Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l_EM4eKSTOru81Jws_2ATaeeQkI.roa
File:                     l_EM4eKSTOru81Jws_2ATaeeQkI.roa (raw, json)
Hash identifier:          hDP4Uifggv38m/qRzVer92+hO6FXUn08BH1YdZgFTeM=
Subject key identifier:   97:F1:0C:E1:E2:92:4C:EA:EE:F3:52:70:B3:FD:80:4D:A7:9E:42:42
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F57634EC8D4849AC266BFEC9F24F4790E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l_EM4eKSTOru81Jws_2ATaeeQkI.roa
Signing time:             Wed 08 May 2024 08:47:56 +0000
ROA not before:           Wed 08 May 2024 08:47:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 May 2024 17:13:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:63:4e:c8:d4:84:9a:c2:66:bf:ec:9f:24:f4:79:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  8 08:47:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97f10ce1e2924ceaeef35270b3fd804da79e4242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b7:fd:fc:52:a7:c1:69:5f:cb:42:33:bd:5c:
                    94:0f:18:4c:20:dd:43:3f:a0:65:26:03:10:f4:4c:
                    ee:c0:47:39:ab:1d:5b:16:55:a2:51:49:4d:4e:4c:
                    8d:9e:95:72:ed:c3:4b:95:29:c8:00:95:94:49:c4:
                    f4:7e:c0:94:ca:43:59:30:49:e7:a1:5d:93:26:b0:
                    78:ab:e3:52:f9:2a:5c:46:d7:89:6b:c5:85:c4:03:
                    a3:04:f8:1e:fe:57:f2:84:23:52:1a:27:77:cf:cd:
                    a7:ef:ec:31:87:76:46:55:52:1e:7e:29:b0:9d:cd:
                    bb:23:84:6e:33:2d:c5:2e:bf:7d:19:9f:73:0a:39:
                    ea:94:ec:8f:e0:82:b7:e1:a7:d9:31:cf:bf:50:6e:
                    aa:5f:aa:06:24:d4:9d:c7:b0:e3:11:81:81:5e:47:
                    b8:8e:4e:5a:35:1c:e7:11:38:fd:4a:ac:60:bb:7d:
                    59:eb:eb:db:0e:64:e8:41:ab:fb:dc:d7:ee:17:5d:
                    ed:9a:a0:e6:08:39:4d:1f:45:8b:da:9b:03:28:1d:
                    97:4b:05:17:38:35:63:bc:53:74:41:3f:34:d5:d9:
                    cf:e7:c1:9a:27:c2:6d:fc:38:02:86:0f:12:35:12:
                    c8:11:3a:f7:46:de:8a:fc:f2:d0:63:f2:a1:d0:70:
                    02:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F1:0C:E1:E2:92:4C:EA:EE:F3:52:70:B3:FD:80:4D:A7:9E:42:42
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l_EM4eKSTOru81Jws_2ATaeeQkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.50.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:28:da:a3:1f:2d:90:13:6e:b8:66:06:dc:10:05:c0:19:d5:
         c6:f5:73:82:ac:ec:7a:58:be:18:33:53:d1:52:e3:bb:50:2a:
         f3:e2:61:1d:68:f7:01:d3:36:93:1c:f9:b4:1d:a1:6c:6e:08:
         f0:c6:b7:79:7f:6a:17:38:ea:08:70:12:da:af:a3:ff:b3:f6:
         1f:35:3a:6f:03:90:84:a1:d5:ca:4c:1f:ad:10:7e:8f:3d:64:
         8f:4e:d2:e5:1a:b7:34:cb:ea:a3:f8:5f:ef:ec:32:ad:44:c6:
         7a:4d:ca:c5:34:13:77:f8:d5:f8:df:c2:fa:14:04:96:aa:92:
         63:56:50:74:e5:e9:e2:aa:78:6f:48:fb:8d:1d:d5:c4:64:95:
         b6:19:7f:90:8c:01:77:6f:7c:32:f5:80:02:43:d8:73:a6:3d:
         96:18:6b:86:c1:8c:b4:19:d5:d3:6c:2a:e5:8e:db:93:7c:cb:
         50:59:45:b5:c0:69:a6:57:27:cb:e0:59:9c:a3:00:95:c9:07:
         ae:31:05:18:dd:06:1b:08:a4:e9:63:2d:c8:79:b8:68:fe:fc:
         d6:18:5e:af:28:73:86:a7:e1:ca:a5:44:9a:59:23:91:45:84:
         5c:7c:d7:b9:87:4b:1e:31:e9:18:a6:3c:f4:31:8d:17:7e:3c:
         2b:d2:62:03
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAY9XY07I1ISawma/7J8k9HkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA4MDg0NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2YxMGNlMWUyOTI0Y2VhZWVmMzUyNzBiM2ZkODA0ZGE3OWU0MjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7f9/FKnwWlfy0IzvVyUDxhMIN1D
P6BlJgMQ9EzuwEc5qx1bFlWiUUlNTkyNnpVy7cNLlSnIAJWUScT0fsCUykNZMEnn
oV2TJrB4q+NS+SpcRteJa8WFxAOjBPge/lfyhCNSGid3z82n7+wxh3ZGVVIefimw
nc27I4RuMy3FLr99GZ9zCjnqlOyP4IK34afZMc+/UG6qX6oGJNSdx7DjEYGBXke4
jk5aNRznETj9Sqxgu31Z6+vbDmToQav73NfuF13tmqDmCDlNH0WL2psDKB2XSwUX
ODVjvFN0QT801dnP58GaJ8Jt/DgChg8SNRLIETr3Rt6K/PLQY/Kh0HACEwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFJfxDOHikkzq7vNScLP9gE2nnkJCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbF9FTTRlS1NUT3J1ODFKd3NfMkFUYWVlUWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAUah+AwQB
UpiwAwQAUpkyAwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBANtsBAD
BAG5MX4DBATCaVADBADVgpUDBAHV2tIDBADV2tUwDQYJKoZIhvcNAQELBQADggEB
AHwo2qMfLZATbrhmBtwQBcAZ1cb1c4Ks7HpYvhgzU9FS47tQKvPiYR1o9wHTNpMc
+bQdoWxuCPDGt3l/ahc46ghwEtqvo/+z9h81Om8DkISh1cpMH60Qfo89ZI9O0uUa
tzTL6qP4X+/sMq1ExnpNysU0E3f41fjfwvoUBJaqkmNWUHTl6eKqeG9I+40d1cRk
lbYZf5CMAXdvfDL1gAJD2HOmPZYYa4bBjLQZ1dNsKuWO25N8y1BZRbXAaaZXJ8vg
WZyjAJXJB64xBRjdBhsIpOljLch5uGj+/NYYXq8oc4an4cqlRJpZI5FFhFx817mH
Sx4x6RimPPQxjRd+PCvSYgM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:17 2024 by rpki-client on console-fra.rpki-client.org