Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y_dDjezWbVW8YoMbecJal8daWdU.roa
File:                     y_dDjezWbVW8YoMbecJal8daWdU.roa (raw, json)
Hash identifier:          6lzPBiW84mYH+NPtC1vcqNWEGYyU/MSJDyfp6BPdX90=
Subject key identifier:   CB:F7:43:8D:EC:D6:6D:55:BC:62:83:1B:79:C2:5A:97:C7:5A:59:D5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018A5FECBBD1078447CC264895AE817245D4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y_dDjezWbVW8YoMbecJal8daWdU.roa
Signing time:             Mon 04 Sep 2023 11:21:04 +0000
ROA not before:           Mon 04 Sep 2023 11:21:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.41.0/24 maxlen: 24
                          82.153.137.0/24 maxlen: 24
                          82.153.139.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.140.0/24 maxlen: 24
                          109.176.216.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.218.0/24 maxlen: 24
                          109.176.219.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.222.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.220.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.250.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.45.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.175.0/24 maxlen: 24
                          89.213.179.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.178.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.182.0/24 maxlen: 24
                          89.213.186.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          89.213.184.0/24 maxlen: 24
                          89.213.185.0/24 maxlen: 24
                          89.213.187.0/24 maxlen: 24
                          89.213.188.0/24 maxlen: 24
                          89.213.189.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.139.0/24 maxlen: 24
                          89.213.134.0/24 maxlen: 24
                          89.213.136.0/24 maxlen: 24
                          89.213.141.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.152.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.150.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          89.213.153.0/24 maxlen: 24
                          89.213.154.0/24 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.159.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
                          89.213.163.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
                          89.213.167.0/24 maxlen: 24
                          89.213.168.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          89.213.5.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 04 Sep 2023 11:29:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:5f:ec:bb:d1:07:84:47:cc:26:48:95:ae:81:72:45:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  4 11:21:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cbf7438decd66d55bc62831b79c25a97c75a59d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:9b:05:43:cd:1f:af:b8:06:94:da:62:9a:de:
                    b7:54:51:12:cb:16:fc:e3:90:76:11:9c:e9:15:46:
                    3d:1c:63:78:5d:10:59:8c:2c:cb:06:5e:a4:d3:97:
                    ed:71:08:e2:91:1c:15:ff:63:bf:ab:5b:75:92:f5:
                    43:1b:d6:76:96:49:c7:28:62:b2:c0:e5:ab:da:e3:
                    e3:5c:2c:84:32:81:ed:5b:be:8d:9c:2f:7f:cb:26:
                    1d:cb:fa:47:95:36:8a:da:e7:d6:94:be:0a:67:d2:
                    07:fc:4e:b4:46:84:0b:37:0f:3c:12:0b:b3:6e:67:
                    c2:21:34:80:23:f6:7e:74:24:26:4b:9e:87:d6:c8:
                    18:25:6c:9e:1a:ba:15:51:13:93:c6:6b:dc:45:fc:
                    e6:b4:eb:b4:c4:2c:b4:92:c7:18:ff:e0:10:52:63:
                    e0:af:c0:d6:70:c1:4a:26:2f:42:20:06:cb:8a:12:
                    59:8e:51:ba:6f:6d:22:2c:ce:64:37:48:d4:e9:b7:
                    96:f9:a3:bc:0e:45:10:55:b5:20:ab:f5:99:d9:dd:
                    90:5c:ce:2c:9b:e6:e5:f9:db:91:a4:08:07:a0:3b:
                    fe:fe:8a:4a:9f:48:7f:e7:18:38:48:71:dd:10:e2:
                    6f:2a:62:e1:52:a2:04:47:e6:55:fe:01:20:63:fc:
                    99:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F7:43:8D:EC:D6:6D:55:BC:62:83:1B:79:C2:5A:97:C7:5A:59:D5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y_dDjezWbVW8YoMbecJal8daWdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.41.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0-82.153.140.255
                  82.153.221.0/24
                  82.153.223.0/24
                  82.153.225.0/24
                  82.153.227.0/24
                  82.153.240.0/24
                  82.153.249.0-82.153.250.255
                  89.213.5.0/24
                  89.213.44.0/23
                  89.213.133.0-89.213.134.255
                  89.213.136.0/24
                  89.213.139.0-89.213.141.255
                  89.213.148.0-89.213.155.255
                  89.213.157.0-89.213.160.255
                  89.213.162.0-89.213.164.255
                  89.213.167.0-89.213.169.255
                  89.213.172.0-89.213.189.255
                  109.176.211.0/24
                  109.176.216.0/21
                  109.176.240.0/24
                  109.176.242.0/23
                  109.176.245.0-109.176.246.255
                  109.176.248.0-109.176.250.255
                  185.49.125.0-185.49.127.255
                  213.152.42.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:4f:4c:6e:b5:b0:fc:18:50:9c:dc:8f:23:2c:99:ba:f5:52:
         fe:72:45:d1:ce:01:8a:9d:aa:4b:0b:ad:35:14:d4:3b:63:ba:
         2e:62:f0:a9:7a:17:f0:f8:83:38:c3:57:04:25:a6:a5:f1:d3:
         be:e0:4b:d9:9a:d0:ec:a0:a7:40:dc:2a:63:d5:49:1f:5e:02:
         ab:4e:8c:84:40:90:59:2f:f6:03:30:c0:e9:9a:ec:91:8b:10:
         24:f3:79:c0:74:34:18:46:4b:7a:d6:0a:ed:0b:f0:71:a7:64:
         8e:4d:aa:3b:5b:f9:f2:5e:d8:4e:11:8a:d2:86:42:cf:73:1d:
         a4:41:bf:ac:4a:99:15:10:6b:3f:cc:6d:08:52:9f:1a:28:55:
         30:59:84:9d:6f:9b:99:28:8d:64:c6:00:27:0d:3a:71:71:de:
         7c:d8:77:2b:54:c2:90:50:b3:9c:9b:bd:fc:51:8b:fb:ef:11:
         aa:d5:7c:8e:d0:3f:76:cb:0b:ff:bb:04:ab:bb:90:f8:31:6c:
         35:76:2c:0d:83:47:7e:bf:7e:91:b1:f5:b3:50:21:13:82:f1:
         94:59:0c:40:59:76:d6:1b:a0:16:88:f4:95:2c:c0:e3:b8:91:
         be:c1:b9:27:00:63:8b:5f:1c:f0:53:5d:0e:ad:f7:81:81:7b:
         21:ab:de:4e
-----BEGIN CERTIFICATE-----
MIIGPzCCBSegAwIBAgISAYpf7LvRB4RHzCZIla6BckXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTA0MTEyMTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmY3NDM4ZGVjZDY2ZDU1YmM2MjgzMWI3OWMyNWE5N2M3NWE1OWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJsFQ80fr7gGlNpimt63VFESyxb8
45B2EZzpFUY9HGN4XRBZjCzLBl6k05ftcQjikRwV/2O/q1t1kvVDG9Z2lknHKGKy
wOWr2uPjXCyEMoHtW76NnC9/yyYdy/pHlTaK2ufWlL4KZ9IH/E60RoQLNw88Eguz
bmfCITSAI/Z+dCQmS56H1sgYJWyeGroVUROTxmvcRfzmtOu0xCy0kscY/+AQUmPg
r8DWcMFKJi9CIAbLihJZjlG6b20iLM5kN0jU6beW+aO8DkUQVbUgq/WZ2d2QXM4s
m+bl+duRpAgHoDv+/opKn0h/5xg4SHHdEOJvKmLhUqIER+ZV/gEgY/yZ2QIDAQAB
o4IDSzCCA0cwHQYDVR0OBBYEFMv3Q43s1m1VvGKDG3nCWpfHWlnVMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveV9kRGpleldiVlc4WW9NYmVjSmFsOGRhV2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBXwYIKwYBBQUHAQcBAf8EggFOMIIBSjCCAUYEAgABMIIB
PgMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwMAwDBABSmfkDBABSmfoDBABZ1QUDBAFZ1SwwDAMEAFnV
hQMEAFnVhgMEAFnViDAMAwQAWdWLAwQBWdWMMAwDBAJZ1ZQDBAJZ1ZgwDAMEAFnV
nQMEAFnVoDAMAwQBWdWiAwQAWdWkMAwDBABZ1acDBAFZ1agwDAMEAlnVrAMEAVnV
vAMEAG2w0wMEA22w2AMEAG2w8AMEAW2w8jAMAwQAbbD1AwQAbbD2MAwDBANtsPgD
BABtsPowDAMEALkxfQMEB7kxAAMEANWYKgMEANWYPTANBgkqhkiG9w0BAQsFAAOC
AQEAFU9MbrWw/BhQnNyPIyyZuvVS/nJF0c4Bip2qSwutNRTUO2O6LmLwqXoX8PiD
OMNXBCWmpfHTvuBL2ZrQ7KCnQNwqY9VJH14Cq06MhECQWS/2AzDA6ZrskYsQJPN5
wHQ0GEZLetYK7Qvwcadkjk2qO1v58l7YThGK0oZCz3MdpEG/rEqZFRBrP8xtCFKf
GihVMFmEnW+bmSiNZMYAJw06cXHefNh3K1TCkFCznJu9/FGL++8RqtV8jtA/dssL
/7sEq7uQ+DFsNXYsDYNHfr9+kbH1s1AhE4LxlFkMQFl21hugFoj0lSzA47iRvsG5
JwBji18c8FNdDq33gYF7IaveTg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:32 2024 by rpki-client on console-ams.rpki-client.org