Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/5ded6c-b469-420c-b15e-52b3f68dc0c2/1/2gnzYlbp8gGmFcRSXHlcIOuVIdA.roa
File:                     2gnzYlbp8gGmFcRSXHlcIOuVIdA.roa (raw, json)
Hash identifier:          DTf0JpzvCujysr3ynGJv2ej9aZMU0puoWEOB/PO3YvI=
Subject key identifier:   DA:09:F3:62:56:E9:F2:01:A6:15:C4:52:5C:79:5C:20:EB:95:21:D0
Certificate issuer:       /CN=8bb773818512490a500ad843ea2ae717ef21b14c
Certificate serial:       018570DE69862959139697C4F6C8566AFA2F
Authority key identifier: 8B:B7:73:81:85:12:49:0A:50:0A:D8:43:EA:2A:E7:17:EF:21:B1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i7dzgYUSSQpQCthD6irnF-8hsUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/5ded6c-b469-420c-b15e-52b3f68dc0c2/1/2gnzYlbp8gGmFcRSXHlcIOuVIdA.roa
Signing time:             Mon 02 Jan 2023 05:05:02 +0000
ROA not before:           Mon 02 Jan 2023 05:05:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48252
IP address blocks:        185.21.212.0/22 maxlen: 22
                          185.21.212.0/24 maxlen: 24
                          185.21.213.0/24 maxlen: 24
                          185.21.214.0/24 maxlen: 24
                          185.21.215.0/24 maxlen: 24
                          94.198.179.0/24 maxlen: 24
                          94.198.177.0/24 maxlen: 24
                          94.198.178.0/24 maxlen: 24
                          94.198.176.0/21 maxlen: 21
                          94.198.176.0/24 maxlen: 24
                          94.198.181.0/24 maxlen: 24
                          94.198.180.0/24 maxlen: 24
                          94.198.182.0/24 maxlen: 24
                          94.198.183.0/24 maxlen: 24
                          2a04:11c0::/29 maxlen: 29
                          2a04:11c1::/32 maxlen: 32
                          2a04:11c2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:de:69:86:29:59:13:96:97:c4:f6:c8:56:6a:fa:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bb773818512490a500ad843ea2ae717ef21b14c
        Validity
            Not Before: Jan  2 05:05:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da09f36256e9f201a615c4525c795c20eb9521d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:01:fe:6e:42:7f:dd:04:66:df:91:c3:54:82:
                    b4:5e:b9:bd:d5:4b:c2:34:3b:85:55:2c:b8:5f:de:
                    ff:9a:6a:68:72:94:d0:ed:5f:d5:20:11:fd:80:1b:
                    2a:e4:dc:f4:5f:fb:2b:1d:99:c3:0f:0c:73:5a:70:
                    88:9d:a9:de:8e:a4:c6:d1:89:fb:90:c4:55:e3:df:
                    dc:f7:f0:a4:da:29:94:61:8b:ab:6d:67:d0:17:fe:
                    36:03:d6:e6:63:88:17:15:65:cb:ce:64:f6:1a:b0:
                    27:e8:4e:f8:5b:33:bb:b2:ad:84:de:5b:0d:0f:88:
                    00:bd:7a:7e:f3:c9:ec:c2:c5:81:9d:ca:88:f0:53:
                    56:93:79:d7:4c:7c:1b:10:1a:d7:58:df:57:00:fd:
                    53:4b:bf:a2:e4:ab:83:82:38:e5:9f:96:8c:c5:41:
                    b3:65:09:06:e4:c7:68:9d:4e:ab:2d:bd:7a:8e:1f:
                    a2:67:8d:c9:e0:98:34:2a:a8:a0:e6:db:80:fc:d8:
                    3b:58:e5:c1:78:85:e2:26:f5:72:2e:e3:aa:48:ac:
                    a2:5f:81:94:e3:d8:dc:a3:90:a8:de:c5:56:6c:e5:
                    be:ea:9d:98:95:2a:4a:fe:93:a1:53:b8:8a:61:6d:
                    58:58:a3:56:80:0e:ac:4b:3f:c3:d4:37:29:06:8e:
                    a4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:09:F3:62:56:E9:F2:01:A6:15:C4:52:5C:79:5C:20:EB:95:21:D0
            X509v3 Authority Key Identifier:
                keyid:8B:B7:73:81:85:12:49:0A:50:0A:D8:43:EA:2A:E7:17:EF:21:B1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i7dzgYUSSQpQCthD6irnF-8hsUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5ded6c-b469-420c-b15e-52b3f68dc0c2/1/2gnzYlbp8gGmFcRSXHlcIOuVIdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5ded6c-b469-420c-b15e-52b3f68dc0c2/1/i7dzgYUSSQpQCthD6irnF-8hsUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.198.176.0/21
                  185.21.212.0/22
                IPv6:
                  2a04:11c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:d1:c6:83:cd:43:3f:ac:52:a3:4f:9c:f7:76:59:fc:f4:c4:
         35:fc:5d:46:ce:8f:4c:9a:c2:b9:c8:9b:0a:9a:72:77:0d:de:
         8a:81:62:af:83:7b:cc:3b:45:90:32:92:49:cd:b5:fd:37:65:
         5d:54:cd:e0:dd:3b:9c:08:bd:6d:28:60:14:e4:97:40:d8:5d:
         75:72:e2:38:7f:8a:c2:b2:4e:01:82:1f:b7:b4:df:43:ea:83:
         6e:38:a5:e4:90:94:80:20:a3:71:b4:b2:4a:cc:94:13:3c:fc:
         ea:77:27:ab:3a:4f:31:eb:21:90:e8:32:29:9f:5a:3e:63:e9:
         4d:fe:ac:cb:dd:89:f6:ce:d1:e9:98:fe:1f:90:c7:07:fe:12:
         68:ae:bc:68:5f:07:b8:db:56:d8:24:0c:2b:b6:a1:78:fd:0e:
         eb:f0:64:03:d8:41:8f:d3:1d:7c:29:af:47:98:e2:a3:ce:6d:
         32:09:4c:59:97:41:7b:e8:55:a5:98:05:56:52:cd:7a:20:46:
         36:79:57:38:ef:90:e0:b0:4d:d6:93:73:34:e7:e8:c6:69:08:
         25:3f:7d:b0:c1:1b:59:e8:09:6c:91:62:b7:17:52:36:96:e0:
         0f:fe:75:d5:9a:5b:e6:ea:55:59:0d:17:17:9c:f3:6f:df:59:
         11:87:e3:5c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVw3mmGKVkTlpfE9shWavovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYjc3MzgxODUxMjQ5MGE1MDBhZDg0M2VhMmFlNzE3ZWYy
MWIxNGMwHhcNMjMwMTAyMDUwNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTA5ZjM2MjU2ZTlmMjAxYTYxNWM0NTI1Yzc5NWMyMGViOTUyMWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgH+bkJ/3QRm35HDVIK0Xrm91UvC
NDuFVSy4X97/mmpocpTQ7V/VIBH9gBsq5Nz0X/srHZnDDwxzWnCInanejqTG0Yn7
kMRV49/c9/Ck2imUYYurbWfQF/42A9bmY4gXFWXLzmT2GrAn6E74WzO7sq2E3lsN
D4gAvXp+88nswsWBncqI8FNWk3nXTHwbEBrXWN9XAP1TS7+i5KuDgjjln5aMxUGz
ZQkG5MdonU6rLb16jh+iZ43J4Jg0Kqig5tuA/Ng7WOXBeIXiJvVyLuOqSKyiX4GU
49jco5Co3sVWbOW+6p2YlSpK/pOhU7iKYW1YWKNWgA6sSz/D1DcpBo6k3wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNoJ82JW6fIBphXEUlx5XCDrlSHQMB8GA1UdIwQY
MBaAFIu3c4GFEkkKUArYQ+oq5xfvIbFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTdkemdZVVNTUXBRQ3RoRDZpcm5GLThoc1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS81ZGVkNmMtYjQ2OS00MjBjLWIxNWUt
NTJiM2Y2OGRjMGMyLzEvMmduellsYnA4Z0dtRmNSU1hIbGNJT3VWSWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS81ZGVkNmMtYjQ2OS00MjBjLWIxNWUtNTJiM2Y2OGRjMGMy
LzEvaTdkemdZVVNTUXBRQ3RoRDZpcm5GLThoc1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXsawAwQC
uRXUMA0EAgACMAcDBQMqBBHAMA0GCSqGSIb3DQEBCwUAA4IBAQBX0caDzUM/rFKj
T5z3dln89MQ1/F1Gzo9MmsK5yJsKmnJ3Dd6KgWKvg3vMO0WQMpJJzbX9N2VdVM3g
3TucCL1tKGAU5JdA2F11cuI4f4rCsk4Bgh+3tN9D6oNuOKXkkJSAIKNxtLJKzJQT
PPzqdyerOk8x6yGQ6DIpn1o+Y+lN/qzL3Yn2ztHpmP4fkMcH/hJorrxoXwe421bY
JAwrtqF4/Q7r8GQD2EGP0x18Ka9HmOKjzm0yCUxZl0F76FWlmAVWUs16IEY2eVc4
75DgsE3Wk3M05+jGaQglP32wwRtZ6AlskWK3F1I2luAP/nXVmlvm6lVZDRcXnPNv
31kRh+Nc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:44 2024 by rpki-client on console-ams.rpki-client.org