Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NZFto_V6jpH1HSy24Uy6khuOsHQ.roa
File:                     NZFto_V6jpH1HSy24Uy6khuOsHQ.roa (raw, json)
Hash identifier:          boawJlJtsW5UYeOXkv6ANUm988+2NdGMFJgBpgxUsdg=
Subject key identifier:   35:91:6D:A3:F5:7A:8E:91:F5:1D:2C:B6:E1:4C:BA:92:1B:8E:B0:74
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018BEBF93D05ED6854702803C3D4AF344DFF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NZFto_V6jpH1HSy24Uy6khuOsHQ.roa
Signing time:             Mon 20 Nov 2023 09:04:21 +0000
ROA not before:           Mon 20 Nov 2023 09:04:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7393
IP address blocks:        146.19.151.0/24 maxlen: 24
                          37.140.222.0/24 maxlen: 24
                          188.241.248.0/24 maxlen: 24
                          193.221.210.0/24 maxlen: 24
                          94.154.126.0/24 maxlen: 24
                          146.19.110.0/24 maxlen: 24
                          146.19.132.0/24 maxlen: 24
                          185.161.123.0/24 maxlen: 24
                          194.26.200.0/24 maxlen: 24
                          62.3.57.0/24 maxlen: 24
                          185.151.145.0/24 maxlen: 24
                          185.184.216.0/24 maxlen: 24
                          62.3.5.0/24 maxlen: 24
                          146.19.232.0/24 maxlen: 24
                          79.110.228.0/24 maxlen: 24
                          79.110.230.0/24 maxlen: 24
                          62.106.91.0/24 maxlen: 24
                          45.86.37.0/24 maxlen: 24
                          188.244.126.0/24 maxlen: 24
                          193.163.192.0/24 maxlen: 24
                          193.163.195.0/24 maxlen: 24
                          194.150.76.0/24 maxlen: 24
                          193.163.193.0/24 maxlen: 24
                          91.247.172.0/24 maxlen: 24
                          37.72.136.0/24 maxlen: 24
                          213.109.149.0/24 maxlen: 24
                          213.109.156.0/24 maxlen: 24
                          213.109.159.0/24 maxlen: 24
                          176.126.119.0/24 maxlen: 24
                          62.106.74.0/24 maxlen: 24
                          193.201.14.0/24 maxlen: 24
                          193.201.12.0/24 maxlen: 24
                          146.19.40.0/24 maxlen: 24
                          193.9.25.0/24 maxlen: 24
                          188.241.159.0/24 maxlen: 24
                          62.204.60.0/24 maxlen: 24
                          62.197.128.0/24 maxlen: 24
                          5.180.178.0/24 maxlen: 24
                          146.19.30.0/24 maxlen: 24
                          146.19.36.0/24 maxlen: 24
                          212.24.123.0/24 maxlen: 24
                          46.253.135.0/24 maxlen: 24
                          62.122.191.0/24 maxlen: 24
                          89.38.136.0/24 maxlen: 24
                          78.142.243.0/24 maxlen: 24
                          212.52.10.0/24 maxlen: 24
                          212.52.11.0/24 maxlen: 24
                          212.52.9.0/24 maxlen: 24
                          193.38.154.0/24 maxlen: 24
                          212.18.102.0/24 maxlen: 24
                          212.18.106.0/24 maxlen: 24
                          217.119.135.0/24 maxlen: 24
                          185.234.15.0/24 maxlen: 24
                          213.173.37.0/24 maxlen: 24
                          91.209.12.0/24 maxlen: 24
                          176.118.35.0/24 maxlen: 24
                          91.246.32.0/24 maxlen: 24
                          109.205.186.0/24 maxlen: 24
                          91.246.37.0/24 maxlen: 24
                          193.3.180.0/24 maxlen: 24
                          91.246.63.0/24 maxlen: 24
                          193.3.181.0/24 maxlen: 24
                          91.242.233.0/24 maxlen: 24
                          193.3.187.0/24 maxlen: 24
                          176.97.198.0/24 maxlen: 24
                          176.97.195.0/24 maxlen: 24
                          185.235.225.0/24 maxlen: 24
                          176.97.200.0/24 maxlen: 24
                          185.235.228.0/24 maxlen: 24
                          176.97.211.0/24 maxlen: 24
                          185.252.213.0/24 maxlen: 24
                          62.233.32.0/24 maxlen: 24
                          62.233.38.0/24 maxlen: 24
                          91.242.252.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 Nov 2023 10:51:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:eb:f9:3d:05:ed:68:54:70:28:03:c3:d4:af:34:4d:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Nov 20 09:04:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35916da3f57a8e91f51d2cb6e14cba921b8eb074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:97:aa:03:7c:c7:d7:5f:8c:b8:ff:7c:d4:ea:
                    64:67:b7:e1:10:0d:5c:14:ba:73:04:8d:41:b9:d6:
                    4b:8c:f9:c9:e8:6e:df:c0:76:0f:71:56:4f:0e:f4:
                    96:ee:9e:36:6c:46:a8:9d:ca:0b:b5:4b:32:62:3b:
                    7f:50:56:eb:c5:ed:62:bc:58:ca:e0:e7:fb:6e:12:
                    f7:4f:63:28:8d:26:3a:7f:08:1d:a1:64:ba:dd:cd:
                    7d:1c:af:81:30:e4:f3:97:bf:45:bd:50:4f:de:bf:
                    8b:0e:16:8f:79:8a:bb:c6:b6:59:ef:e6:d8:31:cd:
                    d6:38:e5:3a:3a:4e:78:b1:26:c8:30:1a:03:55:27:
                    62:aa:50:62:e3:69:e6:b9:79:d7:3f:02:91:d2:2a:
                    c4:cf:4e:b3:4e:f4:e8:22:35:93:8a:5c:cd:24:67:
                    38:e2:bc:93:29:b5:63:dc:69:f4:3c:3d:83:c9:8c:
                    5c:f3:93:70:99:78:56:7b:11:75:50:d7:d1:f8:c8:
                    89:89:6d:35:98:70:27:9f:17:35:7e:50:e0:f9:a8:
                    57:f7:68:79:f6:bf:b2:31:5c:0b:92:2c:af:15:c2:
                    3d:9d:05:79:4e:4b:1d:0e:47:03:61:ef:f7:e8:30:
                    cb:f2:90:e2:02:10:e7:27:f5:72:c3:d9:c6:57:75:
                    ca:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:91:6D:A3:F5:7A:8E:91:F5:1D:2C:B6:E1:4C:BA:92:1B:8E:B0:74
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NZFto_V6jpH1HSy24Uy6khuOsHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.178.0/24
                  37.72.136.0/24
                  37.140.222.0/24
                  45.86.37.0/24
                  46.253.135.0/24
                  62.3.5.0/24
                  62.3.57.0/24
                  62.106.74.0/24
                  62.106.91.0/24
                  62.122.191.0/24
                  62.197.128.0/24
                  62.204.60.0/24
                  62.233.32.0/24
                  62.233.38.0/24
                  78.142.243.0/24
                  79.110.228.0/24
                  79.110.230.0/24
                  89.38.136.0/24
                  91.209.12.0/24
                  91.242.233.0/24
                  91.242.252.0/24
                  91.246.32.0/24
                  91.246.37.0/24
                  91.246.63.0/24
                  91.247.172.0/24
                  94.154.126.0/24
                  109.205.186.0/24
                  146.19.30.0/24
                  146.19.36.0/24
                  146.19.40.0/24
                  146.19.110.0/24
                  146.19.132.0/24
                  146.19.151.0/24
                  146.19.232.0/24
                  176.97.195.0/24
                  176.97.198.0/24
                  176.97.200.0/24
                  176.97.211.0/24
                  176.118.35.0/24
                  176.126.119.0/24
                  185.151.145.0/24
                  185.161.123.0/24
                  185.184.216.0/24
                  185.234.15.0/24
                  185.235.225.0/24
                  185.235.228.0/24
                  185.252.213.0/24
                  188.241.159.0/24
                  188.241.248.0/24
                  188.244.126.0/24
                  193.3.180.0/23
                  193.3.187.0/24
                  193.9.25.0/24
                  193.38.154.0/24
                  193.163.192.0/23
                  193.163.195.0/24
                  193.201.12.0/24
                  193.201.14.0/24
                  193.221.210.0/24
                  194.26.200.0/24
                  194.150.76.0/24
                  212.18.102.0/24
                  212.18.106.0/24
                  212.24.123.0/24
                  212.52.9.0-212.52.11.255
                  213.109.149.0/24
                  213.109.156.0/24
                  213.109.159.0/24
                  213.173.37.0/24
                  217.119.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:1f:a6:6a:c3:69:96:1f:1f:0d:26:78:85:90:25:57:3c:84:
         90:83:02:51:9b:7a:e9:ca:71:93:e7:72:9c:ec:b2:e2:65:f8:
         fc:90:f2:cc:43:48:75:b1:d1:ab:3c:de:43:c5:70:2c:49:80:
         d5:7d:f6:91:82:e0:8c:f1:ab:cb:fc:c5:c3:8d:20:f3:cf:c9:
         41:9b:53:dd:8c:0f:0f:57:75:c2:cd:da:94:b9:a3:12:06:70:
         2a:34:d2:99:48:46:69:6b:f7:85:72:79:6f:a9:0b:b8:de:8f:
         91:43:e9:50:f1:3c:af:0b:d0:15:24:eb:21:d2:91:85:12:d2:
         b5:94:45:e4:30:04:de:0b:a0:b2:77:f8:15:9f:45:46:a2:b3:
         b0:15:d3:a1:c3:d4:50:bd:d6:a9:b7:0a:a3:f2:e6:6b:89:9f:
         a0:ac:5f:8b:9e:d9:c6:af:30:28:23:f3:c8:80:60:6a:20:90:
         3c:36:13:5a:3b:70:ab:87:9a:bb:50:01:25:f3:e1:54:ad:a2:
         72:e5:ec:86:0b:88:4e:4b:3d:ee:7b:9d:7c:dd:23:bb:69:76:
         96:49:8b:07:1d:28:9e:72:a6:d5:5f:60:84:25:09:35:18:0e:
         e1:e9:ea:82:1d:15:75:dc:36:eb:a0:c9:a7:45:f9:7a:8d:26:
         aa:7f:0f:13
-----BEGIN CERTIFICATE-----
MIIGrTCCBZWgAwIBAgISAYvr+T0F7WhUcCgDw9SvNE3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMTIwMDkwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTkxNmRhM2Y1N2E4ZTkxZjUxZDJjYjZlMTRjYmE5MjFiOGViMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZeqA3zH11+MuP981OpkZ7fhEA1c
FLpzBI1BudZLjPnJ6G7fwHYPcVZPDvSW7p42bEaoncoLtUsyYjt/UFbrxe1ivFjK
4Of7bhL3T2MojSY6fwgdoWS63c19HK+BMOTzl79FvVBP3r+LDhaPeYq7xrZZ7+bY
Mc3WOOU6Ok54sSbIMBoDVSdiqlBi42nmuXnXPwKR0irEz06zTvToIjWTilzNJGc4
4ryTKbVj3Gn0PD2DyYxc85NwmXhWexF1UNfR+MiJiW01mHAnnxc1flDg+ahX92h5
9r+yMVwLkiyvFcI9nQV5TksdDkcDYe/36DDL8pDiAhDnJ/Vyw9nGV3XKaQIDAQAB
o4IDuTCCA7UwHQYDVR0OBBYEFDWRbaP1eo6R9R0stuFMupIbjrB0MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTlpGdG9fVjZqcEgxSFN5MjRVeTZraHVPc0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzQYIKwYBBQUHAQcBAf8EggG8MIIBuDCCAbQEAgABMIIB
rAMEAAW0sgMEACVIiAMEACWM3gMEAC1WJQMEAC79hwMEAD4DBQMEAD4DOQMEAD5q
SgMEAD5qWwMEAD56vwMEAD7FgAMEAD7MPAMEAD7pIAMEAD7pJgMEAE6O8wMEAE9u
5AMEAE9u5gMEAFkmiAMEAFvRDAMEAFvy6QMEAFvy/AMEAFv2IAMEAFv2JQMEAFv2
PwMEAFv3rAMEAF6afgMEAG3NugMEAJITHgMEAJITJAMEAJITKAMEAJITbgMEAJIT
hAMEAJITlwMEAJIT6AMEALBhwwMEALBhxgMEALBhyAMEALBh0wMEALB2IwMEALB+
dwMEALmXkQMEALmhewMEALm42AMEALnqDwMEALnr4QMEALnr5AMEALn81QMEALzx
nwMEALzx+AMEALz0fgMEAcEDtAMEAMEDuwMEAMEJGQMEAMEmmgMEAcGjwAMEAMGj
wwMEAMHJDAMEAMHJDgMEAMHd0gMEAMIayAMEAMKWTAMEANQSZgMEANQSagMEANQY
ezAMAwQA1DQJAwQC1DQIAwQA1W2VAwQA1W2cAwQA1W2fAwQA1a0lAwQA2XeHMA0G
CSqGSIb3DQEBCwUAA4IBAQB9H6Zqw2mWHx8NJniFkCVXPISQgwJRm3rpynGT53Kc
7LLiZfj8kPLMQ0h1sdGrPN5DxXAsSYDVffaRguCM8avL/MXDjSDzz8lBm1PdjA8P
V3XCzdqUuaMSBnAqNNKZSEZpa/eFcnlvqQu43o+RQ+lQ8TyvC9AVJOsh0pGFEtK1
lEXkMATeC6Cyd/gVn0VGorOwFdOhw9RQvdaptwqj8uZriZ+grF+LntnGrzAoI/PI
gGBqIJA8NhNaO3Crh5q7UAEl8+FUraJy5eyGC4hOSz3ue5183SO7aXaWSYsHHSie
cqbVX2CEJQk1GA7h6eqCHRV13DbroMmnRfl6jSaqfw8T
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org