Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pUNFLRfWJys-uchk5BhoDuwLAuU.roa
File:                     pUNFLRfWJys-uchk5BhoDuwLAuU.roa (raw, json)
Hash identifier:          FVzij8PZiJig82AM8+kGjE0eAOfF+MsGi1QuXme3sR8=
Subject key identifier:   A5:43:45:2D:17:D6:27:2B:3E:B9:C8:64:E4:18:68:0E:EC:0B:02:E5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0188428271C432A956508B4BA105B0924DA6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pUNFLRfWJys-uchk5BhoDuwLAuU.roa
Signing time:             Mon 22 May 2023 08:10:24 +0000
ROA not before:           Mon 22 May 2023 08:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.68.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.208.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.153.211.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 May 2023 14:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:42:82:71:c4:32:a9:56:50:8b:4b:a1:05:b0:92:4d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 22 08:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a543452d17d6272b3eb9c864e418680eec0b02e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:df:d0:f5:f4:5f:2c:e4:88:6c:e1:b3:b4:de:
                    8d:60:86:a4:20:a4:5b:a3:6d:6d:25:53:90:67:ea:
                    8e:f0:12:3e:a7:80:17:e0:22:f7:58:6c:0d:c9:c9:
                    b6:71:62:5d:0f:0d:65:86:ba:f2:1e:71:ee:0e:c1:
                    d3:4e:2a:db:5f:47:db:da:75:81:82:1f:4a:5d:db:
                    c8:9c:1f:5f:26:28:d1:e5:29:4d:d5:66:9f:d0:12:
                    d4:3f:e8:2d:4b:83:b3:e9:e0:05:db:2c:7b:59:73:
                    9e:6f:d2:35:47:bd:4c:7a:c9:13:41:6a:4f:9a:9a:
                    29:6c:5e:19:58:fe:5a:08:60:b7:56:9f:51:28:b2:
                    cc:e0:66:6d:e4:39:cb:d4:03:01:06:9a:e1:bc:92:
                    0d:6d:29:ef:6d:87:ee:5e:77:da:a1:a8:6c:d4:f9:
                    a0:48:e0:1f:9d:bf:cd:6b:d1:cf:95:59:71:77:ab:
                    47:03:fb:cd:71:77:e5:6e:5e:c2:65:c2:ed:65:79:
                    0b:32:05:59:b1:6e:18:63:4c:10:42:0d:79:e5:f7:
                    c3:1c:da:0f:e8:1e:5b:99:3a:4c:da:41:fb:b7:55:
                    ba:a5:48:d9:f3:10:f1:37:63:21:63:f9:b7:af:40:
                    52:1f:28:f6:3c:00:88:33:9b:c4:34:58:59:d6:cd:
                    8c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:43:45:2D:17:D6:27:2B:3E:B9:C8:64:E4:18:68:0E:EC:0B:02:E5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pUNFLRfWJys-uchk5BhoDuwLAuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.253.0-82.152.255.255
                  82.153.4.0/24
                  82.153.64.0/23
                  82.153.68.0/24
                  82.153.70.0/23
                  82.153.73.0/24
                  82.153.208.0/22
                  82.153.222.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:ee:93:1e:55:3f:b0:22:46:76:de:cf:6b:5a:f7:9e:9a:bc:
         22:1e:23:1a:e3:f9:57:ee:98:d8:df:15:8f:e5:f1:d7:71:dc:
         e4:96:40:e1:23:d4:bc:4a:dc:6c:a7:24:69:50:e5:c7:1c:65:
         5c:a2:3e:67:7e:f7:9f:68:3e:90:bd:7b:57:6e:24:7b:3b:61:
         6a:9f:8b:01:be:0c:7d:78:28:6a:35:65:7a:1e:62:48:57:aa:
         dc:65:2a:50:6a:10:2b:21:8e:24:5c:4f:72:85:02:47:96:cd:
         76:e9:b7:d6:82:31:65:88:07:f8:da:c9:de:34:cd:8e:d4:70:
         70:6d:ce:c0:47:4c:b6:e2:85:cf:34:ff:f0:0f:36:a9:de:f3:
         0a:15:9a:76:cc:de:d3:d2:13:fb:e7:7f:df:b1:32:b7:09:d9:
         d9:c3:e3:af:af:db:8d:bd:af:72:bf:02:e4:20:1e:1a:09:45:
         49:fa:42:6d:57:4d:32:2c:e1:64:ab:fe:70:bb:b1:97:cc:ad:
         03:dc:18:97:e5:82:e2:26:48:1a:89:e9:25:f7:02:23:89:8f:
         51:e3:65:d0:6d:42:ff:1d:60:b5:14:b7:a6:9f:22:4b:5c:4a:
         3a:7b:b5:96:b0:cb:b3:c5:dd:2c:6f:9d:c3:c0:ae:d6:99:0b:
         df:19:31:5d
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISAYhCgnHEMqlWUItLoQWwkk2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTIyMDgxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQzNDUyZDE3ZDYyNzJiM2ViOWM4NjRlNDE4NjgwZWVjMGIwMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgN/Q9fRfLOSIbOGztN6NYIakIKRb
o21tJVOQZ+qO8BI+p4AX4CL3WGwNycm2cWJdDw1lhrryHnHuDsHTTirbX0fb2nWB
gh9KXdvInB9fJijR5SlN1Waf0BLUP+gtS4Oz6eAF2yx7WXOeb9I1R71MeskTQWpP
mpopbF4ZWP5aCGC3Vp9RKLLM4GZt5DnL1AMBBprhvJINbSnvbYfuXnfaoahs1Pmg
SOAfnb/Na9HPlVlxd6tHA/vNcXflbl7CZcLtZXkLMgVZsW4YY0wQQg155ffDHNoP
6B5bmTpM2kH7t1W6pUjZ8xDxN2MhY/m3r0BSHyj2PACIM5vENFhZ1s2MswIDAQAB
o4ICazCCAmcwHQYDVR0OBBYEFKVDRS0X1icrPrnIZOQYaA7sCwLlMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcFVORkxSZldKeXMtdWNoazVCaG9EdXdMQXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGABggrBgEFBQcBBwEB/wRxMG8wbQQCAAEwZwMEAFGoIwME
AFGodwMEAFGoewMEAVKYrgMEAFKY+QMEAFKY+zALAwQAUpj9AwMAUpgDBABSmQQD
BAFSmUADBABSmUQDBAFSmUYDBABSmUkDBAJSmdADBABSmd4DBABSmfYDBAFSmfgw
DQYJKoZIhvcNAQELBQADggEBAArukx5VP7AiRnbez2ta956avCIeIxrj+VfumNjf
FY/l8ddx3OSWQOEj1LxK3GynJGlQ5cccZVyiPmd+959oPpC9e1duJHs7YWqfiwG+
DH14KGo1ZXoeYkhXqtxlKlBqECshjiRcT3KFAkeWzXbpt9aCMWWIB/jayd40zY7U
cHBtzsBHTLbihc80//APNqne8woVmnbM3tPSE/vnf9+xMrcJ2dnD46+v2429r3K/
AuQgHhoJRUn6Qm1XTTIs4WSr/nC7sZfMrQPcGJflguImSBqJ6SX3AiOJj1HjZdBt
Qv8dYLUUt6afIktcSjp7tZawy7PF3SxvncPArtaZC98ZMV0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org