Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zan26-gA3HSQodHvgf7yNHQ1Awg.roa
File:                     zan26-gA3HSQodHvgf7yNHQ1Awg.roa (raw, json)
Hash identifier:          YdE3Rg5fc1hzxOdHNX53Mm9gWBqa6hM+Ls9nP8YyMEU=
Subject key identifier:   CD:A9:F6:EB:E8:00:DC:74:90:A1:D1:EF:81:FE:F2:34:74:35:03:08
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01899D4D2CA993702C6F6EB01D6D68C8858E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zan26-gA3HSQodHvgf7yNHQ1Awg.roa
Signing time:             Fri 28 Jul 2023 16:20:27 +0000
ROA not before:           Fri 28 Jul 2023 16:20:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.240.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          89.213.130.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 30 Jul 2023 08:56:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:9d:4d:2c:a9:93:70:2c:6f:6e:b0:1d:6d:68:c8:85:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 28 16:20:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cda9f6ebe800dc7490a1d1ef81fef23474350308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e3:ea:7d:19:f4:1b:6b:24:f2:59:2b:f0:5b:
                    fa:c5:c0:de:24:43:5f:22:d2:e1:a2:55:8f:ab:7e:
                    e1:40:cf:54:1e:8b:5f:0c:9d:6f:ac:41:9c:bb:ee:
                    50:ac:ac:94:18:20:d0:d7:4f:77:82:91:d7:65:f5:
                    c5:92:e6:92:94:6e:fe:13:e6:ee:35:6b:e6:39:75:
                    79:67:96:ba:8d:e1:f4:fe:25:0a:ca:fd:90:b3:0a:
                    17:28:b7:35:73:07:d6:ce:18:14:b7:be:bc:b7:4b:
                    d7:b2:af:6d:3e:76:b0:b8:97:8b:20:c2:b9:64:d5:
                    be:f1:7a:b7:ab:0d:52:08:ef:0f:25:f9:51:16:49:
                    30:28:a6:6b:9a:eb:09:dc:16:8d:7f:43:fb:d5:08:
                    6a:72:2f:18:3a:1c:40:5e:00:99:14:2a:92:af:bb:
                    d3:3b:0c:87:45:89:97:82:39:f3:6f:d1:06:b4:88:
                    b5:2f:eb:d7:5d:44:60:ca:fa:3a:5c:ba:1b:2a:0f:
                    b4:97:4a:77:35:df:20:c2:83:12:43:c4:10:62:ca:
                    7a:63:dd:9b:ad:17:7d:dd:31:fc:82:f1:0e:b9:97:
                    d7:be:cf:75:cd:26:40:fc:72:86:dd:53:bb:73:fe:
                    3a:dc:b3:18:83:9a:ca:56:6e:0a:4e:c6:d0:17:b5:
                    82:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:A9:F6:EB:E8:00:DC:74:90:A1:D1:EF:81:FE:F2:34:74:35:03:08
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zan26-gA3HSQodHvgf7yNHQ1Awg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.1.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.240.0/24
                  82.153.249.0/24
                  89.213.130.0/24
                  109.176.211.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:41:d3:69:53:d3:8f:6a:02:d3:99:87:53:3b:cd:1c:0c:a6:
         8f:b6:40:58:75:3f:eb:4d:00:db:85:b3:bf:42:59:d8:a1:1c:
         28:81:32:63:68:e2:74:78:0b:7d:4a:3d:92:e8:21:e3:57:84:
         5f:df:7a:be:3c:00:b0:fd:e1:22:78:a6:fb:c0:1e:23:e2:d6:
         0c:b9:a6:6f:f9:5c:08:1f:cd:c2:8e:8d:7c:08:de:9d:29:a6:
         dc:19:34:3b:62:74:00:d7:81:1c:ae:60:85:2e:f9:95:c7:12:
         2f:95:7e:66:7d:bb:1f:a4:53:b8:73:49:79:f4:4c:0e:f1:5c:
         9c:54:33:d2:d5:a6:4b:de:42:d7:72:88:ad:43:b5:3b:f7:89:
         7a:38:a4:49:a4:09:8a:0c:bb:1e:64:92:66:46:5f:bb:4a:03:
         b8:65:a5:a8:20:1c:41:1d:07:57:0b:a1:ae:03:0f:67:a9:6d:
         39:92:7f:34:91:af:9e:df:33:1f:23:a5:02:a4:77:06:72:c3:
         08:1f:54:20:fe:2d:de:6a:83:04:8e:28:43:fd:1e:10:3a:37:
         bb:09:9c:d8:fa:e3:8a:b5:4e:1e:d1:63:5c:25:2e:81:a9:cc:
         a2:3b:cc:ab:f9:78:3c:21:99:c0:c4:d8:68:af:77:0e:8c:7f:
         50:7e:bf:30
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYmdTSypk3Asb26wHW1oyIWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzI4MTYyMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGE5ZjZlYmU4MDBkYzc0OTBhMWQxZWY4MWZlZjIzNDc0MzUwMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOPqfRn0G2sk8lkr8Fv6xcDeJENf
ItLholWPq37hQM9UHotfDJ1vrEGcu+5QrKyUGCDQ1093gpHXZfXFkuaSlG7+E+bu
NWvmOXV5Z5a6jeH0/iUKyv2QswoXKLc1cwfWzhgUt768t0vXsq9tPnawuJeLIMK5
ZNW+8Xq3qw1SCO8PJflRFkkwKKZrmusJ3BaNf0P71Qhqci8YOhxAXgCZFCqSr7vT
OwyHRYmXgjnzb9EGtIi1L+vXXURgyvo6XLobKg+0l0p3Nd8gwoMSQ8QQYsp6Y92b
rRd93TH8gvEOuZfXvs91zSZA/HKG3VO7c/463LMYg5rKVm4KTsbQF7WCMwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFM2p9uvoANx0kKHR74H+8jR0NQMIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvemFuMjYtZ0EzSFNRb2RIdmdmN3lOSFExQXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphvAwQBUpj8AwQAUpj/AwQAUpkBAwQAUplJAwQAUplOAwQC
UpmIAwQAUpnfAwQAUpnwAwQAUpn5AwQAWdWCAwQAbbDTAwQA1ZgqMA0GCSqGSIb3
DQEBCwUAA4IBAQA9QdNpU9OPagLTmYdTO80cDKaPtkBYdT/rTQDbhbO/QlnYoRwo
gTJjaOJ0eAt9Sj2S6CHjV4Rf33q+PACw/eEieKb7wB4j4tYMuaZv+VwIH83Cjo18
CN6dKabcGTQ7YnQA14EcrmCFLvmVxxIvlX5mfbsfpFO4c0l59EwO8VycVDPS1aZL
3kLXcoitQ7U794l6OKRJpAmKDLseZJJmRl+7SgO4ZaWoIBxBHQdXC6GuAw9nqW05
kn80ka+e3zMfI6UCpHcGcsMIH1Qg/i3eaoMEjihD/R4QOje7CZzY+uOKtU4e0WNc
JS6BqcyiO8yr+Xg8IZnAxNhor3cOjH9Qfr8w
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:32 2024 by rpki-client on console-ams.rpki-client.org