Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mHbfVysPYb41h4gVZihX1O66Tgk.roa
File:                     mHbfVysPYb41h4gVZihX1O66Tgk.roa (raw, json)
Hash identifier:          7jkiAGt0QgZ1VC4M+Kt3QHXSC3PqLOfbUHd/L2P7RB0=
Subject key identifier:   98:76:DF:57:2B:0F:61:BE:35:87:88:15:66:28:57:D4:EE:BA:4E:09
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018AB7F983A0BFCE63C5C781021CFDE0AC0D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mHbfVysPYb41h4gVZihX1O66Tgk.roa
Signing time:             Thu 21 Sep 2023 13:41:37 +0000
ROA not before:           Thu 21 Sep 2023 13:41:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.227.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.40.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Sep 2023 07:04:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b7:f9:83:a0:bf:ce:63:c5:c7:81:02:1c:fd:e0:ac:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 21 13:41:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9876df572b0f61be35878815662857d4eeba4e09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:09:2b:c1:26:b5:6d:39:7e:92:b0:15:51:8f:
                    6d:8c:10:b0:ed:bd:9d:d1:69:27:57:ac:b5:a7:6a:
                    b3:c2:9d:f9:b8:c3:c5:2a:85:55:df:90:03:ba:b3:
                    e2:f8:92:87:d0:e4:40:07:1e:ac:59:ab:9f:8d:cf:
                    db:35:13:32:77:01:b1:93:aa:4f:ce:b3:e8:7e:a0:
                    32:64:9f:ff:bb:6e:31:d5:b3:38:d2:86:b6:5a:21:
                    2d:bc:4c:04:dd:f3:b1:2f:79:78:66:8a:4d:53:18:
                    bd:16:7b:cc:43:cc:66:d8:1f:d0:18:91:7e:2f:1d:
                    0a:64:63:68:fd:fb:51:f2:d0:d4:39:ee:8e:b7:ce:
                    5b:90:bc:c2:45:b5:56:39:05:ec:a5:2f:3d:20:35:
                    fd:86:be:a1:e9:2c:c6:cd:e2:e9:1b:69:f9:ae:c2:
                    b4:59:c0:5c:b4:cb:24:f3:2b:37:35:e8:1c:b2:8b:
                    cd:28:c2:3d:b8:83:47:8e:70:70:64:ac:44:a7:17:
                    4e:66:6b:be:c2:37:25:f1:e7:fc:47:78:63:c7:85:
                    86:47:42:49:ab:90:81:96:a8:96:c2:f9:0b:4e:6a:
                    b3:74:09:71:72:41:12:91:fc:6a:8f:02:fd:4f:42:
                    c5:d6:b5:0d:6f:bb:c2:f2:63:e7:a9:44:e5:81:ed:
                    19:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:76:DF:57:2B:0F:61:BE:35:87:88:15:66:28:57:D4:EE:BA:4E:09
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mHbfVysPYb41h4gVZihX1O66Tgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  82.153.227.0/24
                  89.213.40.0/22
                  89.213.145.0-89.213.146.255
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:04:d6:7a:f4:5e:ed:8c:b9:e2:f9:13:44:52:a9:78:c7:22:
         48:70:73:d3:0c:5e:a1:ce:92:ef:83:09:a8:b8:45:58:4f:9a:
         4e:d6:c2:30:e5:dd:76:b3:14:e0:61:65:28:fb:d6:64:5f:d2:
         58:fc:5f:d4:6b:19:b7:6b:e7:6c:b0:4f:1d:98:64:d6:c7:b9:
         a2:5e:9a:88:7a:cf:81:72:5d:b1:83:73:af:b3:21:9a:c2:be:
         40:50:f3:46:66:51:06:06:c0:39:61:1d:b8:df:1c:00:6f:d1:
         82:fd:6c:b3:a3:36:29:63:ed:3b:04:e1:56:b5:d5:b3:ee:63:
         93:53:a9:b0:40:b8:e0:4a:ed:97:c1:b9:78:9e:de:29:ed:4d:
         ab:18:9a:72:57:55:d4:45:b2:8e:43:7e:dd:13:a6:6e:d8:61:
         a1:35:c6:b9:65:0c:03:45:61:33:71:91:22:a9:a2:ac:2d:57:
         29:bd:13:66:18:22:80:cc:6c:db:b5:72:e5:c4:5f:0e:6f:82:
         b7:af:04:59:d9:5b:11:fd:7a:f5:9a:d8:f3:35:c2:a2:a8:0c:
         a2:a3:89:79:02:de:cd:06:67:ee:3a:2f:a9:37:7b:14:07:9c:
         fc:00:33:b1:59:64:4a:e9:7a:89:a5:9d:3d:cc:8b:4b:7a:9d:
         62:8d:84:7a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYq3+YOgv85jxceBAhz94KwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTIxMTM0MTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODc2ZGY1NzJiMGY2MWJlMzU4Nzg4MTU2NjI4NTdkNGVlYmE0ZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggkrwSa1bTl+krAVUY9tjBCw7b2d
0WknV6y1p2qzwp35uMPFKoVV35ADurPi+JKH0ORABx6sWaufjc/bNRMydwGxk6pP
zrPofqAyZJ//u24x1bM40oa2WiEtvEwE3fOxL3l4ZopNUxi9FnvMQ8xm2B/QGJF+
Lx0KZGNo/ftR8tDUOe6Ot85bkLzCRbVWOQXspS89IDX9hr6h6SzGzeLpG2n5rsK0
WcBctMsk8ys3NegcsovNKMI9uINHjnBwZKxEpxdOZmu+wjcl8ef8R3hjx4WGR0JJ
q5CBlqiWwvkLTmqzdAlxckESkfxqjwL9T0LF1rUNb7vC8mPnqUTlge0ZsQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFJh231crD2G+NYeIFWYoV9Tuuk4JMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbUhiZlZ5c1BZYjQxaDRnVlppaFgxTzY2VGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQA
Uah7AwQCUpmIAwQAUpnjAwQCWdUoMAwDBABZ1ZEDBABZ1ZIDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAEYE1nr0Xu2MueL5E0RSqXjHIkhwc9MMXqHOku+D
Cai4RVhPmk7WwjDl3XazFOBhZSj71mRf0lj8X9RrGbdr52ywTx2YZNbHuaJemoh6
z4FyXbGDc6+zIZrCvkBQ80ZmUQYGwDlhHbjfHABv0YL9bLOjNilj7TsE4Va11bPu
Y5NTqbBAuOBK7ZfBuXie3intTasYmnJXVdRFso5Dft0Tpm7YYaE1xrllDANFYTNx
kSKpoqwtVym9E2YYIoDMbNu1cuXEXw5vgrevBFnZWxH9evWa2PM1wqKoDKKjiXkC
3s0GZ+46L6k3exQHnPwAM7FZZErpeomlnT3Mi0t6nWKNhHo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:31 2024 by rpki-client on console-ams.rpki-client.org