Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vzTWvYDDXQb5HYsUKAPNBKqU8ZM.roa
File:                     vzTWvYDDXQb5HYsUKAPNBKqU8ZM.roa (raw, json)
Hash identifier:          fW6w7aqlFmB3wirQJMD89uYOkaijaTc+Z8JY1INHgiM=
Subject key identifier:   BF:34:D6:BD:80:C3:5D:06:F9:1D:8B:14:28:03:CD:04:AA:94:F1:93
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01857102F807412FBB9254BFE40B947031C8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vzTWvYDDXQb5HYsUKAPNBKqU8ZM.roa
Signing time:             Mon 02 Jan 2023 05:44:58 +0000
ROA not before:           Mon 02 Jan 2023 05:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3215
IP address blocks:        45.92.2.0/24 maxlen: 24
                          45.89.38.0/24 maxlen: 24
                          45.89.36.0/24 maxlen: 24
                          91.190.96.0/24 maxlen: 24
                          91.190.104.0/24 maxlen: 24
                          45.88.22.0/24 maxlen: 24
                          45.88.20.0/24 maxlen: 24
                          91.190.99.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 27 Jan 2023 11:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:02:f8:07:41:2f:bb:92:54:bf:e4:0b:94:70:31:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 05:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bf34d6bd80c35d06f91d8b142803cd04aa94f193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8a:4f:88:11:dd:c6:9e:0f:01:86:7f:91:35:
                    d2:a6:fc:78:bd:00:8a:0f:15:c6:60:81:01:4b:96:
                    7e:29:35:79:e8:ed:c0:22:ed:8c:88:d3:16:64:c0:
                    63:e1:c6:6f:2e:32:ce:4b:20:f9:b7:3d:7d:a3:65:
                    d4:ca:ae:1f:aa:9f:b2:19:a6:a4:95:8b:86:a3:bb:
                    8f:87:57:21:d2:19:d4:5a:9c:5e:4a:b7:50:46:34:
                    f4:4d:06:87:f8:23:0b:a8:b4:33:4c:c5:98:f3:9a:
                    03:e5:18:cc:a3:5e:28:4c:9b:18:1b:18:15:f6:3f:
                    a3:dc:95:9e:65:23:9e:d3:36:62:f4:1e:b0:d8:9e:
                    7c:2d:3c:39:b4:0a:e1:eb:17:05:b3:ef:ef:1b:6c:
                    f7:59:1b:a6:53:ef:7b:28:16:dd:72:bd:4b:e8:ce:
                    84:1e:04:bc:37:44:ee:af:b6:a3:13:0a:23:8b:7f:
                    29:33:9a:dc:37:da:ac:ed:77:29:f8:05:8a:e0:85:
                    f8:ea:81:b5:f2:9a:30:96:75:d9:45:6b:30:8a:8c:
                    76:1a:44:87:ae:db:8f:fe:d2:c2:c6:fb:a1:f1:cb:
                    35:ec:23:91:b9:ac:86:6c:13:0a:cb:2e:4b:ae:d7:
                    d4:91:0c:9d:9e:8b:50:20:b8:8e:be:17:2d:c0:54:
                    57:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:34:D6:BD:80:C3:5D:06:F9:1D:8B:14:28:03:CD:04:AA:94:F1:93
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vzTWvYDDXQb5HYsUKAPNBKqU8ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.20.0/24
                  45.88.22.0/24
                  45.89.36.0/24
                  45.89.38.0/24
                  45.92.2.0/24
                  91.190.96.0/24
                  91.190.99.0/24
                  91.190.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:25:cd:48:e2:19:ac:eb:52:ff:9f:91:43:41:7e:c6:94:f7:
         e7:26:c7:da:e7:26:d6:1c:ef:3a:6a:9c:74:23:40:31:39:56:
         ca:32:3d:05:6d:c2:3b:2e:01:65:7d:fa:02:d7:b8:fc:30:85:
         25:7e:a3:a4:d6:28:2a:e8:49:3f:71:7f:8e:9d:65:6f:ae:a1:
         74:0f:17:9f:ee:16:b8:99:9f:e1:bf:30:ad:88:40:4a:99:aa:
         ca:12:14:12:f3:12:f8:d6:73:5c:53:9c:ba:bb:05:73:61:e3:
         81:df:f8:ef:00:35:68:d5:45:1d:b9:3a:36:de:9c:00:fa:57:
         13:bf:00:a6:84:a5:64:89:4d:1e:d7:68:fc:ba:73:d8:2b:28:
         89:a6:51:3c:ee:21:5d:35:11:9a:cc:9b:f7:1d:07:61:17:e0:
         98:17:e2:c7:7f:16:52:2c:34:ce:25:c3:09:08:91:c9:fb:17:
         b1:e7:80:4e:45:1f:6a:c2:98:86:4a:2a:a8:6b:71:d4:7d:03:
         04:15:ee:b2:51:ae:06:57:bf:3f:1f:93:fc:2a:a0:ff:6f:5d:
         0c:4c:08:9f:ee:d0:f1:bd:12:31:fa:54:6a:dc:e3:1f:0a:d9:
         0b:89:3d:15:16:df:2e:3b:d1:27:12:0f:38:4a:e2:f9:32:07:
         cb:70:9e:55
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVxAvgHQS+7klS/5AuUcDHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTAyMDU0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjM0ZDZiZDgwYzM1ZDA2ZjkxZDhiMTQyODAzY2QwNGFhOTRmMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIpPiBHdxp4PAYZ/kTXSpvx4vQCK
DxXGYIEBS5Z+KTV56O3AIu2MiNMWZMBj4cZvLjLOSyD5tz19o2XUyq4fqp+yGaak
lYuGo7uPh1ch0hnUWpxeSrdQRjT0TQaH+CMLqLQzTMWY85oD5RjMo14oTJsYGxgV
9j+j3JWeZSOe0zZi9B6w2J58LTw5tArh6xcFs+/vG2z3WRumU+97KBbdcr1L6M6E
HgS8N0Tur7ajEwoji38pM5rcN9qs7Xcp+AWK4IX46oG18powlnXZRWswiox2GkSH
rtuP/tLCxvuh8cs17CORuayGbBMKyy5LrtfUkQydnotQILiOvhctwFRXcwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFL801r2Aw10G+R2LFCgDzQSqlPGTMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdnpUV3ZZRERYUWI1SFlzVUtBUE5CS3FVOFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVgUAwQA
LVgWAwQALVkkAwQALVkmAwQALVwCAwQAW75gAwQAW75jAwQAW75oMA0GCSqGSIb3
DQEBCwUAA4IBAQB7Jc1I4hms61L/n5FDQX7GlPfnJsfa5ybWHO86apx0I0AxOVbK
Mj0FbcI7LgFlffoC17j8MIUlfqOk1igq6Ek/cX+OnWVvrqF0Dxef7ha4mZ/hvzCt
iEBKmarKEhQS8xL41nNcU5y6uwVzYeOB3/jvADVo1UUduTo23pwA+lcTvwCmhKVk
iU0e12j8unPYKyiJplE87iFdNRGazJv3HQdhF+CYF+LHfxZSLDTOJcMJCJHJ+xex
54BORR9qwpiGSiqoa3HUfQMEFe6yUa4GV78/H5P8KqD/b10MTAif7tDxvRIx+lRq
3OMfCtkLiT0VFt8uO9EnEg84SuL5MgfLcJ5V
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:49 2024 by rpki-client on console-fra.rpki-client.org