Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KtIfgtpyyz3_sDSCq4WfeaWBGf0.roa
File:                     KtIfgtpyyz3_sDSCq4WfeaWBGf0.roa (raw, json)
Hash identifier:          sEtHC8gL2ERt9y264K0AffyxsRf3HWlipzxnOZtHnpE=
Subject key identifier:   2A:D2:1F:82:DA:72:CB:3D:FF:B0:34:82:AB:85:9F:79:A5:81:19:FD
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01917000BFB7BA4998A7CE27924A8310B187
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KtIfgtpyyz3_sDSCq4WfeaWBGf0.roa
Signing time:             Tue 20 Aug 2024 13:36:22 +0000
ROA not before:           Tue 20 Aug 2024 13:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        62.197.144.0/24 maxlen: 24
                          62.197.147.0/24 maxlen: 24
                          62.197.148.0/24 maxlen: 24
                          62.197.150.0/24 maxlen: 24
                          62.197.152.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          89.37.62.0/24 maxlen: 24
                          92.62.121.0/24 maxlen: 24
                          185.239.241.0/24 maxlen: 24
                          185.244.137.0/24 maxlen: 24
                          185.245.5.0/24 maxlen: 24
                          188.240.68.0/24 maxlen: 24
                          193.19.108.0/24 maxlen: 24
                          193.218.32.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 21 Aug 2024 18:36:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:70:00:bf:b7:ba:49:98:a7:ce:27:92:4a:83:10:b1:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Aug 20 13:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ad21f82da72cb3dffb03482ab859f79a58119fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c9:7b:27:10:b3:f1:bd:b5:eb:0d:98:8a:a0:
                    81:e4:e9:97:0b:22:ad:25:98:4b:52:fb:bf:61:e3:
                    75:fd:63:f0:5b:1c:01:74:2f:0b:68:6f:c3:9f:60:
                    14:c4:62:3f:0f:3b:c2:d0:ab:43:25:72:6e:d5:a0:
                    5e:3d:60:a0:81:a3:6c:c7:f4:57:ba:03:b9:ae:53:
                    6f:ed:b8:bf:41:28:d6:8d:2e:18:66:9b:64:85:b2:
                    49:e1:b1:f3:6f:6c:cb:18:1f:9c:ee:07:d9:6e:9a:
                    36:ae:00:64:1e:1a:2d:68:b2:c0:3c:ed:7c:92:d7:
                    c3:f8:90:c2:49:b3:1a:d6:50:cf:89:81:5a:57:f5:
                    5c:9d:08:ab:0e:83:85:49:ba:fd:85:8d:e8:33:34:
                    33:d1:cf:1e:68:55:76:72:9d:93:f0:45:ec:98:a9:
                    37:03:c2:33:a0:69:15:9b:af:ff:a0:05:d7:b4:da:
                    a3:2e:f3:11:68:f1:89:fd:a0:9a:11:d4:af:ec:04:
                    42:a8:bd:1f:5c:f3:9a:cf:76:e4:88:71:b3:42:1c:
                    4c:ec:e1:90:c1:3a:2d:76:16:b8:5c:49:dc:3a:60:
                    20:e3:f4:8c:a4:e4:8b:8b:e9:5e:7e:cb:c7:c1:ff:
                    a0:cd:22:a3:f9:8d:1a:8e:8a:78:27:21:68:59:14:
                    8b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D2:1F:82:DA:72:CB:3D:FF:B0:34:82:AB:85:9F:79:A5:81:19:FD
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KtIfgtpyyz3_sDSCq4WfeaWBGf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.197.144.0/24
                  62.197.147.0-62.197.148.255
                  62.197.150.0/24
                  62.197.152.0/24
                  89.33.84.0/24
                  89.37.62.0/24
                  92.62.121.0/24
                  185.239.241.0/24
                  185.244.137.0/24
                  185.245.5.0/24
                  188.240.68.0/24
                  193.19.108.0/24
                  193.218.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:53:65:81:65:46:d5:fc:cd:eb:7d:24:8b:a7:ce:cd:00:53:
         55:71:1a:e0:4d:b8:fd:ff:9d:f7:10:a6:01:ab:ea:2e:19:ea:
         93:79:8e:f0:6b:0c:5d:3a:bd:cb:b2:76:c8:b7:f3:4e:2e:42:
         74:e3:bb:6a:83:5f:9a:98:a1:9c:e9:87:25:95:37:23:70:8d:
         8a:64:61:25:bd:f5:86:4b:aa:9e:ef:e9:c8:b1:64:98:0d:76:
         a5:03:14:6d:17:6f:14:fc:ed:1b:a8:ad:53:ec:44:69:21:48:
         a6:43:26:7e:fd:4b:ee:2d:e6:66:8f:03:c3:1b:bc:dd:4e:70:
         29:c8:e7:5a:af:18:d1:a0:ff:89:fb:44:6d:3b:67:39:a6:01:
         09:c1:81:02:bf:cc:73:0f:57:d1:67:96:29:54:96:86:b6:6c:
         c0:3d:43:15:3e:26:d7:9e:88:b6:df:cb:39:2b:91:18:d8:16:
         31:15:50:65:de:74:15:e1:43:89:a4:e2:fc:ee:2b:10:d5:f6:
         8c:94:73:5b:30:69:3a:99:80:4a:67:59:36:ac:29:7d:bb:e6:
         1a:28:e4:1e:e7:42:5e:a9:7b:40:a0:77:1a:6c:b8:c7:08:7b:
         21:2a:30:33:28:50:68:31:8a:64:17:55:56:66:ce:79:1b:5c:
         5c:3b:bb:13
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZFwAL+3ukmYp84nkkqDELGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwODIwMTMzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQyMWY4MmRhNzJjYjNkZmZiMDM0ODJhYjg1OWY3OWE1ODExOWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcl7JxCz8b216w2YiqCB5OmXCyKt
JZhLUvu/YeN1/WPwWxwBdC8LaG/Dn2AUxGI/DzvC0KtDJXJu1aBePWCggaNsx/RX
ugO5rlNv7bi/QSjWjS4YZptkhbJJ4bHzb2zLGB+c7gfZbpo2rgBkHhotaLLAPO18
ktfD+JDCSbMa1lDPiYFaV/VcnQirDoOFSbr9hY3oMzQz0c8eaFV2cp2T8EXsmKk3
A8IzoGkVm6//oAXXtNqjLvMRaPGJ/aCaEdSv7ARCqL0fXPOaz3bkiHGzQhxM7OGQ
wTotdha4XEncOmAg4/SMpOSLi+lefsvHwf+gzSKj+Y0ajop4JyFoWRSLlQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFCrSH4Lacss9/7A0gquFn3mlgRn9MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS3RJZmd0cHl5ejNfc0RTQ3E0V2ZlYVdCR2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAPsWQMAwD
BAA+xZMDBAA+xZQDBAA+xZYDBAA+xZgDBABZIVQDBABZJT4DBABcPnkDBAC57/ED
BAC59IkDBAC59QUDBAC88EQDBADBE2wDBADB2iAwDQYJKoZIhvcNAQELBQADggEB
AI9TZYFlRtX8zet9JIunzs0AU1VxGuBNuP3/nfcQpgGr6i4Z6pN5jvBrDF06vcuy
dsi3804uQnTju2qDX5qYoZzphyWVNyNwjYpkYSW99YZLqp7v6cixZJgNdqUDFG0X
bxT87RuorVPsRGkhSKZDJn79S+4t5maPA8MbvN1OcCnI51qvGNGg/4n7RG07Zzmm
AQnBgQK/zHMPV9FnlilUloa2bMA9QxU+JteeiLbfyzkrkRjYFjEVUGXedBXhQ4mk
4vzuKxDV9oyUc1swaTqZgEpnWTasKX275hoo5B7nQl6pe0CgdxpsuMcIeyEqMDMo
UGgximQXVVZmznkbXFw7uxM=
-----END CERTIFICATE-----