Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t4axs62pGrkg66DbtUww-ycKSV0.roa
File:                     t4axs62pGrkg66DbtUww-ycKSV0.roa (raw, json)
Hash identifier:          Y1NdiCuwA5jmiVfy3ZbKEf4srcD2N1f3Hog/6MBDHxI=
Subject key identifier:   B7:86:B1:B3:AD:A9:1A:B9:20:EB:A0:DB:B5:4C:30:FB:27:0A:49:5D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5012A4E3FA3029848855F85E49A090C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t4axs62pGrkg66DbtUww-ycKSV0.roa
Signing time:             Mon 01 Jan 2024 12:30:36 +0000
ROA not before:           Mon 01 Jan 2024 12:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        185.244.139.0/24 maxlen: 24
                          212.119.32.0/23 maxlen: 24
                          212.119.34.0/24 maxlen: 24
                          194.169.168.0/22 maxlen: 24
                          193.218.35.0/24 maxlen: 24
                          45.144.227.0/24 maxlen: 24
                          91.190.101.0/24 maxlen: 24
                          62.197.144.0/20 maxlen: 24
                          213.109.151.0/24 maxlen: 24
                          45.135.184.0/24 maxlen: 24
                          92.62.120.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 20 Jun 2024 12:20:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2a:4e:3f:a3:02:98:48:85:5f:85:e4:9a:09:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b786b1b3ada91ab920eba0dbb54c30fb270a495d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7f:54:8c:7b:71:c8:8e:f5:18:40:57:29:38:
                    d9:7c:04:37:0a:69:d9:8c:c1:be:13:3a:91:07:d6:
                    bd:89:51:64:45:2d:14:8d:2c:b6:7e:25:86:89:11:
                    26:28:8c:43:6e:2f:75:dc:fe:ec:2b:94:f4:bd:56:
                    ff:bb:0b:d0:05:8a:99:6f:62:7b:be:fa:a0:b0:b7:
                    27:6e:fa:c6:a1:98:f9:45:5f:62:c3:6c:23:9a:bc:
                    88:1e:5f:e8:04:00:76:c4:cd:4b:52:0a:fd:59:d9:
                    bd:35:8b:50:fa:17:72:25:d7:32:fa:0f:84:41:a9:
                    a3:3a:cb:f6:50:0f:45:1e:91:29:c1:25:6a:ba:9a:
                    59:8c:f0:28:54:40:26:e9:7d:b8:e7:45:b2:1c:d8:
                    12:90:c9:b2:8a:dd:7d:18:24:42:2a:53:13:39:f4:
                    27:9a:c3:24:e3:2f:77:bd:a6:08:fc:58:df:2d:c2:
                    6d:93:ad:17:cf:c5:76:19:1b:be:5b:19:03:1d:1a:
                    f0:7f:cd:14:b4:d1:da:49:f2:16:1d:34:d3:62:5f:
                    75:22:99:48:06:8a:81:0e:f0:2d:4f:d1:62:53:2c:
                    c2:76:8a:58:2f:1c:4b:5d:9e:93:d8:9f:87:69:90:
                    3b:06:c0:a4:ba:4e:30:a5:5b:8f:18:45:cf:2b:5a:
                    07:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:86:B1:B3:AD:A9:1A:B9:20:EB:A0:DB:B5:4C:30:FB:27:0A:49:5D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t4axs62pGrkg66DbtUww-ycKSV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.184.0/24
                  45.144.227.0/24
                  62.197.144.0/20
                  91.190.101.0/24
                  92.62.120.0/22
                  185.244.139.0/24
                  193.218.35.0/24
                  194.169.168.0/22
                  212.119.32.0-212.119.34.255
                  213.109.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:4d:5d:46:b1:c6:54:e6:2d:5d:82:e4:93:ea:cf:fa:10:7c:
         6c:7a:54:20:2f:1d:33:a2:65:4e:70:a3:a3:cd:ef:86:3a:0c:
         3a:ff:68:fe:86:b6:48:7e:ce:12:36:16:11:76:4f:6a:f2:fa:
         de:c9:6d:25:27:0f:30:56:82:d2:bf:8b:2c:e9:44:9c:92:d8:
         b3:cf:e3:2b:19:4a:0e:15:99:20:07:da:5a:4a:3e:6a:bd:d7:
         fa:e9:d5:89:40:36:5e:b4:fb:cc:c0:0e:37:aa:c6:33:00:57:
         aa:e0:d4:c2:98:78:24:11:39:42:bc:b2:ee:22:76:c3:29:f6:
         71:b8:b8:2d:30:b6:9f:c0:17:44:22:7b:9f:eb:d3:7c:9a:4c:
         de:2f:10:7a:64:fd:31:31:58:19:e8:04:30:82:1e:2b:ca:87:
         58:bb:bb:4f:98:51:c3:99:c2:42:80:af:e9:20:5d:aa:90:76:
         74:54:f6:61:93:d2:9e:df:ec:c1:41:8e:b9:5e:d8:59:10:9f:
         3d:8c:db:9c:22:33:f1:b2:c5:b1:e8:0e:3b:0b:12:30:a8:46:
         d4:a4:ee:2b:7b:ad:64:9c:6c:ff:ca:c1:7b:e6:a4:a7:ed:77:
         f2:41:cd:fd:f6:f6:52:b3:6d:80:c6:ed:4d:9b:21:3e:ea:24:
         10:aa:26:e7
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzFASpOP6MCmEiFX4XkmgkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzg2YjFiM2FkYTkxYWI5MjBlYmEwZGJiNTRjMzBmYjI3MGE0OTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApH9UjHtxyI71GEBXKTjZfAQ3CmnZ
jMG+EzqRB9a9iVFkRS0UjSy2fiWGiREmKIxDbi913P7sK5T0vVb/uwvQBYqZb2J7
vvqgsLcnbvrGoZj5RV9iw2wjmryIHl/oBAB2xM1LUgr9Wdm9NYtQ+hdyJdcy+g+E
QamjOsv2UA9FHpEpwSVquppZjPAoVEAm6X2450WyHNgSkMmyit19GCRCKlMTOfQn
msMk4y93vaYI/FjfLcJtk60Xz8V2GRu+WxkDHRrwf80UtNHaSfIWHTTTYl91IplI
BoqBDvAtT9FiUyzCdopYLxxLXZ6T2J+HaZA7BsCkuk4wpVuPGEXPK1oHswIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLeGsbOtqRq5IOug27VMMPsnCkldMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdDRheHM2MnBHcmtnNjZEYnRVd3cteWNLU1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALYe4AwQA
LZDjAwQEPsWQAwQAW75lAwQCXD54AwQAufSLAwQAwdojAwQCwqmoMAwDBAXUdyAD
BADUdyIDBADVbZcwDQYJKoZIhvcNAQELBQADggEBAFlNXUaxxlTmLV2C5JPqz/oQ
fGx6VCAvHTOiZU5wo6PN74Y6DDr/aP6Gtkh+zhI2FhF2T2ry+t7JbSUnDzBWgtK/
iyzpRJyS2LPP4ysZSg4VmSAH2lpKPmq91/rp1YlANl60+8zADjeqxjMAV6rg1MKY
eCQROUK8su4idsMp9nG4uC0wtp/AF0Qie5/r03yaTN4vEHpk/TExWBnoBDCCHivK
h1i7u0+YUcOZwkKAr+kgXaqQdnRU9mGT0p7f7MFBjrle2FkQnz2M25wiM/GyxbHo
DjsLEjCoRtSk7it7rWScbP/KwXvmpKftd/JBzf329lKzbYDG7U2bIT7qJBCqJuc=
-----END CERTIFICATE-----
Generated at Thu Jun 20 14:44:47 2024 by rpki-client on console-fra.rpki-client.org