Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VMfJhCBCyirSsF5yX73igaXHx9k.roa
File:                     VMfJhCBCyirSsF5yX73igaXHx9k.roa (raw, json)
Hash identifier:          a0Jfjp1/FITKHn4SsxCBE3oWaZaZMIpHFbdFjTQWY7w=
Subject key identifier:   54:C7:C9:84:20:42:CA:2A:D2:B0:5E:72:5F:BD:E2:81:A5:C7:C7:D9
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018D227816850DF33F50DCF6ADB687109989
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VMfJhCBCyirSsF5yX73igaXHx9k.roa
Signing time:             Fri 19 Jan 2024 16:05:11 +0000
ROA not before:           Fri 19 Jan 2024 16:05:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.146.184.0/22 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          89.37.62.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          91.188.205.0/24 maxlen: 24
                          91.188.206.0/24 maxlen: 24
                          91.188.207.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          185.135.140.0/24 maxlen: 24
                          185.135.141.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          185.255.39.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          188.212.159.0/24 maxlen: 24
                          188.214.208.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24
                          188.240.225.0/24 maxlen: 24
                          188.240.227.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          188.241.243.0/24 maxlen: 24
                          193.23.128.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          213.232.92.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.94.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Tue 13 Feb 2024 13:18:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:22:78:16:85:0d:f3:3f:50:dc:f6:ad:b6:87:10:99:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan 19 16:05:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54c7c9842042ca2ad2b05e725fbde281a5c7c7d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:94:e1:80:94:bf:25:9b:9b:de:f2:59:32:b2:
                    69:23:4b:07:11:70:93:1c:8d:54:47:7f:9d:90:1f:
                    46:38:bd:a0:77:a7:af:af:c6:65:7f:08:ed:07:8d:
                    53:2e:70:15:b7:25:20:bf:9f:3e:da:6e:e2:f8:9c:
                    f8:85:95:51:7e:96:b9:15:72:9b:7f:5b:e4:d5:6f:
                    6a:e1:88:1f:33:b3:ac:be:8f:a6:4b:fc:d8:4a:e8:
                    20:4c:82:0b:83:7d:a4:7a:53:19:a3:7a:d7:c4:b4:
                    69:fc:d8:f4:7d:0f:f3:3d:4e:94:19:e4:04:f8:27:
                    e6:74:cd:2b:f0:f0:ff:ff:17:45:0a:9c:8a:3a:1f:
                    5f:e7:53:ec:89:f8:28:0e:14:fb:fd:36:9e:2a:65:
                    66:44:b3:44:50:0d:36:ee:2f:4d:25:88:b3:42:5f:
                    37:c1:a5:65:ce:42:e3:4d:cf:f6:5b:80:53:20:1d:
                    2c:41:a1:d0:39:30:03:3b:06:1d:9e:64:15:e8:27:
                    14:97:ea:39:ea:2d:23:0a:9b:56:02:a9:3c:86:86:
                    df:43:60:f4:61:05:72:e1:3e:ea:a2:84:dc:e3:cb:
                    39:60:59:d2:a4:78:88:52:c1:0f:b7:e8:ad:10:f4:
                    85:f0:07:49:90:ce:77:1a:5b:11:63:4b:c5:d9:b8:
                    b4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:C7:C9:84:20:42:CA:2A:D2:B0:5E:72:5F:BD:E2:81:A5:C7:C7:D9
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VMfJhCBCyirSsF5yX73igaXHx9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.184.0/22
                  45.156.157.0/24
                  89.33.84.0/24
                  89.35.154.0/24
                  89.37.62.0/23
                  91.188.204.0/22
                  93.115.254.0/23
                  185.135.140.0/23
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.39.0/24
                  188.212.133.0/24
                  188.212.158.0/23
                  188.214.208.0/23
                  188.240.224.0/23
                  188.240.227.0/24
                  188.240.232.0/24
                  188.241.243.0/24
                  193.23.128.0/23
                  213.232.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:84:b2:19:ec:af:7d:d5:2d:0e:b1:05:9f:d4:43:47:1b:c0:
         38:e7:2f:bc:d0:ec:f9:1f:0d:bc:4e:98:a6:fd:7e:48:94:c2:
         cf:b8:94:92:dd:e8:3b:7a:75:92:ae:e0:88:2d:f1:36:ee:9d:
         b9:02:08:49:68:7c:08:96:cd:ff:c7:78:6a:4e:f7:35:b5:e8:
         54:e9:71:75:23:b4:fa:44:7c:4d:fa:fd:3c:2e:94:66:e1:3d:
         25:e1:24:0b:1c:db:a3:8b:29:43:bb:2d:53:d1:ed:67:be:66:
         2a:49:81:ce:25:11:3b:ee:f2:35:7d:aa:38:0c:d2:de:75:b5:
         02:d5:63:01:31:45:17:45:7c:14:e9:4e:1d:a3:a0:dd:ef:1f:
         08:17:d3:d2:ce:9b:58:d9:52:e9:db:c8:6e:0c:ef:35:27:fb:
         25:14:58:4e:cd:20:d1:32:c4:0d:ae:16:86:72:51:a9:39:3e:
         b2:5d:b1:69:ae:14:22:31:04:df:79:b4:eb:54:70:1f:5b:12:
         da:14:d2:dc:bd:7f:9c:0f:39:bb:ee:56:12:d8:a5:43:cc:76:
         e2:dd:38:1f:d9:84:ae:7c:53:15:c3:ec:36:d9:30:60:17:d1:
         21:d6:9f:f2:97:fd:28:8f:dd:4f:dc:3d:ab:9a:91:93:c7:6e:
         8e:33:76:7b
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAY0ieBaFDfM/UNz2rbaHEJmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTE5MTYwNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGM3Yzk4NDIwNDJjYTJhZDJiMDVlNzI1ZmJkZTI4MWE1YzdjN2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JThgJS/JZub3vJZMrJpI0sHEXCT
HI1UR3+dkB9GOL2gd6evr8ZlfwjtB41TLnAVtyUgv58+2m7i+Jz4hZVRfpa5FXKb
f1vk1W9q4YgfM7Osvo+mS/zYSuggTIILg32kelMZo3rXxLRp/Nj0fQ/zPU6UGeQE
+CfmdM0r8PD//xdFCpyKOh9f51PsifgoDhT7/TaeKmVmRLNEUA027i9NJYizQl83
waVlzkLjTc/2W4BTIB0sQaHQOTADOwYdnmQV6CcUl+o56i0jCptWAqk8hobfQ2D0
YQVy4T7qooTc48s5YFnSpHiIUsEPt+itEPSF8AdJkM53GlsRY0vF2bi0lQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFFTHyYQgQsoq0rBecl+94oGlx8fZMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVk1mSmhDQkN5aXJTc0Y1eVg3M2lnYVhIeDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAi2S
uAMEAC2cnQMEAFkhVAMEAFkjmgMEAVklPgMEAlu8zAMEAV1z/gMEAbmHjAMEALmH
jwMEALnuCgMEAbnx0gMEALn/JwMEALzUhQMEAbzUngMEAbzW0AMEAbzw4AMEALzw
4wMEALzw6AMEALzx8wMEAcEXgAMEAtXoXDANBgkqhkiG9w0BAQsFAAOCAQEAkISy
GeyvfdUtDrEFn9RDRxvAOOcvvNDs+R8NvE6Ypv1+SJTCz7iUkt3oO3p1kq7giC3x
Nu6duQIISWh8CJbN/8d4ak73NbXoVOlxdSO0+kR8Tfr9PC6UZuE9JeEkCxzbo4sp
Q7stU9HtZ75mKkmBziURO+7yNX2qOAzS3nW1AtVjATFFF0V8FOlOHaOg3e8fCBfT
0s6bWNlS6dvIbgzvNSf7JRRYTs0g0TLEDa4WhnJRqTk+sl2xaa4UIjEE33m061Rw
H1sS2hTS3L1/nA85u+5WEtilQ8x24t04H9mErnxTFcPsNtkwYBfRIdaf8pf9KI/d
T9w9q5qRk8dujjN2ew==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org