Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YOq26RI4hJWVejwLYmbdUhPDhA0.roa
File:                     YOq26RI4hJWVejwLYmbdUhPDhA0.roa (raw, json)
Hash identifier:          VPGvcZAO/6445uBiL6Qdk86iyGVSl8PqLY3YszwmGlM=
Subject key identifier:   60:EA:B6:E9:12:38:84:95:95:7A:3C:0B:62:66:DD:52:13:C3:84:0D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018C454DB652C5D082C88BB8E1CD39919EC7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YOq26RI4hJWVejwLYmbdUhPDhA0.roa
Signing time:             Thu 07 Dec 2023 17:22:50 +0000
ROA not before:           Thu 07 Dec 2023 17:22:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     399471
IP address blocks:        185.121.120.0/24 maxlen: 24
                          2.56.56.0/22 maxlen: 24
                          185.239.243.0/24 maxlen: 24
                          2.58.148.0/22 maxlen: 24
                          89.37.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:45:4d:b6:52:c5:d0:82:c8:8b:b8:e1:cd:39:91:9e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Dec  7 17:22:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=60eab6e912388495957a3c0b6266dd5213c3840d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:df:ae:66:46:64:13:1d:eb:f2:6d:5c:90:d6:
                    af:99:71:fb:6b:9c:f6:76:41:fa:80:cf:3d:16:d4:
                    ab:05:cc:ed:d5:44:eb:51:78:76:58:90:44:b9:25:
                    97:50:25:2f:24:36:be:21:a4:79:bd:82:f2:a2:5e:
                    6b:ef:ba:ba:1b:b5:0a:04:ff:6d:1d:06:fb:62:20:
                    fe:db:b7:1b:69:d1:de:60:76:b3:f2:7a:38:b8:9e:
                    24:91:ac:b7:b6:53:8f:a9:9b:d6:89:9a:c4:3e:1b:
                    00:95:15:95:30:2d:6c:3f:7f:5d:74:dd:e3:23:19:
                    0b:0a:aa:51:30:5c:7a:33:39:8e:44:e3:5c:59:ea:
                    77:23:ae:24:41:4d:40:33:0c:3d:e7:0b:3b:a5:b7:
                    09:3b:5d:f5:85:61:ad:73:eb:99:24:c2:ec:d5:e3:
                    fe:af:85:0c:06:d5:4b:d3:f1:57:f8:4c:e8:56:8a:
                    18:6d:c5:30:1c:ae:af:62:dc:e0:1a:1b:d1:5c:47:
                    69:f5:5e:33:8a:99:51:ca:a0:f9:6f:6f:a2:28:15:
                    90:c9:69:fa:06:07:e0:82:f9:33:3a:71:c8:b2:6f:
                    29:83:a4:d3:e8:ae:fc:8d:e8:43:ef:36:86:be:8f:
                    a6:ca:c2:d9:64:f7:86:2e:48:fb:8b:e2:b7:9f:e3:
                    0a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:EA:B6:E9:12:38:84:95:95:7A:3C:0B:62:66:DD:52:13:C3:84:0D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YOq26RI4hJWVejwLYmbdUhPDhA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.56.0/22
                  2.58.148.0/22
                  89.37.63.0/24
                  185.121.120.0/24
                  185.239.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:98:ca:a8:39:42:58:8a:d5:2f:a9:31:7e:0a:2e:a5:83:24:
         6f:fc:e9:87:bb:3e:13:ca:f1:c9:82:d2:16:14:d0:0d:dd:cd:
         9c:6a:61:5d:52:f6:63:b3:3c:1f:90:67:67:15:e7:03:c9:5d:
         86:c6:f0:6d:44:a4:61:34:fd:50:10:d3:19:c4:a5:35:b9:ec:
         c8:09:60:db:6f:28:df:20:34:35:a0:67:a9:d6:32:d8:ab:39:
         f7:c7:ec:69:3b:59:bb:ab:d0:58:23:0c:97:85:bf:1f:5b:3b:
         cc:3a:fd:6d:3b:49:26:a3:51:06:f3:81:3f:bd:39:fe:d8:a3:
         40:44:e4:1f:19:79:04:47:a7:55:4f:c6:94:4a:56:b8:ed:70:
         58:9e:47:c5:22:24:63:ed:a8:7b:82:76:c2:e7:0e:e0:c5:cd:
         6b:ca:29:fb:a5:d3:33:9b:79:13:f4:ac:08:9f:76:bf:34:f5:
         c6:2c:4b:56:dc:93:11:18:8e:e1:56:6d:c1:ca:02:0e:c6:ae:
         91:3e:31:ad:73:32:0e:c5:88:28:17:b8:71:8e:c9:e3:64:f8:
         6c:21:4d:75:61:71:5e:0c:21:58:38:f5:e1:d8:51:b8:fa:9f:
         ea:85:08:0b:c5:9e:5e:3c:56:68:e7:fb:b7:23:48:6a:78:72:
         bd:4a:b3:1e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYxFTbZSxdCCyIu44c05kZ7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMjA3MTcyMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGVhYjZlOTEyMzg4NDk1OTU3YTNjMGI2MjY2ZGQ1MjEzYzM4NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9+uZkZkEx3r8m1ckNavmXH7a5z2
dkH6gM89FtSrBczt1UTrUXh2WJBEuSWXUCUvJDa+IaR5vYLyol5r77q6G7UKBP9t
HQb7YiD+27cbadHeYHaz8no4uJ4kkay3tlOPqZvWiZrEPhsAlRWVMC1sP39ddN3j
IxkLCqpRMFx6MzmORONcWep3I64kQU1AMww95ws7pbcJO131hWGtc+uZJMLs1eP+
r4UMBtVL0/FX+EzoVooYbcUwHK6vYtzgGhvRXEdp9V4ziplRyqD5b2+iKBWQyWn6
BgfggvkzOnHIsm8pg6TT6K78jehD7zaGvo+mysLZZPeGLkj7i+K3n+MKvQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGDqtukSOISVlXo8C2Jm3VITw4QNMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWU9xMjZSSTRoSldWZWp3TFltYmRVaFBEaEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCAjg4AwQC
AjqUAwQAWSU/AwQAuXl4AwQAue/zMA0GCSqGSIb3DQEBCwUAA4IBAQCKmMqoOUJY
itUvqTF+Ci6lgyRv/OmHuz4TyvHJgtIWFNAN3c2camFdUvZjszwfkGdnFecDyV2G
xvBtRKRhNP1QENMZxKU1uezICWDbbyjfIDQ1oGep1jLYqzn3x+xpO1m7q9BYIwyX
hb8fWzvMOv1tO0kmo1EG84E/vTn+2KNAROQfGXkER6dVT8aUSla47XBYnkfFIiRj
7ah7gnbC5w7gxc1ryin7pdMzm3kT9KwIn3a/NPXGLEtW3JMRGI7hVm3BygIOxq6R
PjGtczIOxYgoF7hxjsnjZPhsIU11YXFeDCFYOPXh2FG4+p/qhQgLxZ5ePFZo5/u3
I0hqeHK9SrMe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org