Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KgW4HGK1tJoc-SCyYUjwkapEPaY.roa
File:                     KgW4HGK1tJoc-SCyYUjwkapEPaY.roa (raw, json)
Hash identifier:          pYKisEB3BeGqKQwXggmIBbISMvHoef598H/3cO/J+RU=
Subject key identifier:   2A:05:B8:1C:62:B5:B4:9A:1C:F9:20:B2:61:48:F0:91:AA:44:3D:A6
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018A928E8D35355B86A20AFF13F0B545651B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KgW4HGK1tJoc-SCyYUjwkapEPaY.roa
Signing time:             Thu 14 Sep 2023 07:18:50 +0000
ROA not before:           Thu 14 Sep 2023 07:18:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.112.64.0/22 maxlen: 24
                          188.241.242.0/24 maxlen: 24
                          188.241.243.0/24 maxlen: 24
                          185.255.39.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          93.115.255.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          188.213.203.0/24 maxlen: 24
                          188.213.202.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          193.23.128.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.92.0/24 maxlen: 24
                          213.232.94.0/23 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.85.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/23 maxlen: 24
                          185.255.170.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.155.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          87.247.150.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          87.247.151.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24
                          188.240.225.0/24 maxlen: 24
                          188.240.227.0/24 maxlen: 24
                          188.240.233.0/24 maxlen: 24
                          91.188.205.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          91.188.206.0/24 maxlen: 24
                          91.188.207.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          45.146.184.0/22 maxlen: 24
                          185.135.140.0/24 maxlen: 24
                          185.135.141.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          188.241.110.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Sep 2023 18:07:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:92:8e:8d:35:35:5b:86:a2:0a:ff:13:f0:b5:45:65:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Sep 14 07:18:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a05b81c62b5b49a1cf920b26148f091aa443da6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:54:fa:03:ac:a6:bf:ae:69:96:64:b0:b1:cd:
                    90:ae:d3:00:71:db:4f:3a:8f:1b:e4:0d:18:78:c9:
                    8f:fc:e6:3e:72:90:c2:c4:16:37:56:70:5f:4f:64:
                    60:d4:96:17:f1:a1:76:a9:f4:34:8f:8f:70:16:57:
                    93:4b:04:99:ef:64:2b:5b:9e:59:0a:18:45:6b:8c:
                    e1:ad:6b:07:a8:32:be:d5:13:17:13:5f:a4:bf:c8:
                    34:7b:c2:65:93:26:8f:d8:16:9b:28:d4:8b:11:c6:
                    a6:e2:a8:2d:aa:b8:7d:e5:18:2a:5e:5b:39:43:e9:
                    55:53:08:b9:18:95:5e:60:2b:a2:a8:77:a2:98:52:
                    ae:5c:da:0c:c7:46:68:46:51:c0:06:6e:6a:7c:0d:
                    7a:d5:14:3c:9a:9d:b8:bd:00:d6:80:42:fa:da:72:
                    77:f8:bc:43:76:25:f3:a3:2e:11:dc:5d:2f:8e:50:
                    6f:5c:e1:64:51:6f:59:98:4b:0f:16:3f:de:7b:97:
                    91:80:0d:97:44:a5:34:52:8a:80:36:9b:26:c5:15:
                    41:22:30:0d:f3:d3:84:ec:4f:12:c8:fd:00:cb:2e:
                    64:5f:d7:42:99:e9:ae:d9:58:25:0a:c9:7b:bf:b5:
                    55:dc:a1:d1:77:a1:d5:11:33:f0:84:cb:d1:de:4c:
                    7b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:05:B8:1C:62:B5:B4:9A:1C:F9:20:B2:61:48:F0:91:AA:44:3D:A6
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KgW4HGK1tJoc-SCyYUjwkapEPaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.184.0/22
                  45.156.157.0/24
                  87.247.148.0/22
                  89.33.84.0/23
                  89.35.154.0/24
                  89.37.63.0/24
                  91.188.204.0/22
                  93.115.254.0/23
                  185.112.64.0/22
                  185.135.140.0/23
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.39.0/24
                  185.255.169.0-185.255.171.255
                  188.212.133.0/24
                  188.212.155.0/24
                  188.212.158.0/24
                  188.213.202.0/23
                  188.214.209.0/24
                  188.240.224.0/23
                  188.240.227.0/24
                  188.240.233.0/24
                  188.241.110.0/24
                  188.241.242.0/23
                  193.23.128.0/23
                  213.232.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:ca:97:fd:48:8a:b1:07:42:19:51:3b:db:6d:12:12:62:ee:
         99:6a:77:a4:ee:82:5f:e9:53:3b:89:06:93:e4:f6:ff:68:7b:
         5e:c4:fe:bd:ce:a8:51:85:4a:fa:04:cf:09:14:ce:c0:c2:11:
         f9:f3:c3:2b:c3:0a:c0:21:44:58:ce:e2:f0:ca:aa:c9:fb:ee:
         eb:ba:b0:72:7f:f1:b3:92:92:f1:03:19:6d:89:9a:dc:e4:20:
         e9:6b:91:8e:2f:22:d3:5e:59:18:f8:aa:0b:70:86:0b:f1:c9:
         b5:f5:a9:43:05:7a:af:7b:5c:f9:0f:1e:ff:2f:8b:0d:ec:92:
         fc:a7:4e:fb:62:de:59:4e:9c:f9:bb:a3:c1:38:8e:c3:3d:a6:
         cf:d1:9c:e5:c8:23:93:3d:5d:a2:9f:66:af:d7:12:02:39:59:
         51:a0:7f:b4:28:92:8b:b2:21:7e:06:ed:6e:2f:c8:75:e5:33:
         ff:e3:f7:0b:bb:99:09:38:d6:2c:8b:89:54:3c:73:c0:f6:b3:
         1c:5a:86:e6:54:59:7f:a9:84:c2:40:c9:50:1a:52:58:92:45:
         6e:9d:ff:40:ee:ad:3e:16:dd:0d:b2:4b:4f:73:f2:fb:2b:47:
         67:0a:b1:1a:73:70:f6:cf:12:0b:2e:93:57:1b:f5:fa:69:7e:
         8e:fb:5f:fa
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAYqSjo01NVuGogr/E/C1RWUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwOTE0MDcxODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTA1YjgxYzYyYjViNDlhMWNmOTIwYjI2MTQ4ZjA5MWFhNDQzZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVT6A6ymv65plmSwsc2QrtMAcdtP
Oo8b5A0YeMmP/OY+cpDCxBY3VnBfT2Rg1JYX8aF2qfQ0j49wFleTSwSZ72QrW55Z
ChhFa4zhrWsHqDK+1RMXE1+kv8g0e8JlkyaP2BabKNSLEcam4qgtqrh95RgqXls5
Q+lVUwi5GJVeYCuiqHeimFKuXNoMx0ZoRlHABm5qfA161RQ8mp24vQDWgEL62nJ3
+LxDdiXzoy4R3F0vjlBvXOFkUW9ZmEsPFj/ee5eRgA2XRKU0UoqANpsmxRVBIjAN
89OE7E8SyP0Ayy5kX9dCmemu2VglCsl7v7VV3KHRd6HVETPwhMvR3kx74wIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFCoFuBxitbSaHPkgsmFI8JGqRD2mMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS2dXNEhHSzF0Sm9jLVNDeVlVandrYXBFUGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAIt
krgDBAAtnJ0DBAJX95QDBAFZIVQDBABZI5oDBABZJT8DBAJbvMwDBAFdc/4DBAK5
cEADBAG5h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQMEArn/qAME
ALzUhQMEALzUmwMEALzUngMEAbzVygMEALzW0QMEAbzw4AMEALzw4wMEALzw6QME
ALzxbgMEAbzx8gMEAcEXgAMEAtXoXDANBgkqhkiG9w0BAQsFAAOCAQEAOcqX/UiK
sQdCGVE7220SEmLumWp3pO6CX+lTO4kGk+T2/2h7XsT+vc6oUYVK+gTPCRTOwMIR
+fPDK8MKwCFEWM7i8Mqqyfvu67qwcn/xs5KS8QMZbYma3OQg6WuRji8i015ZGPiq
C3CGC/HJtfWpQwV6r3tc+Q8e/y+LDeyS/KdO+2LeWU6c+bujwTiOwz2mz9Gc5cgj
kz1dop9mr9cSAjlZUaB/tCiSi7Ihfgbtbi/IdeUz/+P3C7uZCTjWLIuJVDxzwPaz
HFqG5lRZf6mEwkDJUBpSWJJFbp3/QO6tPhbdDbJLT3Py+ytHZwqxGnNw9s8SCy6T
Vxv1+ml+jvtf+g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org