Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vOYq-IR16pr2gQJDUM3vBb0pDZQ.roa
File:                     vOYq-IR16pr2gQJDUM3vBb0pDZQ.roa (raw, json)
Hash identifier:          uj4sJIWesYo3bpQ9tXsjBE1+tUq8DQ9hsBXor05LFNw=
Subject key identifier:   BC:E6:2A:F8:84:75:EA:9A:F6:81:02:43:50:CD:EF:05:BD:29:0D:94
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F43B529243CF6901BF161752E0C221D45
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vOYq-IR16pr2gQJDUM3vBb0pDZQ.roa
Signing time:             Sat 04 May 2024 13:04:56 +0000
ROA not before:           Sat 04 May 2024 13:04:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          82.163.15.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          212.38.74.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
                          212.38.84.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 05 May 2024 18:04:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:43:b5:29:24:3c:f6:90:1b:f1:61:75:2e:0c:22:1d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  4 13:04:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bce62af88475ea9af681024350cdef05bd290d94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:35:b0:53:67:29:6d:7d:81:17:d2:cb:06:92:
                    31:8e:96:13:ac:db:d3:e0:32:b4:15:81:3b:f8:6f:
                    2b:c5:be:db:c0:77:0c:ea:0e:77:2e:47:7e:ac:6e:
                    3c:1c:09:3a:c5:ec:97:cd:6c:8b:ff:40:d0:0a:29:
                    fb:aa:dc:8a:da:10:99:b4:65:40:b8:77:41:4e:85:
                    18:f9:90:d3:0b:7e:06:ab:55:d2:bd:df:65:9c:4a:
                    80:bf:bd:8d:ac:33:14:1c:93:1f:8e:cf:4d:54:c3:
                    fa:84:be:48:e8:3f:d1:64:c9:e4:eb:bb:f3:9d:8c:
                    7a:14:fe:f8:34:23:2a:00:20:6b:bf:b6:f5:0a:75:
                    f7:7b:78:80:48:1d:e6:0e:17:fa:16:4a:bc:c0:6b:
                    42:01:aa:9a:77:cc:02:9a:96:4d:6b:d5:bc:6c:de:
                    98:d6:44:f4:22:9e:0d:82:78:73:cb:1f:64:93:db:
                    af:2a:0c:cf:46:b2:84:6b:11:4e:4e:62:86:14:af:
                    34:a7:37:6e:e4:4a:82:a5:37:30:a5:89:b9:d0:1f:
                    a1:4a:e9:e5:5d:e2:b8:7f:be:13:27:9c:af:05:0e:
                    57:43:5d:fd:34:da:c2:20:f4:7e:ba:5f:98:69:f0:
                    1c:7c:5e:2e:fa:3d:5b:2e:24:c6:aa:27:35:e9:04:
                    b7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E6:2A:F8:84:75:EA:9A:F6:81:02:43:50:CD:EF:05:BD:29:0D:94
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vOYq-IR16pr2gQJDUM3vBb0pDZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  82.163.15.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  185.49.126.0/23
                  194.105.80.0/20
                  212.38.74.0/24
                  212.38.79.0/24
                  212.38.84.0/24
                  213.130.149.0/24
                  213.218.210.0/23
                  213.218.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:29:fd:d5:da:c6:27:e9:ec:46:4b:dd:4f:9f:ed:0a:4c:25:
         12:33:19:cd:b0:02:1f:27:37:06:6c:73:31:d8:15:98:07:a1:
         a6:e2:00:65:35:80:17:d0:fc:86:53:61:52:65:32:47:84:03:
         31:6c:45:a4:47:2d:64:ae:28:f2:e4:eb:dc:86:fe:3b:fc:8d:
         5c:20:d1:bc:ca:d8:16:1a:f5:a6:fc:0a:9c:8b:b8:3e:e3:a4:
         ee:a5:bc:27:31:b3:1c:28:82:7a:61:82:38:a5:11:cb:d9:45:
         39:15:89:1a:e5:d1:af:6c:6d:4e:66:fe:54:65:e8:29:8a:48:
         5a:b5:c8:ac:cb:11:d1:42:da:3b:0d:71:a5:6f:9d:c3:e5:1a:
         0e:46:52:f1:b3:90:0a:68:c6:f7:3e:2a:93:b0:e2:48:f4:cd:
         10:82:2a:58:4f:6f:54:4c:50:91:f8:38:62:40:ff:bd:67:f1:
         ba:17:8f:25:73:81:92:b9:d7:e6:6d:2c:58:b9:db:79:42:fa:
         f5:c8:db:c5:e7:30:2f:aa:b8:0d:c8:f0:19:cd:5f:c6:ac:f8:
         49:0e:0c:2e:9f:86:9d:1f:6f:61:45:c4:d8:f9:e9:82:c2:9c:
         b9:b5:97:d0:fe:9b:dd:84:43:5f:a6:b1:4d:5f:54:a9:e3:74:
         71:be:42:6d
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAY9DtSkkPPaQG/FhdS4MIh1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA0MTMwNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2U2MmFmODg0NzVlYTlhZjY4MTAyNDM1MGNkZWYwNWJkMjkwZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzWwU2cpbX2BF9LLBpIxjpYTrNvT
4DK0FYE7+G8rxb7bwHcM6g53Lkd+rG48HAk6xeyXzWyL/0DQCin7qtyK2hCZtGVA
uHdBToUY+ZDTC34Gq1XSvd9lnEqAv72NrDMUHJMfjs9NVMP6hL5I6D/RZMnk67vz
nYx6FP74NCMqACBrv7b1CnX3e3iASB3mDhf6Fkq8wGtCAaqad8wCmpZNa9W8bN6Y
1kT0Ip4Ngnhzyx9kk9uvKgzPRrKEaxFOTmKGFK80pzdu5EqCpTcwpYm50B+hSunl
XeK4f74TJ5yvBQ5XQ139NNrCIPR+ul+YafAcfF4u+j1bLiTGqic16QS3bQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFLzmKviEdeqa9oECQ1DN7wW9KQ2UMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdk9ZcS1JUjE2cHIyZ1FKRFVNM3ZCYjBwRFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAEwbgMEAFGofgME
AVKYsAMEAlKZiAMEAFKZ9QMEAFKjDzAMAwQCWdWUAwQFWdWAAwQCWdWsAwQAWdW0
AwQDbbAQAwQBuTF+AwQEwmlQAwQA1CZKAwQA1CZPAwQA1CZUAwQA1YKVAwQB1drS
AwQA1drVMA0GCSqGSIb3DQEBCwUAA4IBAQApKf3V2sYn6exGS91Pn+0KTCUSMxnN
sAIfJzcGbHMx2BWYB6Gm4gBlNYAX0PyGU2FSZTJHhAMxbEWkRy1krijy5Ovchv47
/I1cING8ytgWGvWm/Aqci7g+46TupbwnMbMcKIJ6YYI4pRHL2UU5FYka5dGvbG1O
Zv5UZegpikhatcisyxHRQto7DXGlb53D5RoORlLxs5AKaMb3PiqTsOJI9M0QgipY
T29UTFCR+DhiQP+9Z/G6F48lc4GSudfmbSxYudt5Qvr1yNvF5zAvqrgNyPAZzV/G
rPhJDgwun4adH29hRcTY+emCwpy5tZfQ/pvdhENfprFNX1Sp43RxvkJt
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:32 2024 by rpki-client on console-ams.rpki-client.org