Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NCDoCy5cDcXAOx28xexGqpJEK8c.roa
File:                     NCDoCy5cDcXAOx28xexGqpJEK8c.roa (raw, json)
Hash identifier:          2rbErMdiX8WPQBINTxrAnmf5zs3onzNTN9DdUQUDdZo=
Subject key identifier:   34:20:E8:0B:2E:5C:0D:C5:C0:3B:1D:BC:C5:EC:46:AA:92:44:2B:C7
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018B1BBC6FE5DECE5D8FF714B2C6FE971CB7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NCDoCy5cDcXAOx28xexGqpJEK8c.roa
Signing time:             Tue 10 Oct 2023 22:36:56 +0000
ROA not before:           Tue 10 Oct 2023 22:36:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199760
IP address blocks:        188.212.132.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          188.241.182.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          93.115.109.0/24 maxlen: 24
                          89.37.62.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 16 Oct 2023 16:17:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1b:bc:6f:e5:de:ce:5d:8f:f7:14:b2:c6:fe:97:1c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Oct 10 22:36:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3420e80b2e5c0dc5c03b1dbcc5ec46aa92442bc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:70:39:0d:5e:68:93:eb:3f:67:ea:01:f6:71:
                    d0:b8:2c:d6:1f:1f:e3:fd:a3:8b:12:aa:f9:66:85:
                    67:ce:89:34:28:33:df:8c:e0:eb:e7:59:49:7f:e9:
                    47:e7:5a:94:9f:8a:5c:67:51:c7:a7:58:4a:1d:ee:
                    35:86:af:1b:08:ec:e0:48:f8:ff:2e:28:6c:ec:c8:
                    f9:04:50:81:93:de:5f:f3:d9:78:4b:12:14:bc:c5:
                    0e:7e:1d:1b:2d:a1:b7:bf:16:49:42:dc:cd:ca:7a:
                    be:42:8d:73:72:7b:bc:5a:7f:0f:64:3a:5a:6a:49:
                    d1:46:f1:3d:a4:e3:bb:a9:5e:89:7c:98:1c:e8:3f:
                    a8:ff:e1:c9:32:9c:ed:1d:b4:fe:2c:82:68:57:3e:
                    50:73:65:17:85:2d:e3:00:5a:0c:1a:53:23:17:60:
                    90:3f:83:ea:88:c4:e3:ec:64:80:71:87:af:3d:9c:
                    d2:fd:61:e6:65:0d:37:09:61:cd:2d:cf:bb:47:dd:
                    77:06:c3:15:a3:4a:e7:c0:fb:48:1e:5a:04:24:2e:
                    f2:0c:79:2f:2d:3c:07:b4:7b:13:7b:ce:5f:aa:5e:
                    d8:a9:fd:91:ee:70:16:e0:c1:a5:23:34:0b:ab:c0:
                    59:af:2d:38:5d:82:0c:1d:5a:12:ad:6a:16:88:85:
                    10:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:20:E8:0B:2E:5C:0D:C5:C0:3B:1D:BC:C5:EC:46:AA:92:44:2B:C7
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NCDoCy5cDcXAOx28xexGqpJEK8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.84.0/24
                  89.37.62.0/24
                  93.115.109.0/24
                  188.212.132.0/24
                  188.212.158.0/24
                  188.241.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:5c:4f:c6:4e:89:be:b9:77:6a:ae:21:49:60:d5:b8:ff:5d:
         d3:56:60:4e:c7:b7:b6:6b:af:ab:98:ef:16:e3:04:0e:95:ed:
         a4:bd:51:14:0e:3b:55:f3:16:07:01:f8:3a:73:3b:91:92:cf:
         1c:42:c3:af:6f:10:66:95:73:13:fb:6e:01:61:ec:48:f8:f0:
         33:90:5f:10:13:6c:a6:8d:85:22:2e:46:18:0c:0e:e2:ed:32:
         75:c7:a6:56:be:06:25:c0:ec:22:d5:b2:3a:db:24:0d:12:5e:
         86:f4:5b:3d:1e:6d:61:8f:2e:43:52:ed:90:50:24:95:b4:68:
         96:90:67:4a:e1:90:20:5a:66:d6:10:41:42:b5:c0:4e:0a:cd:
         c6:c7:3b:7b:d3:a4:82:f3:a9:10:53:73:9a:22:8e:5d:15:8e:
         fd:90:50:e7:f7:11:1b:15:74:f9:5d:0e:d2:c1:8f:93:45:8d:
         96:e3:d5:1d:4f:84:ee:e3:b6:6e:09:0b:bf:ce:03:63:d8:1c:
         e0:d2:35:f8:47:e7:ee:a6:9d:f2:9d:ad:a3:70:25:c3:24:0d:
         02:43:fd:3f:b0:73:a9:97:a9:4a:d5:71:3d:31:99:29:4b:69:
         e2:76:61:e7:3c:29:83:be:6d:e4:71:28:a2:d9:5d:be:65:7d:
         b6:8c:47:52
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYsbvG/l3s5dj/cUssb+lxy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMDEwMjIzNjU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDIwZTgwYjJlNWMwZGM1YzAzYjFkYmNjNWVjNDZhYTkyNDQyYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHA5DV5ok+s/Z+oB9nHQuCzWHx/j
/aOLEqr5ZoVnzok0KDPfjODr51lJf+lH51qUn4pcZ1HHp1hKHe41hq8bCOzgSPj/
Lihs7Mj5BFCBk95f89l4SxIUvMUOfh0bLaG3vxZJQtzNynq+Qo1zcnu8Wn8PZDpa
aknRRvE9pOO7qV6JfJgc6D+o/+HJMpztHbT+LIJoVz5Qc2UXhS3jAFoMGlMjF2CQ
P4PqiMTj7GSAcYevPZzS/WHmZQ03CWHNLc+7R913BsMVo0rnwPtIHloEJC7yDHkv
LTwHtHsTe85fql7Yqf2R7nAW4MGlIzQLq8BZry04XYIMHVoSrWoWiIUQkQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDQg6AsuXA3FwDsdvMXsRqqSRCvHMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTkNEb0N5NWNEY1hBT3gyOHhleEdxcEpFSzhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAWSFUAwQA
WSU+AwQAXXNtAwQAvNSEAwQAvNSeAwQAvPG2MA0GCSqGSIb3DQEBCwUAA4IBAQB4
XE/GTom+uXdqriFJYNW4/13TVmBOx7e2a6+rmO8W4wQOle2kvVEUDjtV8xYHAfg6
czuRks8cQsOvbxBmlXMT+24BYexI+PAzkF8QE2ymjYUiLkYYDA7i7TJ1x6ZWvgYl
wOwi1bI62yQNEl6G9Fs9Hm1hjy5DUu2QUCSVtGiWkGdK4ZAgWmbWEEFCtcBOCs3G
xzt706SC86kQU3OaIo5dFY79kFDn9xEbFXT5XQ7SwY+TRY2W49UdT4Tu47ZuCQu/
zgNj2Bzg0jX4R+fupp3yna2jcCXDJA0CQ/0/sHOpl6lK1XE9MZkpS2nidmHnPCmD
vm3kcSii2V2+ZX22jEdS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org