Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/PbD8JG0mh6qv5SKQA83yjFoyASo.roa
File:                     PbD8JG0mh6qv5SKQA83yjFoyASo.roa (raw, json)
Hash identifier:          wqccLrTbrb8K9TJym2Ym5+9N9827H1PbvZcc2GqrwRk=
Subject key identifier:   3D:B0:FC:24:6D:26:87:AA:AF:E5:22:90:03:CD:F2:8C:5A:32:01:2A
Certificate issuer:       /CN=17c203e3f365923a843d3220317a1c68cf74de0f
Certificate serial:       018CC64B5DA9D710404C1DA028AE66E5B848
Authority key identifier: 17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/PbD8JG0mh6qv5SKQA83yjFoyASo.roa
Signing time:             Mon 01 Jan 2024 18:31:16 +0000
ROA not before:           Mon 01 Jan 2024 18:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12993
IP address blocks:        37.203.39.0/24 maxlen: 24
                          185.34.24.0/22 maxlen: 22
                          185.34.24.0/23 maxlen: 23
                          178.16.16.0/20 maxlen: 20
                          193.108.185.0/24 maxlen: 24
                          37.203.32.0/21 maxlen: 21
                          37.203.32.0/23 maxlen: 23
                          185.219.156.0/22 maxlen: 22
                          89.111.0.0/18 maxlen: 18
                          193.108.144.0/22 maxlen: 24
                          193.108.144.0/23 maxlen: 23
                          89.111.38.0/24 maxlen: 24
                          194.9.175.0/24 maxlen: 24
                          185.34.26.0/23 maxlen: 23
                          81.94.224.0/20 maxlen: 20
                          81.94.229.0/24 maxlen: 24
                          2a00:17c0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 18 Nov 2024 14:46:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5d:a9:d7:10:40:4c:1d:a0:28:ae:66:e5:b8:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17c203e3f365923a843d3220317a1c68cf74de0f
        Validity
            Not Before: Jan  1 18:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3db0fc246d2687aaafe5229003cdf28c5a32012a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:68:b3:a8:2b:a5:09:8a:c7:aa:f4:36:fc:a3:
                    90:d9:1c:07:44:ea:df:06:15:90:a1:f9:8d:c6:d7:
                    5d:5f:19:f2:ce:87:b0:4f:69:da:22:45:91:96:78:
                    9e:86:f9:2d:35:f5:f9:c7:3e:b1:9d:a0:d4:b1:20:
                    82:c4:3c:2b:5e:28:f4:1e:d2:ae:7d:f8:58:b5:52:
                    31:f5:b9:25:cc:0f:66:e5:82:5c:49:9e:bd:44:8c:
                    ce:ff:91:00:a0:66:48:39:41:c6:3d:67:ec:49:6a:
                    83:9c:31:85:26:87:e7:ab:c2:3f:1d:36:65:c5:c6:
                    75:00:c8:64:29:7e:01:cb:c5:ec:b9:ec:54:2d:17:
                    ac:fd:07:a7:e5:31:6b:34:15:ab:ed:b8:c3:8e:65:
                    27:de:b4:98:92:8a:a5:bb:f3:c0:a8:7f:d1:de:c3:
                    dc:8d:78:1b:81:00:00:1e:75:a4:7a:85:e7:5d:8e:
                    df:9f:5e:32:d6:de:05:4d:98:42:f4:b5:18:67:47:
                    c6:eb:92:a4:6d:f7:fb:62:9a:ad:ab:74:9f:81:6b:
                    d1:6a:15:71:4c:b9:ec:f4:3c:39:b6:fc:14:06:fb:
                    99:3c:11:13:2f:0a:10:03:aa:1b:66:43:29:12:a1:
                    cc:cd:7e:68:4a:6c:b0:ce:c2:f7:47:4b:80:6c:7d:
                    e5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B0:FC:24:6D:26:87:AA:AF:E5:22:90:03:CD:F2:8C:5A:32:01:2A
            X509v3 Authority Key Identifier:
                keyid:17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/PbD8JG0mh6qv5SKQA83yjFoyASo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.32.0/21
                  81.94.224.0/20
                  89.111.0.0/18
                  178.16.16.0/20
                  185.34.24.0/22
                  185.219.156.0/22
                  193.108.144.0/22
                  193.108.185.0/24
                  194.9.175.0/24
                IPv6:
                  2a00:17c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:97:0c:4a:b9:8d:fc:9d:74:d0:29:67:1c:06:00:84:12:94:
         b3:5c:21:9b:58:2e:9f:af:48:b3:37:09:cd:12:ac:7b:f2:91:
         ae:48:5e:2b:42:d0:cb:3d:a2:a4:9d:9e:35:ad:a6:58:60:c4:
         70:0c:e7:52:d7:4b:cd:c4:e6:35:4e:16:15:a3:4f:2b:6a:42:
         7a:d0:51:09:8b:56:72:1f:2e:7a:79:b1:aa:7c:97:8e:57:fa:
         8d:37:2e:ac:03:cb:04:5e:8e:c7:fb:9f:a0:6f:b1:49:66:bf:
         10:38:b4:38:18:20:c1:5b:7c:18:6b:24:67:b3:b1:8a:aa:b4:
         1d:f3:f9:18:75:99:e0:15:6c:d6:38:b8:0b:71:b9:7c:f9:a8:
         29:45:f5:d3:7a:14:85:da:f5:1b:24:84:09:53:18:3c:69:00:
         6f:44:8d:4d:2c:8d:8f:c4:87:ee:32:28:ec:1e:c5:9c:4e:eb:
         da:31:9e:16:12:76:70:d5:ff:32:ab:fa:52:c2:1d:14:e6:0a:
         01:c0:3a:29:d4:9d:35:98:02:f2:f6:5c:d7:0c:87:14:05:fe:
         e2:76:1c:b7:69:38:55:53:a4:cb:e6:ab:ef:e8:58:6d:2c:8a:
         09:67:bd:8f:27:1f:a3:65:28:c8:9a:0f:c6:6a:de:b1:80:b3:
         58:9d:d8:b7
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzGS12p1xBATB2gKK5m5bhIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YzIwM2UzZjM2NTkyM2E4NDNkMzIyMDMxN2ExYzY4Y2Y3
NGRlMGYwHhcNMjQwMTAxMTgzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGIwZmMyNDZkMjY4N2FhYWZlNTIyOTAwM2NkZjI4YzVhMzIwMTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2izqCulCYrHqvQ2/KOQ2RwHROrf
BhWQofmNxtddXxnyzoewT2naIkWRlniehvktNfX5xz6xnaDUsSCCxDwrXij0HtKu
ffhYtVIx9bklzA9m5YJcSZ69RIzO/5EAoGZIOUHGPWfsSWqDnDGFJofnq8I/HTZl
xcZ1AMhkKX4By8XsuexULRes/Qen5TFrNBWr7bjDjmUn3rSYkoqlu/PAqH/R3sPc
jXgbgQAAHnWkeoXnXY7fn14y1t4FTZhC9LUYZ0fG65Kkbff7Ypqtq3SfgWvRahVx
TLns9Dw5tvwUBvuZPBETLwoQA6obZkMpEqHMzX5oSmywzsL3R0uAbH3lVwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFD2w/CRtJoeqr+UikAPN8oxaMgEqMB8GA1UdIwQY
MBaAFBfCA+PzZZI6hD0yIDF6HGjPdN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMt
YWM2N2EzNmU0YWFiLzEvUGJEOEpHMG1oNnF2NVNLUUE4M3lqRm95QVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMtYWM2N2EzNmU0YWFi
LzEvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJcsgAwQE
UV7gAwQGWW8AAwQEshAQAwQCuSIYAwQCuducAwQCwWyQAwQAwWy5AwQAwgmvMA0E
AgACMAcDBQAqABfAMA0GCSqGSIb3DQEBCwUAA4IBAQAFlwxKuY38nXTQKWccBgCE
EpSzXCGbWC6fr0izNwnNEqx78pGuSF4rQtDLPaKknZ41raZYYMRwDOdS10vNxOY1
ThYVo08rakJ60FEJi1ZyHy56ebGqfJeOV/qNNy6sA8sEXo7H+5+gb7FJZr8QOLQ4
GCDBW3wYayRns7GKqrQd8/kYdZngFWzWOLgLcbl8+agpRfXTehSF2vUbJIQJUxg8
aQBvRI1NLI2PxIfuMijsHsWcTuvaMZ4WEnZw1f8yq/pSwh0U5goBwDop1J01mALy
9lzXDIcUBf7idhy3aThVU6TL5qvv6FhtLIoJZ72PJx+jZSjImg/Gat6xgLNYndi3
-----END CERTIFICATE-----
Generated at Mon Nov 18 18:41:02 2024 by rpki-client on console-fra.rpki-client.org