Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/36jdMrpP2D0V-iZNPJOPTBP1gFs.roa
File:                     36jdMrpP2D0V-iZNPJOPTBP1gFs.roa (raw, json)
Hash identifier:          DJETuqTM1EtNy08A1r5lFUiYOzYoWLBn3u09/i/mOfs=
Subject key identifier:   DF:A8:DD:32:BA:4F:D8:3D:15:FA:26:4D:3C:93:8F:4C:13:F5:80:5B
Certificate issuer:       /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial:       0185ED5C63C73186AA9F8F4911BC20212875
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/36jdMrpP2D0V-iZNPJOPTBP1gFs.roa
Signing time:             Thu 26 Jan 2023 09:15:33 +0000
ROA not before:           Thu 26 Jan 2023 09:15:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5398
IP address blocks:        31.44.32.0/20 maxlen: 20
                          193.221.216.0/23 maxlen: 23
                          31.44.46.0/23 maxlen: 23
                          46.21.16.0/23 maxlen: 23
                          46.21.18.0/23 maxlen: 23
                          46.21.29.0/24 maxlen: 24
                          46.21.31.0/24 maxlen: 24
                          193.222.104.0/23 maxlen: 23
                          185.155.176.0/22 maxlen: 22
                          185.155.184.0/23 maxlen: 23
                          77.220.64.0/19 maxlen: 19
                          2a00:bd00::/32 maxlen: 32
                          2a0f:e880::/29 maxlen: 29
                          2a02:210::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 May 2023 15:11:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:ed:5c:63:c7:31:86:aa:9f:8f:49:11:bc:20:21:28:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
        Validity
            Not Before: Jan 26 09:15:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dfa8dd32ba4fd83d15fa264d3c938f4c13f5805b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:30:3c:4c:a3:fe:c4:34:82:3d:78:61:48:5a:
                    22:30:10:35:41:11:76:20:42:ec:49:17:e5:55:96:
                    a7:e0:f0:4d:39:bf:43:d1:98:21:bc:30:6b:0b:6a:
                    74:19:34:b5:a6:16:6b:18:e9:60:8e:2a:6d:cf:4f:
                    fa:0d:f3:74:a0:e3:d5:53:3e:99:5e:7f:e5:b5:34:
                    5e:0e:19:9a:24:e0:a2:dc:58:1e:8f:4f:47:83:7a:
                    66:40:c6:bb:23:05:d9:4f:a6:c3:04:60:33:3b:1d:
                    7f:56:ed:46:92:6d:3f:55:40:6d:d6:89:8c:e2:99:
                    83:ae:01:3f:7c:f0:fb:e9:7a:a6:3e:83:38:13:4a:
                    0c:fa:25:fa:cf:0e:9d:f7:f6:71:41:bc:f9:c1:2f:
                    b9:a2:a4:47:58:c5:9b:f9:19:d4:be:83:d9:db:10:
                    86:96:22:ca:a0:2a:55:5f:7e:7f:7c:4a:71:b0:1d:
                    58:11:95:03:25:4d:de:93:43:28:5a:9f:2a:21:89:
                    95:e2:03:a1:3c:22:a1:ec:d1:2c:69:64:b7:f0:43:
                    8b:13:13:da:2e:f4:8f:90:49:9b:ee:50:48:ce:55:
                    86:a3:ca:ec:ff:11:55:24:50:56:6b:f4:0a:0a:6d:
                    a6:f5:5e:de:2e:cc:8a:b7:60:aa:b3:55:8d:75:1b:
                    9b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A8:DD:32:BA:4F:D8:3D:15:FA:26:4D:3C:93:8F:4C:13:F5:80:5B
            X509v3 Authority Key Identifier:
                keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/36jdMrpP2D0V-iZNPJOPTBP1gFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.32.0/20
                  46.21.16.0/22
                  46.21.29.0/24
                  46.21.31.0/24
                  77.220.64.0/19
                  185.155.176.0/22
                  185.155.184.0/23
                  193.221.216.0/23
                  193.222.104.0/23
                IPv6:
                  2a00:bd00::/32
                  2a02:210::/32
                  2a0f:e880::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:90:4f:28:0d:0c:62:1f:67:88:28:98:25:28:58:29:91:c7:
         34:40:cf:e5:32:60:37:a4:c2:4e:bc:07:77:4a:cd:ba:62:fa:
         e5:65:15:6e:c4:56:3b:c3:fa:60:90:9e:2e:5c:1c:95:ef:bb:
         7c:cc:64:03:92:b9:9c:a9:58:99:45:19:42:5c:01:ab:94:5c:
         be:dd:42:54:be:03:43:ac:fd:cd:51:b6:8d:cc:1d:d6:fd:ed:
         de:85:37:1c:5b:53:06:1c:1b:bd:24:dc:c8:3f:66:9d:7b:9a:
         d6:bf:b9:e1:72:75:04:ca:45:89:7f:36:e1:f2:f7:ae:15:27:
         d0:c5:87:bb:2c:8e:16:8b:84:b1:06:cd:80:15:8c:ae:9f:f0:
         92:16:e7:30:73:07:9e:2b:42:af:61:a8:df:82:8e:93:81:2b:
         c1:0e:16:e9:d9:a4:82:7d:f6:1b:cb:1f:67:05:b8:64:01:f9:
         cf:da:3f:42:a5:6b:11:1b:d3:6f:52:ea:6d:d2:17:01:bd:c4:
         16:ff:d2:b8:76:ac:c0:61:1e:82:f8:0a:32:7f:30:a4:29:a1:
         4e:22:b9:0a:01:b1:ba:6d:63:36:71:78:db:5b:6d:e9:8f:03:
         10:ef:9b:c1:8b:99:fe:f7:b9:f1:a9:67:77:11:5e:e2:f5:92:
         d2:0e:03:74
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYXtXGPHMYaqn49JEbwgISh1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMwMTI2MDkxNTMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmE4ZGQzMmJhNGZkODNkMTVmYTI2NGQzYzkzOGY0YzEzZjU4MDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozA8TKP+xDSCPXhhSFoiMBA1QRF2
IELsSRflVZan4PBNOb9D0ZghvDBrC2p0GTS1phZrGOlgjiptz0/6DfN0oOPVUz6Z
Xn/ltTReDhmaJOCi3Fgej09Hg3pmQMa7IwXZT6bDBGAzOx1/Vu1Gkm0/VUBt1omM
4pmDrgE/fPD76XqmPoM4E0oM+iX6zw6d9/ZxQbz5wS+5oqRHWMWb+RnUvoPZ2xCG
liLKoCpVX35/fEpxsB1YEZUDJU3ek0MoWp8qIYmV4gOhPCKh7NEsaWS38EOLExPa
LvSPkEmb7lBIzlWGo8rs/xFVJFBWa/QKCm2m9V7eLsyKt2Cqs1WNdRubawIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFN+o3TK6T9g9FfomTTyTj0wT9YBbMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvMzZqZE1ycFAyRDBWLWlaTlBKT1BUQlAxZ0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzA8BAIAATA2AwQEHywgAwQC
LhUQAwQALhUdAwQALhUfAwQFTdxAAwQCuZuwAwQBuZu4AwQBwd3YAwQBwd5oMBsE
AgACMBUDBQAqAL0AAwUAKgICEAMFAyoP6IAwDQYJKoZIhvcNAQELBQADggEBAFeQ
TygNDGIfZ4gomCUoWCmRxzRAz+UyYDekwk68B3dKzbpi+uVlFW7EVjvD+mCQni5c
HJXvu3zMZAOSuZypWJlFGUJcAauUXL7dQlS+A0Os/c1Rto3MHdb97d6FNxxbUwYc
G70k3Mg/Zp17mta/ueFydQTKRYl/NuHy964VJ9DFh7ssjhaLhLEGzYAVjK6f8JIW
5zBzB54rQq9hqN+CjpOBK8EOFunZpIJ99hvLH2cFuGQB+c/aP0KlaxEb029S6m3S
FwG9xBb/0rh2rMBhHoL4CjJ/MKQpoU4iuQoBsbptYzZxeNtbbemPAxDvm8GLmf73
ufGpZ3cRXuL1ktIOA3Q=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:45 2024 by rpki-client on console-fra.rpki-client.org