Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nIbx5zDBTClDj8xciqCI0a2iJPw.roa
File:                     nIbx5zDBTClDj8xciqCI0a2iJPw.roa (raw, json)
Hash identifier:          EMLlVy6GueQRXOn2lphUO+nNvhVPv5sMt3m8CdolckI=
Subject key identifier:   9C:86:F1:E7:30:C1:4C:29:43:8F:CC:5C:8A:A0:88:D1:AD:A2:24:FC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F51EC61654DD64AC6E31CD8AB3511555E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nIbx5zDBTClDj8xciqCI0a2iJPw.roa
Signing time:             Tue 07 May 2024 07:19:56 +0000
ROA not before:           Tue 07 May 2024 07:19:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        79.99.76.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          82.163.0.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          109.176.193.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          212.38.74.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 07 May 2024 10:10:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:51:ec:61:65:4d:d6:4a:c6:e3:1c:d8:ab:35:11:55:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  7 07:19:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c86f1e730c14c29438fcc5c8aa088d1ada224fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7c:c5:d1:40:b7:32:2f:a3:5b:70:ff:b9:3b:
                    9d:5b:bc:ed:17:10:e2:c9:41:37:f1:b0:4a:00:20:
                    e6:23:11:26:1e:5e:99:d2:6b:4f:6f:5f:08:bb:ca:
                    af:8e:6b:fa:87:38:0f:56:9c:34:5d:9f:d0:d8:d5:
                    48:5e:66:43:df:de:7f:b4:3f:e4:55:fd:d0:05:e3:
                    30:3e:ea:c5:45:c8:54:5d:e7:25:cf:a0:88:04:cb:
                    d1:c0:b5:3d:37:d5:d4:b0:8e:5e:7b:3b:df:dd:3e:
                    84:28:1d:6e:71:80:4b:2d:2f:89:c4:f0:35:03:94:
                    ab:20:cf:01:7b:70:08:96:b7:ad:68:33:39:63:91:
                    b8:b2:41:a8:69:85:50:63:e4:e7:2e:e2:31:ac:a6:
                    f2:a7:9d:95:6d:0b:c6:4d:b7:d5:98:82:86:83:60:
                    ae:70:7e:97:3e:40:b1:85:72:54:49:ff:86:ab:9e:
                    d3:95:93:4a:e3:71:37:57:a7:fc:be:11:ca:e4:3a:
                    7c:2f:35:32:4f:64:45:fd:4f:ec:94:76:04:84:b5:
                    61:a0:8b:0e:51:11:19:1c:b6:2a:61:20:ef:f3:3f:
                    94:39:e5:6b:d3:82:79:a9:e6:9e:a5:9a:e3:93:48:
                    bd:21:64:36:79:37:9c:5f:af:d2:7f:36:9e:e0:6b:
                    de:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:86:F1:E7:30:C1:4C:29:43:8F:CC:5C:8A:A0:88:D1:AD:A2:24:FC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nIbx5zDBTClDj8xciqCI0a2iJPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.76.0/24
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.50.0/24
                  82.153.136.0/22
                  82.153.245.0/24
                  82.163.0.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  109.176.193.0/24
                  109.176.244.0/24
                  185.49.126.0/23
                  194.105.80.0/20
                  212.38.74.0/24
                  212.38.79.0/24
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:27:12:83:b2:7c:09:fe:8f:bd:d5:75:9f:9e:e4:4e:8c:2e:
         e9:8d:20:59:c0:25:dd:0e:bd:6e:a7:8c:76:04:17:ee:31:24:
         86:46:b9:15:8b:63:93:63:a7:ef:3a:9b:31:fa:2e:c7:c6:b0:
         2a:93:41:74:31:46:8f:bd:66:ec:fa:42:a0:7b:fc:7b:d2:71:
         03:99:d1:93:bb:fd:a8:ae:7d:27:cd:cd:48:e3:87:9f:d1:97:
         a9:9a:d6:44:e5:b8:20:2a:48:2f:cc:fa:c3:49:25:d0:53:b7:
         8f:bc:ea:6b:c5:a8:cc:64:fb:b5:10:4e:ee:0d:b2:8f:00:ae:
         27:31:06:6a:d1:63:2e:57:df:51:9c:cb:1c:04:b1:54:d4:d5:
         61:a3:ea:36:4d:f2:c4:ca:49:eb:cb:af:b3:f2:49:56:55:45:
         2e:4a:01:3e:be:57:f4:c7:90:9a:ce:53:e1:3b:1c:b1:99:55:
         ca:f0:39:d6:79:49:78:ab:4f:e9:cd:f2:f4:e0:83:50:90:7e:
         31:72:60:ae:8f:3a:85:c3:8b:18:14:2d:eb:ed:82:29:fd:1f:
         d0:82:ba:bc:1d:c5:4b:52:06:95:39:b3:0b:5a:8f:37:21:2b:
         79:1c:a2:f5:8a:da:1a:7f:91:e7:9f:ef:67:1e:8f:e3:e0:ee:
         42:37:33:f5
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAY9R7GFlTdZKxuMc2Ks1EVVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA3MDcxOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzg2ZjFlNzMwYzE0YzI5NDM4ZmNjNWM4YWEwODhkMWFkYTIyNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHzF0UC3Mi+jW3D/uTudW7ztFxDi
yUE38bBKACDmIxEmHl6Z0mtPb18Iu8qvjmv6hzgPVpw0XZ/Q2NVIXmZD395/tD/k
Vf3QBeMwPurFRchUXeclz6CIBMvRwLU9N9XUsI5eezvf3T6EKB1ucYBLLS+JxPA1
A5SrIM8Be3AIlretaDM5Y5G4skGoaYVQY+TnLuIxrKbyp52VbQvGTbfVmIKGg2Cu
cH6XPkCxhXJUSf+Gq57TlZNK43E3V6f8vhHK5Dp8LzUyT2RF/U/slHYEhLVhoIsO
UREZHLYqYSDv8z+UOeVr04J5qeaepZrjk0i9IWQ2eTecX6/Sfzae4Gve9wIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFJyG8ecwwUwpQ4/MXIqgiNGtoiT8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbklieDV6REJUQ2xEajh4Y2lxQ0kwYTJpSlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijCBhwQCAAEwgYADBABP
Y0wDBABRqH4DBAFSmLADBABSmTIDBAJSmYgDBABSmfUDBABSowAwDAMEAlnVlAME
BVnVgAMEAlnVrAMEAFnVtAMEA22wEAMEAG2wwQMEAG2w9AMEAbkxfgMEBMJpUAME
ANQmSgMEANQmTwMEANWClQMEAdXa0gMEANXa1TANBgkqhkiG9w0BAQsFAAOCAQEA
rScSg7J8Cf6PvdV1n57kTowu6Y0gWcAl3Q69bqeMdgQX7jEkhka5FYtjk2On7zqb
Mfoux8awKpNBdDFGj71m7PpCoHv8e9JxA5nRk7v9qK59J83NSOOHn9GXqZrWROW4
ICpIL8z6w0kl0FO3j7zqa8WozGT7tRBO7g2yjwCuJzEGatFjLlffUZzLHASxVNTV
YaPqNk3yxMpJ68uvs/JJVlVFLkoBPr5X9MeQms5T4TscsZlVyvA51nlJeKtP6c3y
9OCDUJB+MXJgro86hcOLGBQt6+2CKf0f0IK6vB3FS1IGlTmzC1qPNyEreRyi9Yra
Gn+R55/vZx6P4+DuQjcz9Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:31 2024 by rpki-client on console-ams.rpki-client.org