Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wLqXDZrQT74W1kQ89NTkXvVBiSw.roa
File:                     wLqXDZrQT74W1kQ89NTkXvVBiSw.roa (raw, json)
Hash identifier:          GLTJNQr0P8nYBNOxA5ssM4U+EbPJ7YKKHXYLxxGVHaI=
Subject key identifier:   C0:BA:97:0D:9A:D0:4F:BE:16:D6:44:3C:F4:D4:E4:5E:F5:41:89:2C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01885337C8BD82457038737F6386063CDEEA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wLqXDZrQT74W1kQ89NTkXvVBiSw.roa
Signing time:             Thu 25 May 2023 14:02:24 +0000
ROA not before:           Thu 25 May 2023 14:02:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.65.0/24 maxlen: 24
                          82.153.70.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.153.208.0/24 maxlen: 24
                          82.153.209.0/24 maxlen: 24
                          82.153.210.0/24 maxlen: 24
                          82.153.211.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 May 2023 15:52:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:53:37:c8:bd:82:45:70:38:73:7f:63:86:06:3c:de:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 25 14:02:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c0ba970d9ad04fbe16d6443cf4d4e45ef541892c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d3:6f:8d:e6:79:a8:b7:d1:e8:f3:1a:ae:89:
                    4d:84:5e:04:d9:22:19:08:ea:f4:ba:8e:bc:47:7f:
                    5d:eb:1f:d7:5f:21:8d:0a:9f:be:8f:aa:d5:71:6f:
                    a7:72:e6:7d:7a:1b:78:9c:c4:09:1b:7f:7d:89:c7:
                    33:dc:54:84:8e:fa:50:a9:80:1a:77:bd:96:70:5f:
                    3a:80:fa:69:b1:63:5a:a4:fa:18:da:7c:15:3a:a0:
                    a7:b1:ae:33:cf:e6:6d:15:8a:17:41:e0:bd:8e:c1:
                    60:2c:98:46:4d:e5:c2:08:97:00:c7:6c:16:6b:db:
                    13:ca:82:b8:ce:a0:17:a1:07:d9:74:d1:72:9d:ce:
                    d1:72:4a:99:82:26:1c:f5:ef:bd:14:74:54:ef:22:
                    25:81:53:9c:1c:ec:cc:79:f5:45:12:b9:85:d8:ad:
                    6c:4d:ae:99:9d:d5:b7:b2:70:ef:23:7c:f1:d4:ca:
                    6a:66:f7:42:87:4b:03:dc:16:6a:7e:33:18:90:01:
                    d6:40:de:18:c0:65:76:b6:ce:b6:84:cb:b5:68:b3:
                    ea:71:27:a9:ad:da:67:07:42:90:cc:86:88:3a:9d:
                    89:91:5b:cb:63:52:ae:f6:08:67:1e:85:89:f5:3d:
                    6b:98:26:7e:e6:84:c9:9d:1d:c6:53:9a:0c:9b:3e:
                    f2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:BA:97:0D:9A:D0:4F:BE:16:D6:44:3C:F4:D4:E4:5E:F5:41:89:2C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wLqXDZrQT74W1kQ89NTkXvVBiSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.253.0-82.152.255.255
                  82.153.4.0/24
                  82.153.64.0/23
                  82.153.70.0/24
                  82.153.73.0/24
                  82.153.208.0/22
                  82.153.222.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:ef:b7:89:45:e4:0f:25:1f:e3:a9:7f:09:38:c3:fa:d6:fa:
         8a:3f:a8:ed:2f:86:6a:9b:82:49:6e:ec:b1:3a:a8:50:7b:14:
         03:0a:cd:16:41:0f:86:85:b5:15:ff:c0:9b:02:87:98:dd:a0:
         29:89:5e:93:5d:5e:17:25:e7:af:36:02:c2:34:e1:92:38:5a:
         15:da:de:ce:4f:92:2b:95:35:c8:24:05:69:fb:58:06:2f:b3:
         46:be:08:c4:24:99:50:d3:ed:dd:d5:a8:41:8a:f8:6b:70:52:
         cb:75:17:71:9e:2c:67:db:ab:0c:3e:7f:65:06:5a:18:1d:40:
         5b:7d:c7:c8:cd:62:99:00:8a:cc:61:df:e8:82:3d:b3:1d:2e:
         7c:dc:35:62:02:de:37:06:2d:a9:6c:6a:d3:a0:01:cf:e3:60:
         fd:66:e2:fc:aa:12:73:02:33:f2:57:fd:b8:f9:28:e2:fa:8b:
         89:ea:5f:bf:4e:ed:5e:2f:d2:5f:84:f6:e0:a2:7f:0b:df:79:
         bc:44:8e:5a:09:f1:73:2f:5e:41:b2:71:89:a8:b9:65:21:e0:
         6d:59:58:e1:c9:1f:fe:b9:58:a3:23:09:fd:35:6a:77:00:d9:
         c8:35:40:b1:aa:4c:d4:b2:25:af:4c:64:cd:74:a5:1e:56:a2:
         2f:6d:b2:c3
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYhTN8i9gkVwOHN/Y4YGPN7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTI1MTQwMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGJhOTcwZDlhZDA0ZmJlMTZkNjQ0M2NmNGQ0ZTQ1ZWY1NDE4OTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9NvjeZ5qLfR6PMarolNhF4E2SIZ
COr0uo68R39d6x/XXyGNCp++j6rVcW+ncuZ9eht4nMQJG399iccz3FSEjvpQqYAa
d72WcF86gPppsWNapPoY2nwVOqCnsa4zz+ZtFYoXQeC9jsFgLJhGTeXCCJcAx2wW
a9sTyoK4zqAXoQfZdNFync7RckqZgiYc9e+9FHRU7yIlgVOcHOzMefVFErmF2K1s
Ta6ZndW3snDvI3zx1MpqZvdCh0sD3BZqfjMYkAHWQN4YwGV2ts62hMu1aLPqcSep
rdpnB0KQzIaIOp2JkVvLY1Ku9ghnHoWJ9T1rmCZ+5oTJnR3GU5oMmz7ySwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFMC6lw2a0E++FtZEPPTU5F71QYksMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd0xxWERaclFUNzRXMWtRODlOVGtYdlZCaVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAATBbAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj5AwQAUpj7MAsDBABSmP0DAwBSmAMEAFKZBAMEAVKZQAME
AFKZRgMEAFKZSQMEAlKZ0AMEAFKZ3gMEAFKZ9gMEAVKZ+DANBgkqhkiG9w0BAQsF
AAOCAQEAc++3iUXkDyUf46l/CTjD+tb6ij+o7S+GapuCSW7ssTqoUHsUAwrNFkEP
hoW1Ff/AmwKHmN2gKYlek11eFyXnrzYCwjThkjhaFdrezk+SK5U1yCQFaftYBi+z
Rr4IxCSZUNPt3dWoQYr4a3BSy3UXcZ4sZ9urDD5/ZQZaGB1AW33HyM1imQCKzGHf
6II9sx0ufNw1YgLeNwYtqWxq06ABz+Ng/Wbi/KoScwIz8lf9uPko4vqLiepfv07t
Xi/SX4T24KJ/C995vESOWgnxcy9eQbJxiai5ZSHgbVlY4ckf/rlYoyMJ/TVqdwDZ
yDVAsapM1LIlr0xkzXSlHlaiL22yww==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:32 2024 by rpki-client on console-ams.rpki-client.org