Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rvUIZRkse3wnY6R1nQzj7ntzT-M.roa
File:                     rvUIZRkse3wnY6R1nQzj7ntzT-M.roa (raw, json)
Hash identifier:          FQjVZ4aI3H8R2EoTGHQEoFFLcuqwIkfFBUg1NvuxQv0=
Subject key identifier:   AE:F5:08:65:19:2C:7B:7C:27:63:A4:75:9D:0C:E3:EE:7B:73:4F:E3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F38E0F2B35D8E88E72F5E9BFD91741CD6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rvUIZRkse3wnY6R1nQzj7ntzT-M.roa
Signing time:             Thu 02 May 2024 10:36:57 +0000
ROA not before:           Thu 02 May 2024 10:36:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.234.0/24 maxlen: 24
                          213.218.236.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 May 2024 13:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:e0:f2:b3:5d:8e:88:e7:2f:5e:9b:fd:91:74:1c:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  2 10:36:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aef50865192c7b7c2763a4759d0ce3ee7b734fe3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fd:74:13:a1:de:b6:fb:76:38:7b:d3:91:3d:
                    24:8e:57:c1:5f:4d:cc:28:2a:93:60:07:68:d5:c5:
                    f3:69:c5:57:1e:c4:69:9a:67:1b:e2:3c:a5:34:7f:
                    54:d8:38:57:c8:e1:9c:9f:e5:30:5b:a6:dc:0e:40:
                    28:73:c0:64:e8:bf:a3:40:54:06:ad:02:d7:c3:96:
                    07:44:57:a5:42:e6:99:96:90:70:96:67:f9:91:3b:
                    e4:1d:23:5c:3b:1a:dc:61:4a:4f:5e:03:aa:a2:ce:
                    1c:58:d2:7e:f3:d0:5e:1c:1b:62:cc:9d:38:89:5b:
                    35:b3:e2:09:3a:20:ef:d5:83:6c:5e:4f:1c:94:8e:
                    44:53:ea:1e:f8:d6:5b:4a:1f:ce:25:0d:70:70:4e:
                    53:1f:87:df:e3:21:24:cb:9e:b0:b7:d6:7f:bd:55:
                    69:70:44:f5:38:54:71:d8:39:4d:5d:a2:c1:10:82:
                    73:84:74:79:8a:31:ed:78:7a:a7:63:60:59:82:b4:
                    5d:bc:9a:33:94:83:d9:09:5f:17:be:c7:7e:79:e7:
                    be:a6:62:36:f3:77:9b:13:89:fc:ab:da:25:3b:52:
                    93:f6:b0:3d:18:06:f8:7f:8c:5d:ba:a7:35:0c:c7:
                    0c:90:b7:2e:5b:0c:18:2b:2e:b5:ec:78:20:c7:95:
                    9b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F5:08:65:19:2C:7B:7C:27:63:A4:75:9D:0C:E3:EE:7B:73:4F:E3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rvUIZRkse3wnY6R1nQzj7ntzT-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.213.0/24
                  213.218.234.0/24
                  213.218.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:2f:3d:be:65:bb:ef:d1:3a:43:1b:4d:4f:dd:d9:55:bf:76:
         24:f1:04:30:75:11:fc:c4:5c:b1:19:f1:9a:df:6f:5b:18:27:
         8b:33:8d:fb:4b:14:24:8d:9c:0b:aa:44:5d:6c:e0:3d:06:7e:
         d8:11:86:98:0f:ec:e7:d2:f1:b7:fa:81:4d:a5:1f:76:b1:5b:
         69:8c:c5:df:9b:44:ec:4d:57:ba:2a:b3:e5:d3:f1:00:16:b2:
         22:3b:67:cd:a2:63:04:17:8b:b7:a2:ad:de:a4:f8:35:4f:02:
         f6:38:63:ca:2e:be:02:3a:7f:2b:18:51:bb:ef:cf:01:6a:44:
         fe:5c:4f:36:c6:df:a8:cb:7b:96:f7:5d:f3:97:af:f2:99:e3:
         a7:9a:ac:77:53:58:86:d9:a7:58:58:0a:df:e0:a8:0f:98:5f:
         71:45:81:92:3f:49:73:b4:64:cd:be:cc:f4:92:08:e7:11:35:
         93:75:d0:e2:35:9d:61:7c:2d:0f:f6:26:3d:c7:90:cf:ad:68:
         40:de:78:2a:7b:ba:01:0b:42:cb:90:3a:ef:66:3a:3f:14:9c:
         9b:e3:06:83:50:7d:31:12:c2:29:03:ba:41:ac:41:41:4c:67:
         08:ce:11:d1:cc:6f:e7:c3:13:48:c6:75:54:19:51:f5:bb:b5:
         09:2b:36:48
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAY844PKzXY6I5y9em/2RdBzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTAyMTAzNjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWY1MDg2NTE5MmM3YjdjMjc2M2E0NzU5ZDBjZTNlZTdiNzM0ZmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkf10E6Hetvt2OHvTkT0kjlfBX03M
KCqTYAdo1cXzacVXHsRpmmcb4jylNH9U2DhXyOGcn+UwW6bcDkAoc8Bk6L+jQFQG
rQLXw5YHRFelQuaZlpBwlmf5kTvkHSNcOxrcYUpPXgOqos4cWNJ+89BeHBtizJ04
iVs1s+IJOiDv1YNsXk8clI5EU+oe+NZbSh/OJQ1wcE5TH4ff4yEky56wt9Z/vVVp
cET1OFRx2DlNXaLBEIJzhHR5ijHteHqnY2BZgrRdvJozlIPZCV8Xvsd+eee+pmI2
83ebE4n8q9olO1KT9rA9GAb4f4xduqc1DMcMkLcuWwwYKy617Hggx5WbVQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFK71CGUZLHt8J2OkdZ0M4+57c0/jMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcnZVSVpSa3NlM3duWTZSMW5Remo3bnR6VC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQAUah+AwQB
UpiwAwQCUpmIAwQAUpn1MAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBANtsBAD
BAG5MX4DBATCaVADBADVgpUDBAHV2tIDBADV2tUDBADV2uoDBADV2uwwDQYJKoZI
hvcNAQELBQADggEBAAkvPb5lu+/ROkMbTU/d2VW/diTxBDB1EfzEXLEZ8Zrfb1sY
J4szjftLFCSNnAuqRF1s4D0GftgRhpgP7OfS8bf6gU2lH3axW2mMxd+bROxNV7oq
s+XT8QAWsiI7Z82iYwQXi7eird6k+DVPAvY4Y8ouvgI6fysYUbvvzwFqRP5cTzbG
36jLe5b3XfOXr/KZ46earHdTWIbZp1hYCt/gqA+YX3FFgZI/SXO0ZM2+zPSSCOcR
NZN10OI1nWF8LQ/2Jj3HkM+taEDeeCp7ugELQsuQOu9mOj8UnJvjBoNQfTESwikD
ukGsQUFMZwjOEdHMb+fDE0jGdVQZUfW7tQkrNkg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:31 2024 by rpki-client on console-ams.rpki-client.org