Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/krzHpQnQSGWMza1vsN3519Ue_9A.roa
File:                     krzHpQnQSGWMza1vsN3519Ue_9A.roa (raw, json)
Hash identifier:          Bn/HNvJzQN2+ziWB93+OAh0gTgEllzrPHAGmcGyUBz0=
Subject key identifier:   92:BC:C7:A5:09:D0:48:65:8C:CD:AD:6F:B0:DD:F9:D7:D5:1E:FF:D0
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018B3E547E0C3498CB40DC02EF10BE079D65
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/krzHpQnQSGWMza1vsN3519Ue_9A.roa
Signing time:             Tue 17 Oct 2023 15:50:06 +0000
ROA not before:           Tue 17 Oct 2023 15:50:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20712
IP address blocks:        45.92.3.0/24 maxlen: 24
                          185.112.64.0/22 maxlen: 24
                          45.89.37.0/24 maxlen: 24
                          45.140.134.0/24 maxlen: 24
                          45.89.39.0/24 maxlen: 24
                          91.190.97.0/24 maxlen: 24
                          91.190.105.0/24 maxlen: 24
                          185.255.168.0/22 maxlen: 24
                          45.88.23.0/24 maxlen: 24
                          45.88.21.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:3e:54:7e:0c:34:98:cb:40:dc:02:ef:10:be:07:9d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Oct 17 15:50:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=92bcc7a509d048658ccdad6fb0ddf9d7d51effd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c8:74:af:93:39:b9:bb:38:30:6f:d3:47:3f:
                    e8:d4:a0:16:1b:12:d1:b8:69:7e:c6:f3:79:c9:7a:
                    f9:df:dc:bc:3b:bf:7d:ae:75:f9:d9:b5:26:e0:9c:
                    9f:5c:60:55:52:bd:34:41:14:cb:f5:d3:81:59:cd:
                    ab:ed:13:e0:5d:6b:9d:86:f8:5b:46:9c:2a:19:b4:
                    31:5b:e9:e2:2c:55:66:d8:bd:04:3c:ce:22:aa:4f:
                    0d:04:e4:21:18:4f:f0:70:de:ff:4f:e6:93:72:52:
                    ea:c9:15:6e:7d:db:37:6d:83:65:08:b6:3f:bf:b5:
                    08:a4:33:60:50:11:a6:a6:fe:fd:85:f7:88:6e:72:
                    4f:ed:1a:bf:d8:f1:e9:31:cb:9e:32:b8:8c:81:33:
                    0f:8e:07:1e:71:c3:49:e9:ca:65:3b:e1:85:fb:a8:
                    b2:02:a9:e7:dd:f5:89:d9:db:6f:58:26:a1:e8:34:
                    a2:2c:52:26:f8:96:c9:65:21:5b:5b:f6:25:69:82:
                    aa:b1:9b:8f:f8:bf:80:c2:ab:67:5d:c0:b8:d0:09:
                    33:97:0e:75:5b:dd:56:43:db:74:33:3e:f4:f8:1b:
                    1d:f1:d5:0b:70:f4:13:44:a7:53:94:bf:34:37:3a:
                    3a:cf:b9:7d:a3:ef:0c:2e:5b:c0:02:ce:c6:f4:ef:
                    34:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:BC:C7:A5:09:D0:48:65:8C:CD:AD:6F:B0:DD:F9:D7:D5:1E:FF:D0
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/krzHpQnQSGWMza1vsN3519Ue_9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.21.0/24
                  45.88.23.0/24
                  45.89.37.0/24
                  45.89.39.0/24
                  45.92.3.0/24
                  45.140.134.0/24
                  91.190.97.0/24
                  91.190.105.0/24
                  185.112.64.0/22
                  185.255.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:ec:e7:2c:91:87:87:71:5d:c8:08:3b:8d:bb:1f:8b:fb:05:
         bd:79:cd:17:45:c0:52:a9:45:b3:06:a8:cc:54:40:ce:7f:c3:
         25:14:45:22:93:07:b9:f1:6b:03:99:c7:f9:fd:a7:97:d7:4e:
         c5:3b:59:48:01:6c:b8:04:f7:85:9f:03:aa:df:8f:82:d2:0f:
         d1:82:40:a7:bf:44:11:25:fe:bc:5d:ed:78:ce:75:32:6a:74:
         a7:fe:3d:9f:af:40:b5:c6:92:b6:f9:1d:79:99:85:d7:eb:e8:
         07:9f:59:80:a9:bb:82:d1:50:49:51:70:e3:c8:b9:74:79:68:
         3e:5d:27:dc:3b:03:d7:e8:af:6a:f4:cb:6d:e9:5f:29:e5:73:
         7a:dd:05:db:bc:cf:5d:23:05:07:90:2c:c0:26:b9:cc:a7:61:
         e9:11:22:a1:9c:5f:18:52:96:26:ad:57:2f:c0:de:8e:3b:5c:
         03:59:20:ad:77:be:96:82:68:eb:55:94:da:ef:24:d1:b0:70:
         bb:f6:8a:f5:61:d4:ce:ed:f4:cd:88:c6:b2:a4:52:13:99:c4:
         0d:0b:00:8e:88:ab:ff:11:7f:af:4e:ac:db:8a:9e:da:70:1b:
         9e:4e:83:11:e2:a9:7f:5c:58:e2:f4:11:66:3d:4e:30:65:4a:
         18:0d:4c:3c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYs+VH4MNJjLQNwC7xC+B51lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMDE3MTU1MDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmJjYzdhNTA5ZDA0ODY1OGNjZGFkNmZiMGRkZjlkN2Q1MWVmZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMh0r5M5ubs4MG/TRz/o1KAWGxLR
uGl+xvN5yXr539y8O799rnX52bUm4JyfXGBVUr00QRTL9dOBWc2r7RPgXWudhvhb
RpwqGbQxW+niLFVm2L0EPM4iqk8NBOQhGE/wcN7/T+aTclLqyRVufds3bYNlCLY/
v7UIpDNgUBGmpv79hfeIbnJP7Rq/2PHpMcueMriMgTMPjgceccNJ6cplO+GF+6iy
Aqnn3fWJ2dtvWCah6DSiLFIm+JbJZSFbW/YlaYKqsZuP+L+AwqtnXcC40Akzlw51
W91WQ9t0Mz70+Bsd8dULcPQTRKdTlL80Nzo6z7l9o+8MLlvAAs7G9O80tQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJK8x6UJ0EhljM2tb7Dd+dfVHv/QMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEva3J6SHBRblFTR1dNemExdnNOMzUxOVVlXzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVgVAwQA
LVgXAwQALVklAwQALVknAwQALVwDAwQALYyGAwQAW75hAwQAW75pAwQCuXBAAwQC
uf+oMA0GCSqGSIb3DQEBCwUAA4IBAQBH7OcskYeHcV3ICDuNux+L+wW9ec0XRcBS
qUWzBqjMVEDOf8MlFEUikwe58WsDmcf5/aeX107FO1lIAWy4BPeFnwOq34+C0g/R
gkCnv0QRJf68Xe14znUyanSn/j2fr0C1xpK2+R15mYXX6+gHn1mAqbuC0VBJUXDj
yLl0eWg+XSfcOwPX6K9q9Mtt6V8p5XN63QXbvM9dIwUHkCzAJrnMp2HpESKhnF8Y
UpYmrVcvwN6OO1wDWSCtd76WgmjrVZTa7yTRsHC79or1YdTO7fTNiMaypFITmcQN
CwCOiKv/EX+vTqzbip7acBueToMR4ql/XFji9BFmPU4wZUoYDUw8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org