Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lh9iMnmdUH8CCwuP-YeKDmN89D4.roa
File:                     lh9iMnmdUH8CCwuP-YeKDmN89D4.roa (raw, json)
Hash identifier:          qBA4gGsmUHQiSzUiw7Z3xZIewkEZRasOyAHoggF5zds=
Subject key identifier:   96:1F:62:32:79:9D:50:7F:02:0B:0B:8F:F9:87:8A:0E:63:7C:F4:3E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0188239025F87B84536AA85F62C947ED09D8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lh9iMnmdUH8CCwuP-YeKDmN89D4.roa
Signing time:             Tue 16 May 2023 07:57:09 +0000
ROA not before:           Tue 16 May 2023 07:57:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.152.108.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.10.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.208.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.153.211.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 16 May 2023 18:15:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:23:90:25:f8:7b:84:53:6a:a8:5f:62:c9:47:ed:09:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 16 07:57:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=961f6232799d507f020b0b8ff9878a0e637cf43e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:42:81:49:05:a0:07:fc:ba:8e:fe:e2:88:8e:
                    4e:a6:ec:1d:59:2c:b6:f7:0e:6e:cb:04:0d:87:a3:
                    3c:03:3c:44:df:9e:08:39:2f:59:b5:39:b5:41:1a:
                    12:d9:4b:7d:be:d2:66:7d:b6:ca:b2:2f:97:36:3b:
                    9b:7f:df:98:51:20:e0:c5:40:5d:54:75:01:fb:13:
                    86:45:7e:40:ac:19:4e:4e:a7:20:58:87:74:24:55:
                    b4:59:07:23:2d:64:e4:ea:b3:f5:86:ba:8c:ea:4c:
                    5c:81:7f:03:72:db:b1:44:fe:31:3f:db:37:1d:d4:
                    f7:48:be:eb:9c:70:db:99:10:18:01:fe:9b:82:76:
                    44:ef:cb:6b:f8:a1:1f:4d:b6:71:70:45:03:8f:9c:
                    a7:20:67:e4:f2:08:8e:37:98:5f:78:d7:06:4f:cd:
                    0f:44:05:8c:68:b7:1a:a5:32:a9:47:1c:dc:16:1d:
                    81:87:86:fd:ec:f8:51:9c:bb:5a:d7:eb:60:a5:40:
                    a3:97:f7:58:d6:bb:a9:01:7c:80:04:6b:f3:10:0a:
                    c1:78:df:a3:5e:16:a9:47:c1:12:6b:fc:9e:ce:9d:
                    38:08:32:ba:9e:9b:cb:96:1d:02:0d:15:8d:79:d3:
                    d8:93:71:8a:7c:d4:17:5f:85:56:d2:f4:10:8e:7e:
                    2c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:1F:62:32:79:9D:50:7F:02:0B:0B:8F:F9:87:8A:0E:63:7C:F4:3E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lh9iMnmdUH8CCwuP-YeKDmN89D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.253.0-82.152.255.255
                  82.153.4.0/24
                  82.153.10.0/24
                  82.153.65.0/24
                  82.153.68.0/24
                  82.153.70.0/23
                  82.153.73.0/24
                  82.153.208.0/22
                  82.153.222.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:ac:6a:3c:d5:e2:db:93:c7:20:87:f5:d1:30:87:b0:86:37:
         6d:2a:b3:2b:ff:db:d7:71:c9:c4:6b:f5:37:e2:02:4c:80:b6:
         0e:4c:c6:42:20:ca:e9:3e:c0:93:38:5e:af:91:1d:1d:0b:83:
         14:30:a1:9f:69:8a:92:ec:74:08:ab:1c:37:c6:0a:2c:17:f4:
         d8:04:ca:5c:0e:2c:85:a0:e1:72:68:bc:43:68:06:0a:99:87:
         93:0c:e3:41:ea:c9:d6:84:4d:d9:0b:2e:b6:d1:e7:0d:24:6a:
         86:6f:84:6c:97:7c:9e:5d:a5:8e:b4:ae:ee:3a:7a:ec:1d:df:
         f0:9a:cd:29:51:cd:9c:11:6c:75:da:ec:77:23:1e:28:75:1b:
         b5:bc:4d:61:ee:c3:80:f4:4c:4a:97:ee:28:4a:44:f9:32:fe:
         83:d5:db:f0:f5:e4:e3:e5:fd:73:23:c3:1b:72:d1:cf:ff:b6:
         8e:59:df:61:fc:8a:c5:ef:95:50:8f:99:08:39:72:37:0c:a9:
         d6:57:4c:08:8b:08:e9:57:c2:5b:3f:cb:42:42:64:35:10:c4:
         89:68:f6:78:98:fe:69:f8:0b:41:60:af:e5:1b:2c:a9:1a:39:
         bc:4f:33:ef:78:8d:61:31:f4:f3:10:6d:59:2f:d5:0b:6f:ed:
         96:97:bb:ac
-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgISAYgjkCX4e4RTaqhfYslH7QnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTE2MDc1NzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjFmNjIzMjc5OWQ1MDdmMDIwYjBiOGZmOTg3OGEwZTYzN2NmNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkKBSQWgB/y6jv7iiI5OpuwdWSy2
9w5uywQNh6M8AzxE354IOS9ZtTm1QRoS2Ut9vtJmfbbKsi+XNjubf9+YUSDgxUBd
VHUB+xOGRX5ArBlOTqcgWId0JFW0WQcjLWTk6rP1hrqM6kxcgX8DctuxRP4xP9s3
HdT3SL7rnHDbmRAYAf6bgnZE78tr+KEfTbZxcEUDj5ynIGfk8giON5hfeNcGT80P
RAWMaLcapTKpRxzcFh2Bh4b97PhRnLta1+tgpUCjl/dY1rupAXyABGvzEArBeN+j
XhapR8ESa/yezp04CDK6npvLlh0CDRWNedPYk3GKfNQXX4VW0vQQjn4s8QIDAQAB
o4ICdzCCAnMwHQYDVR0OBBYEFJYfYjJ5nVB/AgsLj/mHig5jfPQ+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbGg5aU1ubWRVSDhDQ3d1UC1ZZUtEbU44OUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGMBggrBgEFBQcBBwEB/wR9MHsweQQCAAEwcwMEAFGoIwME
AFGodwMEAFGoewMEAFKYbAMEAVKYrgMEAFKY+QMEAFKY+zALAwQAUpj9AwMAUpgD
BABSmQQDBABSmQoDBABSmUEDBABSmUQDBAFSmUYDBABSmUkDBAJSmdADBABSmd4D
BABSmfYDBAFSmfgwDQYJKoZIhvcNAQELBQADggEBABusajzV4tuTxyCH9dEwh7CG
N20qsyv/29dxycRr9TfiAkyAtg5MxkIgyuk+wJM4Xq+RHR0LgxQwoZ9pipLsdAir
HDfGCiwX9NgEylwOLIWg4XJovENoBgqZh5MM40HqydaETdkLLrbR5w0kaoZvhGyX
fJ5dpY60ru46euwd3/CazSlRzZwRbHXa7HcjHih1G7W8TWHuw4D0TEqX7ihKRPky
/oPV2/D15OPl/XMjwxty0c//to5Z32H8isXvlVCPmQg5cjcMqdZXTAiLCOlXwls/
y0JCZDUQxIlo9niY/mn4C0Fgr+UbLKkaObxPM+94jWEx9PMQbVkv1Qtv7ZaXu6w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:30 2024 by rpki-client on console-ams.rpki-client.org