Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4_LnyHzP_W6KRKS1A-cn09-qiUY.roa
File:                     4_LnyHzP_W6KRKS1A-cn09-qiUY.roa (raw, json)
Hash identifier:          hhmlxuwn4eCA81YfsGnrHZRWatDm/v9BGHnMCkMbXeU=
Subject key identifier:   E3:F2:E7:C8:7C:CF:FD:6E:8A:44:A4:B5:03:E7:27:D3:DF:AA:89:46
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01902C0CCD5F28F717114B5C94650451E5CF
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4_LnyHzP_W6KRKS1A-cn09-qiUY.roa
Signing time:             Tue 18 Jun 2024 15:52:34 +0000
ROA not before:           Tue 18 Jun 2024 15:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.56.0/23 maxlen: 23
                          194.87.141.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.58.39.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.4.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 19 Jun 2024 04:25:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2c:0c:cd:5f:28:f7:17:11:4b:5c:94:65:04:51:e5:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 18 15:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3f2e7c87ccffd6e8a44a4b503e727d3dfaa8946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:95:13:09:18:0e:7f:af:17:e9:46:55:a5:0e:
                    9b:4b:81:c7:4e:91:3a:3a:22:b3:20:0d:65:96:c9:
                    68:73:23:2e:40:46:5a:e4:de:1d:61:4c:19:c1:40:
                    96:d4:3f:0f:33:9c:bc:39:6d:ac:e6:72:1b:d2:b5:
                    46:a2:60:86:41:4b:c8:49:0c:0e:b1:00:f4:2a:ed:
                    6c:be:50:5c:41:61:36:7c:82:57:84:89:ae:1f:ec:
                    00:e0:21:72:68:b4:5b:62:f9:dd:ac:98:b4:08:41:
                    3a:6f:9c:5c:15:0d:e5:61:22:e2:ed:bc:af:2e:fa:
                    56:7a:a5:6c:80:5f:7b:ef:57:f8:89:81:db:14:58:
                    0c:3a:6d:4b:d5:58:76:3c:68:aa:c7:d6:ea:d2:15:
                    a5:53:c0:b3:9c:32:31:0e:ba:e9:8f:46:76:78:4d:
                    9c:50:2a:92:32:42:75:17:7e:3d:0f:ae:34:be:07:
                    d6:24:3b:09:76:7c:12:2a:34:b9:9d:d7:17:bc:86:
                    97:8d:21:39:73:7e:18:ec:f5:e2:9e:b3:d1:35:ac:
                    66:e2:bd:bc:6e:11:49:3d:89:7b:02:07:6b:8f:69:
                    f1:d2:ff:c0:b4:a5:74:c6:48:b9:5a:10:b3:08:63:
                    d1:6e:cd:53:f8:4b:46:16:8d:f3:f5:af:b3:d8:1b:
                    88:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F2:E7:C8:7C:CF:FD:6E:8A:44:A4:B5:03:E7:27:D3:DF:AA:89:46
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4_LnyHzP_W6KRKS1A-cn09-qiUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.56.0/23
                  194.87.141.0/24
                  194.87.169.0/24
                  195.58.39.0/24
                  195.133.25.0/24
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.4.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:ed:25:9b:b5:4b:db:b0:c6:f6:d7:de:5b:3c:54:be:4b:2a:
         04:f1:3c:76:41:80:7a:16:53:57:18:08:c5:8a:39:3f:60:0b:
         76:d9:90:31:80:d9:44:41:0f:4e:3e:50:06:a1:51:2c:b8:f5:
         94:47:f3:f9:68:8d:e9:81:ad:9b:93:bb:51:91:2b:25:71:42:
         74:5c:a0:52:9f:52:2e:29:58:6d:47:80:ce:1c:67:81:ea:2a:
         72:6b:55:75:7d:fe:fc:62:1b:cf:31:d1:f9:d2:7b:34:f6:12:
         f4:6e:99:55:05:01:87:8d:d1:ee:b7:84:3a:fb:85:f1:f2:9c:
         43:56:83:bd:0b:4b:9f:5e:a9:33:12:ed:8a:13:38:53:f2:9f:
         a6:3c:b1:a8:81:e9:bb:c3:4b:e2:41:dc:22:ca:44:86:1c:cc:
         57:e1:fb:bf:da:d2:40:5f:52:ab:ca:dd:3b:cd:7a:2c:e8:cc:
         62:6f:09:d3:53:9c:a2:f5:76:30:44:ac:3f:96:d1:98:bb:3e:
         bc:97:0c:de:af:ff:7f:e9:0d:72:c6:bd:7b:43:e6:90:42:c9:
         62:6a:57:45:2c:4d:77:5a:40:e8:4e:ee:81:ac:de:69:fb:d5:
         2f:aa:a5:e5:d3:fd:b6:a0:2a:98:78:ee:78:81:a7:3d:3d:99:
         e6:43:d2:aa
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZAsDM1fKPcXEUtclGUEUeXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNjE4MTU1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2YyZTdjODdjY2ZmZDZlOGE0NGE0YjUwM2U3MjdkM2RmYWE4OTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopUTCRgOf68X6UZVpQ6bS4HHTpE6
OiKzIA1llslocyMuQEZa5N4dYUwZwUCW1D8PM5y8OW2s5nIb0rVGomCGQUvISQwO
sQD0Ku1svlBcQWE2fIJXhImuH+wA4CFyaLRbYvndrJi0CEE6b5xcFQ3lYSLi7byv
LvpWeqVsgF9771f4iYHbFFgMOm1L1Vh2PGiqx9bq0hWlU8CznDIxDrrpj0Z2eE2c
UCqSMkJ1F349D640vgfWJDsJdnwSKjS5ndcXvIaXjSE5c34Y7PXinrPRNaxm4r28
bhFJPYl7Agdrj2nx0v/AtKV0xki5WhCzCGPRbs1T+EtGFo3z9a+z2BuIiQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFOPy58h8z/1uikSktQPnJ9PfqolGMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNF9MbnlIelBfVzZLUktTMUEtY24wOS1xaVVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQBwjo4AwQA
wleNAwQAwlepAwQAwzonAwQAw4UZAwQBw4UyAwQBw4VcAwQA1MABAwQA1MEEMBQE
AgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAiO0lm7VL27DG
9tfeWzxUvksqBPE8dkGAehZTVxgIxYo5P2ALdtmQMYDZREEPTj5QBqFRLLj1lEfz
+WiN6YGtm5O7UZErJXFCdFygUp9SLilYbUeAzhxngeoqcmtVdX3+/GIbzzHR+dJ7
NPYS9G6ZVQUBh43R7reEOvuF8fKcQ1aDvQtLn16pMxLtihM4U/KfpjyxqIHpu8NL
4kHcIspEhhzMV+H7v9rSQF9Sq8rdO816LOjMYm8J01OcovV2MESsP5bRmLs+vJcM
3q//f+kNcsa9e0PmkELJYmpXRSxNd1pA6E7ugazeafvVL6ql5dP9tqAqmHjueIGn
PT2Z5kPSqg==
-----END CERTIFICATE-----