Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3cRZTZpzn85OB3s7lBXtibCIG0I.roa
File:                     3cRZTZpzn85OB3s7lBXtibCIG0I.roa (raw, json)
Hash identifier:          4Mo0HvVZ08mH8/AlGufeo+VI7+8GrXwS8KPXcvcboOM=
Subject key identifier:   DD:C4:59:4D:9A:73:9F:CE:4E:07:7B:3B:94:15:ED:89:B0:88:1B:42
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       018572036184F5643665C23EB8A1C4CD9806
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3cRZTZpzn85OB3s7lBXtibCIG0I.roa
Signing time:             Mon 02 Jan 2023 10:25:02 +0000
ROA not before:           Mon 02 Jan 2023 10:25:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        185.231.206.0/24 maxlen: 24
                          185.231.205.0/24 maxlen: 24
                          185.231.204.0/24 maxlen: 24
                          185.231.207.0/24 maxlen: 24
                          141.98.169.0/24 maxlen: 24
                          45.84.0.0/24 maxlen: 24
                          45.84.1.0/24 maxlen: 24
                          45.89.52.0/24 maxlen: 24
                          45.159.251.0/24 maxlen: 24
                          45.159.250.0/24 maxlen: 24
                          45.159.249.0/24 maxlen: 24
                          45.159.248.0/24 maxlen: 24
                          45.67.35.0/24 maxlen: 24
                          5.182.39.0/24 maxlen: 24
                          193.57.138.0/24 maxlen: 24
                          193.57.136.0/24 maxlen: 24
                          93.185.166.0/24 maxlen: 24
                          45.87.154.0/24 maxlen: 24
                          45.8.145.0/24 maxlen: 24
                          45.8.144.0/24 maxlen: 24
                          193.46.56.0/24 maxlen: 24
                          194.4.48.0/24 maxlen: 24
                          194.4.51.0/24 maxlen: 24
                          194.4.50.0/24 maxlen: 24
                          194.4.49.0/24 maxlen: 24
                          194.116.191.0/24 maxlen: 24
                          194.116.190.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 12 Jan 2023 11:17:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:03:61:84:f5:64:36:65:c2:3e:b8:a1:c4:cd:98:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  2 10:25:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ddc4594d9a739fce4e077b3b9415ed89b0881b42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:db:a8:cb:6e:f6:53:99:ac:56:92:0a:c3:97:
                    e4:eb:62:b7:13:71:cd:a0:82:2b:ac:7f:6b:2d:d4:
                    ed:34:9a:00:b2:73:a5:03:e0:a7:6c:92:5d:a9:c5:
                    87:80:2e:d7:88:b0:cf:93:e3:6e:66:8d:36:35:e4:
                    73:c8:6e:7f:b9:28:99:dc:ec:af:d6:30:ab:19:46:
                    ad:79:d4:17:13:bb:9e:c5:75:5d:8b:69:d7:ec:dd:
                    48:93:38:1c:d3:2f:eb:1f:da:46:a5:1b:b7:f9:34:
                    74:34:0a:66:3e:bd:da:3b:fc:a5:78:f6:03:95:14:
                    2c:f1:a2:05:17:76:c6:b4:24:4e:87:1f:85:9b:ca:
                    0a:62:12:05:cd:8c:b3:f4:ef:12:1d:9e:74:c2:f9:
                    6a:e8:23:85:fc:70:2c:25:60:59:d4:cf:9d:40:04:
                    6d:f0:d5:75:56:92:d1:7d:67:d9:72:58:4e:4c:0e:
                    36:d1:36:58:82:26:4c:16:25:76:e3:a9:4a:22:70:
                    f4:c3:f3:1a:df:bc:65:10:be:6d:70:97:6a:ba:c4:
                    d8:ef:07:ec:4f:ab:a2:55:28:89:79:73:97:34:dd:
                    24:47:b1:19:7a:9e:77:17:05:d6:d7:16:1e:ed:cd:
                    04:d9:75:b5:1e:6e:bf:41:27:2d:c5:01:d4:c2:05:
                    58:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C4:59:4D:9A:73:9F:CE:4E:07:7B:3B:94:15:ED:89:B0:88:1B:42
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3cRZTZpzn85OB3s7lBXtibCIG0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.39.0/24
                  45.8.144.0/23
                  45.67.35.0/24
                  45.84.0.0/23
                  45.87.154.0/24
                  45.89.52.0/24
                  45.159.248.0/22
                  93.185.166.0/24
                  141.98.169.0/24
                  185.231.204.0/22
                  193.46.56.0/24
                  193.57.136.0/24
                  193.57.138.0/24
                  194.4.48.0/22
                  194.116.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:89:e5:b6:f8:c1:8c:a8:6f:04:c6:e5:ac:5d:99:bf:c5:f5:
         c2:8f:3a:55:49:bb:5a:09:ca:ad:6b:af:89:3a:ff:c5:91:1d:
         99:28:d2:e2:91:2d:a2:fe:44:c1:62:52:6e:32:5d:1c:d9:9b:
         84:6a:8b:65:6b:a8:8e:26:98:58:cc:4e:75:4e:61:e3:6a:9c:
         91:27:37:63:f5:9b:fe:a1:a3:fd:81:d2:18:8d:72:0a:28:3c:
         b8:af:0f:e7:76:01:a8:10:a2:b1:fe:15:dc:ac:5f:25:23:c9:
         c7:1e:99:6d:50:f5:75:d0:f7:71:99:a1:e9:05:61:ee:45:bd:
         51:52:af:8c:c9:48:35:c4:1e:fc:17:5b:fd:e5:58:bb:e6:54:
         2f:41:b9:c2:d3:0b:0e:a5:4d:da:9c:73:36:d0:9f:72:20:fc:
         cc:31:2b:33:01:31:85:98:ec:fa:0b:f0:bd:ce:19:45:40:49:
         81:3f:30:2e:79:f9:76:58:f8:36:53:a3:51:7d:ff:63:e2:cb:
         71:ac:f3:79:5a:77:12:3a:9f:49:33:7e:70:2d:4b:e7:1b:6b:
         6b:b4:8a:4b:76:06:91:c3:aa:04:00:79:f1:98:35:09:cf:6b:
         e4:23:ee:4f:8e:86:83:a9:4a:0c:6e:d8:88:36:51:80:dc:42:
         bf:d2:b5:b5
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYVyA2GE9WQ2ZcI+uKHEzZgGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjMwMTAyMTAyNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGM0NTk0ZDlhNzM5ZmNlNGUwNzdiM2I5NDE1ZWQ4OWIwODgxYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9uoy272U5msVpIKw5fk62K3E3HN
oIIrrH9rLdTtNJoAsnOlA+CnbJJdqcWHgC7XiLDPk+NuZo02NeRzyG5/uSiZ3Oyv
1jCrGUatedQXE7uexXVdi2nX7N1Ikzgc0y/rH9pGpRu3+TR0NApmPr3aO/ylePYD
lRQs8aIFF3bGtCROhx+Fm8oKYhIFzYyz9O8SHZ50wvlq6COF/HAsJWBZ1M+dQARt
8NV1VpLRfWfZclhOTA420TZYgiZMFiV246lKInD0w/Ma37xlEL5tcJdqusTY7wfs
T6uiVSiJeXOXNN0kR7EZep53FwXW1xYe7c0E2XW1Hm6/QSctxQHUwgVYAQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFN3EWU2ac5/OTgd7O5QV7YmwiBtCMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvM2NSWlRacHpuODVPQjNzN2xCWHRpYkNJRzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQABbYnAwQB
LQiQAwQALUMjAwQBLVQAAwQALVeaAwQALVk0AwQCLZ/4AwQAXbmmAwQAjWKpAwQC
uefMAwQAwS44AwQAwTmIAwQAwTmKAwQCwgQwAwQBwnS+MA0GCSqGSIb3DQEBCwUA
A4IBAQA4ieW2+MGMqG8ExuWsXZm/xfXCjzpVSbtaCcqta6+JOv/FkR2ZKNLikS2i
/kTBYlJuMl0c2ZuEaotla6iOJphYzE51TmHjapyRJzdj9Zv+oaP9gdIYjXIKKDy4
rw/ndgGoEKKx/hXcrF8lI8nHHpltUPV10PdxmaHpBWHuRb1RUq+MyUg1xB78F1v9
5Vi75lQvQbnC0wsOpU3anHM20J9yIPzMMSszATGFmOz6C/C9zhlFQEmBPzAuefl2
WPg2U6NRff9j4stxrPN5WncSOp9JM35wLUvnG2trtIpLdgaRw6oEAHnxmDUJz2vk
I+5PjoaDqUoMbtiINlGA3EK/0rW1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:23 2024 by rpki-client on console-fra.rpki-client.org