Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/PpsbIZsq1q3imoKeYyXAf50RE1E.roa
File:                     PpsbIZsq1q3imoKeYyXAf50RE1E.roa (raw, json)
Hash identifier:          1TnJjbD9NFJ1MJfR2zhNt/4ZVF60vzOTkwZBEayaKRE=
Subject key identifier:   3E:9B:1B:21:9B:2A:D6:AD:E2:9A:82:9E:63:25:C0:7F:9D:11:13:51
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       018BB97A88483D8717BC128FCC4A1BFF9F7C
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/PpsbIZsq1q3imoKeYyXAf50RE1E.roa
Signing time:             Fri 10 Nov 2023 13:44:57 +0000
ROA not before:           Fri 10 Nov 2023 13:44:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199242
IP address blocks:        62.106.90.0/24 maxlen: 24
                          212.52.14.0/24 maxlen: 24
                          91.246.50.0/24 maxlen: 24
                          185.234.12.0/24 maxlen: 24
                          194.26.231.0/24 maxlen: 24
                          80.71.144.0/24 maxlen: 24
                          193.162.133.0/24 maxlen: 24
                          195.96.130.0/24 maxlen: 24
                          37.72.142.0/24 maxlen: 24
                          176.97.217.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 Nov 2023 12:39:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b9:7a:88:48:3d:87:17:bc:12:8f:cc:4a:1b:ff:9f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Nov 10 13:44:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3e9b1b219b2ad6ade29a829e6325c07f9d111351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b0:80:c4:0a:f1:a9:87:b8:b6:c5:01:23:9e:
                    89:46:63:a1:bf:82:10:c7:36:75:c0:68:37:85:0b:
                    e3:b3:04:9a:62:7a:da:96:9d:de:53:59:f5:fb:0d:
                    4d:b2:9a:7f:2c:3d:0a:31:5a:da:69:47:4e:17:e2:
                    26:62:32:77:ca:5f:a3:8b:85:7f:1a:a7:40:c3:cb:
                    0e:33:41:3d:78:0d:50:91:e1:80:3b:b3:6a:8a:28:
                    e6:9f:cd:bd:61:34:b5:68:c6:b9:4b:59:26:84:49:
                    14:89:74:55:04:51:b7:dd:c7:0b:38:0a:73:f0:bc:
                    78:8a:53:04:02:ad:1c:e7:89:93:b8:bd:d0:45:97:
                    9b:36:86:d1:a3:56:fc:a7:1e:53:99:78:b9:2a:3d:
                    b8:53:79:a3:31:35:28:05:5a:fc:06:03:67:bd:7b:
                    c6:54:ec:85:81:d8:2f:5b:de:bd:52:2c:a3:6a:14:
                    fd:30:ad:97:91:c6:4d:21:6f:af:3a:30:c7:aa:b9:
                    50:72:95:ab:ca:93:4d:35:f5:12:82:64:cb:be:ad:
                    8f:15:c0:9b:06:85:8c:86:2f:88:aa:3f:f8:b0:7d:
                    91:3f:1b:08:48:54:b3:ed:da:d7:93:58:d9:30:c9:
                    a1:93:20:d8:61:45:c8:b6:4e:e3:6b:67:04:d2:2f:
                    54:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9B:1B:21:9B:2A:D6:AD:E2:9A:82:9E:63:25:C0:7F:9D:11:13:51
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/PpsbIZsq1q3imoKeYyXAf50RE1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.142.0/24
                  62.106.90.0/24
                  80.71.144.0/24
                  91.246.50.0/24
                  176.97.217.0/24
                  185.234.12.0/24
                  193.162.133.0/24
                  194.26.231.0/24
                  195.96.130.0/24
                  212.52.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:e5:5a:a5:e1:44:f9:fe:97:19:bc:86:32:be:c5:94:91:e3:
         ad:0c:29:e6:0c:86:b3:88:4f:7d:3b:e5:7f:36:e5:60:03:25:
         a8:1e:6f:cb:01:09:64:aa:11:c0:f3:94:cc:41:e9:93:51:ee:
         9e:9c:62:96:b2:a1:4c:94:1f:de:36:9b:5a:d3:43:36:62:95:
         5c:8a:d3:8a:9d:e2:48:e2:b4:96:6a:35:d0:24:91:0a:08:27:
         ad:38:f4:3f:09:d3:c4:97:c9:29:4e:32:47:7b:e0:77:58:1b:
         ef:9d:ce:22:a6:0f:cc:86:62:f2:72:18:fa:57:bc:dc:50:46:
         13:ee:8f:82:8d:a2:96:69:bd:e4:51:aa:ad:83:ae:95:9b:b8:
         5b:20:ae:12:8c:e4:33:d5:17:20:fa:69:57:4c:29:6a:f5:9e:
         63:c2:63:88:f1:e2:a4:3d:6f:69:f2:b7:a7:1f:db:1e:7d:28:
         e6:11:87:ec:6f:de:d8:d8:60:cd:ad:29:a9:e8:e7:28:11:79:
         71:1e:3f:eb:c2:77:90:ee:16:fc:15:1e:ca:85:1c:4d:2f:21:
         39:4f:2b:43:e9:68:23:cd:83:12:51:f7:19:b9:31:ca:81:26:
         f8:66:cb:3f:dd:18:bf:c3:84:e4:51:c3:04:db:40:a3:c3:b9:
         11:1c:8f:be
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYu5eohIPYcXvBKPzEob/598MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjMxMTEwMTM0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTliMWIyMTliMmFkNmFkZTI5YTgyOWU2MzI1YzA3ZjlkMTExMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrCAxArxqYe4tsUBI56JRmOhv4IQ
xzZ1wGg3hQvjswSaYnralp3eU1n1+w1Nspp/LD0KMVraaUdOF+ImYjJ3yl+ji4V/
GqdAw8sOM0E9eA1QkeGAO7Nqiijmn829YTS1aMa5S1kmhEkUiXRVBFG33ccLOApz
8Lx4ilMEAq0c54mTuL3QRZebNobRo1b8px5TmXi5Kj24U3mjMTUoBVr8BgNnvXvG
VOyFgdgvW969UiyjahT9MK2XkcZNIW+vOjDHqrlQcpWrypNNNfUSgmTLvq2PFcCb
BoWMhi+Iqj/4sH2RPxsISFSz7drXk1jZMMmhkyDYYUXItk7ja2cE0i9U9wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFD6bGyGbKtat4pqCnmMlwH+dERNRMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvUHBzYklac3ExcTNpbW9LZVl5WEFmNTBSRTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAJUiOAwQA
PmpaAwQAUEeQAwQAW/YyAwQAsGHZAwQAueoMAwQAwaKFAwQAwhrnAwQAw2CCAwQA
1DQOMA0GCSqGSIb3DQEBCwUAA4IBAQCR5Vql4UT5/pcZvIYyvsWUkeOtDCnmDIaz
iE99O+V/NuVgAyWoHm/LAQlkqhHA85TMQemTUe6enGKWsqFMlB/eNpta00M2YpVc
itOKneJI4rSWajXQJJEKCCetOPQ/CdPEl8kpTjJHe+B3WBvvnc4ipg/MhmLychj6
V7zcUEYT7o+CjaKWab3kUaqtg66Vm7hbIK4SjOQz1Rcg+mlXTClq9Z5jwmOI8eKk
PW9p8renH9sefSjmEYfsb97Y2GDNrSmp6OcoEXlxHj/rwneQ7hb8FR7KhRxNLyE5
TytD6WgjzYMSUfcZuTHKgSb4Zss/3Ri/w4TkUcME20Cjw7kRHI++
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:49 2024 by rpki-client on console-fra.rpki-client.org