Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ieYuMNO9Lo2UFQxgrFROAx82fkw.roa
File:                     ieYuMNO9Lo2UFQxgrFROAx82fkw.roa (raw, json)
Hash identifier:          LWyndKyLRpKgLXsXsNpowt8kdjxSxq6rt4Hpwws5Cyw=
Subject key identifier:   89:E6:2E:30:D3:BD:2E:8D:94:15:0C:60:AC:54:4E:03:1F:36:7E:4C
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5012AC3237985FCBB1BFB3C687BC41F
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ieYuMNO9Lo2UFQxgrFROAx82fkw.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        217.74.20.0/24 maxlen: 24
                          94.176.111.0/24 maxlen: 24
                          91.190.106.0/24 maxlen: 24
                          185.241.211.0/24 maxlen: 24
                          45.83.30.0/23 maxlen: 23
                          45.80.156.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 14 Jan 2024 06:52:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2a:c3:23:79:85:fc:bb:1b:fb:3c:68:7b:c4:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89e62e30d3bd2e8d94150c60ac544e031f367e4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e1:b5:11:3b:c7:aa:8d:c1:a2:54:3a:3c:73:
                    43:6e:76:7f:83:89:65:d0:0a:ba:28:ef:d9:8f:a5:
                    b7:58:9a:d2:d5:50:a7:62:83:13:d9:2c:a5:a4:43:
                    11:09:9e:c4:eb:1d:2c:44:9d:f1:f5:35:ab:24:bc:
                    09:39:13:4d:55:21:f3:28:0c:f4:8d:85:26:3c:b0:
                    f9:dc:5a:f0:e2:12:d5:2c:8b:66:5f:f8:27:53:45:
                    42:44:20:f5:b2:7e:29:9e:83:a1:67:d9:f9:fa:c6:
                    ca:16:5e:08:7e:76:8f:85:c0:7f:99:74:a1:2c:b1:
                    ae:94:31:6f:5c:2f:35:fb:89:ba:8f:80:ef:73:1d:
                    8f:b0:8a:0c:ce:94:db:f2:b1:67:5c:f4:36:d1:9c:
                    1f:3d:d8:cf:a9:4b:b1:b3:3a:10:63:8d:36:ab:d4:
                    18:f7:cb:bd:fe:4d:e6:fa:aa:32:bd:6f:40:40:63:
                    bf:5d:2e:94:a9:34:ef:46:57:6e:b3:e2:eb:40:6e:
                    de:22:2c:7c:6f:3d:7f:6f:75:f4:c2:0a:81:22:ef:
                    52:27:6f:bd:a5:94:84:92:7b:00:55:17:db:80:55:
                    d9:9c:19:db:36:e4:ba:24:65:4d:8c:5d:0e:7f:48:
                    de:a2:37:ca:4b:bf:dd:45:81:da:14:2b:ca:55:0a:
                    b6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E6:2E:30:D3:BD:2E:8D:94:15:0C:60:AC:54:4E:03:1F:36:7E:4C
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ieYuMNO9Lo2UFQxgrFROAx82fkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.156.0/24
                  45.83.30.0/23
                  91.190.106.0/24
                  94.176.111.0/24
                  185.241.211.0/24
                  217.74.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:84:21:7c:8e:44:90:d1:f8:2d:0f:67:a8:9f:1b:51:f2:c3:
         27:b5:5c:e3:7e:d6:c1:2d:64:2a:ad:02:fd:cb:6f:3f:6e:1f:
         16:05:2c:0c:47:61:fa:b9:d4:65:9c:49:9e:41:1b:fb:1b:60:
         a7:76:b3:ad:95:ad:54:31:cb:5c:36:e9:e2:8b:54:67:e5:0a:
         69:99:f6:51:1c:20:d0:8b:5d:7e:b4:49:5c:f7:46:f5:08:5f:
         12:de:45:c0:5c:06:76:44:bc:8c:20:6f:06:f2:8b:2b:5d:10:
         4b:ba:11:1c:63:e8:68:a4:85:e9:bb:1d:af:93:88:9a:ae:98:
         38:45:34:f2:e6:44:58:99:84:d1:59:28:e3:42:8c:92:c9:ab:
         2c:ef:d5:26:0c:e8:67:d4:a6:5c:0d:ae:38:f5:84:4a:a5:cd:
         24:95:9f:ab:83:8f:91:4c:be:3a:21:e4:33:3e:c1:64:36:eb:
         6a:b5:9c:3b:82:cf:63:d5:a8:06:2d:d4:db:6f:a4:13:e2:c2:
         78:dd:0f:f6:bf:c1:0a:cb:ec:64:4d:1d:aa:71:cd:ad:63:da:
         48:0a:43:3a:f5:a0:25:9c:18:75:29:dd:74:1c:81:94:92:f7:
         fc:6a:b8:3e:e3:ad:e3:a0:64:0f:55:99:95:70:ae:4c:9a:1d:
         d8:31:17:c0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzFASrDI3mF/Lsb+zxoe8QfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWU2MmUzMGQzYmQyZThkOTQxNTBjNjBhYzU0NGUwMzFmMzY3ZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguG1ETvHqo3BolQ6PHNDbnZ/g4ll
0Aq6KO/Zj6W3WJrS1VCnYoMT2SylpEMRCZ7E6x0sRJ3x9TWrJLwJORNNVSHzKAz0
jYUmPLD53Frw4hLVLItmX/gnU0VCRCD1sn4pnoOhZ9n5+sbKFl4IfnaPhcB/mXSh
LLGulDFvXC81+4m6j4Dvcx2PsIoMzpTb8rFnXPQ20ZwfPdjPqUuxszoQY402q9QY
98u9/k3m+qoyvW9AQGO/XS6UqTTvRldus+LrQG7eIix8bz1/b3X0wgqBIu9SJ2+9
pZSEknsAVRfbgFXZnBnbNuS6JGVNjF0Of0jeojfKS7/dRYHaFCvKVQq2RQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFInmLjDTvS6NlBUMYKxUTgMfNn5MMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaWVZdU1OTzlMbzJVRlF4Z3JGUk9BeDgyZmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALVCcAwQB
LVMeAwQAW75qAwQAXrBvAwQAufHTAwQA2UoUMA0GCSqGSIb3DQEBCwUAA4IBAQBY
hCF8jkSQ0fgtD2eonxtR8sMntVzjftbBLWQqrQL9y28/bh8WBSwMR2H6udRlnEme
QRv7G2CndrOtla1UMctcNunii1Rn5QppmfZRHCDQi11+tElc90b1CF8S3kXAXAZ2
RLyMIG8G8osrXRBLuhEcY+hopIXpux2vk4iarpg4RTTy5kRYmYTRWSjjQoySyass
79UmDOhn1KZcDa449YRKpc0klZ+rg4+RTL46IeQzPsFkNutqtZw7gs9j1agGLdTb
b6QT4sJ43Q/2v8EKy+xkTR2qcc2tY9pICkM69aAlnBh1Kd10HIGUkvf8arg+463j
oGQPVZmVcK5Mmh3YMRfA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org