Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ApBLJlAoU0HApjlQgGSuDJ_c58c.roa
File:                     ApBLJlAoU0HApjlQgGSuDJ_c58c.roa (raw, json)
Hash identifier:          vD1PYptkgooGoSw0BJ7jaPHhy8JXObip5CUhbnNo9ls=
Subject key identifier:   02:90:4B:26:50:28:53:41:C0:A6:39:50:80:64:AE:0C:9F:DC:E7:C7
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018A0DEA2C133E795D3FAA11C40E1C659884
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ApBLJlAoU0HApjlQgGSuDJ_c58c.roa
Signing time:             Sat 19 Aug 2023 13:09:25 +0000
ROA not before:           Sat 19 Aug 2023 13:09:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203394
IP address blocks:        89.35.154.0/24 maxlen: 24
                          188.241.243.0/24 maxlen: 24
                          188.240.230.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:0d:ea:2c:13:3e:79:5d:3f:aa:11:c4:0e:1c:65:98:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Aug 19 13:09:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=02904b2650285341c0a639508064ae0c9fdce7c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a5:ae:60:cd:ea:f4:1f:d4:e6:c2:42:96:81:
                    f0:84:f6:29:84:74:76:8c:b7:47:65:ae:83:a9:47:
                    e6:95:ca:48:36:1b:31:30:3e:90:e2:96:08:f4:c2:
                    67:b9:ec:ae:c1:35:d8:e6:4f:6c:a4:67:4b:ce:d9:
                    fc:37:d9:5f:50:22:8a:4e:c3:05:40:f7:ec:df:68:
                    73:27:e8:b3:6f:a0:61:e2:b6:e3:2a:c5:32:26:17:
                    9f:3a:c9:f1:48:37:32:02:48:7f:98:5e:da:92:b8:
                    57:db:7e:b2:e4:56:e2:dc:75:a4:df:7b:e1:f1:a4:
                    7d:93:42:c1:5a:68:4f:e0:94:3a:ed:61:5d:ab:ae:
                    da:21:f1:45:a3:9e:21:5b:ce:b9:38:31:9b:2d:39:
                    3a:d5:24:5b:81:50:fa:7b:a5:7c:f3:e7:19:c2:58:
                    a9:bf:ee:39:40:0f:10:df:14:b9:a7:7d:a6:7d:73:
                    58:f5:c8:a3:72:0c:cf:bf:a6:88:23:85:bb:5f:85:
                    eb:ea:b8:86:aa:40:17:69:7c:7f:07:0b:ea:09:6e:
                    3c:ce:89:03:10:6c:31:9c:aa:78:87:bf:76:59:6a:
                    92:ff:40:61:97:3d:f1:0c:4f:0f:ac:4d:c4:66:d6:
                    5e:10:0f:76:27:53:ca:e7:ef:ce:32:88:a2:3c:91:
                    dd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:90:4B:26:50:28:53:41:C0:A6:39:50:80:64:AE:0C:9F:DC:E7:C7
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ApBLJlAoU0HApjlQgGSuDJ_c58c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.154.0/24
                  188.240.230.0/24
                  188.240.232.0/24
                  188.241.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:a4:34:56:ae:23:53:a9:22:5d:df:65:87:a2:77:76:fc:99:
         8e:01:05:27:43:c3:94:3d:16:a6:b6:14:94:46:31:b3:4d:b4:
         e2:03:14:80:3e:ef:ad:6d:e2:28:3e:73:3c:fb:3d:1f:34:71:
         fa:e8:8e:ef:aa:0d:bd:26:7d:e3:68:9b:e8:c6:ea:aa:2f:99:
         97:39:30:2f:fe:17:64:f7:ce:7d:9f:9a:ce:e0:b5:02:64:ef:
         63:b6:14:6d:c0:ee:0f:8a:7c:ae:82:3d:26:e9:f3:ca:f0:ed:
         42:4a:02:39:3a:78:c6:b7:a0:f7:fc:6f:5d:b4:bb:91:14:d3:
         98:49:c7:e3:cb:0c:cc:4f:79:0a:96:a2:3d:0e:09:cf:29:be:
         29:9f:00:f3:76:9e:f3:2b:13:41:56:1b:3f:81:0e:91:38:90:
         49:ee:f1:dd:89:63:1e:7e:a7:d4:6e:dc:c8:15:e3:d1:99:72:
         e7:2e:65:a0:2c:d0:0c:23:a1:1f:f0:e9:eb:aa:ee:92:65:57:
         e1:5d:45:28:df:3f:b1:9f:94:34:dd:3e:1f:af:a9:08:c5:e9:
         5f:b4:0c:be:df:48:e8:bd:77:31:e1:5b:7a:a7:28:8d:e2:7b:
         69:f6:4c:21:45:bd:e6:ca:9c:e3:90:c8:28:44:55:58:3c:51:
         0d:e5:9d:2e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYoN6iwTPnldP6oRxA4cZZiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwODE5MTMwOTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjkwNGIyNjUwMjg1MzQxYzBhNjM5NTA4MDY0YWUwYzlmZGNlN2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKWuYM3q9B/U5sJCloHwhPYphHR2
jLdHZa6DqUfmlcpINhsxMD6Q4pYI9MJnueyuwTXY5k9spGdLztn8N9lfUCKKTsMF
QPfs32hzJ+izb6Bh4rbjKsUyJhefOsnxSDcyAkh/mF7akrhX236y5Fbi3HWk33vh
8aR9k0LBWmhP4JQ67WFdq67aIfFFo54hW865ODGbLTk61SRbgVD6e6V88+cZwlip
v+45QA8Q3xS5p32mfXNY9cijcgzPv6aII4W7X4Xr6riGqkAXaXx/BwvqCW48zokD
EGwxnKp4h792WWqS/0Bhlz3xDE8PrE3EZtZeEA92J1PK5+/OMoiiPJHdKQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAKQSyZQKFNBwKY5UIBkrgyf3OfHMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQXBCTEpsQW9VMEhBcGpsUWdHU3VESl9jNThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWSOaAwQA
vPDmAwQAvPDoAwQAvPHzMA0GCSqGSIb3DQEBCwUAA4IBAQB1pDRWriNTqSJd32WH
ond2/JmOAQUnQ8OUPRamthSURjGzTbTiAxSAPu+tbeIoPnM8+z0fNHH66I7vqg29
Jn3jaJvoxuqqL5mXOTAv/hdk9859n5rO4LUCZO9jthRtwO4Pinyugj0m6fPK8O1C
SgI5OnjGt6D3/G9dtLuRFNOYScfjywzMT3kKlqI9DgnPKb4pnwDzdp7zKxNBVhs/
gQ6ROJBJ7vHdiWMefqfUbtzIFePRmXLnLmWgLNAMI6Ef8Onrqu6SZVfhXUUo3z+x
n5Q03T4fr6kIxelftAy+30jovXcx4Vt6pyiN4ntp9kwhRb3mypzjkMgoRFVYPFEN
5Z0u
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org