Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kKbvmraqwsyYnSFzdOI2isSCxfM.roa
File:                     kKbvmraqwsyYnSFzdOI2isSCxfM.roa (raw, json)
Hash identifier:          fUCqkmPE+Jn0VKcmYRQN1A/IaKb2Z/FmZ8krjbhE6ek=
Subject key identifier:   90:A6:EF:9A:B6:AA:C2:CC:98:9D:21:73:74:E2:36:8A:C4:82:C5:F3
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186A1F5912B719A525DBB6D31B94A9CF2ED
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kKbvmraqwsyYnSFzdOI2isSCxfM.roa
Signing time:             Thu 02 Mar 2023 10:54:30 +0000
ROA not before:           Thu 02 Mar 2023 10:54:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        188.241.243.0/24 maxlen: 24
                          185.135.141.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          87.247.151.0/24 maxlen: 24
                          188.241.182.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 28 Mar 2023 06:31:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a1:f5:91:2b:71:9a:52:5d:bb:6d:31:b9:4a:9c:f2:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  2 10:54:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=90a6ef9ab6aac2cc989d217374e2368ac482c5f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e2:d4:2c:7e:b6:10:6c:b8:20:a8:c6:f7:10:
                    e1:42:14:54:60:17:3c:2f:be:87:df:08:73:a1:50:
                    41:a8:88:1e:b5:a1:c6:97:15:d8:63:ae:9b:9f:08:
                    cb:12:7a:31:04:10:9d:74:dc:98:5c:5f:9d:29:5e:
                    1e:17:c3:f8:81:02:0e:1d:fd:73:24:91:fe:43:60:
                    1f:53:54:32:f6:19:47:83:f9:96:14:db:23:b5:37:
                    bf:72:bc:fd:64:a1:ec:d0:54:e0:28:dc:a4:2a:b8:
                    ed:6e:ad:29:97:74:7c:b0:7a:50:ec:1f:db:b9:bf:
                    af:f1:da:30:bd:ac:d5:d7:75:66:ea:09:e8:75:cb:
                    2f:ec:65:2d:71:71:0d:26:d5:2d:d5:76:b1:ea:72:
                    1d:ce:9c:94:12:85:5d:20:2d:80:6c:dd:65:e8:3e:
                    21:19:25:73:6f:9c:55:f6:60:16:7d:2b:01:33:6a:
                    97:60:6d:90:ea:b7:38:41:69:e8:ab:a0:ae:8f:ea:
                    95:e0:fe:9c:7b:0f:6b:90:1e:c9:1c:41:97:a3:cb:
                    47:1e:56:f1:70:d3:00:55:b2:76:83:23:91:f5:b9:
                    1c:a5:44:2f:40:f8:32:36:15:9d:3d:b2:e9:c8:d7:
                    0c:7b:a5:bc:1c:0f:db:75:4a:dd:a0:df:82:c2:32:
                    8e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:A6:EF:9A:B6:AA:C2:CC:98:9D:21:73:74:E2:36:8A:C4:82:C5:F3
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kKbvmraqwsyYnSFzdOI2isSCxfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.149.0/24
                  87.247.151.0/24
                  91.188.204.0/24
                  185.135.141.0/24
                  188.241.182.0/24
                  188.241.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:44:f9:4f:77:ad:ef:69:3d:7e:93:5a:e1:c1:06:f9:fa:d2:
         22:de:08:b9:14:e7:87:45:40:29:0d:c6:e6:ad:90:ac:6f:4e:
         2c:60:22:cc:01:df:12:fb:df:b5:52:73:e1:b8:32:b7:81:ce:
         5a:e1:b6:b6:9f:64:e8:ba:78:4f:74:f4:86:65:ba:c2:62:c2:
         01:04:2b:c0:79:e6:8b:e5:9f:87:c6:97:0a:fe:4e:f6:c9:ab:
         5d:d8:f7:90:30:d4:a8:77:7e:4d:fb:66:bb:60:85:ed:fd:6b:
         00:96:8d:31:33:20:18:82:7b:3b:8e:54:77:96:2f:f5:ac:64:
         08:b7:36:0e:fb:62:09:85:77:1f:82:23:3e:5f:a8:22:68:3e:
         52:b5:9b:e3:d3:99:ba:ca:8b:f4:2a:ff:d5:c2:04:34:23:9c:
         d9:0a:da:93:6d:77:ca:1c:ef:68:b5:e0:34:ae:4f:8a:ee:3b:
         36:40:8d:3d:dc:13:d4:fd:5f:cf:4e:dc:4a:2f:30:fb:86:0e:
         ee:ee:b7:0f:9e:aa:e6:68:89:c0:74:1b:a7:d6:3f:4f:65:f3:
         95:12:5c:5a:25:9c:aa:16:ff:01:cb:dd:77:cc:e0:4e:39:ea:
         84:7c:45:0b:b1:25:cc:62:2b:82:6b:ef:a8:dd:67:88:61:bf:
         5f:0f:31:5a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYah9ZErcZpSXbttMblKnPLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzAyMTA1NDMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGE2ZWY5YWI2YWFjMmNjOTg5ZDIxNzM3NGUyMzY4YWM0ODJjNWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+LULH62EGy4IKjG9xDhQhRUYBc8
L76H3whzoVBBqIgetaHGlxXYY66bnwjLEnoxBBCddNyYXF+dKV4eF8P4gQIOHf1z
JJH+Q2AfU1Qy9hlHg/mWFNsjtTe/crz9ZKHs0FTgKNykKrjtbq0pl3R8sHpQ7B/b
ub+v8dowvazV13Vm6gnodcsv7GUtcXENJtUt1Xax6nIdzpyUEoVdIC2AbN1l6D4h
GSVzb5xV9mAWfSsBM2qXYG2Q6rc4QWnoq6Cuj+qV4P6cew9rkB7JHEGXo8tHHlbx
cNMAVbJ2gyOR9bkcpUQvQPgyNhWdPbLpyNcMe6W8HA/bdUrdoN+CwjKOWQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJCm75q2qsLMmJ0hc3TiNorEgsXzMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEva0tidm1yYXF3c3lZblNGemRPSTJpc1NDeGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAV/eVAwQA
V/eXAwQAW7zMAwQAuYeNAwQAvPG2AwQAvPHzMA0GCSqGSIb3DQEBCwUAA4IBAQBP
RPlPd63vaT1+k1rhwQb5+tIi3gi5FOeHRUApDcbmrZCsb04sYCLMAd8S+9+1UnPh
uDK3gc5a4ba2n2TounhPdPSGZbrCYsIBBCvAeeaL5Z+HxpcK/k72yatd2PeQMNSo
d35N+2a7YIXt/WsAlo0xMyAYgns7jlR3li/1rGQItzYO+2IJhXcfgiM+X6giaD5S
tZvj05m6yov0Kv/VwgQ0I5zZCtqTbXfKHO9oteA0rk+K7js2QI093BPU/V/PTtxK
LzD7hg7u7rcPnqrmaInAdBun1j9PZfOVElxaJZyqFv8By913zOBOOeqEfEULsSXM
YiuCa++o3WeIYb9fDzFa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org