Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y1D9hL4Hea7yaXt30P9tPO36SnY.roa
File:                     y1D9hL4Hea7yaXt30P9tPO36SnY.roa (raw, json)
Hash identifier:          mDe230ee3m8AFDEwk7MU4CHwCadIkc5T/m5yCPQylKM=
Subject key identifier:   CB:50:FD:84:BE:07:79:AE:F2:69:7B:77:D0:FF:6D:3C:ED:FA:4A:76
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BADF15B606E0CC0E7622139921A96F0C4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y1D9hL4Hea7yaXt30P9tPO36SnY.roa
Signing time:             Wed 08 Nov 2023 07:59:17 +0000
ROA not before:           Wed 08 Nov 2023 07:59:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        89.213.43.0/24 maxlen: 24
                          89.213.190.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          89.213.161.0/24 maxlen: 24
                          82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24
                          89.213.4.0/24 maxlen: 24
                          89.213.7.0/24 maxlen: 24
                          89.213.6.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 Nov 2023 08:43:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ad:f1:5b:60:6e:0c:c0:e7:62:21:39:92:1a:96:f0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  8 07:59:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb50fd84be0779aef2697b77d0ff6d3cedfa4a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:63:f5:bb:f5:84:83:fb:db:40:26:dc:0b:ee:
                    47:2e:55:6c:5a:66:1b:d2:ff:f8:26:74:66:7a:53:
                    45:35:59:f4:5a:7f:e2:3c:43:b2:a7:2c:49:a7:39:
                    51:2b:56:f7:46:ea:8e:10:59:f9:68:db:79:29:c6:
                    dc:04:75:3d:cf:e6:be:98:35:e1:a3:da:ea:65:e6:
                    04:87:f7:35:21:6b:32:a5:0a:ce:14:7e:6e:38:75:
                    56:3d:c1:37:72:c4:ee:c4:2a:82:b6:e9:d9:d6:a8:
                    47:76:d0:59:ff:a2:d8:b1:18:4d:ac:f4:3d:31:9c:
                    f3:78:67:56:0e:41:16:ff:23:67:16:66:cf:5b:88:
                    2a:7a:45:e7:ba:1c:84:e4:82:67:d0:a2:c7:21:04:
                    09:84:1f:6d:70:49:a9:75:a6:65:89:d0:e1:15:b7:
                    b3:a0:94:64:c7:3e:07:d9:ca:7d:86:d5:d4:dd:54:
                    e9:f9:ee:6b:f1:cd:ea:3a:54:a5:dc:d0:c2:25:b3:
                    63:6b:22:dd:02:4f:72:64:fa:01:8e:95:ca:cd:c7:
                    c7:bc:29:be:ff:0d:0c:6a:7e:a9:56:77:7c:68:bc:
                    af:a1:e6:9b:44:1c:c2:e8:71:42:a1:c6:d2:f0:ca:
                    86:b2:e6:63:97:a0:45:56:37:34:99:f9:0b:70:8b:
                    fd:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:50:FD:84:BE:07:79:AE:F2:69:7B:77:D0:FF:6D:3C:ED:FA:4A:76
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y1D9hL4Hea7yaXt30P9tPO36SnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/24
                  82.153.1.0/24
                  82.153.69.0/24
                  82.153.72.0/24
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/23
                  89.213.4.0/24
                  89.213.6.0/23
                  89.213.43.0/24
                  89.213.130.0/24
                  89.213.145.0-89.213.146.255
                  89.213.161.0/24
                  89.213.190.0/24
                  109.176.208.0/24
                  109.176.247.0/24
                  109.176.251.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:80:91:3d:e1:b0:99:e1:f0:3e:fa:c9:70:e1:bd:b9:66:3a:
         09:fa:67:ed:ac:f1:37:e6:1e:ff:99:17:5f:b1:b5:64:4c:79:
         59:45:1d:ed:49:86:d6:7d:68:be:58:4d:57:4c:ea:b6:73:83:
         e1:2f:0d:b2:b8:f0:55:8a:56:a8:5b:d5:48:1f:c7:26:75:50:
         12:a1:c9:00:b6:d4:ca:5b:e3:a5:51:4a:46:5f:d9:ef:9f:df:
         2d:17:41:98:67:6d:4c:7e:09:d1:95:04:ac:6e:31:dc:3b:71:
         06:11:d4:87:70:3a:c7:4f:1f:52:e4:e5:dd:db:8a:b2:a5:27:
         80:f3:a9:67:9b:fd:4d:02:58:7f:46:73:66:6a:33:48:ee:d0:
         f2:d5:9a:11:c7:3c:70:e3:32:0d:81:79:2f:3d:c3:c1:94:64:
         c8:a7:f9:03:e3:1d:75:5f:c0:75:b2:4a:6a:07:48:f2:f7:a8:
         e0:9e:4a:d8:56:1f:00:ac:b4:7c:af:0a:8a:ad:ed:9c:c8:ff:
         f4:36:e2:9d:19:43:ee:f3:df:65:e2:6f:7c:89:10:c1:09:ed:
         ad:5c:09:6f:9d:de:53:d5:4b:03:07:62:36:2e:47:85:32:46:
         a4:2e:a1:eb:97:b8:f4:2d:63:79:47:46:7d:50:48:62:fc:0e:
         09:66:a2:71
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYut8VtgbgzA52IhOZIalvDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTA4MDc1OTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUwZmQ4NGJlMDc3OWFlZjI2OTdiNzdkMGZmNmQzY2VkZmE0YTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWP1u/WEg/vbQCbcC+5HLlVsWmYb
0v/4JnRmelNFNVn0Wn/iPEOypyxJpzlRK1b3RuqOEFn5aNt5KcbcBHU9z+a+mDXh
o9rqZeYEh/c1IWsypQrOFH5uOHVWPcE3csTuxCqCtunZ1qhHdtBZ/6LYsRhNrPQ9
MZzzeGdWDkEW/yNnFmbPW4gqekXnuhyE5IJn0KLHIQQJhB9tcEmpdaZlidDhFbez
oJRkxz4H2cp9htXU3VTp+e5r8c3qOlSl3NDCJbNjayLdAk9yZPoBjpXKzcfHvCm+
/w0Man6pVnd8aLyvoeabRBzC6HFCocbS8MqGsuZjl6BFVjc0mfkLcIv9HQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFMtQ/YS+B3mu8ml7d9D/bTzt+kp2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveTFEOWhMNEhlYTd5YVh0MzBQOXRQTzM2U25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBABR
qHQwDAMEAFGodwMEAFGoeAMEAFGoewMEAFGofgMEAFKY+AMEAFKY+wMEAFKY/gME
AFKZAQMEAFKZRQMEAFKZSAMEAFKZTwMEAFKZhAMEAVKZ4AMEAFnVBAMEAVnVBgME
AFnVKwMEAFnVgjAMAwQAWdWRAwQAWdWSAwQAWdWhAwQAWdW+AwQAbbDQAwQAbbD3
AwQAbbD7AwQAuTF8MA0GCSqGSIb3DQEBCwUAA4IBAQAdgJE94bCZ4fA++slw4b25
ZjoJ+mftrPE35h7/mRdfsbVkTHlZRR3tSYbWfWi+WE1XTOq2c4PhLw2yuPBVilao
W9VIH8cmdVASockAttTKW+OlUUpGX9nvn98tF0GYZ21MfgnRlQSsbjHcO3EGEdSH
cDrHTx9S5OXd24qypSeA86lnm/1NAlh/RnNmajNI7tDy1ZoRxzxw4zINgXkvPcPB
lGTIp/kD4x11X8B1skpqB0jy96jgnkrYVh8ArLR8rwqKre2cyP/0NuKdGUPu899l
4m98iRDBCe2tXAlvnd5T1UsDB2I2LkeFMkakLqHrl7j0LWN5R0Z9UEhi/A4JZqJx
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org