Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/P2ySN-MBhl9XjY-eZVIFPH3e8nc.roa
File:                     P2ySN-MBhl9XjY-eZVIFPH3e8nc.roa (raw, json)
Hash identifier:          RQs21E8frWLMADKngvEpFgum3K6WgcQuBmbP2vNdXRM=
Subject key identifier:   3F:6C:92:37:E3:01:86:5F:57:8D:8F:9E:65:52:05:3C:7D:DE:F2:77
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01876A4D973FA1635D8525C8AD2C32E156E8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/P2ySN-MBhl9XjY-eZVIFPH3e8nc.roa
Signing time:             Mon 10 Apr 2023 08:34:42 +0000
ROA not before:           Mon 10 Apr 2023 08:34:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        188.241.243.0/24 maxlen: 24
                          185.135.141.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          188.212.155.0/24 maxlen: 24
                          45.156.159.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          87.247.151.0/24 maxlen: 24
                          188.241.182.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          89.37.62.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 12 Apr 2023 14:47:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6a:4d:97:3f:a1:63:5d:85:25:c8:ad:2c:32:e1:56:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 10 08:34:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f6c9237e301865f578d8f9e6552053c7ddef277
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c8:52:b3:41:92:63:6b:83:9f:a3:08:1a:54:
                    8a:6f:60:ce:64:75:e8:cb:a4:13:e5:a1:72:fe:c5:
                    91:9b:dd:2a:4b:89:96:30:1c:4e:c9:37:3a:c3:a7:
                    87:db:9e:91:d9:ce:f2:6c:51:a0:b1:98:e2:79:f3:
                    16:66:96:9e:d1:7c:6a:de:23:95:fc:78:77:0a:46:
                    8c:52:f4:f4:62:06:e8:0e:83:69:94:61:7a:c3:26:
                    55:35:0a:08:14:c3:27:40:8e:80:f0:3e:88:5a:6d:
                    bb:76:e8:41:9b:9c:a7:65:53:2d:2a:c7:af:16:de:
                    ec:91:a6:99:94:7a:3a:f8:95:eb:d3:8c:85:3b:9a:
                    51:7a:eb:fb:d3:f1:29:d4:66:00:7c:0b:a1:5b:8b:
                    38:35:af:98:e4:56:b2:ea:c1:e1:5c:1c:1c:e2:00:
                    54:a8:36:63:a9:a9:f9:34:e6:d7:cd:5a:55:4e:44:
                    c3:0c:c8:79:55:3a:a3:06:c9:4d:37:c7:61:b5:f1:
                    51:fb:ea:72:e4:4a:a4:75:01:b8:31:14:cf:8a:61:
                    f1:d6:7b:94:42:3e:15:31:bc:2f:c4:c4:2b:66:ed:
                    d4:c8:52:b1:ee:aa:66:3e:5e:69:86:dd:b8:0b:bc:
                    ca:03:6e:c7:50:38:71:92:90:11:af:f8:3f:2b:32:
                    77:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6C:92:37:E3:01:86:5F:57:8D:8F:9E:65:52:05:3C:7D:DE:F2:77
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/P2ySN-MBhl9XjY-eZVIFPH3e8nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.159.0/24
                  87.247.149.0/24
                  87.247.151.0/24
                  89.37.62.0/23
                  91.188.204.0/24
                  185.135.141.0/24
                  185.135.143.0/24
                  185.255.169.0/24
                  188.212.155.0/24
                  188.241.182.0/24
                  188.241.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:01:46:a8:0f:74:b4:d4:48:d4:85:da:59:9e:37:48:9d:f9:
         48:6b:6e:91:60:00:d9:fa:63:a8:62:74:e1:ce:8e:cc:4c:4d:
         24:79:83:74:18:2a:34:3d:b9:53:0c:4e:0c:8e:e1:48:b9:26:
         2c:a4:2c:c9:6e:6e:b7:4b:dd:6b:cb:a5:2a:6d:f9:ce:ad:c3:
         25:f9:c1:74:43:f7:64:22:8d:0e:59:56:02:40:90:34:f6:a2:
         da:72:c3:ca:c8:4d:2c:7c:b0:d1:d7:32:3f:85:98:0c:17:04:
         53:09:5f:0f:17:46:13:fa:45:b9:d9:3e:66:fb:c3:d7:ae:49:
         49:4a:69:bd:7c:67:69:48:fa:e6:da:73:6c:60:36:99:dc:32:
         86:3d:e2:d8:f8:9c:47:40:e8:11:8c:53:24:e9:cc:ca:ca:5a:
         c1:fc:e3:e3:df:8a:89:b6:cb:a6:00:ad:a8:ae:94:c4:74:2d:
         4a:cf:fc:da:31:48:dc:bf:95:18:30:97:fa:89:92:7e:6b:95:
         85:00:99:31:f7:25:a5:6d:e5:71:a0:45:f1:60:54:a9:3a:29:
         9a:1d:75:06:e1:80:f1:c8:3b:4c:99:9b:01:97:48:47:87:64:
         0c:94:18:f4:69:53:c7:a5:89:15:20:40:ab:41:8f:a5:fa:bf:
         cc:0b:69:fb
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYdqTZc/oWNdhSXIrSwy4VboMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEwMDgzNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZjOTIzN2UzMDE4NjVmNTc4ZDhmOWU2NTUyMDUzYzdkZGVmMjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnshSs0GSY2uDn6MIGlSKb2DOZHXo
y6QT5aFy/sWRm90qS4mWMBxOyTc6w6eH256R2c7ybFGgsZjiefMWZpae0Xxq3iOV
/Hh3CkaMUvT0YgboDoNplGF6wyZVNQoIFMMnQI6A8D6IWm27duhBm5ynZVMtKsev
Ft7skaaZlHo6+JXr04yFO5pReuv70/Ep1GYAfAuhW4s4Na+Y5Fay6sHhXBwc4gBU
qDZjqan5NObXzVpVTkTDDMh5VTqjBslNN8dhtfFR++py5EqkdQG4MRTPimHx1nuU
Qj4VMbwvxMQrZu3UyFKx7qpmPl5pht24C7zKA27HUDhxkpARr/g/KzJ3PQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFD9skjfjAYZfV42PnmVSBTx93vJ3MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUDJ5U04tTUJobDlYalktZVpWSUZQSDNlOG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALZyfAwQA
V/eVAwQAV/eXAwQBWSU+AwQAW7zMAwQAuYeNAwQAuYePAwQAuf+pAwQAvNSbAwQA
vPG2AwQAvPHzMA0GCSqGSIb3DQEBCwUAA4IBAQCUAUaoD3S01EjUhdpZnjdInflI
a26RYADZ+mOoYnThzo7MTE0keYN0GCo0PblTDE4MjuFIuSYspCzJbm63S91ry6Uq
bfnOrcMl+cF0Q/dkIo0OWVYCQJA09qLacsPKyE0sfLDR1zI/hZgMFwRTCV8PF0YT
+kW52T5m+8PXrklJSmm9fGdpSPrm2nNsYDaZ3DKGPeLY+JxHQOgRjFMk6czKylrB
/OPj34qJtsumAK2orpTEdC1Kz/zaMUjcv5UYMJf6iZJ+a5WFAJkx9yWlbeVxoEXx
YFSpOimaHXUG4YDxyDtMmZsBl0hHh2QMlBj0aVPHpYkVIECrQY+l+r/MC2n7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org