Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/n2cT_meqKl0PTY7AP98-emz0KP4.roa
File:                     n2cT_meqKl0PTY7AP98-emz0KP4.roa (raw, json)
Hash identifier:          pzuTro3ZSLqy8udnZECDeK9SjnUltbZts9DXcIc8WsY=
Subject key identifier:   9F:67:13:FE:67:AA:2A:5D:0F:4D:8E:C0:3F:DF:3E:7A:6C:F4:28:FE
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018721ED39B9C325AEE68479B2B95F4531DD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/n2cT_meqKl0PTY7AP98-emz0KP4.roa
Signing time:             Mon 27 Mar 2023 07:16:47 +0000
ROA not before:           Mon 27 Mar 2023 07:16:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     17447
IP address blocks:        93.115.254.0/24 maxlen: 24
                          188.241.248.0/24 maxlen: 24
                          188.241.159.0/24 maxlen: 24
                          89.34.126.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 01 Apr 2023 07:34:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:21:ed:39:b9:c3:25:ae:e6:84:79:b2:b9:5f:45:31:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 27 07:16:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9f6713fe67aa2a5d0f4d8ec03fdf3e7a6cf428fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:51:ff:b4:40:9c:a3:82:12:dd:38:f7:31:d7:
                    89:f5:ad:7b:f1:e9:df:bb:b9:2d:03:fd:29:77:ad:
                    b2:e8:53:30:72:19:5d:40:22:3a:41:11:e3:13:13:
                    2f:07:19:44:bf:4e:17:3b:ae:a1:7b:1e:f0:18:91:
                    81:a2:b0:1d:5c:d1:36:c5:88:4d:56:08:09:fc:12:
                    44:6b:dd:fe:87:82:c6:4c:3f:b9:f1:87:5b:66:dc:
                    7b:a3:82:6c:ed:f3:3f:c7:4d:c5:1d:bb:1c:99:b7:
                    e2:c2:0a:59:8c:7e:7f:2b:a7:34:48:f4:e5:49:95:
                    de:ea:2b:db:94:64:a0:6a:82:32:90:68:ac:ad:68:
                    46:fc:8d:1b:cd:36:65:4d:85:b2:74:5e:31:62:88:
                    a9:41:24:16:d9:69:eb:ce:11:8b:4f:23:ef:89:22:
                    f8:6e:1c:7e:e9:38:41:b5:a4:85:b7:e3:0a:30:e1:
                    28:c3:b0:dc:a2:0c:af:54:68:a1:5e:d1:ac:d8:90:
                    b6:c0:84:d0:1f:78:d8:99:7f:25:ba:6d:f9:79:2c:
                    31:3f:2b:f5:93:ce:26:e9:37:37:f7:9c:d2:5e:0d:
                    4b:89:8d:68:45:b5:3b:af:8f:dd:2f:2f:b4:38:39:
                    05:59:18:4c:f0:7c:21:e3:dd:3d:bc:97:87:5d:aa:
                    8e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:67:13:FE:67:AA:2A:5D:0F:4D:8E:C0:3F:DF:3E:7A:6C:F4:28:FE
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/n2cT_meqKl0PTY7AP98-emz0KP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.126.0/24
                  93.115.254.0/24
                  188.240.224.0/24
                  188.241.159.0/24
                  188.241.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:a1:8e:29:bb:c0:10:df:9e:b7:19:ee:0f:e7:54:45:5a:f6:
         8b:a9:d5:87:31:a2:96:bc:f2:30:de:4f:6e:73:9e:9a:12:6a:
         01:f9:bb:12:6e:9a:4a:a0:99:e3:99:f8:b8:53:6a:12:6e:9d:
         a2:ac:ad:4d:fc:28:70:20:3b:65:b6:84:2c:3f:64:1a:7a:12:
         ac:89:7f:20:4a:8b:89:9f:b0:b3:49:1f:3d:d8:a9:3e:74:8b:
         5b:7a:da:3d:8d:15:87:41:e5:a1:6d:51:49:e0:50:09:7a:9e:
         5b:68:81:44:8f:74:60:57:f5:f4:e8:9a:70:d6:fd:47:b5:c6:
         c0:67:45:23:bc:26:76:2e:54:fd:40:77:d4:31:a1:92:7c:f6:
         c6:6f:cf:be:c7:a7:51:86:50:a5:ae:fe:36:c3:84:42:d3:12:
         93:c8:c3:6b:8e:b9:d0:87:d4:ad:69:fd:fe:7b:05:22:e1:34:
         46:30:6f:e4:ea:e6:21:43:6c:12:69:b2:24:9f:63:14:f6:1f:
         6a:71:50:b1:4e:ca:ad:61:f8:15:be:6b:e8:1a:17:bc:b5:57:
         7f:dc:63:a4:86:c2:a3:4f:7d:4f:d3:2b:5f:8f:8d:89:72:a3:
         bb:cc:b9:b7:52:5a:c6:0c:6d:d4:b3:dd:67:17:46:b3:a5:eb:
         cb:d1:14:90
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYch7Tm5wyWu5oR5srlfRTHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI3MDcxNjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjY3MTNmZTY3YWEyYTVkMGY0ZDhlYzAzZmRmM2U3YTZjZjQyOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1H/tECco4IS3Tj3MdeJ9a178enf
u7ktA/0pd62y6FMwchldQCI6QRHjExMvBxlEv04XO66hex7wGJGBorAdXNE2xYhN
VggJ/BJEa93+h4LGTD+58YdbZtx7o4Js7fM/x03FHbscmbfiwgpZjH5/K6c0SPTl
SZXe6ivblGSgaoIykGisrWhG/I0bzTZlTYWydF4xYoipQSQW2WnrzhGLTyPviSL4
bhx+6ThBtaSFt+MKMOEow7DcogyvVGihXtGs2JC2wITQH3jYmX8lum35eSwxPyv1
k84m6Tc395zSXg1LiY1oRbU7r4/dLy+0ODkFWRhM8Hwh4909vJeHXaqOiwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJ9nE/5nqipdD02OwD/fPnps9Cj+MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbjJjVF9tZXFLbDBQVFk3QVA5OC1lbXowS1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAWSJ+AwQA
XXP+AwQAvPDgAwQAvPGfAwQAvPH4MA0GCSqGSIb3DQEBCwUAA4IBAQAioY4pu8AQ
3563Ge4P51RFWvaLqdWHMaKWvPIw3k9uc56aEmoB+bsSbppKoJnjmfi4U2oSbp2i
rK1N/ChwIDtltoQsP2QaehKsiX8gSouJn7CzSR892Kk+dItbeto9jRWHQeWhbVFJ
4FAJep5baIFEj3RgV/X06Jpw1v1HtcbAZ0UjvCZ2LlT9QHfUMaGSfPbGb8++x6dR
hlClrv42w4RC0xKTyMNrjrnQh9Staf3+ewUi4TRGMG/k6uYhQ2wSabIkn2MU9h9q
cVCxTsqtYfgVvmvoGhe8tVd/3GOkhsKjT31P0ytfj42JcqO7zLm3UlrGDG3Us91n
F0azpevL0RSQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org