Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/572mVsluhnQ1-wy3zTLHg5bUvPs.roa
File:                     572mVsluhnQ1-wy3zTLHg5bUvPs.roa (raw, json)
Hash identifier:          YwFu8NFeCbdqXN5rH+OhBY1LcU6rK8TkPYEviKIo4zw=
Subject key identifier:   E7:BD:A6:56:C9:6E:86:74:35:FB:0C:B7:CD:32:C7:83:96:D4:BC:FB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0186BA6F4A48F2BC40B6067E322FA2E3FB0A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/572mVsluhnQ1-wy3zTLHg5bUvPs.roa
Signing time:             Tue 07 Mar 2023 04:58:21 +0000
ROA not before:           Tue 07 Mar 2023 04:58:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     53850
IP address blocks:        62.76.224.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.117.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          194.87.34.0/24 maxlen: 24
                          194.87.33.0/24 maxlen: 24
                          194.87.39.0/24 maxlen: 24
                          185.72.11.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 19 May 2023 15:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ba:6f:4a:48:f2:bc:40:b6:06:7e:32:2f:a2:e3:fb:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar  7 04:58:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e7bda656c96e867435fb0cb7cd32c78396d4bcfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:78:61:04:6a:89:ac:d2:0d:b7:23:bc:b6:f6:
                    b3:d5:20:b9:2c:2d:3f:2d:a9:33:9e:58:88:c4:13:
                    9c:db:da:a6:ee:f7:87:9a:c6:7c:0e:1f:16:42:2b:
                    42:3b:62:a6:89:92:a5:e9:d1:7e:7c:56:ed:18:6d:
                    e6:55:14:77:c5:3d:f7:67:b4:79:f0:c9:2d:3c:97:
                    44:37:4b:8f:0f:49:44:7d:3a:23:51:4f:78:ab:52:
                    71:17:5e:da:95:39:0f:d5:b9:f3:dc:0f:00:c8:cf:
                    5d:78:68:4b:2c:bb:f6:07:83:05:f8:ce:60:57:2e:
                    8d:66:77:c3:4d:31:30:20:a2:eb:7c:39:f0:e1:20:
                    9c:d0:af:91:9e:43:ff:9d:a1:6e:de:50:06:2b:a7:
                    30:c2:b9:60:f6:54:03:04:d7:d3:29:4b:da:8c:f5:
                    d4:35:fc:8e:a5:0c:b0:ce:38:13:1c:d6:d1:2b:82:
                    87:3b:6e:58:59:2f:65:ff:b8:76:d2:90:b2:63:c9:
                    35:9c:4d:aa:1a:b5:5d:04:32:11:a3:3a:e5:d9:f5:
                    45:e7:34:92:36:ad:ae:51:b8:c5:fd:1c:0a:ff:c5:
                    89:f9:97:d3:56:88:d1:83:eb:65:02:49:e9:37:9a:
                    ef:13:b1:90:ff:b3:31:37:9f:5d:fc:b5:d2:32:43:
                    f0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:BD:A6:56:C9:6E:86:74:35:FB:0C:B7:CD:32:C7:83:96:D4:BC:FB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/572mVsluhnQ1-wy3zTLHg5bUvPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.224.0/24
                  185.72.11.0/24
                  194.87.32.0-194.87.34.255
                  194.87.39.0/24
                  194.87.117.0-194.87.118.255

    Signature Algorithm: sha256WithRSAEncryption
         36:53:b1:41:e1:13:7f:1e:20:5d:5b:27:84:97:62:5c:30:7c:
         38:40:88:2d:22:33:dd:07:7b:87:a4:52:f5:96:c9:41:46:b1:
         49:72:31:f3:01:60:3d:09:ed:b2:a8:c0:35:fb:17:c8:56:77:
         4b:5b:30:43:f1:15:dc:fc:5e:cd:9a:d4:a8:7f:d5:5a:12:58:
         be:f2:2e:a1:49:e7:d2:49:f7:25:93:37:37:ff:e1:70:e9:7f:
         77:d1:6d:ef:4c:8f:7a:49:3c:a9:18:cc:80:6a:83:a7:ad:c0:
         2a:b0:54:6c:09:cd:b6:5f:c5:a5:03:10:25:a5:e0:0b:4e:54:
         e8:17:59:b8:fc:69:3b:a6:02:a3:ec:8b:f0:3f:5b:7c:e9:bf:
         5f:e7:21:a6:28:87:59:6f:12:c1:b8:35:c2:8b:0e:de:f1:8c:
         c1:da:e3:b9:c7:ae:72:c7:9c:c2:e7:44:40:e5:b0:c3:52:4f:
         5e:d4:8e:8c:a2:f0:d1:c9:7d:af:c2:5f:67:a8:2d:90:e6:46:
         e6:38:e8:c7:63:c1:ea:9e:cb:63:a3:41:50:88:4c:69:43:44:
         24:3e:af:b6:46:e8:44:09:e6:41:d6:83:19:f3:c1:30:96:cd:
         a6:2d:99:05:bd:60:b2:09:78:6c:c3:bf:b0:5c:76:d0:4b:cd:
         ba:18:33:da
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYa6b0pI8rxAtgZ+Mi+i4/sKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMzA3MDQ1ODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2JkYTY1NmM5NmU4Njc0MzVmYjBjYjdjZDMyYzc4Mzk2ZDRiY2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXhhBGqJrNINtyO8tvaz1SC5LC0/
LakznliIxBOc29qm7veHmsZ8Dh8WQitCO2KmiZKl6dF+fFbtGG3mVRR3xT33Z7R5
8MktPJdEN0uPD0lEfTojUU94q1JxF17alTkP1bnz3A8AyM9deGhLLLv2B4MF+M5g
Vy6NZnfDTTEwIKLrfDnw4SCc0K+RnkP/naFu3lAGK6cwwrlg9lQDBNfTKUvajPXU
NfyOpQywzjgTHNbRK4KHO25YWS9l/7h20pCyY8k1nE2qGrVdBDIRozrl2fVF5zSS
Nq2uUbjF/RwK/8WJ+ZfTVojRg+tlAknpN5rvE7GQ/7MxN59d/LXSMkPwFwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFOe9plbJboZ0NfsMt80yx4OW1Lz7MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNTcybVZzbHVoblExLXd5M3pUTEhnNWJVdlBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQAPkzgAwQA
uUgLMAwDBAXCVyADBADCVyIDBADCVycwDAMEAMJXdQMEAMJXdjANBgkqhkiG9w0B
AQsFAAOCAQEANlOxQeETfx4gXVsnhJdiXDB8OECILSIz3Qd7h6RS9ZbJQUaxSXIx
8wFgPQntsqjANfsXyFZ3S1swQ/EV3PxezZrUqH/VWhJYvvIuoUnn0kn3JZM3N//h
cOl/d9Ft70yPekk8qRjMgGqDp63AKrBUbAnNtl/FpQMQJaXgC05U6BdZuPxpO6YC
o+yL8D9bfOm/X+chpiiHWW8Swbg1wosO3vGMwdrjuceucsecwudEQOWww1JPXtSO
jKLw0cl9r8JfZ6gtkOZG5jjox2PB6p7LY6NBUIhMaUNEJD6vtkboRAnmQdaDGfPB
MJbNpi2ZBb1gsgl4bMO/sFx20EvNuhgz2g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:06 2024 by rpki-client on console-fra.rpki-client.org