Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3WAvUWiD4jdlf0dQOjLMWgh12sE.roa
File:                     3WAvUWiD4jdlf0dQOjLMWgh12sE.roa (raw, json)
Hash identifier:          P4Xoxn05Y7WLGlDpCCpBtDKq3smeSol7tQii6Bt6Az8=
Subject key identifier:   DD:60:2F:51:68:83:E2:37:65:7F:47:50:3A:32:CC:5A:08:75:DA:C1
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018721ED3AC770FE783B6699E6E7378B60CF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3WAvUWiD4jdlf0dQOjLMWgh12sE.roa
Signing time:             Mon 27 Mar 2023 07:16:47 +0000
ROA not before:           Mon 27 Mar 2023 07:16:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     38337
IP address blocks:        92.114.85.0/24 maxlen: 24
                          188.241.243.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          213.232.94.0/24 maxlen: 24
                          45.156.159.0/24 maxlen: 24
                          185.255.37.0/24 maxlen: 24
                          188.240.230.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 06:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:21:ed:3a:c7:70:fe:78:3b:66:99:e6:e7:37:8b:60:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 27 07:16:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd602f516883e237657f47503a32cc5a0875dac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d1:fa:06:9a:cb:62:f4:52:a3:48:ed:b0:54:
                    0f:82:79:15:be:8c:6a:d2:46:fc:a0:30:aa:fa:fa:
                    10:ed:2a:9c:6f:21:21:de:c0:f6:61:47:37:44:2f:
                    a3:ff:95:b5:f4:ab:34:a3:86:cc:68:16:2b:ea:7d:
                    8e:37:b9:b4:21:65:57:c9:56:b2:73:ed:72:3d:2f:
                    e5:bc:e0:a0:1e:62:18:b9:59:c9:63:59:f3:3a:0d:
                    c8:fb:44:ef:be:b2:94:e4:de:b7:5e:f6:8e:16:69:
                    26:f2:c5:dc:4c:75:08:5e:66:a4:9c:ab:b2:00:bb:
                    35:1f:82:81:ee:94:8d:c9:af:8e:30:af:7e:81:be:
                    c7:f6:03:05:8b:ea:1a:2c:4c:a5:dc:aa:98:93:f8:
                    f3:cd:3a:14:96:84:be:da:e0:f3:51:e8:d5:50:40:
                    e8:15:36:68:37:96:60:a8:dc:2b:58:67:b9:dd:91:
                    9d:4b:91:fc:48:04:99:c6:3b:ff:b4:95:ec:85:5b:
                    b9:72:df:fe:66:ce:47:37:e8:67:30:2a:5e:43:a3:
                    86:76:9a:fe:cd:3e:5f:81:ef:42:1e:38:1c:ac:ab:
                    0e:1e:7c:a7:d9:3f:60:78:b6:22:d2:12:79:7d:12:
                    ff:08:7b:68:2a:32:93:94:45:90:53:c8:59:f5:6a:
                    9a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:60:2F:51:68:83:E2:37:65:7F:47:50:3A:32:CC:5A:08:75:DA:C1
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3WAvUWiD4jdlf0dQOjLMWgh12sE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.159.0/24
                  92.114.85.0/24
                  185.255.37.0/24
                  188.240.230.0/24
                  188.241.243.0/24
                  193.23.129.0/24
                  213.232.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:a3:95:93:0f:08:3a:37:d1:2d:7d:3e:bc:81:b3:eb:2c:fd:
         d6:d1:5f:e6:09:ae:d1:6e:77:a0:5f:ee:8a:35:17:04:19:df:
         2f:fb:10:10:bf:55:37:bd:14:d9:60:82:cb:3f:db:88:39:93:
         3c:fc:08:0c:7e:5a:53:07:dc:cb:e0:8e:41:82:e3:0c:af:21:
         f2:dc:75:43:8a:0d:12:ca:cf:51:27:b9:e3:82:f8:60:24:0e:
         26:40:0c:40:36:9c:e4:0b:8f:f3:fd:9e:5c:2a:87:14:93:02:
         49:45:3e:ab:2a:00:cc:a3:ed:b7:a5:e7:e4:7f:b2:92:73:37:
         32:cf:56:44:8a:22:46:67:e1:48:51:1c:70:ab:d1:33:e9:84:
         21:9e:f1:c2:a9:de:f8:30:f4:41:67:b6:e7:d5:b1:f2:98:11:
         0d:1e:f8:39:8d:2b:30:59:91:37:e6:ca:34:cb:21:05:7f:18:
         85:34:13:55:6d:b2:fd:17:d3:04:27:2b:29:e5:c4:68:f7:42:
         88:49:98:5c:2a:39:c6:78:1c:f1:6e:21:80:cb:71:72:d5:8f:
         b5:59:56:ea:90:e2:a7:4a:07:d0:33:76:f2:03:6c:74:55:9b:
         6a:16:b0:b4:01:73:06:0d:c1:6e:97:c5:20:bf:fc:bf:c9:f3:
         c8:bd:66:7e
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYch7TrHcP54O2aZ5uc3i2DPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI3MDcxNjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDYwMmY1MTY4ODNlMjM3NjU3ZjQ3NTAzYTMyY2M1YTA4NzVkYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtH6BprLYvRSo0jtsFQPgnkVvoxq
0kb8oDCq+voQ7SqcbyEh3sD2YUc3RC+j/5W19Ks0o4bMaBYr6n2ON7m0IWVXyVay
c+1yPS/lvOCgHmIYuVnJY1nzOg3I+0TvvrKU5N63XvaOFmkm8sXcTHUIXmaknKuy
ALs1H4KB7pSNya+OMK9+gb7H9gMFi+oaLEyl3KqYk/jzzToUloS+2uDzUejVUEDo
FTZoN5ZgqNwrWGe53ZGdS5H8SASZxjv/tJXshVu5ct/+Zs5HN+hnMCpeQ6OGdpr+
zT5fge9CHjgcrKsOHnyn2T9geLYi0hJ5fRL/CHtoKjKTlEWQU8hZ9WqaRQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFN1gL1Fog+I3ZX9HUDoyzFoIddrBMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvM1dBdlVXaUQ0amRsZjBkUU9qTE1XZ2gxMnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALZyfAwQA
XHJVAwQAuf8lAwQAvPDmAwQAvPHzAwQAwReBAwQA1eheMA0GCSqGSIb3DQEBCwUA
A4IBAQAeo5WTDwg6N9EtfT68gbPrLP3W0V/mCa7RbnegX+6KNRcEGd8v+xAQv1U3
vRTZYILLP9uIOZM8/AgMflpTB9zL4I5BguMMryHy3HVDig0Sys9RJ7njgvhgJA4m
QAxANpzkC4/z/Z5cKocUkwJJRT6rKgDMo+23pefkf7KSczcyz1ZEiiJGZ+FIURxw
q9Ez6YQhnvHCqd74MPRBZ7bn1bHymBENHvg5jSswWZE35so0yyEFfxiFNBNVbbL9
F9MEJysp5cRo90KISZhcKjnGeBzxbiGAy3Fy1Y+1WVbqkOKnSgfQM3byA2x0VZtq
FrC0AXMGDcFul8Ugv/y/yfPIvWZ+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org