Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yk9Eee4pknvFQtNIYuYnX_EaLyU.roa
File:                     yk9Eee4pknvFQtNIYuYnX_EaLyU.roa (raw, json)
Hash identifier:          74sAiM2jr49QhD0k6FG6fbfvQenqBBmFTfoMig5qI1g=
Subject key identifier:   CA:4F:44:79:EE:29:92:7B:C5:42:D3:48:62:E6:27:5F:F1:1A:2F:25
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018992268DA3E27F50146953B12656AF7A21
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yk9Eee4pknvFQtNIYuYnX_EaLyU.roa
Signing time:             Wed 26 Jul 2023 12:22:27 +0000
ROA not before:           Wed 26 Jul 2023 12:22:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 27 Jul 2023 07:19:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:92:26:8d:a3:e2:7f:50:14:69:53:b1:26:56:af:7a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 26 12:22:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ca4f4479ee29927bc542d34862e6275ff11a2f25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ac:d3:fa:23:58:25:fb:ca:17:67:7b:8f:27:
                    b1:0e:36:99:48:4f:0e:5e:d0:b6:e8:cb:a3:a8:a4:
                    02:13:72:6d:e6:b7:c7:b3:c1:0b:95:76:66:89:dc:
                    1a:ee:20:6c:9a:99:74:6b:63:7c:5f:98:4b:25:96:
                    70:c4:59:80:30:48:d7:ad:18:da:0f:3b:b9:f3:ec:
                    85:12:6e:ba:62:b9:0c:96:82:d7:e7:37:14:71:0c:
                    7a:eb:2b:41:a1:5c:f7:0d:ff:0d:c9:bd:f8:8f:7b:
                    7f:5b:3a:2d:00:de:2e:06:9b:84:86:ad:0a:64:72:
                    36:24:a8:e1:1a:7c:a2:5f:ee:82:f3:c5:7e:d7:e4:
                    17:5a:41:69:21:4b:40:15:8e:d9:f2:be:ae:03:87:
                    1e:3a:75:4d:1c:ef:25:71:72:54:70:ae:2b:bf:1b:
                    b1:24:9f:6a:ba:2a:8a:82:56:e9:46:8e:5d:dd:e4:
                    66:e8:61:6e:42:6c:7c:8f:54:40:f7:bb:6c:28:4e:
                    bb:e0:08:62:e2:ce:0a:01:d7:3d:cb:40:b0:23:40:
                    ee:16:f4:03:cb:c7:d0:ee:70:5c:94:1a:bd:54:67:
                    72:45:19:c8:df:cc:73:fe:67:bc:a6:f5:2c:29:c5:
                    ee:02:df:ac:c8:32:5f:d8:9e:fd:a1:f6:57:34:3e:
                    26:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4F:44:79:EE:29:92:7B:C5:42:D3:48:62:E6:27:5F:F1:1A:2F:25
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yk9Eee4pknvFQtNIYuYnX_EaLyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.249.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f5:e0:d1:d8:7b:8f:ae:f5:32:bf:7f:2d:21:a4:37:ab:22:
         b1:a7:79:41:3e:6c:c9:17:16:92:2a:0c:ab:d2:73:b4:3b:e3:
         a4:f1:61:44:c6:c1:8d:2e:13:6b:3d:6b:1b:35:d6:50:33:8f:
         87:e4:bc:6e:34:c3:ad:09:00:26:ac:ce:d7:c3:73:d2:0c:11:
         27:b4:40:49:a3:60:49:5d:e5:43:8a:d7:01:07:bc:ee:0c:29:
         dc:83:07:42:31:cf:83:22:07:60:db:df:4b:75:6f:a3:89:06:
         ca:33:6c:70:7f:98:cd:d3:1d:9d:21:6a:6e:58:9b:b1:00:6b:
         7a:ab:fb:49:a5:44:2f:95:7f:b7:1b:22:52:59:60:c4:dd:a7:
         02:c1:07:84:0a:3a:0c:77:0c:08:0d:ff:1c:0b:ef:8e:18:02:
         53:ff:8a:64:25:e7:95:7b:ac:c9:2f:f8:a3:cb:e0:7f:e6:ac:
         0f:b9:95:5c:34:ad:6e:41:4b:28:59:aa:ec:c7:90:83:d5:93:
         d0:9d:c9:f6:f8:1c:5b:64:1e:8d:23:e3:7e:d7:ee:43:3b:2b:
         0f:37:5f:d7:4a:16:6a:f0:a2:74:af:bf:80:a5:c0:aa:13:a6:
         88:25:d2:b0:b6:dd:cf:25:7a:d1:fd:b7:78:ad:91:48:7e:2e:
         26:50:1c:fd
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYmSJo2j4n9QFGlTsSZWr3ohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzI2MTIyMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRmNDQ3OWVlMjk5MjdiYzU0MmQzNDg2MmU2Mjc1ZmYxMWEyZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KzT+iNYJfvKF2d7jyexDjaZSE8O
XtC26MujqKQCE3Jt5rfHs8ELlXZmidwa7iBsmpl0a2N8X5hLJZZwxFmAMEjXrRja
Dzu58+yFEm66YrkMloLX5zcUcQx66ytBoVz3Df8Nyb34j3t/WzotAN4uBpuEhq0K
ZHI2JKjhGnyiX+6C88V+1+QXWkFpIUtAFY7Z8r6uA4ceOnVNHO8lcXJUcK4rvxux
JJ9quiqKglbpRo5d3eRm6GFuQmx8j1RA97tsKE674Ahi4s4KAdc9y0CwI0DuFvQD
y8fQ7nBclBq9VGdyRRnI38xz/me8pvUsKcXuAt+syDJf2J79ofZXND4mdQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMpPRHnuKZJ7xULTSGLmJ1/xGi8lMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveWs5RWVlNHBrbnZGUXROSVl1WW5YX0VhTHlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphvAwQBUpj8AwQAUpj/AwQAUpkBAwQAUplJAwQAUplOAwQC
UpmIAwQAUpnfAwQAUpn5AwQA1ZgqMA0GCSqGSIb3DQEBCwUAA4IBAQBx9eDR2HuP
rvUyv38tIaQ3qyKxp3lBPmzJFxaSKgyr0nO0O+Ok8WFExsGNLhNrPWsbNdZQM4+H
5LxuNMOtCQAmrM7Xw3PSDBEntEBJo2BJXeVDitcBB7zuDCncgwdCMc+DIgdg299L
dW+jiQbKM2xwf5jN0x2dIWpuWJuxAGt6q/tJpUQvlX+3GyJSWWDE3acCwQeECjoM
dwwIDf8cC++OGAJT/4pkJeeVe6zJL/ijy+B/5qwPuZVcNK1uQUsoWarsx5CD1ZPQ
ncn2+BxbZB6NI+N+1+5DOysPN1/XShZq8KJ0r7+ApcCqE6aIJdKwtt3PJXrR/bd4
rZFIfi4mUBz9
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org