Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/N-FqPZFzlSaTuPyeJwfGcHpC1Bk.roa
File:                     N-FqPZFzlSaTuPyeJwfGcHpC1Bk.roa (raw, json)
Hash identifier:          XbIrvjDVVAEJB8bfvYYNfhqLmi6XuLv0uSRHMfrp3WY=
Subject key identifier:   37:E1:6A:3D:91:73:95:26:93:B8:FC:9E:27:07:C6:70:7A:42:D4:19
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5010F840144F1838B1CDBA76DD6C19D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/N-FqPZFzlSaTuPyeJwfGcHpC1Bk.roa
Signing time:             Mon 01 Jan 2024 12:30:30 +0000
ROA not before:           Mon 01 Jan 2024 12:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        45.8.71.0/24 maxlen: 24
                          2a0b:64c2::/32 maxlen: 32
                          2a0b:64c3::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 22 Nov 2024 11:24:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0f:84:01:44:f1:83:8b:1c:db:a7:6d:d6:c1:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37e16a3d9173952693b8fc9e2707c6707a42d419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:40:d8:aa:df:54:47:59:28:ee:eb:81:7a:4a:
                    12:00:b9:71:2b:8f:96:f0:46:2d:15:f0:b8:7b:80:
                    5c:39:fa:59:51:ab:46:6e:c7:89:59:28:12:9b:ee:
                    33:15:d9:9a:af:c1:59:03:f5:f0:36:cc:e7:b2:df:
                    96:15:ee:10:1b:58:c0:27:91:34:fc:b5:de:71:12:
                    a0:6f:9c:61:45:19:c6:1f:2b:d0:68:b1:83:1c:53:
                    fe:39:29:b6:68:c2:5c:c1:a1:47:1d:2c:b3:fa:70:
                    b1:9c:fd:0d:5d:97:b3:08:8c:b8:c3:84:fb:9a:03:
                    a7:42:c3:c6:d7:f8:22:e2:6f:98:5f:d7:7d:3a:dd:
                    bd:5f:52:8a:91:19:8d:3d:47:a8:2e:d0:1d:c1:a8:
                    a9:fa:55:b7:f7:eb:ee:31:be:f8:6b:34:71:70:a9:
                    f2:ca:ad:b9:53:60:69:12:fd:14:90:64:5d:0e:4c:
                    b7:a2:af:95:d6:f7:75:98:ea:6c:ff:9f:5a:0e:31:
                    87:37:98:42:ab:fa:39:75:18:d8:a0:9e:3e:f8:7e:
                    1f:0a:8f:5f:97:cf:07:9f:3e:e8:e4:eb:0a:54:67:
                    4b:46:f1:28:eb:12:d3:af:0d:f6:76:66:9d:f3:2e:
                    e1:8b:4c:35:f6:e3:ba:35:2f:c2:c2:4c:89:60:29:
                    e9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E1:6A:3D:91:73:95:26:93:B8:FC:9E:27:07:C6:70:7A:42:D4:19
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/N-FqPZFzlSaTuPyeJwfGcHpC1Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.71.0/24
                IPv6:
                  2a0b:64c2::/31

    Signature Algorithm: sha256WithRSAEncryption
         36:0f:4f:cd:79:6d:f8:f1:29:be:e8:46:3e:f8:e3:29:86:c9:
         53:37:4a:1e:47:d4:ee:76:29:cb:3e:a6:e1:d3:45:a6:34:b1:
         01:17:34:f8:3c:9f:d1:ba:19:6f:58:f1:77:7e:28:aa:e5:6a:
         54:b5:ce:43:fc:19:9e:4b:55:cb:ee:22:67:50:89:82:44:d2:
         94:55:e5:43:f9:c3:5b:a9:94:44:97:66:aa:1b:30:52:99:0e:
         e2:7a:53:5a:d3:c7:92:3e:6f:7d:e1:db:b6:a8:39:be:e4:2d:
         ea:42:bc:41:de:14:5a:50:08:f5:c6:f0:a5:e0:ef:d4:cb:96:
         ee:9e:b2:d4:ed:6b:1f:51:47:57:86:35:1f:c8:06:25:61:59:
         5b:37:a4:66:d7:f3:9e:46:33:48:7d:71:8a:d6:ff:86:54:7f:
         2a:e7:47:80:df:42:d3:83:27:31:aa:cc:d2:a6:79:23:44:e6:
         4f:70:ee:cf:04:0f:d1:ca:e6:9c:ce:66:0b:5b:26:cb:8d:74:
         28:10:bf:51:b8:9f:35:92:70:34:98:45:bc:7d:26:b3:cc:e4:
         3d:18:3a:71:7d:11:3e:44:ca:ba:da:c3:c9:aa:31:4c:ac:c6:
         9a:5f:a9:f0:4c:19:66:da:01:95:87:ec:fe:1e:08:7c:48:a8:
         c4:d6:ec:a9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAQ+EAUTxg4sc26dt1sGdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2UxNmEzZDkxNzM5NTI2OTNiOGZjOWUyNzA3YzY3MDdhNDJkNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUDYqt9UR1ko7uuBekoSALlxK4+W
8EYtFfC4e4BcOfpZUatGbseJWSgSm+4zFdmar8FZA/XwNsznst+WFe4QG1jAJ5E0
/LXecRKgb5xhRRnGHyvQaLGDHFP+OSm2aMJcwaFHHSyz+nCxnP0NXZezCIy4w4T7
mgOnQsPG1/gi4m+YX9d9Ot29X1KKkRmNPUeoLtAdwaip+lW39+vuMb74azRxcKny
yq25U2BpEv0UkGRdDky3oq+V1vd1mOps/59aDjGHN5hCq/o5dRjYoJ4++H4fCo9f
l88Hnz7o5OsKVGdLRvEo6xLTrw32dmad8y7hi0w19uO6NS/CwkyJYCnp6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDfhaj2Rc5Umk7j8nicHxnB6QtQZMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTi1GcVBaRnpsU2FUdVB5ZUp3ZkdjSHBDMUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALQhHMA0E
AgACMAcDBQEqC2TCMA0GCSqGSIb3DQEBCwUAA4IBAQA2D0/NeW348Sm+6EY++OMp
hslTN0oeR9TudinLPqbh00WmNLEBFzT4PJ/RuhlvWPF3fiiq5WpUtc5D/BmeS1XL
7iJnUImCRNKUVeVD+cNbqZREl2aqGzBSmQ7ielNa08eSPm994du2qDm+5C3qQrxB
3hRaUAj1xvCl4O/Uy5bunrLU7WsfUUdXhjUfyAYlYVlbN6Rm1/OeRjNIfXGK1v+G
VH8q50eA30LTgycxqszSpnkjROZPcO7PBA/RyuaczmYLWybLjXQoEL9RuJ81knA0
mEW8fSazzOQ9GDpxfRE+RMq62sPJqjFMrMaaX6nwTBlm2gGVh+z+Hgh8SKjE1uyp
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:13:29 2024 by rpki-client on console-fra.rpki-client.org