Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fb18KDffBFokwQggwgnLBpuPLmU.roa
File:                     fb18KDffBFokwQggwgnLBpuPLmU.roa (raw, json)
Hash identifier:          YJyVzNHCveS9g7wjNLh0bW39HHSpJ9pQMnW8dLF+V74=
Subject key identifier:   7D:BD:7C:28:37:DF:04:5A:24:C1:08:20:C2:09:CB:06:9B:8F:2E:65
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018DF928AB8A5D9C4F3D3FE194CD75A70367
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fb18KDffBFokwQggwgnLBpuPLmU.roa
Signing time:             Fri 01 Mar 2024 08:36:48 +0000
ROA not before:           Fri 01 Mar 2024 08:36:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        45.83.29.0/24 maxlen: 24
                          45.88.20.0/24 maxlen: 24
                          45.88.22.0/24 maxlen: 24
                          45.89.36.0/24 maxlen: 24
                          45.89.38.0/24 maxlen: 24
                          45.92.2.0/24 maxlen: 24
                          45.146.187.0/24 maxlen: 24
                          87.247.148.0/22 maxlen: 24
                          89.31.216.0/24 maxlen: 24
                          91.190.96.0/24 maxlen: 24
                          91.190.99.0/24 maxlen: 24
                          91.190.104.0/24 maxlen: 24
                          91.217.236.0/24 maxlen: 24
                          91.217.250.0/24 maxlen: 24
                          185.239.241.0/24 maxlen: 24
                          185.244.137.0/24 maxlen: 24
                          185.245.5.0/24 maxlen: 24
                          185.245.7.0/24 maxlen: 24
                          217.74.16.0/24 maxlen: 24
                          2a0b:64c1::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 11 Mar 2024 07:58:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:28:ab:8a:5d:9c:4f:3d:3f:e1:94:cd:75:a7:03:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  1 08:36:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dbd7c2837df045a24c10820c209cb069b8f2e65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fb:73:cd:68:26:e4:67:fa:35:c3:73:63:42:
                    47:9d:31:c5:65:d2:f8:3d:b2:b9:53:f5:46:6a:82:
                    d3:cd:a5:97:0e:f9:1a:2a:b3:1c:39:57:c5:62:de:
                    1c:4c:f8:86:e4:6d:ff:40:1f:43:95:2b:77:94:d6:
                    5d:e5:47:93:b4:b2:cc:13:88:d8:ba:fe:60:68:9e:
                    98:2d:92:77:88:e2:ac:1e:4b:f8:c2:3f:bf:34:6e:
                    0a:65:30:61:1f:a4:f3:8c:0f:c4:d2:c2:6e:0d:63:
                    d7:ba:6c:58:47:fb:5f:84:b8:8c:cd:11:c8:d4:43:
                    aa:46:62:2b:0f:de:d4:47:a8:d5:3c:e5:cd:7a:d6:
                    c1:05:55:07:58:4b:bf:72:a7:dd:52:bd:61:e2:72:
                    a5:9b:0e:fe:93:98:1c:ad:46:19:02:d0:d9:dc:aa:
                    7b:cc:07:64:27:52:ac:bf:37:08:d8:2d:f7:15:cd:
                    a1:bf:d2:9f:5b:3f:e9:c0:bb:1e:86:4a:88:a1:da:
                    c6:07:3b:a5:0b:7a:d9:2c:7e:fc:47:a2:05:3b:98:
                    90:17:7f:87:72:c0:39:e5:e0:89:01:d3:91:04:7b:
                    48:c7:d8:30:67:f3:d2:bd:bc:22:ab:b3:ef:45:4f:
                    d0:e7:26:47:5c:13:6f:ed:2b:fa:cd:9d:ab:f9:ae:
                    c7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BD:7C:28:37:DF:04:5A:24:C1:08:20:C2:09:CB:06:9B:8F:2E:65
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fb18KDffBFokwQggwgnLBpuPLmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.29.0/24
                  45.88.20.0/24
                  45.88.22.0/24
                  45.89.36.0/24
                  45.89.38.0/24
                  45.92.2.0/24
                  45.146.187.0/24
                  87.247.148.0/22
                  89.31.216.0/24
                  91.190.96.0/24
                  91.190.99.0/24
                  91.190.104.0/24
                  91.217.236.0/24
                  91.217.250.0/24
                  185.239.241.0/24
                  185.244.137.0/24
                  185.245.5.0/24
                  185.245.7.0/24
                  217.74.16.0/24
                IPv6:
                  2a0b:64c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:bd:a1:58:da:91:3f:c6:11:d5:af:b5:a8:c8:98:0b:21:5a:
         c1:05:e9:1f:36:93:80:11:6a:64:dc:fb:40:83:9d:56:2f:fe:
         ad:1f:f1:3a:b6:7a:f2:9f:ef:59:ee:c3:cd:48:54:c6:25:af:
         ca:09:f3:23:37:25:ec:7e:5b:61:9c:0d:de:1a:6f:0c:78:63:
         97:ac:f1:06:40:4f:08:aa:80:08:b5:d1:9e:0a:03:0e:38:cc:
         2e:72:e1:64:dd:28:ea:9f:08:fa:af:3e:28:3b:51:6b:ad:13:
         79:0e:b0:1a:d9:c0:f3:9b:ed:c4:3a:ed:92:44:50:56:18:c0:
         d2:bd:92:9d:8e:f1:b5:48:95:18:11:28:e1:c1:34:b3:83:e7:
         eb:b4:4a:d3:62:51:b1:b5:5d:81:58:4f:44:95:87:f8:29:a1:
         31:7d:70:22:e4:bb:30:11:dc:57:7e:14:88:98:d2:8f:ce:a5:
         75:48:4e:13:86:e6:92:0c:de:bc:ad:23:d5:e5:88:02:df:76:
         0b:38:9e:9e:08:ea:96:f9:07:2c:4a:ff:85:d6:30:63:3a:6d:
         12:8f:0c:43:57:39:77:63:da:2a:b2:02:52:f8:1a:44:77:43:
         c3:c6:0f:01:4d:53:7f:6e:87:81:2c:84:d7:62:81:3f:c5:52:
         0c:37:c6:fd
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAY35KKuKXZxPPT/hlM11pwNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMzAxMDgzNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGJkN2MyODM3ZGYwNDVhMjRjMTA4MjBjMjA5Y2IwNjliOGYyZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/tzzWgm5Gf6NcNzY0JHnTHFZdL4
PbK5U/VGaoLTzaWXDvkaKrMcOVfFYt4cTPiG5G3/QB9DlSt3lNZd5UeTtLLME4jY
uv5gaJ6YLZJ3iOKsHkv4wj+/NG4KZTBhH6TzjA/E0sJuDWPXumxYR/tfhLiMzRHI
1EOqRmIrD97UR6jVPOXNetbBBVUHWEu/cqfdUr1h4nKlmw7+k5gcrUYZAtDZ3Kp7
zAdkJ1KsvzcI2C33Fc2hv9KfWz/pwLsehkqIodrGBzulC3rZLH78R6IFO5iQF3+H
csA55eCJAdORBHtIx9gwZ/PSvbwiq7PvRU/Q5yZHXBNv7Sv6zZ2r+a7HcQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFH29fCg33wRaJMEIIMIJywabjy5lMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZmIxOEtEZmZCRm9rd1FnZ3dnbkxCcHVQTG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGcBggrBgEFBQcBBwEB/wSBjDCBiTB4BAIAATByAwQALVMd
AwQALVgUAwQALVgWAwQALVkkAwQALVkmAwQALVwCAwQALZK7AwQCV/eUAwQAWR/Y
AwQAW75gAwQAW75jAwQAW75oAwQAW9nsAwQAW9n6AwQAue/xAwQAufSJAwQAufUF
AwQAufUHAwQA2UoQMA0EAgACMAcDBQAqC2TBMA0GCSqGSIb3DQEBCwUAA4IBAQA1
vaFY2pE/xhHVr7WoyJgLIVrBBekfNpOAEWpk3PtAg51WL/6tH/E6tnryn+9Z7sPN
SFTGJa/KCfMjNyXsflthnA3eGm8MeGOXrPEGQE8IqoAItdGeCgMOOMwucuFk3Sjq
nwj6rz4oO1FrrRN5DrAa2cDzm+3EOu2SRFBWGMDSvZKdjvG1SJUYESjhwTSzg+fr
tErTYlGxtV2BWE9ElYf4KaExfXAi5LswEdxXfhSImNKPzqV1SE4ThuaSDN68rSPV
5YgC33YLOJ6eCOqW+QcsSv+F1jBjOm0SjwxDVzl3Y9oqsgJS+BpEd0PDxg8BTVN/
boeBLITXYoE/xVIMN8b9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org