Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5Luf7CJn6PITm376EkXa5Gnp8yw.roa
File:                     5Luf7CJn6PITm376EkXa5Gnp8yw.roa (raw, json)
Hash identifier:          SsnJ5q1TV55TpHJ1N2pqChdS1aEey6Q1g3tfXwqtT3Y=
Subject key identifier:   E4:BB:9F:EC:22:67:E8:F2:13:9B:7E:FA:12:45:DA:E4:69:E9:F3:2C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018A84583E49A365B927C8326410064B7266
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5Luf7CJn6PITm376EkXa5Gnp8yw.roa
Signing time:             Mon 11 Sep 2023 13:04:50 +0000
ROA not before:           Mon 11 Sep 2023 13:04:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21082
IP address blocks:        193.124.4.0/24 maxlen: 24
                          194.87.2.0/24 maxlen: 24
                          194.87.221.0/24 maxlen: 24
                          195.133.94.0/24 maxlen: 24
                          194.87.30.0/24 maxlen: 24
                          212.192.215.0/24 maxlen: 24
                          212.192.8.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          212.192.248.0/24 maxlen: 24
                          212.192.253.0/24 maxlen: 24
                          212.192.254.0/24 maxlen: 24
                          194.87.142.0/24 maxlen: 24
                          212.192.212.0/24 maxlen: 24
                          194.87.143.0/24 maxlen: 24
                          194.87.44.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:84:58:3e:49:a3:65:b9:27:c8:32:64:10:06:4b:72:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 11 13:04:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e4bb9fec2267e8f2139b7efa1245dae469e9f32c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b7:55:19:c6:1a:f7:64:c6:cd:36:8d:ab:ac:
                    0b:b3:51:b2:50:97:a5:36:78:f4:ef:21:fb:54:4c:
                    70:28:71:1b:20:d9:79:5b:df:b6:11:d6:5f:73:6c:
                    7b:19:1f:7f:02:ed:a4:d7:80:44:3c:18:98:ff:d5:
                    82:79:56:9c:df:45:e3:e9:e9:b9:b1:bb:bc:67:eb:
                    6b:ee:27:21:e4:40:23:5c:28:bd:08:52:66:fa:e3:
                    fc:5a:6e:6c:c4:7a:45:5b:63:15:e1:6f:3e:d9:95:
                    c3:bf:cf:77:23:45:e5:58:20:c1:78:e4:d2:80:bc:
                    b4:fd:63:5f:c1:03:7f:0c:4e:2b:c2:37:57:63:7e:
                    80:21:08:09:3d:c3:e1:da:95:0d:a5:95:ba:84:35:
                    57:2c:e1:21:33:6a:66:e8:ea:54:2a:85:19:ba:23:
                    1d:d5:3a:5f:3c:6d:5e:c7:1a:fe:f5:32:9c:0f:82:
                    74:8b:23:de:9d:4e:b7:3a:3a:dd:45:2e:e8:0c:92:
                    67:e9:d3:b6:23:04:0a:ed:72:47:77:70:e4:da:f1:
                    a5:8a:f7:d2:5a:d8:68:4f:57:f2:83:0a:ad:7e:9f:
                    0e:b5:92:ae:79:18:50:19:12:e7:72:44:51:b2:d8:
                    76:2a:9e:ea:07:78:51:03:3d:a9:f3:aa:65:64:b8:
                    ef:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:BB:9F:EC:22:67:E8:F2:13:9B:7E:FA:12:45:DA:E4:69:E9:F3:2C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5Luf7CJn6PITm376EkXa5Gnp8yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.183.0/24
                  193.124.4.0/24
                  194.87.2.0/24
                  194.87.30.0/24
                  194.87.44.0/24
                  194.87.142.0/23
                  194.87.221.0/24
                  195.133.94.0/24
                  212.192.8.0/24
                  212.192.212.0/24
                  212.192.215.0/24
                  212.192.248.0/24
                  212.192.253.0-212.192.254.255

    Signature Algorithm: sha256WithRSAEncryption
         29:88:d7:f5:79:8d:fb:e8:99:67:a9:4d:f5:77:e2:8f:27:da:
         bb:87:41:dc:8e:3e:8a:85:f6:e4:bc:3c:a7:c7:73:df:a1:4e:
         a7:cb:9a:e2:05:b3:fe:ca:c6:13:3a:6d:aa:30:1b:04:60:8d:
         7a:a8:e8:fc:64:6b:9a:db:5d:64:b4:7e:e5:03:d0:41:a9:1a:
         05:cb:50:97:b2:e0:2a:de:74:c7:c3:10:27:f2:7e:0f:10:83:
         5a:12:ff:fe:e7:7e:68:2e:b6:26:29:bf:05:1b:fc:d7:f1:f8:
         70:cb:c9:cf:a2:b2:86:7f:b9:47:6f:56:2c:11:23:fa:83:6f:
         47:69:92:64:d1:1b:38:0c:d9:bc:8f:41:09:94:bb:7e:35:34:
         41:a3:b8:e7:43:3b:0b:b6:36:2e:13:4f:27:e9:bb:a0:7c:9d:
         b3:94:59:47:8e:55:cc:5e:fb:60:0b:c5:30:04:b1:a6:d4:8e:
         ff:c4:f5:e7:3b:69:b4:b6:c2:d8:68:a6:a4:55:c5:d9:6b:e8:
         41:aa:48:c0:d1:e0:47:18:36:09:49:dd:78:c6:4c:96:06:65:
         72:42:4c:15:88:18:31:64:f7:41:50:a5:49:69:0a:91:dd:e7:
         df:4c:f2:ee:ab:13:1f:e4:07:71:a0:11:23:84:94:c5:28:3f:
         5a:22:0a:3a
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYqEWD5Jo2W5J8gyZBAGS3JmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTExMTMwNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGJiOWZlYzIyNjdlOGYyMTM5YjdlZmExMjQ1ZGFlNDY5ZTlmMzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7dVGcYa92TGzTaNq6wLs1GyUJel
Nnj07yH7VExwKHEbINl5W9+2EdZfc2x7GR9/Au2k14BEPBiY/9WCeVac30Xj6em5
sbu8Z+tr7ich5EAjXCi9CFJm+uP8Wm5sxHpFW2MV4W8+2ZXDv893I0XlWCDBeOTS
gLy0/WNfwQN/DE4rwjdXY36AIQgJPcPh2pUNpZW6hDVXLOEhM2pm6OpUKoUZuiMd
1TpfPG1exxr+9TKcD4J0iyPenU63OjrdRS7oDJJn6dO2IwQK7XJHd3Dk2vGlivfS
WthoT1fygwqtfp8OtZKueRhQGRLnckRRsth2Kp7qB3hRAz2p86plZLjv4wIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFOS7n+wiZ+jyE5t++hJF2uRp6fMsMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNUx1ZjdDSm42UElUbTM3NkVrWGE1R25wOHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAwHy3AwQA
wXwEAwQAwlcCAwQAwlceAwQAwlcsAwQBwleOAwQAwlfdAwQAw4VeAwQA1MAIAwQA
1MDUAwQA1MDXAwQA1MD4MAwDBADUwP0DBADUwP4wDQYJKoZIhvcNAQELBQADggEB
ACmI1/V5jfvomWepTfV34o8n2ruHQdyOPoqF9uS8PKfHc9+hTqfLmuIFs/7KxhM6
baowGwRgjXqo6Pxka5rbXWS0fuUD0EGpGgXLUJey4CredMfDECfyfg8Qg1oS//7n
fmgutiYpvwUb/Nfx+HDLyc+isoZ/uUdvViwRI/qDb0dpkmTRGzgM2byPQQmUu341
NEGjuOdDOwu2Ni4TTyfpu6B8nbOUWUeOVcxe+2ALxTAEsabUjv/E9ec7abS2wtho
pqRVxdlr6EGqSMDR4EcYNglJ3XjGTJYGZXJCTBWIGDFk90FQpUlpCpHd599M8u6r
Ex/kB3GgESOElMUoP1oiCjo=
-----END CERTIFICATE-----
Generated at Mon Sep 11 14:09:51 2023 by rpki-client on console-ams.rpki-client.org