Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/b825xBo2TRwFysJ-1AuUcPSG340.roa
File:                     b825xBo2TRwFysJ-1AuUcPSG340.roa (raw, json)
Hash identifier:          +nZNQH23+CCReBqOAqCOQvifo2vsRmkBce4IpZylJWo=
Subject key identifier:   6F:CD:B9:C4:1A:36:4D:1C:05:CA:C2:7E:D4:0B:94:70:F4:86:DF:8D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018DF34121887F977E627C73EAE4EEA93FFD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/b825xBo2TRwFysJ-1AuUcPSG340.roa
Signing time:             Thu 29 Feb 2024 05:05:48 +0000
ROA not before:           Thu 29 Feb 2024 05:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.146.184.0/22 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          89.36.23.0/24 maxlen: 24
                          89.37.62.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          91.188.205.0/24 maxlen: 24
                          91.188.206.0/24 maxlen: 24
                          91.188.207.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          178.239.199.0/24 maxlen: 24
                          185.135.140.0/24 maxlen: 24
                          185.135.141.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          185.255.39.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          188.212.159.0/24 maxlen: 24
                          188.214.208.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24
                          188.240.225.0/24 maxlen: 24
                          188.240.227.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          188.241.243.0/24 maxlen: 24
                          193.23.128.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          213.232.92.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.94.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Apr 2024 19:57:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:41:21:88:7f:97:7e:62:7c:73:ea:e4:ee:a9:3f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 29 05:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fcdb9c41a364d1c05cac27ed40b9470f486df8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a7:96:55:88:b8:97:a8:be:e8:17:c7:25:9b:
                    67:bf:1b:5c:e3:c2:99:c5:8f:e0:95:1c:ee:b3:6c:
                    78:c6:8d:35:ab:14:5d:0e:2e:30:df:8d:da:61:15:
                    80:c5:b0:f9:f1:8a:c9:12:83:11:c2:0c:77:fe:fa:
                    0b:67:65:8d:3c:cb:cc:ba:72:0e:85:65:b8:b5:4a:
                    59:69:b3:3e:c5:65:2b:2f:d0:01:b6:61:9b:e1:2f:
                    fd:c6:10:d4:a0:0b:33:cb:00:fa:5e:59:d1:55:f6:
                    21:e9:5b:75:34:37:c2:39:f1:49:6a:ed:54:26:a6:
                    5f:ea:f2:a3:66:96:72:42:35:49:53:71:26:2c:4a:
                    81:5b:ed:96:1a:0b:72:48:5e:4e:80:f6:08:49:71:
                    17:ba:be:95:23:b3:2d:47:07:c7:ff:32:dc:b1:8f:
                    b6:ae:9c:20:0a:c1:41:9f:81:8e:f8:bf:44:1b:87:
                    bf:2d:ee:55:36:b1:c4:00:38:9f:b1:e8:54:80:41:
                    9b:48:cd:2e:5f:8a:7a:f2:fc:68:ce:30:55:47:b3:
                    13:81:41:f6:51:1d:d5:88:2e:3c:47:c8:3e:a8:77:
                    a0:7a:2e:5f:eb:f3:f9:8e:19:ed:49:b0:77:5d:ee:
                    c6:65:06:e7:9c:d3:76:09:e3:81:c5:2c:3b:e1:7d:
                    9b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:CD:B9:C4:1A:36:4D:1C:05:CA:C2:7E:D4:0B:94:70:F4:86:DF:8D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/b825xBo2TRwFysJ-1AuUcPSG340.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.184.0/22
                  45.156.157.0/24
                  89.33.84.0/24
                  89.35.154.0/24
                  89.36.23.0/24
                  89.37.62.0/23
                  91.188.204.0/22
                  93.115.254.0/23
                  178.239.199.0/24
                  185.135.140.0/23
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.39.0/24
                  188.212.133.0/24
                  188.212.158.0/23
                  188.214.208.0/23
                  188.240.224.0/23
                  188.240.227.0/24
                  188.240.232.0/24
                  188.241.243.0/24
                  193.23.128.0/23
                  213.232.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:7f:7c:47:82:da:c2:b4:36:48:93:1f:8f:23:24:e0:8a:93:
         f6:e8:0b:10:9a:9d:4b:3a:ed:be:5f:3d:3f:f5:11:18:f9:12:
         fe:d1:b2:b3:d8:32:f6:ad:22:9c:98:d1:7e:e5:7c:57:4d:0c:
         a4:38:df:a5:2b:ac:60:b5:41:73:0c:40:f5:63:25:f3:df:5c:
         85:2f:98:31:bd:70:ed:3b:c3:02:50:9a:78:b4:5b:1d:ea:4d:
         1a:70:be:0c:e0:68:95:8a:e9:83:65:a0:6d:67:e4:78:d3:a3:
         d1:5f:35:06:12:e9:c2:92:84:09:03:09:6e:f9:73:7b:04:b3:
         14:6e:9a:ac:d3:3a:0d:c8:25:9e:54:e2:de:02:0e:21:19:2e:
         75:5c:5f:d0:16:1a:2e:c4:65:4b:11:5c:99:f1:3a:9b:c3:30:
         b0:1b:1e:d4:50:df:b2:d6:9b:26:ef:ab:e7:3e:27:65:10:16:
         c8:b6:7b:ed:c2:d7:f1:6d:97:98:29:d0:5a:8f:11:31:94:87:
         ed:b1:5b:d4:e3:63:e9:23:6e:c7:1e:a8:87:ee:eb:f3:54:c7:
         d4:38:cf:27:27:3e:67:bb:7f:52:8e:d4:2d:6d:89:15:19:21:
         ac:b5:3b:75:50:73:cb:7e:5e:7a:f6:86:16:cc:80:de:8b:fd:
         a7:bd:1d:20
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAY3zQSGIf5d+Ynxz6uTuqT/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMjI5MDUwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmNkYjljNDFhMzY0ZDFjMDVjYWMyN2VkNDBiOTQ3MGY0ODZkZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKeWVYi4l6i+6BfHJZtnvxtc48KZ
xY/glRzus2x4xo01qxRdDi4w343aYRWAxbD58YrJEoMRwgx3/voLZ2WNPMvMunIO
hWW4tUpZabM+xWUrL9ABtmGb4S/9xhDUoAszywD6XlnRVfYh6Vt1NDfCOfFJau1U
JqZf6vKjZpZyQjVJU3EmLEqBW+2WGgtySF5OgPYISXEXur6VI7MtRwfH/zLcsY+2
rpwgCsFBn4GO+L9EG4e/Le5VNrHEADifsehUgEGbSM0uX4p68vxozjBVR7MTgUH2
UR3ViC48R8g+qHegei5f6/P5jhntSbB3Xe7GZQbnnNN2CeOBxSw74X2bZwIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFG/NucQaNk0cBcrCftQLlHD0ht+NMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYjgyNXhCbzJUUndGeXNKLTFBdVVjUFNHMzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBkQQCAAEwgYoDBAIt
krgDBAAtnJ0DBABZIVQDBABZI5oDBABZJBcDBAFZJT4DBAJbvMwDBAFdc/4DBACy
78cDBAG5h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycDBAC81IUDBAG81J4DBAG8
1tADBAG88OADBAC88OMDBAC88OgDBAC88fMDBAHBF4ADBALV6FwwDQYJKoZIhvcN
AQELBQADggEBAEV/fEeC2sK0NkiTH48jJOCKk/boCxCanUs67b5fPT/1ERj5Ev7R
srPYMvatIpyY0X7lfFdNDKQ436UrrGC1QXMMQPVjJfPfXIUvmDG9cO07wwJQmni0
Wx3qTRpwvgzgaJWK6YNloG1n5HjTo9FfNQYS6cKShAkDCW75c3sEsxRumqzTOg3I
JZ5U4t4CDiEZLnVcX9AWGi7EZUsRXJnxOpvDMLAbHtRQ37LWmybvq+c+J2UQFsi2
e+3C1/Ftl5gp0FqPETGUh+2xW9TjY+kjbsceqIfu6/NUx9Q4zycnPme7f1KO1C1t
iRUZIay1O3VQc8t+Xnr2hhbMgN6L/ae9HSA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org