Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2_3yuo5lyTb2RVPiwibounBDWRY.roa
File:                     2_3yuo5lyTb2RVPiwibounBDWRY.roa (raw, json)
Hash identifier:          msk3dyyj8PWUAVSqe6u0HBWN0Tuk6jiMUu2uTmLFHw8=
Subject key identifier:   DB:FD:F2:BA:8E:65:C9:36:F6:45:53:E2:C2:26:E8:BA:70:43:59:16
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5011C36D3D2ADB398EDC8CED77117E9
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2_3yuo5lyTb2RVPiwibounBDWRY.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        194.5.83.0/24 maxlen: 24
                          45.8.70.0/24 maxlen: 24
                          194.5.82.0/24 maxlen: 24
                          45.130.202.0/23 maxlen: 24
                          45.133.4.0/24 maxlen: 24
                          45.133.6.0/24 maxlen: 24
                          89.34.126.0/23 maxlen: 24
                          45.133.5.0/24 maxlen: 24
                          45.133.7.0/24 maxlen: 24
                          194.61.40.0/23 maxlen: 24
                          204.75.229.0/24 maxlen: 24
                          185.165.45.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 09:03:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1c:36:d3:d2:ad:b3:98:ed:c8:ce:d7:71:17:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbfdf2ba8e65c936f64553e2c226e8ba70435916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0a:ca:23:f9:ca:bf:01:72:b3:81:db:83:00:
                    17:1d:1d:a5:d1:c2:0d:d3:83:cc:fc:98:f2:8b:8a:
                    73:e7:36:c3:24:82:f9:9b:ba:23:ef:47:a9:66:02:
                    d0:4e:1a:c9:ab:62:09:90:9d:f9:da:92:37:3e:44:
                    fa:2a:d2:44:9a:49:6f:7b:1d:8c:4b:1c:2e:dc:d8:
                    01:ac:64:2f:b2:b5:e7:b3:f4:d4:15:74:a4:39:76:
                    f3:2a:17:6a:16:d8:72:ff:c1:b1:b3:7a:6e:12:c7:
                    c7:77:91:c5:de:d9:43:50:ff:cd:5c:91:21:5a:94:
                    17:6a:c5:e5:10:05:c2:f3:89:9a:82:74:37:b0:e1:
                    a5:9f:c2:ea:14:44:10:0d:50:11:b6:27:18:98:2a:
                    66:13:20:f9:67:9e:03:d5:10:0c:7f:78:a8:60:9c:
                    9d:71:21:f8:88:19:4c:8a:62:cb:65:a2:5e:89:7a:
                    80:41:2f:54:1e:04:eb:62:a6:fc:86:63:c0:f1:cc:
                    79:5c:70:51:24:a2:e0:85:97:a9:f0:0e:8d:2a:45:
                    82:bf:91:1c:d1:5d:e6:43:66:99:7e:b7:c9:e9:ae:
                    01:f7:5b:61:62:dd:38:b7:ba:60:f0:0c:22:25:a6:
                    35:99:31:04:6e:ef:e5:c4:7a:95:5c:45:13:a9:66:
                    1e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:FD:F2:BA:8E:65:C9:36:F6:45:53:E2:C2:26:E8:BA:70:43:59:16
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2_3yuo5lyTb2RVPiwibounBDWRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.70.0/24
                  45.130.202.0/23
                  45.133.4.0/22
                  89.34.126.0/23
                  185.165.45.0/24
                  194.5.82.0/23
                  194.61.40.0/23
                  204.75.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:39:af:ef:9c:16:d2:19:15:06:94:46:bc:b0:3e:e3:3b:30:
         a2:39:d0:69:e5:f5:8b:25:2c:38:a8:9f:77:a0:33:eb:4d:93:
         57:e6:f6:d0:51:ce:0a:53:cc:85:0a:e0:8b:c7:e6:20:1c:d1:
         b5:47:3c:68:ca:74:7a:96:f3:9f:c8:d8:0b:b3:0c:09:19:72:
         f4:1d:4b:25:c9:4c:79:31:50:8a:1c:b7:52:61:89:aa:00:75:
         7a:b4:1c:a4:ea:58:52:f6:ec:2f:db:b2:df:c1:58:14:1f:80:
         da:29:7b:68:d1:60:c8:a8:46:a6:6c:75:df:4c:fc:94:bf:81:
         2d:ea:c4:5f:a5:b9:5c:24:c8:92:c7:9c:be:1d:71:d8:44:7d:
         0f:bf:45:c4:ae:7c:c1:f9:ee:15:df:e2:1b:df:b0:9e:df:48:
         03:0b:15:49:75:3f:f3:ca:43:06:b2:d0:2f:82:43:f5:62:c8:
         b3:a9:da:b6:d3:37:36:02:8a:8b:79:ad:32:fa:fd:9f:0e:9d:
         14:55:53:5e:5f:c8:4f:86:0f:fb:10:3d:80:9d:b2:16:13:8d:
         bf:95:48:62:fc:f1:15:d2:8a:13:d3:10:33:85:4a:54:4e:f9:
         04:0a:ad:54:d1:d8:c6:e3:97:6d:30:7b:39:24:5c:15:d0:45:
         48:e4:ba:61
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzFARw209Kts5jtyM7XcRfpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZkZjJiYThlNjVjOTM2ZjY0NTUzZTJjMjI2ZThiYTcwNDM1OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwrKI/nKvwFys4HbgwAXHR2l0cIN
04PM/Jjyi4pz5zbDJIL5m7oj70epZgLQThrJq2IJkJ352pI3PkT6KtJEmklvex2M
Sxwu3NgBrGQvsrXns/TUFXSkOXbzKhdqFthy/8Gxs3puEsfHd5HF3tlDUP/NXJEh
WpQXasXlEAXC84magnQ3sOGln8LqFEQQDVARticYmCpmEyD5Z54D1RAMf3ioYJyd
cSH4iBlMimLLZaJeiXqAQS9UHgTrYqb8hmPA8cx5XHBRJKLghZep8A6NKkWCv5Ec
0V3mQ2aZfrfJ6a4B91thYt04t7pg8AwiJaY1mTEEbu/lxHqVXEUTqWYesQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNv98rqOZck29kVT4sIm6LpwQ1kWMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMl8zeXVvNWx5VGIyUlZQaXdpYm91bkJEV1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQhGAwQB
LYLKAwQCLYUEAwQBWSJ+AwQAuaUtAwQBwgVSAwQBwj0oAwQAzEvlMA0GCSqGSIb3
DQEBCwUAA4IBAQAsOa/vnBbSGRUGlEa8sD7jOzCiOdBp5fWLJSw4qJ93oDPrTZNX
5vbQUc4KU8yFCuCLx+YgHNG1RzxoynR6lvOfyNgLswwJGXL0HUslyUx5MVCKHLdS
YYmqAHV6tByk6lhS9uwv27LfwVgUH4DaKXto0WDIqEambHXfTPyUv4Et6sRfpblc
JMiSx5y+HXHYRH0Pv0XErnzB+e4V3+Ib37Ce30gDCxVJdT/zykMGstAvgkP1Ysiz
qdq20zc2AoqLea0y+v2fDp0UVVNeX8hPhg/7ED2AnbIWE42/lUhi/PEV0ooT0xAz
hUpUTvkECq1U0djG45dtMHs5JFwV0EVI5Lph
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org