Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3AT3UmRPGcvWmgVkxZWUXo-fcn4.roa
File:                     3AT3UmRPGcvWmgVkxZWUXo-fcn4.roa (raw, json)
Hash identifier:          4N3mk1T6Am2ZkSUA+smmuhuD/OnB2hqw9xLR5+yQ3Yg=
Subject key identifier:   DC:04:F7:52:64:4F:19:CB:D6:9A:05:64:C5:95:94:5E:8F:9F:72:7E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01863556D60FC8AFEFB460F07735BDEC3A52
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3AT3UmRPGcvWmgVkxZWUXo-fcn4.roa
Signing time:             Thu 09 Feb 2023 08:42:08 +0000
ROA not before:           Thu 09 Feb 2023 08:42:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3507
IP address blocks:        93.114.192.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          45.156.158.0/24 maxlen: 24
                          89.34.127.0/24 maxlen: 24
                          188.212.155.0/24 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          93.115.109.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          188.241.214.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          89.37.62.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 15 Feb 2023 07:08:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:35:56:d6:0f:c8:af:ef:b4:60:f0:77:35:bd:ec:3a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb  9 08:42:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc04f752644f19cbd69a0564c595945e8f9f727e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fc:35:c8:56:3e:6b:cc:ab:38:20:ed:b1:38:
                    f0:b9:8a:c3:d3:60:b8:c1:03:ab:e6:e7:a7:7b:2e:
                    5b:a9:e6:19:a5:0a:ef:5b:3f:ae:72:0c:a0:33:ef:
                    31:90:0b:1a:02:92:36:80:17:e7:3c:b0:6e:c9:35:
                    02:01:57:66:52:56:5b:13:be:fe:3e:b7:56:54:58:
                    5e:81:36:52:31:07:a4:80:a2:1e:88:43:88:53:6f:
                    d4:31:b5:f5:73:7e:0c:79:3f:44:39:4c:a0:68:7c:
                    27:09:84:e0:ef:2a:78:e7:dd:99:9b:d1:a5:e5:91:
                    11:c9:67:c1:9f:80:d3:0b:d3:d8:a2:e6:16:55:fc:
                    e2:e0:f6:c1:40:46:00:80:37:b4:c1:73:fd:a4:d5:
                    b9:8b:bc:09:05:ba:97:09:30:f8:d3:15:72:13:13:
                    77:63:39:5f:ce:5f:04:b2:e6:6c:03:1a:b9:3d:22:
                    b6:bd:00:33:4b:2b:dc:cd:d5:6d:47:28:0d:97:df:
                    a1:15:66:6c:59:36:50:b5:e0:cb:bf:f0:3c:57:d2:
                    dc:56:61:a6:bb:9f:ff:33:1f:95:62:24:0a:e1:57:
                    bf:cd:83:9e:5f:7f:38:99:32:4d:39:de:29:e5:8b:
                    70:c5:b3:0d:53:33:75:ae:5c:8e:84:f3:82:bc:b4:
                    50:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:04:F7:52:64:4F:19:CB:D6:9A:05:64:C5:95:94:5E:8F:9F:72:7E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3AT3UmRPGcvWmgVkxZWUXo-fcn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.157.0-45.156.158.255
                  89.33.84.0/24
                  89.34.127.0/24
                  89.35.154.0/24
                  89.37.62.0/23
                  93.114.192.0/24
                  93.115.109.0/24
                  188.212.155.0/24
                  188.240.232.0/24
                  188.241.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:d9:83:50:f1:95:13:5c:cb:70:19:ee:2e:bc:08:b3:01:
         aa:8f:d8:99:5e:c8:d4:37:11:b5:45:11:a5:c6:13:a6:db:40:
         b9:62:29:e1:3e:62:bc:ec:55:31:01:0f:f5:29:64:d8:ea:f7:
         29:6c:51:60:17:e5:f7:02:4f:25:c6:ee:9f:0a:fe:9a:b5:c1:
         03:0e:04:7d:e1:2c:86:fb:67:a1:72:87:d4:e6:f7:47:b2:68:
         24:43:e9:5f:99:1e:17:e3:e0:26:8e:22:54:b0:f4:0e:70:9a:
         71:0c:0d:2f:a5:32:6e:0f:ac:2d:98:fc:51:d5:3a:52:6c:6a:
         a1:04:45:74:c2:cc:69:8d:93:1d:11:e8:18:37:5f:ab:9b:78:
         7b:5a:ee:2a:88:51:a7:2b:86:93:30:ac:e5:12:66:d0:ed:14:
         66:8b:0b:1f:8d:51:ce:af:c2:7d:e0:91:af:ac:04:96:ff:40:
         08:96:72:7a:73:14:0c:26:f3:2d:3e:c9:50:68:22:63:d6:30:
         c4:c5:da:70:b0:99:f3:93:a6:3c:b7:b1:93:60:cb:67:00:fd:
         34:55:33:2b:bf:4e:a4:1e:14:90:ca:b4:67:84:80:14:8e:6e:
         09:cb:23:ea:12:d5:22:25:cd:57:9c:9e:ef:14:dd:d1:31:b8:
         58:38:d8:5a
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYY1VtYPyK/vtGDwdzW97DpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjA5MDg0MjA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzA0Zjc1MjY0NGYxOWNiZDY5YTA1NjRjNTk1OTQ1ZThmOWY3MjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfw1yFY+a8yrOCDtsTjwuYrD02C4
wQOr5ueney5bqeYZpQrvWz+ucgygM+8xkAsaApI2gBfnPLBuyTUCAVdmUlZbE77+
PrdWVFhegTZSMQekgKIeiEOIU2/UMbX1c34MeT9EOUygaHwnCYTg7yp4592Zm9Gl
5ZERyWfBn4DTC9PYouYWVfzi4PbBQEYAgDe0wXP9pNW5i7wJBbqXCTD40xVyExN3
Yzlfzl8EsuZsAxq5PSK2vQAzSyvczdVtRygNl9+hFWZsWTZQteDLv/A8V9LcVmGm
u5//Mx+VYiQK4Ve/zYOeX384mTJNOd4p5YtwxbMNUzN1rlyOhPOCvLRQywIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNwE91JkTxnL1poFZMWVlF6Pn3J+MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvM0FUM1VtUlBHY3ZXbWdWa3haV1VYby1mY240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBAAtnJ0D
BAAtnJ4DBABZIVQDBABZIn8DBABZI5oDBAFZJT4DBABdcsADBABdc20DBAC81JsD
BAC88OgDBAC88dYwDQYJKoZIhvcNAQELBQADggEBAG6D2YNQ8ZUTXMtwGe4uvAiz
AaqP2JleyNQ3EbVFEaXGE6bbQLliKeE+YrzsVTEBD/UpZNjq9ylsUWAX5fcCTyXG
7p8K/pq1wQMOBH3hLIb7Z6Fyh9Tm90eyaCRD6V+ZHhfj4CaOIlSw9A5wmnEMDS+l
Mm4PrC2Y/FHVOlJsaqEERXTCzGmNkx0R6Bg3X6ubeHta7iqIUacrhpMwrOUSZtDt
FGaLCx+NUc6vwn3gka+sBJb/QAiWcnpzFAwm8y0+yVBoImPWMMTF2nCwmfOTpjy3
sZNgy2cA/TRVMyu/TqQeFJDKtGeEgBSObgnLI+oS1SIlzVecnu8U3dExuFg42Fo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org