Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tnQlWIxC0ab6ox8cOtaFubGPZVg.roa
File:                     tnQlWIxC0ab6ox8cOtaFubGPZVg.roa (raw, json)
Hash identifier:          9JiuYe1SDdSpjssudNKogBbbhHzQImHunux7ZKWJ/vI=
Subject key identifier:   B6:74:25:58:8C:42:D1:A6:FA:A3:1F:1C:3A:D6:85:B9:B1:8F:65:58
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189F3B5646A6C5FD56FCEE3ECD7B6A15703
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tnQlWIxC0ab6ox8cOtaFubGPZVg.roa
Signing time:             Mon 14 Aug 2023 11:01:38 +0000
ROA not before:           Mon 14 Aug 2023 11:01:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.40.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          89.213.43.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.45.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.178.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.159.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 17 Aug 2023 06:52:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f3:b5:64:6a:6c:5f:d5:6f:ce:e3:ec:d7:b6:a1:57:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 14 11:01:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b67425588c42d1a6faa31f1c3ad685b9b18f6558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0f:e6:e9:91:0f:15:ab:43:f5:4d:0e:7e:d3:
                    e2:33:b1:a2:05:e3:5f:37:f8:85:ff:8a:90:c9:83:
                    21:85:fc:7b:5e:c9:19:8b:22:86:f1:67:12:19:79:
                    00:39:41:c6:8f:db:21:3e:2e:bd:d9:7b:49:25:43:
                    a0:89:35:e0:ed:7d:19:04:d8:f3:94:7c:d7:b3:3f:
                    b1:9a:1b:41:2f:90:f7:7f:90:65:24:93:96:e0:c8:
                    ae:e9:ed:02:42:66:08:78:e0:3d:f1:a5:c9:62:be:
                    51:93:de:90:e2:aa:8a:63:0e:15:ce:a1:de:28:a4:
                    61:2a:c0:8d:5c:95:8b:e8:16:d3:62:86:d8:60:d4:
                    dc:4c:c8:52:e4:45:b3:72:1f:02:bc:a1:7b:d7:da:
                    b6:f8:ea:50:ca:2b:bc:1e:5a:e0:f7:ef:6e:ca:c1:
                    d2:da:2d:2a:59:c7:dc:b2:2f:f2:1b:98:e8:9a:52:
                    32:fc:d0:20:fc:a3:cf:e2:30:52:0c:dd:39:ff:0d:
                    b7:94:5f:d2:14:6e:dc:b7:48:a2:9f:93:5c:9a:96:
                    47:df:ce:19:e9:38:7e:c8:f5:e5:4c:6f:ac:77:12:
                    a0:7f:25:94:2b:c9:f3:9f:cd:44:50:ab:7d:fe:be:
                    68:09:1c:8e:e1:81:84:f5:20:0d:56:fd:19:e8:30:
                    c2:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:74:25:58:8C:42:D1:A6:FA:A3:1F:1C:3A:D6:85:B9:B1:8F:65:58
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tnQlWIxC0ab6ox8cOtaFubGPZVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0-82.153.250.255
                  89.213.5.0/24
                  89.213.40.0/21
                  89.213.133.0-89.213.134.255
                  89.213.136.0/24
                  89.213.139.0-89.213.141.255
                  89.213.146.0/24
                  89.213.148.0-89.213.155.255
                  89.213.157.0-89.213.160.255
                  89.213.162.0-89.213.164.255
                  89.213.168.0/23
                  89.213.172.0-89.213.189.255
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.240.0/24
                  109.176.242.0/23
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f9:0a:cc:ae:50:24:23:36:25:b6:d4:55:99:dd:50:ff:81:
         73:8c:cb:aa:a7:cc:c6:70:ab:84:b0:8d:e7:dc:41:79:58:f2:
         90:34:58:e5:ef:cc:20:86:dc:80:c0:4b:60:89:03:62:a7:cb:
         e9:e7:67:54:d0:99:55:39:2f:b4:f7:dc:ef:d6:af:dd:35:1b:
         35:8d:c4:bf:10:f7:6b:7e:6f:5e:90:18:d6:a4:11:a3:36:6b:
         49:3b:cc:6b:39:14:db:5a:14:bc:00:5b:cf:6e:b5:b6:17:b8:
         44:04:b6:7a:d1:c3:ee:1f:04:cc:fe:d9:5b:d0:a3:37:bc:57:
         59:43:c6:94:37:6e:b0:c5:28:f6:b6:e2:dc:be:fd:1f:92:2a:
         5a:5e:0f:ad:4f:46:3c:e8:66:fe:6f:ba:fd:fd:77:58:b9:00:
         63:fa:de:ca:b4:c7:f4:c8:d7:5a:ad:e0:d2:a3:1d:5f:01:55:
         f4:78:8b:29:00:7d:42:24:b4:fd:f6:53:d6:ab:94:9a:25:26:
         53:8d:b8:eb:34:38:e0:99:16:61:e6:37:f4:d6:94:50:06:cb:
         61:95:57:68:b0:cd:d4:fc:92:07:f3:bc:73:68:51:1e:44:2d:
         fd:37:a4:d7:2e:54:2a:eb:df:da:ab:93:d6:d8:d8:59:b3:6e:
         f7:d3:5e:0b
-----BEGIN CERTIFICATE-----
MIIGPTCCBSWgAwIBAgISAYnztWRqbF/Vb87j7Ne2oVcDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODE0MTEwMTM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc0MjU1ODhjNDJkMWE2ZmFhMzFmMWMzYWQ2ODViOWIxOGY2NTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQ/m6ZEPFatD9U0OftPiM7GiBeNf
N/iF/4qQyYMhhfx7XskZiyKG8WcSGXkAOUHGj9shPi692XtJJUOgiTXg7X0ZBNjz
lHzXsz+xmhtBL5D3f5BlJJOW4Miu6e0CQmYIeOA98aXJYr5Rk96Q4qqKYw4VzqHe
KKRhKsCNXJWL6BbTYobYYNTcTMhS5EWzch8CvKF719q2+OpQyiu8Hlrg9+9uysHS
2i0qWcfcsi/yG5jomlIy/NAg/KPP4jBSDN05/w23lF/SFG7ct0iin5NcmpZH384Z
6Th+yPXlTG+sdxKgfyWUK8nzn81EUKt9/r5oCRyO4YGE9SANVv0Z6DDCaQIDAQAB
o4IDSTCCA0UwHQYDVR0OBBYEFLZ0JViMQtGm+qMfHDrWhbmxj2VYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdG5RbFdJeEMwYWI2b3g4Y090YUZ1YkdQWlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBXQYIKwYBBQUHAQcBAf8EggFMMIIBSDCCAUQEAgABMIIB
PAMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwMAwDBABSmfkDBABSmfoDBABZ1QUDBANZ1SgwDAMEAFnV
hQMEAFnVhgMEAFnViDAMAwQAWdWLAwQBWdWMAwQAWdWSMAwDBAJZ1ZQDBAJZ1Zgw
DAMEAFnVnQMEAFnVoDAMAwQBWdWiAwQAWdWkAwQBWdWoMAwDBAJZ1awDBAFZ1bwD
BABtsNMDBANtsNgDBABtsPADBAFtsPIwDAMEAG2w9QMEAG2w9jAMAwQDbbD4AwQA
bbD6MAwDBAC5MX0DBAe5MQADBADVmCoDBADVmD0wDQYJKoZIhvcNAQELBQADggEB
AA/5CsyuUCQjNiW21FWZ3VD/gXOMy6qnzMZwq4SwjefcQXlY8pA0WOXvzCCG3IDA
S2CJA2Kny+nnZ1TQmVU5L7T33O/Wr901GzWNxL8Q92t+b16QGNakEaM2a0k7zGs5
FNtaFLwAW89utbYXuEQEtnrRw+4fBMz+2VvQoze8V1lDxpQ3brDFKPa24ty+/R+S
KlpeD61PRjzoZv5vuv39d1i5AGP63sq0x/TI11qt4NKjHV8BVfR4iykAfUIktP32
U9arlJolJlONuOs0OOCZFmHmN/TWlFAGy2GVV2iwzdT8kgfzvHNoUR5ELf03pNcu
VCrr39qrk9bY2FmzbvfTXgs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:32 2024 by rpki-client on console-ams.rpki-client.org