Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4lPJn3V29O17tXPbwdA737iz8i4.roa
File:                     4lPJn3V29O17tXPbwdA737iz8i4.roa (raw, json)
Hash identifier:          uIClUTlzlYgK1drdrF//8ZA/iYJ6Uq2QVUo267Y+y88=
Subject key identifier:   E2:53:C9:9F:75:76:F4:ED:7B:B5:73:DB:C1:D0:3B:DF:B8:B3:F2:2E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018757EADCBDD97EC7D06489DC3982BEAAD3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4lPJn3V29O17tXPbwdA737iz8i4.roa
Signing time:             Thu 06 Apr 2023 18:53:42 +0000
ROA not before:           Thu 06 Apr 2023 18:53:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2856
IP address blocks:        212.192.212.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 06 Apr 2023 19:15:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:57:ea:dc:bd:d9:7e:c7:d0:64:89:dc:39:82:be:aa:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  6 18:53:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e253c99f7576f4ed7bb573dbc1d03bdfb8b3f22e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f1:2a:e4:50:bd:05:10:d9:ca:a2:52:47:a9:
                    f1:c8:a9:4e:53:5b:0e:41:06:b9:81:20:b9:65:ee:
                    61:d4:a6:03:86:d8:01:39:39:96:21:7c:04:94:fb:
                    10:89:f9:2f:ad:95:b1:47:ee:a7:8b:4d:a0:3c:71:
                    35:44:f8:fb:68:36:78:2a:29:93:bf:52:b7:0a:3e:
                    47:a2:ed:93:05:c8:13:d5:63:88:d1:f8:43:2d:c7:
                    c4:15:da:bd:c6:57:61:3a:f3:96:3a:41:4d:48:10:
                    e1:66:99:f6:da:aa:1d:de:96:71:57:da:91:f6:f2:
                    a9:e0:19:db:b1:ad:ea:49:08:96:b7:88:05:ca:a7:
                    bd:a3:d3:68:1f:3d:57:8f:d7:3c:45:22:2d:fc:32:
                    4a:e6:c0:c8:91:7f:3b:b4:d6:5f:3f:4b:0e:de:0f:
                    c3:b3:44:2e:d0:46:86:e1:f5:c1:1c:8a:a3:2a:8d:
                    9e:fe:04:86:84:06:0c:95:1d:78:a0:79:01:6b:73:
                    c7:1f:35:a0:12:92:93:9b:53:f7:b5:2a:88:2a:29:
                    1f:9e:d4:60:cd:69:55:01:1e:79:78:68:fe:2d:33:
                    24:87:66:4d:e4:ac:40:0b:ca:15:01:84:63:40:b9:
                    6b:84:bb:15:50:00:1f:8b:4d:f0:4a:dc:8d:5a:b6:
                    06:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:53:C9:9F:75:76:F4:ED:7B:B5:73:DB:C1:D0:3B:DF:B8:B3:F2:2E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4lPJn3V29O17tXPbwdA737iz8i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b5:92:4f:c9:3c:6b:1a:67:07:11:da:5c:8f:bb:83:52:73:
         7e:07:87:ef:45:99:d5:f1:b5:61:7f:76:66:fa:7d:4f:86:c6:
         f1:0a:62:86:fd:76:41:c8:65:5c:e9:32:82:fc:5c:2a:c6:dd:
         b2:f3:7b:c7:99:5f:6f:2b:e9:18:b7:6e:a1:76:e0:fc:a0:11:
         44:fb:58:5f:05:d1:87:cf:56:0c:1b:b8:07:ff:0c:ef:7c:e8:
         df:8e:a4:76:2f:e3:fe:5a:ee:57:03:19:73:eb:a9:58:55:64:
         af:74:77:8d:24:6e:4c:b4:65:5b:d3:f5:85:75:92:ba:f6:82:
         98:0b:41:f3:e0:c2:c6:0d:f8:19:c8:42:86:8f:b5:20:ba:db:
         b1:9f:91:80:47:11:04:9e:91:33:8e:b1:5e:23:31:eb:41:14:
         e9:82:4e:b6:c8:47:56:e2:7e:45:8e:37:9d:83:ef:5d:ed:b6:
         21:a6:f4:7d:2c:02:5a:02:1d:8b:76:e1:2f:06:86:29:4f:d4:
         f5:d4:6f:3c:44:ce:7a:3c:fc:9c:82:18:43:6c:df:d4:07:34:
         41:15:79:8e:8e:4b:ff:24:5b:9d:7a:3a:9e:74:bb:19:11:01:
         da:46:21:c8:48:3a:bd:6b:8e:1f:d9:27:f1:fe:ab:05:4b:e1:
         75:f9:5c:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdX6ty92X7H0GSJ3DmCvqrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDA2MTg1MzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjUzYzk5Zjc1NzZmNGVkN2JiNTczZGJjMWQwM2JkZmI4YjNmMjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvEq5FC9BRDZyqJSR6nxyKlOU1sO
QQa5gSC5Ze5h1KYDhtgBOTmWIXwElPsQifkvrZWxR+6ni02gPHE1RPj7aDZ4KimT
v1K3Cj5Hou2TBcgT1WOI0fhDLcfEFdq9xldhOvOWOkFNSBDhZpn22qod3pZxV9qR
9vKp4Bnbsa3qSQiWt4gFyqe9o9NoHz1Xj9c8RSIt/DJK5sDIkX87tNZfP0sO3g/D
s0Qu0EaG4fXBHIqjKo2e/gSGhAYMlR14oHkBa3PHHzWgEpKTm1P3tSqIKikfntRg
zWlVAR55eGj+LTMkh2ZN5KxAC8oVAYRjQLlrhLsVUAAfi03wStyNWrYG9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJTyZ91dvTte7Vz28HQO9+4s/IuMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNGxQSm4zVjI5TzE3dFhQYndkQTczN2l6OGk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDUMA0G
CSqGSIb3DQEBCwUAA4IBAQAztZJPyTxrGmcHEdpcj7uDUnN+B4fvRZnV8bVhf3Zm
+n1PhsbxCmKG/XZByGVc6TKC/Fwqxt2y83vHmV9vK+kYt26hduD8oBFE+1hfBdGH
z1YMG7gH/wzvfOjfjqR2L+P+Wu5XAxlz66lYVWSvdHeNJG5MtGVb0/WFdZK69oKY
C0Hz4MLGDfgZyEKGj7Ugutuxn5GARxEEnpEzjrFeIzHrQRTpgk62yEdW4n5Fjjed
g+9d7bYhpvR9LAJaAh2LduEvBoYpT9T11G88RM56PPycghhDbN/UBzRBFXmOjkv/
JFudejqedLsZEQHaRiHISDq9a44f2Sfx/qsFS+F1+VzE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:05 2024 by rpki-client on console-fra.rpki-client.org