Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xW7ym08ypq-SIRnv2LzbcLubZrg.roa
File:                     xW7ym08ypq-SIRnv2LzbcLubZrg.roa (raw, json)
Hash identifier:          a8pltWy1kQoL7czAC5IPuhn4CmlPl6YlUQhA8/iXCDY=
Subject key identifier:   C5:6E:F2:9B:4F:32:A6:AF:92:21:19:EF:D8:BC:DB:70:BB:9B:66:B8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189D4A1C2F10C1BCA16C26907C340469B3E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xW7ym08ypq-SIRnv2LzbcLubZrg.roa
Signing time:             Tue 08 Aug 2023 10:11:58 +0000
ROA not before:           Tue 08 Aug 2023 10:11:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.214.0/24 maxlen: 24
                          109.176.215.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.47.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.212.0/24 maxlen: 24
                          109.176.213.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 08 Aug 2023 11:21:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d4:a1:c2:f1:0c:1b:ca:16:c2:69:07:c3:40:46:9b:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  8 10:11:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c56ef29b4f32a6af922119efd8bcdb70bb9b66b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2e:60:d9:c3:7a:5d:2b:dc:9a:c4:d8:a0:72:
                    4d:ec:51:30:0d:66:14:96:10:10:4d:f7:49:ec:ff:
                    52:8c:3f:c5:5c:69:6f:ea:45:26:47:23:b1:db:a3:
                    30:54:66:66:f3:b9:e4:a1:4b:2d:bc:66:87:79:a2:
                    5f:80:8b:f5:68:f5:fb:33:d9:23:18:60:ef:b0:ab:
                    4c:64:06:39:c5:f3:57:c4:a9:57:4d:65:01:e3:7e:
                    e8:ef:7e:a9:a8:3c:e5:d0:b5:87:84:bd:89:14:76:
                    ce:1e:14:26:b0:f2:6c:a2:59:c2:48:8c:b3:ed:b7:
                    81:07:5e:11:aa:ab:db:74:ef:6d:96:70:37:5f:13:
                    41:61:b2:ee:07:b1:56:2b:b1:03:1a:70:45:db:af:
                    3c:c8:2b:23:ff:f2:56:e5:98:0c:cf:53:58:20:92:
                    b3:32:0e:80:57:2c:1a:72:ea:85:cd:34:2e:cc:48:
                    bf:c6:7f:1c:01:1b:0c:b3:de:c8:8a:6a:1b:d6:6d:
                    92:44:4c:9b:f4:b1:e0:72:75:c8:d2:5c:b8:c5:32:
                    73:c2:79:bb:fb:7a:90:0b:7c:cf:1b:06:ca:b6:30:
                    9e:8c:02:c7:8c:6e:bb:ad:69:01:84:7a:c1:0f:58:
                    b6:86:14:44:10:8e:10:75:70:71:96:70:3b:ef:ed:
                    c3:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:6E:F2:9B:4F:32:A6:AF:92:21:19:EF:D8:BC:DB:70:BB:9B:66:B8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xW7ym08ypq-SIRnv2LzbcLubZrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.5.0/24
                  89.213.41.0-89.213.42.255
                  89.213.44.0/24
                  89.213.46.0/23
                  89.213.136.0/24
                  89.213.139.0-89.213.141.255
                  89.213.146.0/24
                  89.213.148.0-89.213.152.255
                  89.213.154.0/23
                  89.213.157.0-89.213.158.255
                  89.213.160.0/24
                  89.213.162.0-89.213.164.255
                  89.213.168.0/23
                  89.213.173.0-89.213.177.255
                  89.213.179.0-89.213.182.255
                  89.213.184.0-89.213.189.255
                  109.176.211.0-109.176.223.255
                  109.176.240.0/24
                  109.176.242.0/23
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:14:25:b0:05:b6:c2:4b:77:00:c1:9d:68:ab:00:40:dc:8c:
         8e:17:f4:71:12:57:25:a8:30:2c:09:b2:f0:00:8a:9f:70:66:
         9a:85:2d:eb:e5:d6:3d:a5:ac:4a:58:4c:2f:b6:5b:bb:17:c6:
         36:4c:c3:6d:b0:3e:16:4d:39:2e:40:7d:72:d4:de:5b:a2:cc:
         2b:c2:36:75:59:df:1d:6e:97:7c:62:37:76:7d:de:37:cb:35:
         d4:f1:93:80:78:d0:32:e6:d1:cb:b4:62:df:b3:80:c0:cf:ab:
         33:69:9b:a9:95:a6:96:5d:43:63:9d:51:c9:52:9e:c4:00:c3:
         b9:89:3a:f4:81:2b:dc:69:c2:58:27:7d:d6:db:69:87:33:41:
         53:9b:7e:9b:74:6f:b4:e5:6e:c2:6f:44:bb:43:6a:f3:16:ce:
         f6:2b:30:fa:9d:9d:cc:2c:dd:53:e7:49:2a:68:42:81:5f:d2:
         b2:c7:71:22:57:e7:0b:71:6f:40:b0:0d:58:6b:d4:99:7d:ad:
         01:65:65:38:9b:c1:b2:86:b9:7c:5a:1d:b8:87:7f:1d:dc:d9:
         39:a6:60:51:f1:63:93:0d:d3:f1:1b:50:48:e9:00:b5:c4:31:
         9d:58:68:62:93:f4:b3:9b:46:4c:cf:25:11:96:6a:fd:bb:5c:
         bc:e6:47:50
-----BEGIN CERTIFICATE-----
MIIGXzCCBUegAwIBAgISAYnUocLxDBvKFsJpB8NARps+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODA4MTAxMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTZlZjI5YjRmMzJhNmFmOTIyMTE5ZWZkOGJjZGI3MGJiOWI2NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArS5g2cN6XSvcmsTYoHJN7FEwDWYU
lhAQTfdJ7P9SjD/FXGlv6kUmRyOx26MwVGZm87nkoUstvGaHeaJfgIv1aPX7M9kj
GGDvsKtMZAY5xfNXxKlXTWUB437o736pqDzl0LWHhL2JFHbOHhQmsPJsolnCSIyz
7beBB14RqqvbdO9tlnA3XxNBYbLuB7FWK7EDGnBF2688yCsj//JW5ZgMz1NYIJKz
Mg6AVywacuqFzTQuzEi/xn8cARsMs97Iimob1m2SREyb9LHgcnXI0ly4xTJzwnm7
+3qQC3zPGwbKtjCejALHjG67rWkBhHrBD1i2hhREEI4QdXBxlnA77+3DvwIDAQAB
o4IDazCCA2cwHQYDVR0OBBYEFMVu8ptPMqavkiEZ79i823C7m2a4MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveFc3eW0wOHlwcS1TSVJudjJMemJjTHViWnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBfwYIKwYBBQUHAQcBAf8EggFuMIIBajCCAWYEAgABMIIB
XgMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwAwQAUpn5AwQAWdUFMAwDBABZ1SkDBABZ1SoDBABZ1SwD
BAFZ1S4DBABZ1YgwDAMEAFnViwMEAVnVjAMEAFnVkjAMAwQCWdWUAwQAWdWYAwQB
WdWaMAwDBABZ1Z0DBABZ1Z4DBABZ1aAwDAMEAVnVogMEAFnVpAMEAVnVqDAMAwQA
WdWtAwQBWdWwMAwDBABZ1bMDBABZ1bYwDAMEA1nVuAMEAVnVvDAMAwQAbbDTAwQF
bbDAAwQAbbDwAwQBbbDyMAwDBABtsPUDBABtsPYwDAMEA22w+AMEAG2w+jAMAwQA
uTF9AwQHuTEAAwQA1ZgqMA0GCSqGSIb3DQEBCwUAA4IBAQBRFCWwBbbCS3cAwZ1o
qwBA3IyOF/RxElclqDAsCbLwAIqfcGaahS3r5dY9paxKWEwvtlu7F8Y2TMNtsD4W
TTkuQH1y1N5boswrwjZ1Wd8dbpd8Yjd2fd43yzXU8ZOAeNAy5tHLtGLfs4DAz6sz
aZuplaaWXUNjnVHJUp7EAMO5iTr0gSvcacJYJ33W22mHM0FTm36bdG+05W7Cb0S7
Q2rzFs72KzD6nZ3MLN1T50kqaEKBX9Kyx3EiV+cLcW9AsA1Ya9SZfa0BZWU4m8Gy
hrl8Wh24h38d3Nk5pmBR8WOTDdPxG1BI6QC1xDGdWGhik/Szm0ZMzyURlmr9u1y8
5kdQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org