Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/tnjZnflQUoPsjQunCyp1nqwJlzo.roa
File:                     tnjZnflQUoPsjQunCyp1nqwJlzo.roa (raw, json)
Hash identifier:          RnExaP5LBng1kdOmJftRee5brSy384IGevS3kttnY+Q=
Subject key identifier:   B6:78:D9:9D:F9:50:52:83:EC:8D:0B:A7:0B:2A:75:9E:AC:09:97:3A
Certificate issuer:       /CN=a088b0547f09fe9224050d70a523da5bedbe0738
Certificate serial:       018C8C57DF6EA3744180A864254A60A295BA
Authority key identifier: A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/tnjZnflQUoPsjQunCyp1nqwJlzo.roa
Signing time:             Thu 21 Dec 2023 12:26:58 +0000
ROA not before:           Thu 21 Dec 2023 12:26:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212027
IP address blocks:        37.230.138.0/24 maxlen: 24
                          81.16.176.0/24 maxlen: 24
                          81.16.177.0/24 maxlen: 24
                          91.208.92.0/24 maxlen: 24
                          194.213.3.0/24 maxlen: 24
                          213.170.135.0/24 maxlen: 24
                          188.64.33.0/24 maxlen: 24
                          45.143.196.0/22 maxlen: 24
                          2a10:e780::/40 maxlen: 40

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:8c:57:df:6e:a3:74:41:80:a8:64:25:4a:60:a2:95:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a088b0547f09fe9224050d70a523da5bedbe0738
        Validity
            Not Before: Dec 21 12:26:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b678d99df9505283ec8d0ba70b2a759eac09973a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e1:dc:e2:31:31:29:99:34:e9:60:54:6d:84:
                    c2:3b:7a:0a:6b:d2:a4:18:0e:75:cb:1a:1b:df:04:
                    f9:55:91:05:7f:d7:07:2d:1b:41:10:5d:ac:c4:96:
                    99:e5:74:4f:51:9c:83:c9:38:6c:db:6f:74:9c:d5:
                    34:6a:ee:0c:64:98:f2:37:d8:9d:01:70:79:51:77:
                    c1:01:6e:6d:83:10:a0:5d:3a:c3:ad:24:e8:3a:10:
                    c7:03:ea:ba:f9:1a:df:0e:7e:72:94:c3:97:79:68:
                    a3:9e:c2:c3:37:51:87:04:88:e8:4e:2c:98:ae:39:
                    0f:f4:ed:0b:62:6b:26:5e:11:f5:1a:e4:fa:ec:38:
                    a1:3e:4b:c6:2d:d1:27:4c:23:d1:f8:e1:96:62:24:
                    1a:27:5a:5d:12:b3:09:ab:cd:04:1d:53:a8:39:63:
                    52:b0:b7:a3:a7:15:e8:26:61:e6:70:c2:2c:04:e1:
                    b0:2c:98:eb:98:52:84:9e:44:77:01:68:9e:27:21:
                    1b:ab:a4:8c:05:0e:10:69:76:67:b8:38:4a:c4:d9:
                    b2:71:92:62:e3:3b:41:34:36:59:9a:a2:28:00:a6:
                    47:99:be:92:f0:3a:35:b6:6d:ec:93:57:a5:60:9c:
                    3f:dc:36:49:24:de:16:0a:6b:97:d5:d9:2a:e7:81:
                    f0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:78:D9:9D:F9:50:52:83:EC:8D:0B:A7:0B:2A:75:9E:AC:09:97:3A
            X509v3 Authority Key Identifier:
                keyid:A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/tnjZnflQUoPsjQunCyp1nqwJlzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.138.0/24
                  45.143.196.0/22
                  81.16.176.0/23
                  91.208.92.0/24
                  188.64.33.0/24
                  194.213.3.0/24
                  213.170.135.0/24
                IPv6:
                  2a10:e780::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:bd:d3:9e:42:fb:27:d3:1a:d8:05:6e:f4:bb:c5:a7:79:0a:
         3a:d8:f3:56:80:9f:3c:0f:f1:91:f2:b7:9d:42:44:64:9e:fd:
         f3:9a:c6:0b:21:53:1c:e6:b2:fb:d4:84:4f:26:54:30:4c:cf:
         c0:29:4b:2a:47:b1:67:e8:6f:03:c9:70:ca:6c:0e:74:2f:ba:
         a3:cb:ef:d5:8f:2d:5a:bc:9e:91:12:1c:88:f7:5c:c7:bc:be:
         5c:46:e7:a8:a8:17:ab:a1:5c:d5:7c:e4:f8:53:a6:28:2d:2a:
         fa:05:b6:34:b2:82:4c:73:ce:6a:4f:46:36:b4:ba:99:af:11:
         79:c6:c1:1e:cb:cc:62:86:60:62:ff:df:fb:62:03:6b:c0:67:
         8b:76:ab:39:b8:2a:db:c6:81:05:47:e0:c3:c9:f3:7c:8e:1a:
         ab:8e:04:94:24:7e:d7:e8:2d:89:14:2b:24:52:85:e7:fb:f1:
         59:1c:e9:1d:6d:15:eb:30:3e:a3:f3:65:e2:a7:74:d6:aa:a5:
         01:43:7f:7f:b9:1b:a6:24:80:af:94:a8:b1:64:88:9f:5b:ea:
         22:76:0f:8f:07:b4:ff:ef:87:9f:6c:8b:5c:b9:e1:ab:05:48:
         c4:da:44:d5:f5:aa:0b:c1:43:0e:c4:40:1c:99:60:c9:de:44:
         47:6d:15:3c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYyMV99uo3RBgKhkJUpgopW6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwODhiMDU0N2YwOWZlOTIyNDA1MGQ3MGE1MjNkYTViZWRi
ZTA3MzgwHhcNMjMxMjIxMTIyNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc4ZDk5ZGY5NTA1MjgzZWM4ZDBiYTcwYjJhNzU5ZWFjMDk5NzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOHc4jExKZk06WBUbYTCO3oKa9Kk
GA51yxob3wT5VZEFf9cHLRtBEF2sxJaZ5XRPUZyDyThs2290nNU0au4MZJjyN9id
AXB5UXfBAW5tgxCgXTrDrSToOhDHA+q6+RrfDn5ylMOXeWijnsLDN1GHBIjoTiyY
rjkP9O0LYmsmXhH1GuT67DihPkvGLdEnTCPR+OGWYiQaJ1pdErMJq80EHVOoOWNS
sLejpxXoJmHmcMIsBOGwLJjrmFKEnkR3AWieJyEbq6SMBQ4QaXZnuDhKxNmycZJi
4ztBNDZZmqIoAKZHmb6S8Do1tm3sk1elYJw/3DZJJN4WCmuX1dkq54Hw+QIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFLZ42Z35UFKD7I0LpwsqdZ6sCZc6MB8GA1UdIwQY
MBaAFKCIsFR/Cf6SJAUNcKUj2lvtvgc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMt
ZGY4MmZhODk3MzI2LzEvdG5qWm5mbFFVb1BzalF1bkN5cDFucXdKbHpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMtZGY4MmZhODk3MzI2
LzEvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAwBAIAATAqAwQAJeaKAwQC
LY/EAwQBURCwAwQAW9BcAwQAvEAhAwQAwtUDAwQA1aqHMA4EAgACMAgDBgAqEOeA
ADANBgkqhkiG9w0BAQsFAAOCAQEALb3TnkL7J9Ma2AVu9LvFp3kKOtjzVoCfPA/x
kfK3nUJEZJ7985rGCyFTHOay+9SETyZUMEzPwClLKkexZ+hvA8lwymwOdC+6o8vv
1Y8tWryekRIciPdcx7y+XEbnqKgXq6Fc1Xzk+FOmKC0q+gW2NLKCTHPOak9GNrS6
ma8RecbBHsvMYoZgYv/f+2IDa8Bni3arObgq28aBBUfgw8nzfI4aq44ElCR+1+gt
iRQrJFKF5/vxWRzpHW0V6zA+o/Nl4qd01qqlAUN/f7kbpiSAr5SosWSIn1vqInYP
jwe0/++Hn2yLXLnhqwVIxNpE1fWqC8FDDsRAHJlgyd5ER20VPA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:42 2024 by rpki-client on console-fra.rpki-client.org