Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ytsb7sW-4_x-Xan0tcpim46fMYs.roa
File:                     ytsb7sW-4_x-Xan0tcpim46fMYs.roa (raw, json)
Hash identifier:          l1bG7kNkOpdHdHI+zFirS6r6yOOY36TGikRZGZ1wruc=
Subject key identifier:   CA:DB:1B:EE:C5:BE:E3:FC:7E:5D:A9:F4:B5:CA:62:9B:8E:9F:31:8B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01893A91A6468A3B6BEED1C7D9CC1E99D454
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ytsb7sW-4_x-Xan0tcpim46fMYs.roa
Signing time:             Sun 09 Jul 2023 12:12:50 +0000
ROA not before:           Sun 09 Jul 2023 12:12:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.138.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          82.153.242.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 10 Jul 2023 14:49:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3a:91:a6:46:8a:3b:6b:ee:d1:c7:d9:cc:1e:99:d4:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  9 12:12:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cadb1beec5bee3fc7e5da9f4b5ca629b8e9f318b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4e:d4:4b:89:89:28:3e:20:ae:17:ee:31:76:
                    44:1f:37:4e:29:0e:74:ea:8d:f6:61:82:e0:1e:19:
                    c6:d2:e0:9a:4c:ef:4e:b7:f3:d2:de:35:7b:06:d8:
                    72:01:8b:06:5b:6a:2f:e0:63:64:98:69:88:92:47:
                    8e:34:d7:44:c8:ee:d2:66:79:f0:92:44:75:c9:44:
                    f8:dd:ad:5e:2e:90:4e:71:04:b6:fa:15:54:8e:24:
                    c2:36:d8:54:ae:7e:b2:14:03:1a:89:a0:d3:fb:b4:
                    7a:3a:5d:9d:eb:3d:60:56:2a:9c:c4:89:d7:e0:16:
                    50:95:6c:66:3d:54:f6:0d:31:5b:08:8b:56:d1:46:
                    01:30:06:cd:0b:b2:eb:d4:6f:62:7f:14:88:19:07:
                    34:a7:9c:f4:c5:9c:7d:c9:0d:dd:46:2c:8a:a7:66:
                    3d:40:7c:a9:dd:c2:6e:cf:fe:df:c5:85:6e:07:66:
                    5f:33:6c:f5:d6:9c:a6:4f:8b:47:90:02:4b:e8:d0:
                    03:fc:26:30:6e:39:f1:52:ce:ed:f1:27:d2:5a:b7:
                    b4:f7:f9:3c:df:af:9f:76:95:8c:b8:7a:f7:3f:7d:
                    d5:10:18:49:f9:29:23:50:6a:7b:b6:21:3c:f6:20:
                    06:97:74:03:c0:5a:58:b1:f1:76:ac:57:56:3f:5e:
                    40:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:DB:1B:EE:C5:BE:E3:FC:7E:5D:A9:F4:B5:CA:62:9B:8E:9F:31:8B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ytsb7sW-4_x-Xan0tcpim46fMYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.153.4.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.246.0/24
                  82.153.248.0/23
                  109.176.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c6:e1:52:63:b8:74:86:a5:6a:9e:0a:03:7e:8a:c8:b4:2e:
         a3:82:2f:86:00:2a:0b:ad:1d:7e:7f:b4:ad:11:be:1c:e0:cc:
         12:7a:eb:7c:16:82:c0:d9:b5:3e:3f:cc:1f:a3:31:55:2c:34:
         b2:ba:07:e3:41:a6:b4:d0:d9:a3:c2:5d:f6:96:cb:68:22:80:
         d7:f0:80:39:f1:5e:f3:dc:58:ab:66:69:7d:13:46:95:02:a3:
         51:fe:ff:04:65:b2:5b:97:3b:16:e6:ae:c6:4e:fa:4e:e4:a1:
         00:2c:ec:0f:35:7f:f9:b2:42:6c:ca:3f:4d:b8:30:67:bf:9c:
         67:bf:5d:7e:8f:d1:bc:66:bb:6c:5e:2c:21:38:91:dd:ad:d6:
         c4:1c:d9:1a:79:c4:73:75:55:7e:68:e2:1d:b9:13:83:63:4e:
         ed:63:72:b8:7a:81:e6:04:c2:4c:5c:1d:18:94:c8:5f:ce:df:
         c6:ac:d8:0d:a9:24:7a:ab:5b:6b:3f:69:35:b8:21:d3:d1:a2:
         19:1b:e0:bd:03:12:98:96:ea:56:c4:4e:22:87:85:ab:05:1c:
         98:1b:aa:bd:30:53:c6:7c:b8:a6:9d:b0:35:34:33:16:45:2b:
         7e:38:e4:af:5d:86:e4:51:cf:5c:ca:89:52:80:58:ee:b1:66:
         db:dc:2b:15
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYk6kaZGijtr7tHH2cwemdRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA5MTIxMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWRiMWJlZWM1YmVlM2ZjN2U1ZGE5ZjRiNWNhNjI5YjhlOWYzMThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg07US4mJKD4grhfuMXZEHzdOKQ50
6o32YYLgHhnG0uCaTO9Ot/PS3jV7BthyAYsGW2ov4GNkmGmIkkeONNdEyO7SZnnw
kkR1yUT43a1eLpBOcQS2+hVUjiTCNthUrn6yFAMaiaDT+7R6Ol2d6z1gViqcxInX
4BZQlWxmPVT2DTFbCItW0UYBMAbNC7Lr1G9ifxSIGQc0p5z0xZx9yQ3dRiyKp2Y9
QHyp3cJuz/7fxYVuB2ZfM2z11pymT4tHkAJL6NAD/CYwbjnxUs7t8SfSWre09/k8
36+fdpWMuHr3P33VEBhJ+SkjUGp7tiE89iAGl3QDwFpYsfF2rFdWP15ATQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMrbG+7FvuP8fl2p9LXKYpuOnzGLMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveXRzYjdzVy00X3gtWGFuMHRjcGltNDZmTVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAUah3AwQA
Uah7AwQAUphsAwQAUphvAwQBUpj8AwQAUpkEAwQAUplJAwQCUpmIAwQAUpnfAwQA
UpnyAwQAUpn2AwQBUpn4AwQAbbD5MA0GCSqGSIb3DQEBCwUAA4IBAQBGxuFSY7h0
hqVqngoDforItC6jgi+GACoLrR1+f7StEb4c4MwSeut8FoLA2bU+P8wfozFVLDSy
ugfjQaa00Nmjwl32lstoIoDX8IA58V7z3FirZml9E0aVAqNR/v8EZbJblzsW5q7G
TvpO5KEALOwPNX/5skJsyj9NuDBnv5xnv11+j9G8ZrtsXiwhOJHdrdbEHNkaecRz
dVV+aOIduRODY07tY3K4eoHmBMJMXB0YlMhfzt/GrNgNqSR6q1trP2k1uCHT0aIZ
G+C9AxKYlupWxE4ih4WrBRyYG6q9MFPGfLimnbA1NDMWRSt+OOSvXYbkUc9cyolS
gFjusWbb3CsV
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org