Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/4hkYycgF6PK-jY4TBM9qfUJ2DRI.roa
File:                     4hkYycgF6PK-jY4TBM9qfUJ2DRI.roa (raw, json)
Hash identifier:          /ms3Csc/hhsukClC3NvjkkQEyvR/ihP00/Wnl+cvoss=
Subject key identifier:   E2:19:18:C9:C8:05:E8:F2:BE:8D:8E:13:04:CF:6A:7D:42:76:0D:12
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018C1F342A709C209A3B92D7C9FC32AA9A07
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/4hkYycgF6PK-jY4TBM9qfUJ2DRI.roa
Signing time:             Thu 30 Nov 2023 07:49:21 +0000
ROA not before:           Thu 30 Nov 2023 07:49:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        78.142.242.0/23 maxlen: 24
                          78.142.241.0/24 maxlen: 24
                          203.0.9.0/24 maxlen: 24
                          203.0.8.0/24 maxlen: 24
                          223.27.114.0/24 maxlen: 24
                          103.212.82.0/24 maxlen: 24
                          89.47.89.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 30 Nov 2023 20:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:1f:34:2a:70:9c:20:9a:3b:92:d7:c9:fc:32:aa:9a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Nov 30 07:49:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e21918c9c805e8f2be8d8e1304cf6a7d42760d12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4b:59:68:b3:fd:d7:7d:24:c5:11:c8:5f:40:
                    ac:da:ac:db:02:04:bc:c2:65:a6:c7:37:80:d4:2d:
                    e4:15:2d:40:bb:98:14:b7:45:47:24:e4:29:3a:3a:
                    e6:4a:73:f3:72:51:fc:ca:12:45:0a:8b:9e:1c:3e:
                    e6:0e:c0:54:ad:32:e3:79:1d:2b:f4:45:64:84:f6:
                    30:5c:e1:73:57:99:be:f3:35:a3:dd:34:29:49:d8:
                    24:d1:60:2d:f7:11:7b:62:ac:8c:b9:30:85:46:7b:
                    c4:27:79:93:67:cb:8c:72:1b:5c:b4:e3:99:79:ea:
                    d1:d0:43:23:5b:a5:fe:71:d2:c0:96:50:0a:b5:a6:
                    a3:07:08:a5:2f:24:52:b4:8c:86:7a:c3:36:91:de:
                    49:ae:52:25:cd:b8:c5:d2:12:8a:76:99:31:58:51:
                    5e:f8:c2:b7:b5:60:38:c2:b4:cd:16:1c:9b:d7:be:
                    e9:e8:ab:64:20:79:0e:92:4a:9a:56:93:17:11:4f:
                    17:28:bd:c9:95:42:75:64:2e:b1:1b:b8:75:24:f1:
                    b9:9e:de:d3:50:d8:71:00:46:c3:36:68:34:34:c4:
                    a1:57:a6:d7:dc:4a:fa:59:e2:b7:d8:b4:0c:b3:d4:
                    60:0d:32:77:cd:73:25:b3:77:49:1c:ed:ee:19:51:
                    d2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:19:18:C9:C8:05:E8:F2:BE:8D:8E:13:04:CF:6A:7D:42:76:0D:12
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/4hkYycgF6PK-jY4TBM9qfUJ2DRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.241.0-78.142.243.255
                  89.47.89.0/24
                  103.212.82.0/24
                  203.0.8.0/23
                  223.27.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:09:ee:dc:7c:4d:2c:45:5c:9b:f4:2f:b8:9c:1f:ec:6b:7c:
         8a:53:21:e0:3a:75:66:8c:57:53:dd:ef:9a:9a:8d:a4:ba:f3:
         fd:c8:cc:70:c4:21:d2:de:9d:3a:cf:53:fc:f8:8f:89:0d:df:
         7d:90:da:57:07:f0:be:6c:36:ea:3f:cd:2d:6b:11:e7:bb:f5:
         c0:3f:59:ed:92:f5:63:87:02:8e:be:57:07:81:e7:60:67:89:
         ad:47:32:62:09:62:4c:14:d2:9f:19:75:0f:b8:e4:39:e1:b6:
         92:60:6a:31:f7:4d:ea:23:88:53:23:52:8c:39:e2:63:06:ee:
         5f:af:ed:31:70:bb:9f:c1:32:d0:15:e3:0a:e2:04:96:ae:35:
         4b:15:d5:ac:ce:5a:d2:d9:05:b7:9b:4a:c5:ed:14:e2:9a:1b:
         23:2e:59:ed:87:c0:4f:2d:f6:3d:25:b5:54:00:f9:5a:72:40:
         ef:8b:08:94:13:7d:fa:bb:f0:8e:15:df:83:28:49:37:bd:c8:
         96:14:b3:68:f1:cf:81:16:85:49:5c:78:cc:32:02:96:96:81:
         b1:32:0c:b6:1a:01:e0:2b:69:36:ed:5e:92:71:75:d7:ab:db:
         e8:4e:0d:49:94:8c:54:54:12:25:53:62:80:8c:ac:39:eb:d6:
         8f:dd:20:ea
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYwfNCpwnCCaO5LXyfwyqpoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMTMwMDc0OTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjE5MThjOWM4MDVlOGYyYmU4ZDhlMTMwNGNmNmE3ZDQyNzYwZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEtZaLP9130kxRHIX0Cs2qzbAgS8
wmWmxzeA1C3kFS1Au5gUt0VHJOQpOjrmSnPzclH8yhJFCoueHD7mDsBUrTLjeR0r
9EVkhPYwXOFzV5m+8zWj3TQpSdgk0WAt9xF7YqyMuTCFRnvEJ3mTZ8uMchtctOOZ
eerR0EMjW6X+cdLAllAKtaajBwilLyRStIyGesM2kd5JrlIlzbjF0hKKdpkxWFFe
+MK3tWA4wrTNFhyb177p6KtkIHkOkkqaVpMXEU8XKL3JlUJ1ZC6xG7h1JPG5nt7T
UNhxAEbDNmg0NMShV6bX3Er6WeK32LQMs9RgDTJ3zXMls3dJHO3uGVHSAQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFOIZGMnIBejyvo2OEwTPan1Cdg0SMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNGhrWXljZ0Y2UEstalk0VEJNOXFmVUoyRFJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBABOjvED
BAJOjvADBABZL1kDBABn1FIDBAHLAAgDBADfG3IwDQYJKoZIhvcNAQELBQADggEB
ACIJ7tx8TSxFXJv0L7icH+xrfIpTIeA6dWaMV1Pd75qajaS68/3IzHDEIdLenTrP
U/z4j4kN332Q2lcH8L5sNuo/zS1rEee79cA/We2S9WOHAo6+VweB52Bnia1HMmIJ
YkwU0p8ZdQ+45DnhtpJgajH3TeojiFMjUow54mMG7l+v7TFwu5/BMtAV4wriBJau
NUsV1azOWtLZBbebSsXtFOKaGyMuWe2HwE8t9j0ltVQA+VpyQO+LCJQTffq78I4V
34MoSTe9yJYUs2jxz4EWhUlceMwyApaWgbEyDLYaAeAraTbtXpJxdder2+hODUmU
jFRUEiVTYoCMrDnr1o/dIOo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org