Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pdyRwMWokGZfF_200y46-Eq-Mqg.roa
File:                     pdyRwMWokGZfF_200y46-Eq-Mqg.roa (raw, json)
Hash identifier:          9skB7sawj8+uaGd+DgoFgleNQVjqdX7wOOzU51KlvQI=
Subject key identifier:   A5:DC:91:C0:C5:A8:90:66:5F:17:FD:B4:D3:2E:3A:F8:4A:BE:32:A8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0187B2468F68A9F846DDC323DF1965A70083
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pdyRwMWokGZfF_200y46-Eq-Mqg.roa
Signing time:             Mon 24 Apr 2023 07:59:41 +0000
ROA not before:           Mon 24 Apr 2023 07:59:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.68.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 26 Apr 2023 07:59:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b2:46:8f:68:a9:f8:46:dd:c3:23:df:19:65:a7:00:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 24 07:59:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a5dc91c0c5a890665f17fdb4d32e3af84abe32a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e3:53:3a:76:c3:4b:d4:c0:fc:dd:a6:e4:45:
                    42:14:b1:ae:0c:0d:da:eb:81:b3:b1:bc:b3:ce:04:
                    59:f6:d1:71:cc:d1:26:a6:90:9d:df:a8:ee:26:bb:
                    33:19:90:29:ce:32:98:2c:75:8b:6f:30:bb:99:f6:
                    9e:64:71:98:74:17:98:96:bf:e2:57:07:27:b4:ab:
                    96:a3:df:ee:26:ef:43:fa:d0:2a:57:a8:c7:d7:22:
                    1d:8e:46:5a:a5:02:0e:ac:ca:fb:73:c6:45:de:3a:
                    2d:d9:75:9d:08:47:c8:a3:f3:c3:bc:29:cf:88:da:
                    6a:ab:a9:8c:e8:e9:55:04:cc:85:20:17:43:6c:ac:
                    6b:e5:e5:e6:0f:9e:e0:a6:c1:83:34:e5:02:c6:a6:
                    70:be:fc:46:67:00:f8:13:b0:4a:51:12:23:aa:6b:
                    54:87:5d:b8:a9:da:d4:88:86:dd:7f:2c:41:89:b5:
                    19:94:98:e0:51:51:34:a3:88:a3:a3:a2:eb:56:cd:
                    60:5d:ce:d2:92:d8:f3:51:5a:c1:48:20:63:88:a0:
                    d4:55:62:cb:8b:10:75:ef:b1:79:e8:40:ee:3c:c4:
                    dd:a7:01:4b:33:f3:9d:16:86:f3:c0:75:59:88:67:
                    eb:58:51:c8:3c:7d:07:f7:2b:01:8d:c4:84:ac:fd:
                    d6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:DC:91:C0:C5:A8:90:66:5F:17:FD:B4:D3:2E:3A:F8:4A:BE:32:A8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pdyRwMWokGZfF_200y46-Eq-Mqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.254.0/23
                  82.153.4.0/24
                  82.153.65.0/24
                  82.153.68.0/24
                  82.153.70.0/23
                  82.153.209.0-82.153.210.255
                  82.153.222.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:fa:27:f7:4b:d3:48:04:b3:29:b8:db:73:1c:67:f8:47:b7:
         80:d5:6d:8c:d8:02:af:43:7b:2a:ae:ad:f7:9a:34:d0:05:5c:
         8c:db:15:c9:2b:27:d5:fa:71:13:a7:90:46:9d:40:e5:9f:ee:
         41:33:ab:3d:02:ef:f9:77:2b:19:dc:d5:e8:cb:90:f6:97:19:
         0d:16:70:46:1d:3b:d5:97:c3:e8:9d:b4:5b:1b:9c:f0:cf:c1:
         23:56:dd:cb:42:00:5c:e9:2d:b9:9f:4f:b9:94:c4:f6:22:8e:
         a6:19:c5:7b:c2:7b:bc:d4:6c:c6:2a:de:b5:b6:6e:37:eb:8a:
         fa:40:cb:ff:5b:d8:94:5c:c8:76:2b:9d:65:60:84:15:0d:59:
         d5:cb:02:96:0d:23:2c:dc:10:19:5d:67:75:35:b7:d0:80:a4:
         f5:ad:6b:33:05:09:77:40:fb:4c:50:43:e2:70:93:bd:79:52:
         ad:d6:6d:c5:7f:ce:b4:1e:e0:c2:aa:0c:2c:3c:4e:ea:8f:f0:
         bf:63:c4:f0:63:e9:a3:48:ea:7a:f0:b7:e8:e5:02:66:e4:f8:
         88:bf:0f:73:db:74:1d:2c:37:27:d9:0d:71:62:2a:cc:b7:f7:
         22:63:92:ca:e6:46:84:f2:8d:9c:c9:b5:d8:be:d2:f1:73:c4:
         4d:1f:05:dc
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYeyRo9oqfhG3cMj3xllpwCDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDI0MDc1OTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWRjOTFjMGM1YTg5MDY2NWYxN2ZkYjRkMzJlM2FmODRhYmUzMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkONTOnbDS9TA/N2m5EVCFLGuDA3a
64GzsbyzzgRZ9tFxzNEmppCd36juJrszGZApzjKYLHWLbzC7mfaeZHGYdBeYlr/i
VwcntKuWo9/uJu9D+tAqV6jH1yIdjkZapQIOrMr7c8ZF3jot2XWdCEfIo/PDvCnP
iNpqq6mM6OlVBMyFIBdDbKxr5eXmD57gpsGDNOUCxqZwvvxGZwD4E7BKURIjqmtU
h124qdrUiIbdfyxBibUZlJjgUVE0o4ijo6LrVs1gXc7SktjzUVrBSCBjiKDUVWLL
ixB177F56EDuPMTdpwFLM/OdFobzwHVZiGfrWFHIPH0H9ysBjcSErP3WjwIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFKXckcDFqJBmXxf9tNMuOvhKvjKoMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcGR5UndNV29rR1pmRl8yMDB5NDYtRXEtTXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQAUah0AwQA
Uah3AwQAUah7AwQBUpiuAwQAUpj5AwQAUpj7AwQBUpj+AwQAUpkEAwQAUplBAwQA
UplEAwQBUplGMAwDBABSmdEDBABSmdIDBABSmd4DBABSmfYDBAFSmfgwDQYJKoZI
hvcNAQELBQADggEBAD76J/dL00gEsym423McZ/hHt4DVbYzYAq9DeyqurfeaNNAF
XIzbFckrJ9X6cROnkEadQOWf7kEzqz0C7/l3Kxnc1ejLkPaXGQ0WcEYdO9WXw+id
tFsbnPDPwSNW3ctCAFzpLbmfT7mUxPYijqYZxXvCe7zUbMYq3rW2bjfrivpAy/9b
2JRcyHYrnWVghBUNWdXLApYNIyzcEBldZ3U1t9CApPWtazMFCXdA+0xQQ+Jwk715
Uq3WbcV/zrQe4MKqDCw8TuqP8L9jxPBj6aNI6nrwt+jlAmbk+Ii/D3PbdB0sNyfZ
DXFiKsy39yJjksrmRoTyjZzJtdi+0vFzxE0fBdw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org