Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xCyLh79fT93tcJ-2NUGmj9l_2oE.roa
File:                     xCyLh79fT93tcJ-2NUGmj9l_2oE.roa (raw, json)
Hash identifier:          Ot5GqpZtRlh/+qMI1p0GzWdTRU8iHpjSxOX3XTNwpSI=
Subject key identifier:   C4:2C:8B:87:BF:5F:4F:DD:ED:70:9F:B6:35:41:A6:8F:D9:7F:DA:81
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F6211FC9EC68BCD31A4B69074C7ABA6F0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xCyLh79fT93tcJ-2NUGmj9l_2oE.roa
Signing time:             Fri 10 May 2024 10:34:56 +0000
ROA not before:           Fri 10 May 2024 10:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.54.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.163.21.0/24 maxlen: 24
                          89.213.98.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          109.176.201.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          194.105.80.0/20 maxlen: 20
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.130.156.0/24 maxlen: 24
                          213.210.59.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.227.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24
                          213.218.249.0/24 maxlen: 24
                          217.144.158.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 11 May 2024 21:05:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:11:fc:9e:c6:8b:cd:31:a4:b6:90:74:c7:ab:a6:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 10 10:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c42c8b87bf5f4fdded709fb63541a68fd97fda81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:9a:3e:1d:b8:8e:63:90:aa:c9:94:45:5d:55:
                    0e:46:31:47:c5:1c:bb:d6:d5:aa:1b:13:97:5f:4e:
                    2c:95:54:61:cb:6f:76:6e:e8:8e:f4:26:68:4f:97:
                    6d:e3:dd:aa:46:12:17:8a:5e:d2:88:90:4d:59:47:
                    84:04:9d:da:8e:c2:bf:60:6e:52:4b:c5:46:ee:1a:
                    64:a4:6e:4b:40:51:38:45:e1:c9:46:6d:d8:75:e7:
                    7b:9b:a1:d9:32:ec:94:12:cd:64:ed:cb:d5:22:90:
                    fa:5d:78:60:d7:0f:b5:7e:a1:16:db:0d:5f:f7:f2:
                    c2:72:43:fa:06:08:b1:4e:3d:b4:41:c6:29:4f:4a:
                    75:75:e0:25:fc:9a:e9:cc:72:58:ed:72:a4:45:4b:
                    89:e1:55:28:13:d6:e9:72:69:dc:a8:db:0b:12:8e:
                    91:94:5f:f1:07:46:8d:82:55:92:ac:6d:28:52:2b:
                    8d:c5:16:c0:f8:29:8b:ed:02:da:11:d6:3e:cd:3d:
                    d4:51:e1:20:3a:0a:08:c7:79:59:b0:e0:fa:c5:8a:
                    64:21:ad:06:81:25:05:38:b3:e1:59:2c:ca:57:57:
                    fb:84:ed:01:3f:ee:ae:00:df:88:ec:2c:88:3f:94:
                    3e:18:43:87:b0:ea:d5:8e:b1:71:c1:c2:b7:8d:e4:
                    6a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:2C:8B:87:BF:5F:4F:DD:ED:70:9F:B6:35:41:A6:8F:D9:7F:DA:81
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xCyLh79fT93tcJ-2NUGmj9l_2oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.54.0/24
                  82.152.176.0/23
                  82.153.50.0/24
                  82.153.136.0/22
                  82.163.21.0/24
                  89.213.98.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  109.176.16.0/21
                  109.176.201.0/24
                  185.49.126.0/23
                  194.105.80.0/20
                  213.130.130.0/24
                  213.130.149.0/24
                  213.130.156.0/24
                  213.210.59.0/24
                  213.218.210.0/23
                  213.218.213.0/24
                  213.218.227.0/24
                  213.218.231.0/24
                  213.218.249.0/24
                  217.144.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:2b:ac:cb:1b:64:d6:8e:cb:a0:fc:17:33:a9:bc:a1:15:42:
         22:81:c1:03:74:94:b3:82:91:37:8b:f4:26:bc:c4:4e:26:a7:
         a4:4c:8c:bd:c5:44:c0:26:23:2f:2e:ae:cf:9c:fa:25:48:de:
         a5:1d:b5:6a:aa:d8:1f:2e:48:23:00:76:26:23:fc:e2:a0:8e:
         41:06:e6:c1:ac:17:47:f8:0e:24:7c:15:5e:e0:39:5d:fa:d9:
         e2:02:18:7d:d9:70:ad:80:17:f7:43:61:02:10:4d:c4:b7:78:
         9a:0f:f5:1e:00:17:60:ac:5f:5d:5e:1d:67:dd:bc:94:c4:82:
         1b:45:ce:d9:0e:8d:16:44:19:c3:85:a8:a5:71:42:88:ed:99:
         1a:0a:0a:d1:20:29:be:5d:92:2c:c5:6e:90:c8:9c:27:9d:3f:
         3f:b6:23:60:d5:3e:97:c1:87:21:2a:3b:33:51:49:0d:13:20:
         b6:13:f7:36:af:64:49:3c:61:ac:3a:04:9f:e5:29:28:dc:50:
         7e:63:95:f9:3e:d0:e6:6b:25:c5:d2:1d:a6:d2:be:39:37:dc:
         11:8b:99:8f:f0:b0:16:2e:96:24:a8:51:d7:d2:11:0e:dd:88:
         ef:92:c7:66:b6:9d:7a:f1:27:ca:ec:d2:91:6b:31:7c:e6:25:
         02:12:5d:b4
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAY9iEfyexovNMaS2kHTHq6bwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTEwMTAzNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDJjOGI4N2JmNWY0ZmRkZWQ3MDlmYjYzNTQxYTY4ZmQ5N2ZkYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Zo+HbiOY5CqyZRFXVUORjFHxRy7
1tWqGxOXX04slVRhy292buiO9CZoT5dt492qRhIXil7SiJBNWUeEBJ3ajsK/YG5S
S8VG7hpkpG5LQFE4ReHJRm3Yded7m6HZMuyUEs1k7cvVIpD6XXhg1w+1fqEW2w1f
9/LCckP6BgixTj20QcYpT0p1deAl/JrpzHJY7XKkRUuJ4VUoE9bpcmncqNsLEo6R
lF/xB0aNglWSrG0oUiuNxRbA+CmL7QLaEdY+zT3UUeEgOgoIx3lZsOD6xYpkIa0G
gSUFOLPhWSzKV1f7hO0BP+6uAN+I7CyIP5Q+GEOHsOrVjrFxwcK3jeRqbQIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFMQsi4e/X0/d7XCftjVBpo/Zf9qBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveEN5TGg3OWZUOTN0Y0otMk5VR21qOWxfMm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBABS
mDYDBAFSmLADBABSmTIDBAJSmYgDBABSoxUDBABZ1WIwDAMEAlnVlAMEBVnVgAME
AlnVrAMEA22wEAMEAG2wyQMEAbkxfgMEBMJpUAMEANWCggMEANWClQMEANWCnAME
ANXSOwMEAdXa0gMEANXa1QMEANXa4wMEANXa5wMEANXa+QMEANmQnjANBgkqhkiG
9w0BAQsFAAOCAQEAhiusyxtk1o7LoPwXM6m8oRVCIoHBA3SUs4KRN4v0JrzETian
pEyMvcVEwCYjLy6uz5z6JUjepR21aqrYHy5IIwB2JiP84qCOQQbmwawXR/gOJHwV
XuA5XfrZ4gIYfdlwrYAX90NhAhBNxLd4mg/1HgAXYKxfXV4dZ928lMSCG0XO2Q6N
FkQZw4WopXFCiO2ZGgoK0SApvl2SLMVukMicJ50/P7YjYNU+l8GHISo7M1FJDRMg
thP3Nq9kSTxhrDoEn+UpKNxQfmOV+T7Q5mslxdIdptK+OTfcEYuZj/CwFi6WJKhR
19IRDt2I75LHZradevEnyuzSkWsxfOYlAhJdtA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org