Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wcxK70ENrvnxBWPC5uxGb_40lc8.roa
File:                     wcxK70ENrvnxBWPC5uxGb_40lc8.roa (raw, json)
Hash identifier:          uU//QXbxLwTEF7nwbj+bgbCZszNJNfe63nwewoOJ1VY=
Subject key identifier:   C1:CC:4A:EF:41:0D:AE:F9:F1:05:63:C2:E6:EC:46:6F:FE:34:95:CF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018B481E6F61CBB002C8363F2A68BEC686F4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wcxK70ENrvnxBWPC5uxGb_40lc8.roa
Signing time:             Thu 19 Oct 2023 13:27:15 +0000
ROA not before:           Thu 19 Oct 2023 13:27:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.140.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.67.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.135.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.137.0/24 maxlen: 24
                          89.213.138.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.250.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          213.152.62.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:48:1e:6f:61:cb:b0:02:c8:36:3f:2a:68:be:c6:86:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 19 13:27:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c1cc4aef410daef9f10563c2e6ec466ffe3495cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b0:75:7d:11:5c:9a:df:57:6c:12:b9:d3:7a:
                    a4:b5:73:4d:8f:00:27:b8:b9:3f:ac:05:4a:29:9f:
                    91:3e:ca:4a:e9:d3:45:fb:d8:15:37:8a:22:2b:d6:
                    81:49:87:7d:0b:9f:59:4a:2b:91:b1:cf:a8:45:a0:
                    9a:4a:b6:e8:8d:16:24:fa:c2:a1:a8:5c:43:f7:68:
                    23:0d:cd:88:74:50:45:e8:2c:f9:38:89:a5:bd:c5:
                    f8:45:cb:38:51:56:97:c4:7a:6d:60:56:84:e5:30:
                    a7:52:b8:57:d7:e5:e2:7d:bf:46:52:1c:7d:5d:b2:
                    03:74:11:98:17:52:35:4c:7f:51:17:6d:ac:81:53:
                    60:de:14:4d:34:ed:9f:09:32:34:36:42:ad:ec:69:
                    ac:53:63:c4:7d:c2:58:9e:56:06:35:0f:11:10:a6:
                    a2:d5:68:82:87:49:2b:55:76:c8:d8:35:19:c5:1f:
                    d8:81:17:ef:04:30:06:3a:2c:a3:69:eb:d2:1e:27:
                    69:14:7c:a1:7b:38:72:81:44:ac:c6:d1:47:77:af:
                    4f:1b:be:52:c6:55:e1:1a:a3:d2:a9:5b:c2:f1:1a:
                    4d:e0:75:44:b9:20:34:c0:64:da:32:c1:2c:54:8f:
                    30:97:97:d2:29:9d:48:27:2c:69:5d:98:1f:d8:23:
                    cc:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:CC:4A:EF:41:0D:AE:F9:F1:05:63:C2:E6:EC:46:6F:FE:34:95:CF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wcxK70ENrvnxBWPC5uxGb_40lc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  82.152.111.0/24
                  82.152.250.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.67.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.137.0/24
                  82.153.139.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.240.0/24
                  82.153.248.0/24
                  82.153.250.0/24
                  89.213.133.0-89.213.138.255
                  89.213.141.0/24
                  89.213.153.0/24
                  89.213.160.0/24
                  89.213.163.0-89.213.164.255
                  89.213.168.0/24
                  89.213.170.0/24
                  89.213.184.0/23
                  89.213.188.0/23
                  109.176.209.0/24
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.249.0-109.176.250.255
                  185.49.125.0/24
                  213.152.61.0-213.152.62.255

    Signature Algorithm: sha256WithRSAEncryption
         a2:b6:4a:fe:d7:22:29:04:28:1b:a0:61:5f:de:78:5c:fe:60:
         4c:cb:6b:6e:00:a4:3c:4a:07:34:ff:9f:07:66:fd:f0:c7:b9:
         3e:89:01:f8:36:34:f3:3a:27:b7:f7:14:1b:a8:66:8f:26:66:
         e0:d0:2f:c4:fd:04:86:e0:8a:e9:e5:66:4d:e4:88:05:7c:1c:
         73:f1:eb:ae:58:1b:d0:16:24:0f:35:64:80:5f:90:a0:44:d3:
         63:79:70:12:4c:d0:66:97:d4:fc:3c:62:9e:57:58:93:bb:11:
         84:c3:da:c3:99:43:9f:69:b1:9c:5b:f1:c8:9f:21:a7:9c:f8:
         ac:a6:67:66:5e:d1:79:72:e9:dd:70:1b:16:f9:55:f1:c4:9f:
         4b:63:9e:b2:19:2a:05:a9:33:75:64:5a:40:4a:11:83:ea:c3:
         b7:25:a5:42:56:60:71:ec:9f:e0:1b:8e:97:7d:13:b7:25:c1:
         91:83:cf:f7:c3:f8:6d:ca:89:60:c8:d2:ec:b1:65:13:30:a2:
         bd:de:b0:92:74:2d:7e:26:9a:9e:1a:cf:7e:a8:5a:dd:ec:f6:
         14:c8:5a:12:4d:39:f7:91:39:0d:65:ee:2f:8c:7e:84:3d:49:
         72:49:7d:30:d0:ad:ea:e3:ea:e2:0d:9e:1d:e8:1c:68:02:e2:
         b3:f0:12:4f
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAYtIHm9hy7ACyDY/Kmi+xob0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDE5MTMyNzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWNjNGFlZjQxMGRhZWY5ZjEwNTYzYzJlNmVjNDY2ZmZlMzQ5NWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurB1fRFcmt9XbBK503qktXNNjwAn
uLk/rAVKKZ+RPspK6dNF+9gVN4oiK9aBSYd9C59ZSiuRsc+oRaCaSrbojRYk+sKh
qFxD92gjDc2IdFBF6Cz5OImlvcX4Rcs4UVaXxHptYFaE5TCnUrhX1+Xifb9GUhx9
XbIDdBGYF1I1TH9RF22sgVNg3hRNNO2fCTI0NkKt7GmsU2PEfcJYnlYGNQ8REKai
1WiCh0krVXbI2DUZxR/YgRfvBDAGOiyjaevSHidpFHyhezhygUSsxtFHd69PG75S
xlXhGqPSqVvC8RpN4HVEuSA0wGTaMsEsVI8wl5fSKZ1IJyxpXZgf2CPMUwIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFMHMSu9BDa758QVjwubsRm/+NJXPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd2N4SzcwRU5ydm54QldQQzV1eEdiXzQwbGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB6QQCAAEwgeIDBABR
BZwDBABRqCkDBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABSmUkDBABS
mU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AMEAFKZ+AME
AFKZ+jAMAwQAWdWFAwQAWdWKAwQAWdWNAwQAWdWZAwQAWdWgMAwDBABZ1aMDBABZ
1aQDBABZ1agDBABZ1aoDBAFZ1bgDBAFZ1bwDBABtsNEDBABtsNMDBANtsNgwDAME
AG2w+QMEAG2w+gMEALkxfTAMAwQA1Zg9AwQA1Zg+MA0GCSqGSIb3DQEBCwUAA4IB
AQCitkr+1yIpBCgboGFf3nhc/mBMy2tuAKQ8Sgc0/58HZv3wx7k+iQH4NjTzOie3
9xQbqGaPJmbg0C/E/QSG4Irp5WZN5IgFfBxz8euuWBvQFiQPNWSAX5CgRNNjeXAS
TNBml9T8PGKeV1iTuxGEw9rDmUOfabGcW/HInyGnnPispmdmXtF5cundcBsW+VXx
xJ9LY56yGSoFqTN1ZFpAShGD6sO3JaVCVmBx7J/gG46XfRO3JcGRg8/3w/htyolg
yNLssWUTMKK93rCSdC1+JpqeGs9+qFrd7PYUyFoSTTn3kTkNZe4vjH6EPUlySX0w
0K3q4+riDZ4d6BxoAuKz8BJP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org