Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bKHuD9KnuoarB5jtRmGtwTPC7yg.roa
File:                     bKHuD9KnuoarB5jtRmGtwTPC7yg.roa (raw, json)
Hash identifier:          gJ9DyEjPY5d9XZPUAh8jJgH0oEhupNK+BzKGYnstBg8=
Subject key identifier:   6C:A1:EE:0F:D2:A7:BA:86:AB:07:98:ED:46:61:AD:C1:33:C2:EF:28
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018E9B3D3BB8FF0AA6A764ECB3BD9E071590
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bKHuD9KnuoarB5jtRmGtwTPC7yg.roa
Signing time:             Mon 01 Apr 2024 19:57:45 +0000
ROA not before:           Mon 01 Apr 2024 19:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.146.184.0/22 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          89.36.23.0/24 maxlen: 24
                          89.37.62.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          91.188.205.0/24 maxlen: 24
                          91.188.206.0/24 maxlen: 24
                          91.188.207.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          185.135.140.0/24 maxlen: 24
                          185.135.141.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          185.255.39.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          188.212.159.0/24 maxlen: 24
                          188.214.208.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24
                          188.240.225.0/24 maxlen: 24
                          188.240.227.0/24 maxlen: 24
                          188.240.232.0/24 maxlen: 24
                          188.241.243.0/24 maxlen: 24
                          193.23.128.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          213.232.92.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.94.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 09:34:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9b:3d:3b:b8:ff:0a:a6:a7:64:ec:b3:bd:9e:07:15:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  1 19:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ca1ee0fd2a7ba86ab0798ed4661adc133c2ef28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:fc:87:3e:95:8b:2e:bf:55:0f:00:5e:91:cd:
                    66:a0:fa:08:bf:ff:78:a2:5c:40:68:11:12:39:51:
                    08:16:fc:83:d0:85:66:b4:d6:fd:8e:c0:15:08:1e:
                    e1:ea:b4:b7:bb:e7:11:64:2a:ca:72:94:2c:02:31:
                    04:cf:a5:5e:31:71:93:a9:63:61:73:e1:de:5d:8c:
                    ce:c9:77:56:dd:f1:60:44:1d:c5:e9:b5:fb:04:99:
                    e7:00:a9:af:d2:59:9d:a0:b0:45:ff:99:15:9c:13:
                    7d:73:0a:f7:4f:aa:5b:e4:85:45:c9:9c:d8:b2:79:
                    7c:79:29:75:89:a9:d5:38:61:4d:07:c8:35:e0:f8:
                    cb:99:ba:fd:95:ea:e2:df:d7:ea:e1:dc:64:e4:56:
                    a7:6d:1f:b7:35:7f:96:92:e8:16:fe:55:96:97:8f:
                    67:0a:64:23:e8:41:b3:0e:d6:03:a4:a6:5b:7c:67:
                    77:8c:7d:7c:98:da:f1:26:0c:64:e0:68:72:28:76:
                    53:3c:2f:3c:0a:6d:3a:48:5c:4d:1c:61:d8:2f:15:
                    09:da:b3:ff:87:f2:f5:08:b7:ea:a6:48:c5:f3:de:
                    c4:28:18:35:3b:99:04:52:ec:6b:6d:51:53:96:ff:
                    a6:58:73:13:c9:3c:c4:d1:0c:94:d2:1b:19:13:1c:
                    15:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A1:EE:0F:D2:A7:BA:86:AB:07:98:ED:46:61:AD:C1:33:C2:EF:28
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bKHuD9KnuoarB5jtRmGtwTPC7yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.184.0/22
                  45.156.157.0/24
                  89.33.84.0/24
                  89.35.154.0/24
                  89.36.23.0/24
                  89.37.62.0/23
                  91.188.204.0/22
                  93.115.254.0/23
                  185.135.140.0/23
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.39.0/24
                  188.212.133.0/24
                  188.212.158.0/23
                  188.214.208.0/23
                  188.240.224.0/23
                  188.240.227.0/24
                  188.240.232.0/24
                  188.241.243.0/24
                  193.23.128.0/23
                  213.232.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:3d:c4:cb:64:55:96:52:e0:cf:e7:d1:35:5f:c7:e2:5e:0a:
         bc:69:a0:9c:82:06:1a:c8:10:ec:9b:8c:d9:53:1b:1a:84:bd:
         af:90:27:0f:0a:4c:67:09:b6:f8:c9:44:cd:2b:6f:23:11:f7:
         c3:33:0b:48:54:cc:4a:6c:ac:78:20:92:5f:59:aa:42:ae:82:
         41:37:16:76:8a:ae:c2:ef:b2:5d:70:a8:cf:07:95:c3:c2:8b:
         62:50:04:f7:4c:98:c9:14:26:b3:83:90:c9:b6:88:54:7e:1c:
         d3:c0:e0:c4:bc:fa:48:12:9a:61:1a:a0:74:20:87:0d:ad:1d:
         0d:9b:d6:a8:1e:56:2a:56:b2:1f:3c:90:59:f2:4a:99:18:61:
         db:b5:ad:e8:1d:d2:57:59:a0:6b:18:cb:c2:9c:b5:60:fa:f8:
         c7:a3:34:5e:68:39:5b:49:ac:8c:2c:c1:81:16:2b:80:13:d3:
         fe:ac:34:81:3f:eb:1c:c5:0d:2d:85:d6:b2:b8:3c:a4:5f:58:
         0f:a2:09:86:3c:fb:a9:cc:1d:b2:6e:89:2b:ad:ea:18:b7:51:
         de:b5:d8:dc:ff:f0:9a:be:3f:24:e1:02:e1:08:52:ef:70:7c:
         30:99:1f:05:fd:66:7b:87:36:f2:64:0d:6d:1a:c2:e1:ee:c4:
         33:93:ae:43
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAY6bPTu4/wqmp2Tss72eBxWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwNDAxMTk1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ExZWUwZmQyYTdiYTg2YWIwNzk4ZWQ0NjYxYWRjMTMzYzJlZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPyHPpWLLr9VDwBekc1moPoIv/94
olxAaBESOVEIFvyD0IVmtNb9jsAVCB7h6rS3u+cRZCrKcpQsAjEEz6VeMXGTqWNh
c+HeXYzOyXdW3fFgRB3F6bX7BJnnAKmv0lmdoLBF/5kVnBN9cwr3T6pb5IVFyZzY
snl8eSl1ianVOGFNB8g14PjLmbr9leri39fq4dxk5FanbR+3NX+WkugW/lWWl49n
CmQj6EGzDtYDpKZbfGd3jH18mNrxJgxk4GhyKHZTPC88Cm06SFxNHGHYLxUJ2rP/
h/L1CLfqpkjF897EKBg1O5kEUuxrbVFTlv+mWHMTyTzE0QyU0hsZExwVhwIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFGyh7g/Sp7qGqweY7UZhrcEzwu8oMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYktIdUQ5S251b2FyQjVqdFJtR3R3VFBDN3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBAIt
krgDBAAtnJ0DBABZIVQDBABZI5oDBABZJBcDBAFZJT4DBAJbvMwDBAFdc/4DBAG5
h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycDBAC81IUDBAG81J4DBAG81tADBAG8
8OADBAC88OMDBAC88OgDBAC88fMDBAHBF4ADBALV6FwwDQYJKoZIhvcNAQELBQAD
ggEBAJI9xMtkVZZS4M/n0TVfx+JeCrxpoJyCBhrIEOybjNlTGxqEva+QJw8KTGcJ
tvjJRM0rbyMR98MzC0hUzEpsrHggkl9ZqkKugkE3FnaKrsLvsl1wqM8HlcPCi2JQ
BPdMmMkUJrODkMm2iFR+HNPA4MS8+kgSmmEaoHQghw2tHQ2b1qgeVipWsh88kFny
SpkYYdu1regd0ldZoGsYy8KctWD6+MejNF5oOVtJrIwswYEWK4AT0/6sNIE/6xzF
DS2F1rK4PKRfWA+iCYY8+6nMHbJuiSut6hi3Ud612Nz/8Jq+PyThAuEIUu9wfDCZ
HwX9ZnuHNvJkDW0awuHuxDOTrkM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org