Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KZ5H9tac2iVRbFSNA9IjyDvTYRU.roa
File:                     KZ5H9tac2iVRbFSNA9IjyDvTYRU.roa (raw, json)
Hash identifier:          2Mdm2a8QUvq1T44oEk92sN7Z0KiRxBk+T2URUhXj/08=
Subject key identifier:   29:9E:47:F6:D6:9C:DA:25:51:6C:54:8D:03:D2:23:C8:3B:D3:61:15
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018E1C96FF05F405DBACD274283D0D168ADF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KZ5H9tac2iVRbFSNA9IjyDvTYRU.roa
Signing time:             Fri 08 Mar 2024 05:44:01 +0000
ROA not before:           Fri 08 Mar 2024 05:44:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        45.67.96.0/24 maxlen: 24
                          45.130.80.0/24 maxlen: 24
                          45.130.81.0/24 maxlen: 24
                          45.130.83.0/24 maxlen: 24
                          45.135.186.0/24 maxlen: 24
                          45.135.187.0/24 maxlen: 24
                          45.140.135.0/24 maxlen: 24
                          89.38.70.0/24 maxlen: 24
                          89.47.15.0/24 maxlen: 24
                          91.217.249.0/24 maxlen: 24
                          185.192.71.0/24 maxlen: 24
                          188.212.135.0/24 maxlen: 24
                          193.19.109.0/24 maxlen: 24
                          203.26.81.0/24 maxlen: 24
                          203.159.81.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Apr 2024 07:42:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1c:96:ff:05:f4:05:db:ac:d2:74:28:3d:0d:16:8a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  8 05:44:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=299e47f6d69cda25516c548d03d223c83bd36115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:16:07:2e:7f:59:10:db:58:a4:b0:a0:55:09:
                    0f:b8:1e:e0:49:11:2d:b6:ec:da:97:b8:dd:ce:b0:
                    56:f5:81:12:e7:bf:81:ba:cd:74:e4:14:71:61:38:
                    43:6a:06:6b:b7:22:46:57:00:f4:51:b4:bc:64:d1:
                    ee:6a:44:f3:8a:06:4e:b2:87:cc:d8:a3:76:5b:d4:
                    c9:de:65:7c:7d:a5:35:bb:27:64:0e:02:04:f4:03:
                    ff:4f:7b:84:cd:40:f7:5e:2c:2e:27:2c:87:50:c8:
                    8a:35:82:c2:88:1c:7f:36:b9:f8:d4:2c:27:d6:27:
                    3e:7f:4e:35:1c:49:66:87:81:16:fe:fc:3a:b2:f9:
                    7f:c1:af:9d:c9:7a:0f:89:f3:1f:d6:b5:00:ca:1c:
                    6c:aa:9b:cb:28:7b:f6:d4:bc:6a:85:81:1e:eb:a5:
                    8b:e7:c9:c4:14:ee:cb:6c:ec:23:0c:a7:31:57:1d:
                    d4:55:ed:a9:0a:5d:4f:86:94:77:b5:26:66:98:da:
                    64:7b:db:33:af:0b:64:de:5e:bc:fc:cf:56:fb:fd:
                    6c:4f:fa:be:55:25:a2:8d:d9:18:b7:d0:03:83:fc:
                    d1:bc:4a:76:30:78:52:48:cf:4b:25:22:f2:24:81:
                    a6:08:9b:c9:37:c7:80:37:c2:e5:ff:93:1f:e2:f0:
                    63:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9E:47:F6:D6:9C:DA:25:51:6C:54:8D:03:D2:23:C8:3B:D3:61:15
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KZ5H9tac2iVRbFSNA9IjyDvTYRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.96.0/24
                  45.130.80.0/23
                  45.130.83.0/24
                  45.135.186.0/23
                  45.140.135.0/24
                  89.38.70.0/24
                  89.47.15.0/24
                  91.217.249.0/24
                  185.192.71.0/24
                  188.212.135.0/24
                  193.19.109.0/24
                  203.26.81.0/24
                  203.159.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:ae:a9:dc:9d:d5:c5:7a:48:8b:03:63:1e:f0:ef:25:5c:71:
         92:35:51:1e:e4:08:f9:77:f3:12:7b:bf:3c:2a:20:29:4e:3b:
         83:6a:22:9f:ea:30:24:e9:35:ac:56:42:bd:da:99:f0:2f:94:
         58:b5:a8:06:1b:49:eb:48:88:0a:30:1f:f5:91:87:e6:63:96:
         ef:f3:a1:92:11:ff:51:f9:d7:8c:26:ea:65:c5:21:f3:6c:e0:
         0b:f2:0a:68:83:4e:e3:21:51:65:96:5a:15:7c:be:85:8e:39:
         84:03:51:71:d6:9f:fd:84:d9:12:73:57:70:1f:82:54:2a:fe:
         47:3f:be:03:49:91:36:ab:d8:f0:7b:df:85:c2:3f:15:e4:ce:
         c2:4c:80:a1:ea:29:df:a7:01:df:ed:dc:c0:87:33:6a:6a:16:
         bb:30:54:f6:4e:b8:bd:e1:b2:8d:e4:57:9a:e7:1a:a6:79:a7:
         8a:59:4b:b4:ef:29:c4:6f:d6:c9:9f:fe:31:b0:4f:2c:b3:f8:
         04:0a:5f:b3:1d:64:cd:6a:ff:83:db:12:28:c3:42:2c:4f:6a:
         1b:bf:64:3c:d2:29:51:fa:cb:42:4a:50:57:6f:c8:de:e2:d1:
         56:59:14:2a:43:06:3c:f8:6e:e6:a2:ac:4f:49:b3:88:51:1a:
         42:55:eb:7b
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY4clv8F9AXbrNJ0KD0NForfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMzA4MDU0NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTllNDdmNmQ2OWNkYTI1NTE2YzU0OGQwM2QyMjNjODNiZDM2MTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxYHLn9ZENtYpLCgVQkPuB7gSREt
tuzal7jdzrBW9YES57+Bus105BRxYThDagZrtyJGVwD0UbS8ZNHuakTzigZOsofM
2KN2W9TJ3mV8faU1uydkDgIE9AP/T3uEzUD3XiwuJyyHUMiKNYLCiBx/Nrn41Cwn
1ic+f041HElmh4EW/vw6svl/wa+dyXoPifMf1rUAyhxsqpvLKHv21LxqhYEe66WL
58nEFO7LbOwjDKcxVx3UVe2pCl1PhpR3tSZmmNpke9szrwtk3l68/M9W+/1sT/q+
VSWijdkYt9ADg/zRvEp2MHhSSM9LJSLyJIGmCJvJN8eAN8Ll/5Mf4vBjCQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFCmeR/bWnNolUWxUjQPSI8g702EVMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS1o1SDl0YWMyaVZSYkZTTkE5SWp5RHZUWVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALUNgAwQB
LYJQAwQALYJTAwQBLYe6AwQALYyHAwQAWSZGAwQAWS8PAwQAW9n5AwQAucBHAwQA
vNSHAwQAwRNtAwQAyxpRAwQAy59RMA0GCSqGSIb3DQEBCwUAA4IBAQASrqncndXF
ekiLA2Me8O8lXHGSNVEe5Aj5d/MSe788KiApTjuDaiKf6jAk6TWsVkK92pnwL5RY
tagGG0nrSIgKMB/1kYfmY5bv86GSEf9R+deMJuplxSHzbOAL8gpog07jIVFllloV
fL6FjjmEA1Fx1p/9hNkSc1dwH4JUKv5HP74DSZE2q9jwe9+Fwj8V5M7CTICh6inf
pwHf7dzAhzNqaha7MFT2Tri94bKN5Fea5xqmeaeKWUu07ynEb9bJn/4xsE8ss/gE
Cl+zHWTNav+D2xIow0IsT2obv2Q80ilR+stCSlBXb8je4tFWWRQqQwY8+G7moqxP
SbOIURpCVet7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org