Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3lt2Ave7C-PxV7lnawIOuqqNWOA.roa
File:                     3lt2Ave7C-PxV7lnawIOuqqNWOA.roa (raw, json)
Hash identifier:          RpGzdBDS4Xyp9OXugarNfwU78UQsfXxVHellIck/U8s=
Subject key identifier:   DE:5B:76:02:F7:BB:0B:E3:F1:57:B9:67:6B:02:0E:BA:AA:8D:58:E0
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018EAE1BB26C42047E5B2360B06504CD31BB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3lt2Ave7C-PxV7lnawIOuqqNWOA.roa
Signing time:             Fri 05 Apr 2024 11:53:54 +0000
ROA not before:           Fri 05 Apr 2024 11:53:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.172.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.201.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.84.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 06 Apr 2024 09:26:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:1b:b2:6c:42:04:7e:5b:23:60:b0:65:04:cd:31:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  5 11:53:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de5b7602f7bb0be3f157b9676b020ebaaa8d58e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e9:af:bf:34:2e:23:1b:34:68:c7:6f:ab:2d:
                    17:82:a1:03:04:ba:40:a1:56:34:20:88:b1:f4:da:
                    76:05:c8:b4:01:69:81:8a:ce:80:20:d3:32:58:e6:
                    c6:0d:b0:cb:bf:82:71:98:a7:cd:e4:38:69:ab:3e:
                    32:64:53:ed:13:9b:74:81:05:a9:a7:64:14:f1:6d:
                    56:54:51:b1:4b:5c:ed:e0:34:76:ba:db:54:fc:15:
                    30:6e:ad:a4:62:f3:63:71:05:18:2f:94:e0:14:e1:
                    ee:c0:63:97:ec:30:88:88:9c:52:51:38:5b:a1:63:
                    9c:30:a5:94:0f:fd:95:aa:f6:87:37:b6:d2:96:69:
                    d6:72:e7:02:74:cb:27:bb:78:c2:42:6b:e4:0d:04:
                    ce:97:26:bd:da:4e:18:7e:eb:97:ff:ea:58:40:e3:
                    1d:15:ad:54:1a:e8:29:e5:6d:18:5e:1f:91:68:bc:
                    52:3a:1b:fd:16:7c:ef:35:74:4e:f7:7a:0c:b8:ce:
                    a2:3d:02:38:99:69:b1:05:06:37:ac:55:be:00:00:
                    5f:e2:8b:29:74:a6:b5:b3:f4:02:0e:4d:18:7a:41:
                    25:64:42:7a:11:89:fc:01:80:f0:08:ec:ce:00:0a:
                    0a:dd:60:7e:f0:06:01:98:cd:ec:6e:cc:94:0c:4f:
                    55:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:5B:76:02:F7:BB:0B:E3:F1:57:B9:67:6B:02:0E:BA:AA:8D:58:E0
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3lt2Ave7C-PxV7lnawIOuqqNWOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  193.124.7.0/24
                  194.87.73.0/24
                  194.87.169.0/24
                  194.87.201.0/24
                  194.87.245.0/24
                  195.133.25.0/24
                  195.133.84.0/24
                  212.192.1.0/24
                  212.192.208.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:7c:83:43:e0:fb:91:7f:60:9a:6a:ba:e7:0e:09:c3:09:3b:
         4e:e0:99:ef:cd:77:be:2d:c1:48:9d:07:16:72:81:88:4c:fe:
         ae:ef:27:bb:b1:b8:62:43:a6:1b:9e:38:b2:6a:c2:26:d7:b9:
         e9:3c:01:ab:39:e1:45:2d:36:f3:fa:c7:c0:36:d6:04:10:f3:
         33:c1:02:1e:68:f0:fc:c8:ee:1a:dc:08:57:b4:33:5a:c6:49:
         4a:dd:d7:bf:e8:32:25:bf:bf:8a:04:72:d0:51:e0:f9:16:75:
         22:b9:f7:ce:14:ff:ef:bf:d1:df:e2:d9:7b:c7:60:f1:d4:d4:
         0a:ab:3d:7e:56:e0:55:0f:e3:90:fc:65:1a:f7:51:d4:72:69:
         6a:9d:8d:30:35:3f:26:b1:2e:33:bf:0d:69:7a:69:2b:fc:3b:
         1e:17:ae:ad:a8:5d:2e:78:f6:c7:b3:3e:2c:36:b9:c6:1b:53:
         fb:e1:89:cc:b8:76:29:59:95:00:53:ff:9b:fb:af:86:a2:26:
         99:f3:c2:69:cb:d5:5f:13:6b:ce:ac:d8:6e:4d:b2:a8:74:ad:
         04:96:95:04:65:a3:cc:3c:10:2f:b9:79:c5:0a:57:f3:da:06:
         4c:09:16:46:fe:fd:bb:53:b1:ad:d0:85:c9:4b:b3:cc:90:4a:
         61:80:3f:59
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY6uG7JsQgR+WyNgsGUEzTG7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNDA1MTE1MzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTViNzYwMmY3YmIwYmUzZjE1N2I5Njc2YjAyMGViYWFhOGQ1OGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+mvvzQuIxs0aMdvqy0XgqEDBLpA
oVY0IIix9Np2Bci0AWmBis6AINMyWObGDbDLv4JxmKfN5Dhpqz4yZFPtE5t0gQWp
p2QU8W1WVFGxS1zt4DR2uttU/BUwbq2kYvNjcQUYL5TgFOHuwGOX7DCIiJxSUThb
oWOcMKWUD/2VqvaHN7bSlmnWcucCdMsnu3jCQmvkDQTOlya92k4YfuuX/+pYQOMd
Fa1UGugp5W0YXh+RaLxSOhv9FnzvNXRO93oMuM6iPQI4mWmxBQY3rFW+AABf4osp
dKa1s/QCDk0YekElZEJ6EYn8AYDwCOzOAAoK3WB+8AYBmM3sbsyUDE9VswIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFN5bdgL3uwvj8Ve5Z2sCDrqqjVjgMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvM2x0MkF2ZTdDLVB4VjdsbmF3SU91cXFOV09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQAwHysAwQA
wXwHAwQAwldJAwQAwlepAwQAwlfJAwQAwlf1AwQAw4UZAwQAw4VUAwQA1MABAwQA
1MDQMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAY3yD
Q+D7kX9gmmq65w4Jwwk7TuCZ7813vi3BSJ0HFnKBiEz+ru8nu7G4YkOmG544smrC
Jte56TwBqznhRS028/rHwDbWBBDzM8ECHmjw/MjuGtwIV7QzWsZJSt3Xv+gyJb+/
igRy0FHg+RZ1Irn3zhT/77/R3+LZe8dg8dTUCqs9flbgVQ/jkPxlGvdR1HJpap2N
MDU/JrEuM78NaXppK/w7HheurahdLnj2x7M+LDa5xhtT++GJzLh2KVmVAFP/m/uv
hqImmfPCacvVXxNrzqzYbk2yqHStBJaVBGWjzDwQL7l5xQpX89oGTAkWRv79u1Ox
rdCFyUuzzJBKYYA/WQ==
-----END CERTIFICATE-----