Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gdVPN0smxuhF3KMp7fBHmjzL6uY.roa
File:                     gdVPN0smxuhF3KMp7fBHmjzL6uY.roa (raw, json)
Hash identifier:          ZcQkJauu9BoFMCWh8I6lsPP9CqS3gQ5Ih8gGtZlQYE0=
Subject key identifier:   81:D5:4F:37:4B:26:C6:E8:45:DC:A3:29:ED:F0:47:9A:3C:CB:EA:E6
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018726EA37A732FF3CBFCA66769A17DB7C6E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gdVPN0smxuhF3KMp7fBHmjzL6uY.roa
Signing time:             Tue 28 Mar 2023 06:31:36 +0000
ROA not before:           Tue 28 Mar 2023 06:31:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        188.241.243.0/24 maxlen: 24
                          185.135.141.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          87.247.151.0/24 maxlen: 24
                          188.241.182.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 06:06:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:26:ea:37:a7:32:ff:3c:bf:ca:66:76:9a:17:db:7c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 28 06:31:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=81d54f374b26c6e845dca329edf0479a3ccbeae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:de:f4:40:e9:ec:4c:1d:02:c9:74:70:59:27:
                    cc:f0:f9:8c:02:9d:41:c1:c4:7b:cc:97:90:a6:e9:
                    02:56:1f:d9:ad:48:d5:4d:51:23:0e:87:20:68:69:
                    65:67:ff:99:21:7a:c0:13:d4:d0:69:9d:26:d4:2f:
                    95:0c:d8:0d:f3:07:53:23:89:c3:2c:d3:bc:07:6a:
                    50:5f:36:01:7b:c5:da:26:38:ed:7e:8a:b8:15:7d:
                    48:62:28:3f:22:09:bc:03:86:3a:e9:e7:94:64:7c:
                    dc:a3:7b:49:1f:7c:84:68:dd:e8:22:59:99:8b:6e:
                    b6:1e:ff:02:c9:f3:77:90:ec:14:a5:04:57:e7:35:
                    b2:e3:e5:aa:2b:bc:0f:a0:15:d4:6c:e7:5a:3f:8d:
                    05:c6:78:1d:11:94:62:53:57:62:7f:76:b1:8a:c0:
                    1e:d8:c6:26:ef:aa:cb:89:2f:54:5d:62:e2:e7:35:
                    73:78:cf:df:2c:ce:02:31:c6:39:0a:a8:82:bf:61:
                    27:3f:2b:07:ea:4c:9a:ff:e6:5a:57:74:62:6e:4b:
                    b0:fe:19:f4:dd:1c:2a:05:66:3b:f1:8d:03:3b:c9:
                    9d:b3:d8:b6:0c:b2:15:8b:95:ca:f4:47:3f:79:44:
                    11:c9:5b:17:91:fb:7b:73:6c:e9:15:51:f7:a2:ac:
                    59:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D5:4F:37:4B:26:C6:E8:45:DC:A3:29:ED:F0:47:9A:3C:CB:EA:E6
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gdVPN0smxuhF3KMp7fBHmjzL6uY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.149.0/24
                  87.247.151.0/24
                  91.188.204.0/24
                  185.135.141.0/24
                  185.135.143.0/24
                  185.255.169.0/24
                  188.241.182.0/24
                  188.241.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:a3:9c:8d:1a:6f:00:1a:29:63:25:53:b4:24:2c:8c:37:06:
         fb:47:8e:21:9c:98:f8:8a:97:5d:b8:7e:5c:32:96:a6:98:a7:
         1e:10:92:59:f6:49:73:ec:38:ec:21:b2:59:24:a0:b4:68:d2:
         31:64:d8:e0:4d:e5:46:7f:c2:94:6b:d4:4a:4a:29:ba:b8:8f:
         a8:de:67:8e:87:92:3c:c7:81:d5:46:f0:c4:30:94:c0:e6:f0:
         89:2d:7b:c0:4b:54:0a:47:0c:bc:58:ca:40:5f:b5:57:39:20:
         67:06:4d:f6:7c:27:09:85:fe:04:d3:78:65:f7:85:1b:1f:8d:
         2d:ef:2e:71:7f:f7:4e:f2:0c:f7:be:a4:62:96:48:81:7a:2e:
         bf:55:84:0f:ac:4e:8f:d1:8f:e0:66:00:6a:50:0b:47:a6:cc:
         bd:d0:da:73:7b:5d:08:fd:a0:77:e0:6c:e0:fe:ad:bc:e9:5d:
         bb:e8:dd:12:56:fc:ef:38:f1:92:cc:fc:11:54:33:28:fe:06:
         31:62:65:72:93:83:05:aa:1d:46:22:34:ec:fc:b1:a8:b1:29:
         a6:13:ff:51:79:cf:93:ce:96:42:b9:d9:9d:14:af:32:1d:96:
         7a:e5:88:3f:6d:5d:89:82:95:86:67:8e:5c:16:8e:73:1f:93:
         7b:30:b4:5a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYcm6jenMv88v8pmdpoX23xuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI4MDYzMTM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQ1NGYzNzRiMjZjNmU4NDVkY2EzMjllZGYwNDc5YTNjY2JlYWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu970QOnsTB0CyXRwWSfM8PmMAp1B
wcR7zJeQpukCVh/ZrUjVTVEjDocgaGllZ/+ZIXrAE9TQaZ0m1C+VDNgN8wdTI4nD
LNO8B2pQXzYBe8XaJjjtfoq4FX1IYig/Igm8A4Y66eeUZHzco3tJH3yEaN3oIlmZ
i262Hv8CyfN3kOwUpQRX5zWy4+WqK7wPoBXUbOdaP40FxngdEZRiU1dif3axisAe
2MYm76rLiS9UXWLi5zVzeM/fLM4CMcY5CqiCv2EnPysH6kya/+ZaV3Ribkuw/hn0
3RwqBWY78Y0DO8mds9i2DLIVi5XK9Ec/eUQRyVsXkft7c2zpFVH3oqxZKQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIHVTzdLJsboRdyjKe3wR5o8y+rmMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZ2RWUE4wc214dWhGM0tNcDdmQkhtanpMNnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAV/eVAwQA
V/eXAwQAW7zMAwQAuYeNAwQAuYePAwQAuf+pAwQAvPG2AwQAvPHzMA0GCSqGSIb3
DQEBCwUAA4IBAQAWo5yNGm8AGiljJVO0JCyMNwb7R44hnJj4ipdduH5cMpammKce
EJJZ9klz7DjsIbJZJKC0aNIxZNjgTeVGf8KUa9RKSim6uI+o3meOh5I8x4HVRvDE
MJTA5vCJLXvAS1QKRwy8WMpAX7VXOSBnBk32fCcJhf4E03hl94UbH40t7y5xf/dO
8gz3vqRilkiBei6/VYQPrE6P0Y/gZgBqUAtHpsy90Npze10I/aB34Gzg/q286V27
6N0SVvzvOPGSzPwRVDMo/gYxYmVyk4MFqh1GIjTs/LGosSmmE/9Rec+TzpZCudmd
FK8yHZZ65Yg/bV2JgpWGZ45cFo5zH5N7MLRa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:47 2024 by rpki-client on console-fra.rpki-client.org