Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/EQfZcc0I-CzBUAU740JbVTbFpg8.roa
File:                     EQfZcc0I-CzBUAU740JbVTbFpg8.roa (raw, json)
Hash identifier:          G3HRnNYg4AMWUSm5TvEsZXCNbaErciBvx3Utp/tDCIM=
Subject key identifier:   11:07:D9:71:CD:08:F8:2C:C1:50:05:3B:E3:42:5B:55:36:C5:A6:0F
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0189D579D458B1048C05FB5220E16EC6E4C7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/EQfZcc0I-CzBUAU740JbVTbFpg8.roa
Signing time:             Tue 08 Aug 2023 14:07:58 +0000
ROA not before:           Tue 08 Aug 2023 14:07:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7393
IP address blocks:        91.209.12.0/24 maxlen: 24
                          37.140.222.0/24 maxlen: 24
                          45.86.37.0/24 maxlen: 24
                          188.241.248.0/24 maxlen: 24
                          193.221.210.0/24 maxlen: 24
                          194.150.76.0/24 maxlen: 24
                          185.161.123.0/24 maxlen: 24
                          89.38.136.0/24 maxlen: 24
                          78.142.243.0/24 maxlen: 24
                          193.38.154.0/24 maxlen: 24
                          188.241.159.0/24 maxlen: 24
                          185.151.145.0/24 maxlen: 24
                          185.184.216.0/24 maxlen: 24
                          62.197.128.0/24 maxlen: 24
                          5.180.178.0/24 maxlen: 24
                          213.173.37.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 04 Oct 2023 07:56:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d5:79:d4:58:b1:04:8c:05:fb:52:20:e1:6e:c6:e4:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Aug  8 14:07:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1107d971cd08f82cc150053be3425b5536c5a60f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:06:d5:68:af:71:4a:4b:80:49:68:56:46:76:
                    5d:92:42:d7:68:79:2d:0b:ad:ad:8d:91:fc:8a:56:
                    ec:28:a3:88:a9:ae:85:b6:c8:8e:f2:d3:29:87:0d:
                    c9:56:f6:cb:5b:aa:07:87:c8:eb:a2:67:e9:2b:fc:
                    95:d1:c6:ab:46:be:7f:3a:62:e2:f5:a5:c2:f9:4a:
                    d3:d8:30:d4:ce:db:3d:5e:64:69:2d:2a:8d:74:b7:
                    39:d6:76:0e:76:8d:52:10:84:47:fb:f9:85:c6:da:
                    bb:ea:be:ee:0a:c1:77:b1:a1:4b:28:36:bf:32:b5:
                    3c:82:41:96:08:6b:36:6e:c4:eb:8a:8f:57:81:a1:
                    61:61:24:3e:27:18:e7:72:75:2d:92:a2:3e:af:6f:
                    5e:3a:ef:75:b1:c3:2d:9e:ac:d4:61:7d:0d:d8:59:
                    c8:6d:2f:10:98:2e:00:b0:2b:3d:2f:ed:3b:f7:20:
                    5e:ea:18:51:9d:61:c3:85:f2:3e:7b:33:02:e5:ff:
                    85:6c:3f:0e:df:16:ef:77:16:5e:e2:6a:54:ac:5c:
                    19:40:0d:77:87:9e:db:3c:73:ab:03:f1:28:51:12:
                    cb:94:5a:24:9b:49:6d:66:e0:a8:36:13:92:52:70:
                    0f:81:45:c5:f4:94:17:9c:e4:fb:58:2f:27:79:61:
                    b0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:07:D9:71:CD:08:F8:2C:C1:50:05:3B:E3:42:5B:55:36:C5:A6:0F
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/EQfZcc0I-CzBUAU740JbVTbFpg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.178.0/24
                  37.140.222.0/24
                  45.86.37.0/24
                  62.197.128.0/24
                  78.142.243.0/24
                  89.38.136.0/24
                  91.209.12.0/24
                  185.151.145.0/24
                  185.161.123.0/24
                  185.184.216.0/24
                  188.241.159.0/24
                  188.241.248.0/24
                  193.38.154.0/24
                  193.221.210.0/24
                  194.150.76.0/24
                  213.173.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:8b:b2:93:19:aa:74:b3:30:c3:a5:39:0e:ea:dc:e8:a4:23:
         2e:85:f3:88:27:2f:6a:58:3a:53:49:5e:ce:e4:80:c3:4a:b6:
         b1:ce:d4:98:3e:c6:da:c7:37:c4:c2:0c:d7:dc:bb:13:70:ac:
         1f:b6:32:36:09:0c:e9:99:27:44:1c:a3:38:17:be:ad:32:d0:
         bd:33:e2:ed:c7:9e:e6:6f:6f:17:c6:69:0f:69:fe:92:9e:39:
         d6:d1:70:25:41:1e:a1:0a:47:fe:cd:19:56:37:1e:fa:5f:f5:
         3a:be:23:ec:94:1d:ad:6d:b6:31:8d:9f:ec:47:ac:18:cd:26:
         9f:4c:50:d1:52:6d:40:08:e3:a6:44:cb:82:a7:59:68:5c:54:
         66:63:f2:4a:22:be:ec:8d:50:16:db:b2:fb:31:c6:7c:16:88:
         29:c5:5d:de:ce:40:8f:aa:54:b8:44:ab:74:15:de:e8:20:54:
         ca:5c:a5:8b:42:6b:39:21:82:8c:c0:c3:1d:a9:0a:5d:81:0d:
         8a:0d:28:ba:16:2b:6c:99:b9:b3:6b:a1:0f:2d:7c:c4:ad:4b:
         cf:cd:10:31:09:7f:3e:3f:f1:d3:fb:8c:74:a2:09:3d:3e:22:
         c0:08:d2:3d:4c:ed:db:9a:6b:be:06:d2:1c:de:61:90:ee:c9:
         f8:2c:11:17
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYnVedRYsQSMBftSIOFuxuTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwODA4MTQwNzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTA3ZDk3MWNkMDhmODJjYzE1MDA1M2JlMzQyNWI1NTM2YzVhNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwbVaK9xSkuASWhWRnZdkkLXaHkt
C62tjZH8ilbsKKOIqa6FtsiO8tMphw3JVvbLW6oHh8jromfpK/yV0carRr5/OmLi
9aXC+UrT2DDUzts9XmRpLSqNdLc51nYOdo1SEIRH+/mFxtq76r7uCsF3saFLKDa/
MrU8gkGWCGs2bsTrio9XgaFhYSQ+JxjncnUtkqI+r29eOu91scMtnqzUYX0N2FnI
bS8QmC4AsCs9L+079yBe6hhRnWHDhfI+ezMC5f+FbD8O3xbvdxZe4mpUrFwZQA13
h57bPHOrA/EoURLLlFokm0ltZuCoNhOSUnAPgUXF9JQXnOT7WC8neWGw3QIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFBEH2XHNCPgswVAFO+NCW1U2xaYPMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRVFmWmNjMEktQ3pCVUFVNzQwSmJWVGJGcGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQABbSyAwQA
JYzeAwQALVYlAwQAPsWAAwQATo7zAwQAWSaIAwQAW9EMAwQAuZeRAwQAuaF7AwQA
ubjYAwQAvPGfAwQAvPH4AwQAwSaaAwQAwd3SAwQAwpZMAwQA1a0lMA0GCSqGSIb3
DQEBCwUAA4IBAQCGi7KTGap0szDDpTkO6tzopCMuhfOIJy9qWDpTSV7O5IDDSrax
ztSYPsbaxzfEwgzX3LsTcKwftjI2CQzpmSdEHKM4F76tMtC9M+Ltx57mb28XxmkP
af6SnjnW0XAlQR6hCkf+zRlWNx76X/U6viPslB2tbbYxjZ/sR6wYzSafTFDRUm1A
COOmRMuCp1loXFRmY/JKIr7sjVAW27L7McZ8FogpxV3ezkCPqlS4RKt0Fd7oIFTK
XKWLQms5IYKMwMMdqQpdgQ2KDSi6Fitsmbmza6EPLXzErUvPzRAxCX8+P/HT+4x0
ogk9PiLACNI9TO3bmmu+BtIc3mGQ7sn4LBEX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org