Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rb_5vUSQ0dqfYQDNuPLkmIANx34.roa
File:                     rb_5vUSQ0dqfYQDNuPLkmIANx34.roa (raw, json)
Hash identifier:          e2PUi+4/NHvJMmu2ajt599Qjj+Cfp4SgmlfoOv90qpI=
Subject key identifier:   AD:BF:F9:BD:44:90:D1:DA:9F:61:00:CD:B8:F2:E4:98:80:0D:C7:7E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189E3FC1ED9ED05BE2B0B71109F40B48E30
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rb_5vUSQ0dqfYQDNuPLkmIANx34.roa
Signing time:             Fri 11 Aug 2023 09:44:58 +0000
ROA not before:           Fri 11 Aug 2023 09:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.214.0/24 maxlen: 24
                          109.176.215.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.45.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.159.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 11 Aug 2023 09:45:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e3:fc:1e:d9:ed:05:be:2b:0b:71:10:9f:40:b4:8e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 11 09:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=adbff9bd4490d1da9f6100cdb8f2e498800dc77e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f3:47:74:fa:a3:48:07:70:a8:2c:97:5e:b5:
                    19:f7:ad:56:89:95:88:28:37:c8:13:bf:9a:74:c2:
                    74:20:8e:c1:45:36:ea:cb:76:87:b4:41:e5:1b:ce:
                    e6:34:2a:3c:29:7a:b7:b3:1e:c1:ae:a7:43:a0:2d:
                    74:b0:36:fc:86:f4:32:06:38:8b:45:57:42:d8:85:
                    b6:ab:a2:09:c1:b3:3e:9f:67:7e:f3:b7:73:65:20:
                    9f:56:84:8f:89:fc:41:5a:03:76:ff:c1:79:9d:b6:
                    69:7d:9a:23:47:56:f6:b1:94:79:c4:22:44:e8:8f:
                    6d:35:89:0c:f7:cc:7c:16:0b:38:5d:01:52:52:15:
                    2a:f3:e3:64:4f:6f:c4:e1:a1:27:2f:54:37:fa:a7:
                    e4:77:4f:85:79:16:75:32:3e:29:86:5f:53:3b:58:
                    25:a7:e3:88:fd:7b:0c:14:91:70:96:c0:14:b5:a1:
                    04:c3:78:56:df:05:5d:2a:55:c8:1e:2d:77:e7:84:
                    df:a1:c0:69:1d:6c:c7:a8:b0:a7:e6:3a:cf:14:18:
                    ef:89:33:8c:67:eb:35:8f:a0:12:84:82:00:27:17:
                    9b:ee:86:18:e8:60:5f:0f:a8:5e:9e:3c:e8:01:a9:
                    75:f6:77:05:e3:c3:91:46:52:5d:fc:4d:29:61:64:
                    8a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:BF:F9:BD:44:90:D1:DA:9F:61:00:CD:B8:F2:E4:98:80:0D:C7:7E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rb_5vUSQ0dqfYQDNuPLkmIANx34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.5.0/24
                  89.213.41.0-89.213.42.255
                  89.213.44.0/22
                  89.213.133.0-89.213.134.255
                  89.213.136.0/24
                  89.213.139.0-89.213.141.255
                  89.213.146.0/24
                  89.213.148.0-89.213.155.255
                  89.213.157.0-89.213.160.255
                  89.213.162.0-89.213.164.255
                  89.213.168.0/23
                  89.213.173.0-89.213.177.255
                  89.213.179.0-89.213.189.255
                  109.176.211.0/24
                  109.176.214.0-109.176.223.255
                  109.176.240.0/24
                  109.176.242.0/23
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:61:6c:d3:b1:02:2c:5c:d3:dc:aa:99:be:ee:fc:f5:51:df:
         d6:77:c7:52:58:00:f1:4a:d3:28:cb:06:25:f1:8e:37:8a:e1:
         fa:8b:96:7f:e1:04:b1:24:35:d6:ec:2b:45:70:1c:c4:63:b5:
         6d:d8:8b:3e:f0:38:4f:65:4a:8d:4b:10:16:83:01:a3:cb:28:
         31:aa:9c:06:3d:74:44:cd:21:b4:45:b4:7c:fe:b0:e1:12:43:
         22:3e:f5:7f:cd:49:12:4e:be:3b:1a:04:a0:a5:d9:65:a7:fe:
         df:80:c5:7d:6f:6c:1f:a0:4a:09:01:0e:d7:4e:66:5e:be:c8:
         1b:5f:2e:e9:4f:e7:03:64:12:7d:e5:16:91:91:28:27:2b:97:
         52:19:1d:76:2e:a6:ee:ad:7f:22:37:8b:27:1e:af:ee:5e:31:
         69:5c:b8:e2:f3:2b:50:72:3e:9b:50:10:d7:d6:47:2b:a8:32:
         2b:87:e0:b7:35:2d:6f:0c:98:9d:41:09:7c:e1:ca:33:48:11:
         e3:81:ac:38:dc:b4:5a:11:88:ed:6b:2a:47:9b:92:89:3e:c1:
         ca:1a:71:36:b4:83:a2:b9:e0:77:12:50:ae:91:1a:f2:c2:6e:
         4d:1d:4f:e5:8f:aa:f1:bb:08:1f:ce:b2:df:43:25:eb:cd:7d:
         9b:74:49:5c
-----BEGIN CERTIFICATE-----
MIIGWTCCBUGgAwIBAgISAYnj/B7Z7QW+KwtxEJ9AtI4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODExMDk0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGJmZjliZDQ0OTBkMWRhOWY2MTAwY2RiOGYyZTQ5ODgwMGRjNzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvNHdPqjSAdwqCyXXrUZ961WiZWI
KDfIE7+adMJ0II7BRTbqy3aHtEHlG87mNCo8KXq3sx7BrqdDoC10sDb8hvQyBjiL
RVdC2IW2q6IJwbM+n2d+87dzZSCfVoSPifxBWgN2/8F5nbZpfZojR1b2sZR5xCJE
6I9tNYkM98x8Fgs4XQFSUhUq8+NkT2/E4aEnL1Q3+qfkd0+FeRZ1Mj4phl9TO1gl
p+OI/XsMFJFwlsAUtaEEw3hW3wVdKlXIHi1354TfocBpHWzHqLCn5jrPFBjviTOM
Z+s1j6AShIIAJxeb7oYY6GBfD6henjzoAal19ncF48ORRlJd/E0pYWSKEwIDAQAB
o4IDZTCCA2EwHQYDVR0OBBYEFK2/+b1EkNHan2EAzbjy5JiADcd+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcmJfNXZVU1EwZHFmWVFETnVQTGttSUFOeDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBeQYIKwYBBQUHAQcBAf8EggFoMIIBZDCCAWAEAgABMIIB
WAMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwAwQAUpn5AwQAWdUFMAwDBABZ1SkDBABZ1SoDBAJZ1Sww
DAMEAFnVhQMEAFnVhgMEAFnViDAMAwQAWdWLAwQBWdWMAwQAWdWSMAwDBAJZ1ZQD
BAJZ1ZgwDAMEAFnVnQMEAFnVoDAMAwQBWdWiAwQAWdWkAwQBWdWoMAwDBABZ1a0D
BAFZ1bAwDAMEAFnVswMEAVnVvAMEAG2w0zAMAwQBbbDWAwQFbbDAAwQAbbDwAwQB
bbDyMAwDBABtsPUDBABtsPYwDAMEA22w+AMEAG2w+jAMAwQAuTF9AwQHuTEAAwQA
1ZgqAwQA1Zg9MA0GCSqGSIb3DQEBCwUAA4IBAQCiYWzTsQIsXNPcqpm+7vz1Ud/W
d8dSWADxStMoywYl8Y43iuH6i5Z/4QSxJDXW7CtFcBzEY7Vt2Is+8DhPZUqNSxAW
gwGjyygxqpwGPXREzSG0RbR8/rDhEkMiPvV/zUkSTr47GgSgpdllp/7fgMV9b2wf
oEoJAQ7XTmZevsgbXy7pT+cDZBJ95RaRkSgnK5dSGR12LqburX8iN4snHq/uXjFp
XLji8ytQcj6bUBDX1kcrqDIrh+C3NS1vDJidQQl84cozSBHjgaw43LRaEYjtaypH
m5KJPsHKGnE2tIOiueB3ElCukRrywm5NHU/lj6rxuwgfzrLfQyXrzX2bdElc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org