Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pPjWl1Lc5rwjcyCnfJwPpsvBlxc.roa
File:                     pPjWl1Lc5rwjcyCnfJwPpsvBlxc.roa (raw, json)
Hash identifier:          jU5GrqZMr7y9SzPmeKwfMIjWeALd2y4vuW87mDtxo+E=
Subject key identifier:   A4:F8:D6:97:52:DC:E6:BC:23:73:20:A7:7C:9C:0F:A6:CB:C1:97:17
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018A4260AEB5682575E1288D5635C41A8739
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pPjWl1Lc5rwjcyCnfJwPpsvBlxc.roa
Signing time:             Tue 29 Aug 2023 17:39:07 +0000
ROA not before:           Tue 29 Aug 2023 17:39:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        188.241.243.0/24 maxlen: 24
                          185.255.39.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          188.241.214.0/24 maxlen: 24
                          93.115.255.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          188.213.203.0/24 maxlen: 24
                          188.213.202.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          193.23.128.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.92.0/24 maxlen: 24
                          217.74.16.0/24 maxlen: 24
                          213.232.94.0/23 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.85.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/23 maxlen: 24
                          185.255.170.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          89.35.155.0/24 maxlen: 24
                          188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.155.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          87.247.150.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          87.247.151.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24
                          188.240.225.0/24 maxlen: 24
                          188.240.227.0/24 maxlen: 24
                          188.240.233.0/24 maxlen: 24
                          91.188.205.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          91.188.206.0/24 maxlen: 24
                          91.188.207.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          185.135.140.0/24 maxlen: 24
                          185.135.141.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          188.241.110.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 30 Aug 2023 18:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:42:60:ae:b5:68:25:75:e1:28:8d:56:35:c4:1a:87:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Aug 29 17:39:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a4f8d69752dce6bc237320a77c9c0fa6cbc19717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d7:f5:b9:fd:e7:36:ee:88:cb:03:43:6c:b6:
                    9e:4d:b5:a6:ae:c0:9e:43:ba:5a:7d:7c:c6:cd:4a:
                    25:68:fe:14:81:45:3e:a5:9e:44:9f:b4:da:68:88:
                    da:6b:17:c7:24:95:33:93:69:81:ef:b8:54:79:c5:
                    9e:b7:74:fc:d1:4e:09:8e:58:38:9a:64:de:29:a5:
                    5c:93:a6:8f:5d:08:6a:01:2f:f2:81:74:0e:6d:ca:
                    df:e0:1f:87:7a:98:c0:f6:98:24:22:e8:ac:cf:ae:
                    7b:51:32:bc:51:9b:79:71:33:6a:2c:af:51:d6:1c:
                    4a:0e:81:dd:c2:73:7b:55:73:3f:3f:cf:fd:10:de:
                    22:a7:d1:26:85:a8:2b:72:6d:7a:22:20:5f:35:e0:
                    29:77:75:cb:8d:e5:73:62:c3:f5:4e:51:4b:4d:1c:
                    54:6c:c1:c0:be:6e:55:47:09:4e:41:d8:31:eb:28:
                    01:49:58:1a:a5:75:b8:22:81:c8:07:e8:30:56:6b:
                    df:9b:0a:85:4e:85:9e:33:0b:f0:fe:05:f5:ea:09:
                    4e:39:c3:ed:f0:aa:5a:c2:e3:e2:c5:91:5b:50:3b:
                    6c:32:b5:a3:bc:a8:10:43:c4:22:43:e8:a1:74:df:
                    97:7e:4d:e4:bd:9a:b5:63:c2:4d:02:30:5a:cd:f7:
                    e8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F8:D6:97:52:DC:E6:BC:23:73:20:A7:7C:9C:0F:A6:CB:C1:97:17
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pPjWl1Lc5rwjcyCnfJwPpsvBlxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.157.0/24
                  87.247.148.0/22
                  89.33.84.0/23
                  89.35.154.0/23
                  89.37.63.0/24
                  91.188.204.0/22
                  93.115.254.0/23
                  185.135.140.0/23
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.39.0/24
                  185.255.169.0-185.255.171.255
                  188.212.132.0/23
                  188.212.155.0/24
                  188.212.158.0/24
                  188.213.202.0/23
                  188.214.209.0/24
                  188.240.224.0/23
                  188.240.227.0/24
                  188.240.233.0/24
                  188.241.110.0/24
                  188.241.214.0/24
                  188.241.243.0/24
                  193.23.128.0/23
                  213.232.92.0/22
                  217.74.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:3b:b8:3b:51:91:52:c9:99:d0:a2:86:2a:b9:f2:89:e2:0e:
         e0:a3:b8:7b:2e:ad:cd:a8:b8:ba:fe:93:f3:f1:70:4f:79:7f:
         86:37:77:57:74:1b:de:ab:53:c3:b8:96:80:bc:cb:b2:e8:e7:
         76:3b:9b:fb:92:3f:a1:92:45:5f:3f:59:19:4c:4c:5f:2c:fd:
         82:91:58:2f:13:88:c5:6b:6b:51:7d:10:66:58:30:73:19:12:
         30:f1:c3:01:01:89:72:80:c2:1c:66:71:15:8a:36:43:00:90:
         f3:b8:87:3f:00:b4:e7:ef:d5:f8:ed:a7:1a:bc:95:12:8c:58:
         9f:a9:4e:2a:e0:cb:ae:c3:98:e9:6b:fe:b0:f8:b3:74:aa:a0:
         e7:d9:27:2a:1f:a8:45:73:86:bd:aa:95:5a:01:5a:b9:3a:0e:
         ec:e3:1e:e8:d0:5d:78:22:ea:97:df:92:52:46:98:6b:24:30:
         a8:2f:50:ed:e6:12:07:d6:bf:a5:f7:b2:b6:9b:40:6d:35:c6:
         bb:3a:b7:c8:13:59:f1:56:0d:ba:3d:7c:82:24:1c:d5:e5:21:
         ed:cb:35:40:af:34:98:d8:7a:aa:f6:3f:ea:4c:84:11:da:85:
         9d:ec:c5:ab:30:87:69:88:d4:46:10:67:a7:7e:30:79:2a:42:
         83:6f:3c:10
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAYpCYK61aCV14SiNVjXEGoc5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwODI5MTczOTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY4ZDY5NzUyZGNlNmJjMjM3MzIwYTc3YzljMGZhNmNiYzE5NzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdf1uf3nNu6IywNDbLaeTbWmrsCe
Q7pafXzGzUolaP4UgUU+pZ5En7TaaIjaaxfHJJUzk2mB77hUecWet3T80U4Jjlg4
mmTeKaVck6aPXQhqAS/ygXQObcrf4B+HepjA9pgkIuisz657UTK8UZt5cTNqLK9R
1hxKDoHdwnN7VXM/P8/9EN4ip9Emhagrcm16IiBfNeApd3XLjeVzYsP1TlFLTRxU
bMHAvm5VRwlOQdgx6ygBSVgapXW4IoHIB+gwVmvfmwqFToWeMwvw/gX16glOOcPt
8KpawuPixZFbUDtsMrWjvKgQQ8QiQ+ihdN+Xfk3kvZq1Y8JNAjBazffoQwIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFKT41pdS3Oa8I3Mgp3ycD6bLwZcXMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcFBqV2wxTGM1cndqY3lDbmZKd1Bwc3ZCbHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAAt
nJ0DBAJX95QDBAFZIVQDBAFZI5oDBABZJT8DBAJbvMwDBAFdc/4DBAG5h4wDBAC5
h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQMEArn/qAMEAbzUhAMEALzUmwME
ALzUngMEAbzVygMEALzW0QMEAbzw4AMEALzw4wMEALzw6QMEALzxbgMEALzx1gME
ALzx8wMEAcEXgAMEAtXoXAMEANlKEDANBgkqhkiG9w0BAQsFAAOCAQEAQDu4O1GR
UsmZ0KKGKrnyieIO4KO4ey6tzai4uv6T8/FwT3l/hjd3V3Qb3qtTw7iWgLzLsujn
djub+5I/oZJFXz9ZGUxMXyz9gpFYLxOIxWtrUX0QZlgwcxkSMPHDAQGJcoDCHGZx
FYo2QwCQ87iHPwC05+/V+O2nGryVEoxYn6lOKuDLrsOY6Wv+sPizdKqg59knKh+o
RXOGvaqVWgFauToO7OMe6NBdeCLql9+SUkaYayQwqC9Q7eYSB9a/pfeytptAbTXG
uzq3yBNZ8VYNuj18giQc1eUh7cs1QK80mNh6qvY/6kyEEdqFnezFqzCHaYjURhBn
p34weSpCg288EA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org