Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/cgFcM12q48p4hGGxVpHAO_D4z8s.roa
File:                     cgFcM12q48p4hGGxVpHAO_D4z8s.roa (raw, json)
Hash identifier:          QmwEVJbAexdSHjKBaTsnnFG9cDF8EWUEDjJtProygzQ=
Subject key identifier:   72:01:5C:33:5D:AA:E3:CA:78:84:61:B1:56:91:C0:3B:F0:F8:CF:CB
Certificate issuer:       /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial:       018CC727369A99A5EF86FCEBE1213FDED8BD
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/cgFcM12q48p4hGGxVpHAO_D4z8s.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204175
IP address blocks:        185.177.43.0/24 maxlen: 24
                          185.177.42.0/24 maxlen: 24
                          185.220.166.0/24 maxlen: 24
                          185.220.167.0/24 maxlen: 24
                          185.220.166.0/23 maxlen: 23
                          185.232.132.0/24 maxlen: 24
                          185.232.133.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 18 Mar 2024 12:56:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:36:9a:99:a5:ef:86:fc:eb:e1:21:3f:de:d8:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72015c335daae3ca788461b15691c03bf0f8cfcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:33:5c:23:d5:ba:02:b8:9d:a4:f6:8d:72:3a:
                    dc:8a:45:e1:03:81:c0:e6:5d:22:d5:f4:4b:3b:d8:
                    06:3a:08:2a:ea:7d:a4:26:48:bb:d0:34:4c:3c:36:
                    12:d5:3d:73:ce:5c:43:6e:b4:4e:50:92:ba:eb:ee:
                    b3:d5:83:d8:a9:68:75:e1:84:5f:19:fa:51:27:d2:
                    72:0e:88:9c:7c:fc:f2:2e:22:2f:5c:ef:83:89:69:
                    37:d1:c1:e3:11:81:68:cb:d1:50:aa:49:3f:a5:9f:
                    8c:4c:08:55:6a:69:95:f1:74:96:0f:f0:b1:64:5f:
                    ea:fe:20:39:d1:19:d1:45:22:8f:1f:b3:aa:24:de:
                    00:c0:cb:12:3e:6c:a5:05:e4:84:5d:f3:d9:ce:ef:
                    03:b9:54:5b:17:d1:74:43:a2:b6:a8:93:79:f6:95:
                    9a:71:0f:71:d1:dc:8a:7f:23:ec:82:00:44:08:51:
                    d1:0c:8e:b3:02:80:d7:d5:ec:e6:e5:63:f9:6c:c7:
                    c3:eb:06:9c:9a:52:fd:20:25:7c:cc:2d:46:8c:c5:
                    79:07:17:e8:14:00:bb:7d:8a:c7:be:6e:49:80:d3:
                    f4:41:5e:2c:61:4c:fc:8c:3c:7b:9d:00:88:d3:ca:
                    19:72:08:6d:99:f8:89:94:77:f4:e1:96:49:56:36:
                    4f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:01:5C:33:5D:AA:E3:CA:78:84:61:B1:56:91:C0:3B:F0:F8:CF:CB
            X509v3 Authority Key Identifier:
                keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/cgFcM12q48p4hGGxVpHAO_D4z8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.42.0/23
                  185.220.166.0/23
                  185.232.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:17:23:bc:f0:8d:35:ae:bc:49:ae:3c:fb:ea:b6:80:a2:99:
         ae:56:f3:ac:c8:d2:bd:b1:da:e5:3d:d4:be:9b:13:90:0a:3f:
         dc:99:e8:72:d4:12:26:af:8c:eb:b4:62:c3:d4:54:6e:50:41:
         e8:2e:5d:0f:e3:ad:a9:d6:d0:31:b6:fb:27:58:80:ee:e3:aa:
         fc:83:3a:ba:5a:f4:77:34:11:b2:ad:bf:c8:fc:3a:bf:2c:9e:
         c0:cc:56:c8:dd:e2:4d:64:97:2f:ec:6c:87:78:e9:4c:30:0e:
         90:8f:43:69:b0:ed:2a:b9:00:5e:87:ea:9e:3b:9e:86:dd:fd:
         dc:55:6f:2c:b2:bb:52:8c:8c:13:b8:61:a9:7e:e8:32:4c:cf:
         6b:f1:d9:68:ce:71:ad:79:8c:f6:d9:ff:8a:18:75:10:1e:e0:
         6f:5c:41:f6:00:5c:0f:fe:cc:19:4c:57:9c:9a:6f:21:c4:ee:
         7a:5e:6f:45:21:ca:c6:9a:e8:cb:73:f4:30:f5:01:7e:1a:66:
         22:7a:6a:b1:23:43:5e:2b:a8:fe:e7:30:c5:80:a1:6b:87:e9:
         42:04:54:f7:43:6e:35:ce:fa:ae:a4:0f:19:e6:9e:93:ea:94:
         69:b6:00:6b:16:4c:a4:48:c4:ce:07:6c:bf:64:86:eb:5b:de:
         b5:03:39:7e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJzaamaXvhvzr4SE/3ti9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjAxNWMzMzVkYWFlM2NhNzg4NDYxYjE1NjkxYzAzYmYwZjhjZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjNcI9W6AridpPaNcjrcikXhA4HA
5l0i1fRLO9gGOggq6n2kJki70DRMPDYS1T1zzlxDbrROUJK66+6z1YPYqWh14YRf
GfpRJ9JyDoicfPzyLiIvXO+DiWk30cHjEYFoy9FQqkk/pZ+MTAhVammV8XSWD/Cx
ZF/q/iA50RnRRSKPH7OqJN4AwMsSPmylBeSEXfPZzu8DuVRbF9F0Q6K2qJN59pWa
cQ9x0dyKfyPsggBECFHRDI6zAoDX1ezm5WP5bMfD6wacmlL9ICV8zC1GjMV5Bxfo
FAC7fYrHvm5JgNP0QV4sYUz8jDx7nQCI08oZcghtmfiJlHf04ZZJVjZPuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHIBXDNdquPKeIRhsVaRwDvw+M/LMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvY2dGY00xMnE0OHA0aEdHeFZwSEFPX0Q0ejhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBubEqAwQB
udymAwQBueiEMA0GCSqGSIb3DQEBCwUAA4IBAQB5FyO88I01rrxJrjz76raAopmu
VvOsyNK9sdrlPdS+mxOQCj/cmehy1BImr4zrtGLD1FRuUEHoLl0P462p1tAxtvsn
WIDu46r8gzq6WvR3NBGyrb/I/Dq/LJ7AzFbI3eJNZJcv7GyHeOlMMA6Qj0NpsO0q
uQBeh+qeO56G3f3cVW8ssrtSjIwTuGGpfugyTM9r8dloznGteYz22f+KGHUQHuBv
XEH2AFwP/swZTFecmm8hxO56Xm9FIcrGmujLc/Qw9QF+GmYiemqxI0NeK6j+5zDF
gKFrh+lCBFT3Q241zvqupA8Z5p6T6pRptgBrFkykSMTOB2y/ZIbrW961Azl+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:02 2024 by rpki-client on console-fra.rpki-client.org