxlen: 24
                          82.163.15.0/24 maxlen: 24
                          89.213.98.0/24 maxlen: 24
                          109.176.193.0/24 maxlen: 24
                          109.176.201.0/24 maxlen: 24
                          109.176.202.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
                          212.38.84.0/24 maxlen: 24
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.130.150.0/24 maxlen: 24
                          213.130.151.0/24 maxlen: 24
                          213.130.156.0/24 maxlen: 24
                          213.210.58.0/24 maxlen: 24
                          213.210.59.0/24 maxlen: 24
                          213.218.227.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24
                          217.144.158.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 May 2024 10:13:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:64:38:0b:49:f7:1b:aa:60:fa:78:f4:fb:b8:f4:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  8 08:48:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=958937310853244729f24dc7d573f24539450a84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:55:50:a3:7c:c7:39:4f:09:b6:c6:b5:06:3e:
                    e7:76:bb:aa:14:58:f6:ea:12:e3:95:3c:01:d7:0d:
                    8e:48:f9:9a:df:d5:8b:4e:e0:38:b4:98:d9:71:96:
                    ac:99:bf:b5:cd:c6:c9:af:f8:ff:3d:47:da:a4:fd:
                    19:b1:6a:67:b8:91:e5:7f:31:2f:e0:d3:c2:83:79:
                    c9:aa:cd:83:1e:ff:0b:82:82:c0:09:af:5b:86:8c:
                    13:2d:c8:47:7d:96:59:4c:5a:49:06:ea:c4:67:ea:
                    34:0f:f0:76:6a:20:32:dd:1d:65:b2:f3:ec:78:92:
                    cb:58:20:0c:3f:2c:eb:1c:b3:a1:7f:59:e0:b6:45:
                    12:d9:06:37:37:01:23:55:36:92:b7:b1:c9:5a:29:
                    30:05:9d:80:bd:68:6b:7f:0b:67:44:0d:6e:41:d9:
                    62:11:31:7b:0d:97:83:58:43:4b:94:1d:11:f0:94:
                    31:2d:6e:71:d2:d3:11:b4:b1:00:5f:11:1b:97:fb:
                    6a:01:0d:79:d9:c6:fc:a1:f3:cd:2c:a0:cc:2d:78:
                    0b:c9:50:59:13:b2:53:2a:ae:b2:53:b4:9f:e4:1e:
                    96:99:4b:2d:2f:e1:6b:8b:ff:7d:61:63:93:58:7b:
                    d9:d9:0b:00:69:77:d3:ac:b9:64:19:11:92:a5:bc:
                    b3:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:89:37:31:08:53:24:47:29:F2:4D:C7:D5:73:F2:45:39:45:0A:84
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lYk3MQhTJEcp8k3H1XPyRTlFCoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.27.0/24
                  79.99.76.0/24
                  81.168.50.0/24
                  81.168.67.0/24
                  82.152.54.0/24
                  82.152.98.0/24
                  82.153.35.0/24
                  82.153.205.0/24
                  82.153.226.0/24
                  82.163.0.0/24
                  82.163.15.0/24
                  89.213.98.0/24
                  109.176.193.0/24
                  109.176.201.0-109.176.202.255
                  109.176.244.0/24
                  212.38.79.0/24
                  212.38.84.0/24
                  213.130.130.0/24
                  213.130.149.0-213.130.151.255
                  213.130.156.0/24
                  213.210.58.0/23
                  213.218.227.0/24
                  213.218.231.0/24
                  217.144.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ff:a1:c4:c5:19:5e:e9:41:8e:02:6c:8b:18:61:3a:cb:3c:
         62:3e:8b:bd:31:a9:72:14:73:0b:0f:66:82:11:b7:b3:af:97:
         7e:10:f9:c8:16:45:28:98:d0:ab:3d:a1:ce:63:d4:9c:9b:2c:
         06:07:69:73:db:dc:54:ef:78:10:9f:df:b3:7c:08:41:67:4d:
         67:e8:02:98:2f:7b:d6:6d:f0:dc:30:9c:99:93:4d:65:34:f9:
         13:5d:35:e2:85:e9:01:ac:f6:71:a2:1a:c3:a2:da:fd:9f:10:
         2f:81:fe:26:30:49:a7:ed:e6:82:18:68:fe:39:cc:b1:f9:b1:
         2e:ad:3f:ed:0e:77:31:28:e2:4d:6e:f5:c3:6c:ff:39:63:08:
         cd:a7:e4:af:62:a7:de:bd:d1:7e:de:87:58:08:bc:62:e4:63:
         0f:83:bd:c4:eb:25:31:6d:97:b3:27:03:78:9c:a6:dc:44:d7:
         f1:8e:45:14:81:08:15:55:9c:4d:ff:4f:11:c0:05:84:a6:6e:
         a6:3d:8e:cf:41:e2:b1:18:6a:cc:fa:72:e3:3b:92:ba:f7:85:
         e5:0c:ae:7a:6d:06:8c:af:e2:22:66:15:6f:03:e8:6b:97:cb:
         68:2a:cd:7c:aa:db:70:3e:60:3a:e0:14:30:a5:8d:5e:d5:85:
         68:5c:70:1f
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAY9XZDgLSfcbqmD6ePT7uPTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA4MDg0ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTg5MzczMTA4NTMyNDQ3MjlmMjRkYzdkNTczZjI0NTM5NDUwYTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VVQo3zHOU8Jtsa1Bj7ndruqFFj2
6hLjlTwB1w2OSPma39WLTuA4tJjZcZasmb+1zcbJr/j/PUfapP0ZsWpnuJHlfzEv
4NPCg3nJqs2DHv8LgoLACa9bhowTLchHfZZZTFpJBurEZ+o0D/B2aiAy3R1lsvPs
eJLLWCAMPyzrHLOhf1ngtkUS2QY3NwEjVTaSt7HJWikwBZ2AvWhrfwtnRA1uQdli
ETF7DZeDWENLlB0R8JQxLW5x0tMRtLEAXxEbl/tqAQ152cb8ofPNLKDMLXgLyVBZ
E7JTKq6yU7Sf5B6WmUstL+Fri/99YWOTWHvZ2QsAaXfTrLlkGRGSpbyzZwIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFJWJNzEIUyRHKfJNx9Vz8kU5RQqEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbFlrM01RaFRKRWNwOGszSDFYUHlSVGxGQ29RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBAAl
/BsDBABPY0wDBABRqDIDBABRqEMDBABSmDYDBABSmGIDBABSmSMDBABSmc0DBABS
meIDBABSowADBABSow8DBABZ1WIDBABtsMEwDAMEAG2wyQMEAG2wygMEAG2w9AME
ANQmTwMEANQmVAMEANWCgjAMAwQA1YKVAwQD1YKQAwQA1YKcAwQB1dI6AwQA1drj
AwQA1drnAwQA2ZCeMA0GCSqGSIb3DQEBCwUAA4IBAQBp/6HExRle6UGOAmyLGGE6
yzxiPou9MalyFHMLD2aCEbezr5d+EPnIFkUomNCrPaHOY9ScmywGB2lz29xU73gQ
n9+zfAhBZ01n6AKYL3vWbfDcMJyZk01lNPkTXTXihekBrPZxohrDotr9nxAvgf4m
MEmn7eaCGGj+Ocyx+bEurT/tDncxKOJNbvXDbP85YwjNp+SvYqfevdF+3odYCLxi
5GMPg73E6yUxbZezJwN4nKbcRNfxjkUUgQgVVZxN/08RwAWEpm6mPY7PQeKxGGrM
+nLjO5K694XlDK56bQaMr+IiZhVvA+hrl8toKs18qttwPmA64BQwpY1e1YVoXHAf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org