Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xIByoRw7dV--Ij7WeMERtJUE100.roa
File:                     xIByoRw7dV--Ij7WeMERtJUE100.roa (raw, json)
Hash identifier:          coZwRM6elzQ2W4ZIbXyokdhBc0njqgyIEdB1/6Fo8wk=
Subject key identifier:   C4:80:72:A1:1C:3B:75:5F:BE:22:3E:D6:78:C1:11:B4:95:04:D7:4D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018945AB74391359372ABD0D6F7B4F5D108A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xIByoRw7dV--Ij7WeMERtJUE100.roa
Signing time:             Tue 11 Jul 2023 15:56:51 +0000
ROA not before:           Tue 11 Jul 2023 15:56:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.242.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 12 Jul 2023 14:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:45:ab:74:39:13:59:37:2a:bd:0d:6f:7b:4f:5d:10:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 11 15:56:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c48072a11c3b755fbe223ed678c111b49504d74d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:94:99:b6:1f:9f:a8:8d:3e:0e:af:7c:46:0e:
                    d0:ed:0e:44:60:f3:bf:0c:c6:8e:c7:48:d6:38:43:
                    ee:ce:59:a0:27:ec:90:2f:e4:29:23:b4:93:ba:47:
                    09:23:1c:fe:5f:01:69:84:4a:6a:3b:df:95:bb:6e:
                    a0:0b:4c:2a:ad:23:16:cc:ba:3a:1e:b2:9f:fd:f8:
                    26:b0:4c:f2:51:08:0d:0c:bd:b6:ff:ef:23:2a:ac:
                    06:95:ff:1a:fc:28:25:71:65:3d:6c:a6:9b:5a:0b:
                    a8:85:e3:1c:56:39:90:11:16:08:66:c2:9d:58:77:
                    e1:13:cc:f1:87:7c:69:56:4e:40:87:de:16:39:f9:
                    32:9d:93:d6:f2:2b:10:95:e8:e6:e0:c3:08:9e:4e:
                    fc:97:c9:04:50:c3:1b:40:dd:6b:2d:b9:17:a3:82:
                    24:37:04:d4:e0:0d:65:f4:22:73:35:70:07:77:d8:
                    42:d2:3e:4b:17:e8:20:d3:a5:0a:64:df:c9:b9:5b:
                    8d:f6:5b:c1:78:d2:f3:10:91:87:34:54:b3:3e:5e:
                    df:54:49:00:ca:5b:60:9d:ed:93:98:21:b9:8a:19:
                    55:c9:75:78:c7:4f:46:b3:58:fd:0d:02:7b:70:77:
                    2e:e3:ba:24:b7:e8:90:28:fa:90:99:06:58:9b:fc:
                    e6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:80:72:A1:1C:3B:75:5F:BE:22:3E:D6:78:C1:11:B4:95:04:D7:4D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xIByoRw7dV--Ij7WeMERtJUE100.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:96:d0:b3:c4:59:f2:51:47:63:5c:49:d4:94:1a:19:fb:e5:
         61:55:bc:26:00:1f:11:d3:2e:e4:e6:d8:54:da:5a:18:20:93:
         1d:06:ec:88:9f:f9:c4:80:34:f1:83:01:2b:0c:c0:43:58:14:
         c5:b9:d9:f1:6b:66:d6:72:d3:ed:f6:59:79:c5:8a:32:69:d8:
         bb:cf:d5:ac:77:63:9e:ef:04:b4:66:56:0f:af:54:b5:71:fe:
         6a:36:18:05:f7:c7:d9:98:73:27:05:ff:09:d8:d6:22:39:28:
         37:7c:b5:a8:27:43:ad:56:27:3a:a6:f1:47:db:0e:97:71:6e:
         2c:48:5d:ee:25:ba:0d:7f:22:dd:dd:14:99:ce:cd:93:64:37:
         ae:46:2d:5c:5c:70:21:05:84:e6:14:fb:84:a5:51:ee:fb:71:
         b2:5a:c5:5c:5d:d0:ff:48:7d:98:a2:80:d3:9f:a6:f9:cb:2a:
         2d:59:5d:d4:83:d4:f4:20:a3:e8:2c:f6:4b:44:52:b9:d8:ac:
         af:4a:56:f7:55:44:eb:b8:f2:57:20:b3:6c:d8:9f:8a:ba:19:
         82:05:39:36:ce:ac:17:9c:86:ad:17:b2:1e:ec:0b:87:bc:e2:
         73:d4:32:72:c9:b6:89:f4:1a:44:80:12:92:07:b7:3b:49:a3:
         9b:43:00:60
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYlFq3Q5E1k3Kr0Nb3tPXRCKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzExMTU1NjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDgwNzJhMTFjM2I3NTVmYmUyMjNlZDY3OGMxMTFiNDk1MDRkNzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ZSZth+fqI0+Dq98Rg7Q7Q5EYPO/
DMaOx0jWOEPuzlmgJ+yQL+QpI7STukcJIxz+XwFphEpqO9+Vu26gC0wqrSMWzLo6
HrKf/fgmsEzyUQgNDL22/+8jKqwGlf8a/CglcWU9bKabWguoheMcVjmQERYIZsKd
WHfhE8zxh3xpVk5Ah94WOfkynZPW8isQlejm4MMInk78l8kEUMMbQN1rLbkXo4Ik
NwTU4A1l9CJzNXAHd9hC0j5LF+gg06UKZN/JuVuN9lvBeNLzEJGHNFSzPl7fVEkA
yltgne2TmCG5ihlVyXV4x09Gs1j9DQJ7cHcu47okt+iQKPqQmQZYm/zmLwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMSAcqEcO3VfviI+1njBEbSVBNdNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveElCeW9SdzdkVi0tSWo3V2VNRVJ0SlVFMTAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphsAwQAUphvAwQBUpj8AwQAUplJAwQCUpmIAwQAUpnfAwQA
UpnyAwQAUpn2AwQBUpn4MA0GCSqGSIb3DQEBCwUAA4IBAQBdltCzxFnyUUdjXEnU
lBoZ++VhVbwmAB8R0y7k5thU2loYIJMdBuyIn/nEgDTxgwErDMBDWBTFudnxa2bW
ctPt9ll5xYoyadi7z9Wsd2Oe7wS0ZlYPr1S1cf5qNhgF98fZmHMnBf8J2NYiOSg3
fLWoJ0OtVic6pvFH2w6XcW4sSF3uJboNfyLd3RSZzs2TZDeuRi1cXHAhBYTmFPuE
pVHu+3GyWsVcXdD/SH2YooDTn6b5yyotWV3Ug9T0IKPoLPZLRFK52KyvSlb3VUTr
uPJXILNs2J+KuhmCBTk2zqwXnIatF7Ie7AuHvOJz1DJyybaJ9BpEgBKSB7c7SaOb
QwBg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:32 2024 by rpki-client on console-ams.rpki-client.org