Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/60mr8sFfDNETCKHkRSnZ2BmDNx4.roa
File:                     60mr8sFfDNETCKHkRSnZ2BmDNx4.roa (raw, json)
Hash identifier:          /Jkjh5igHW+InJSTLPi0rxBlMXPvCXtNGmRd+Y0BxI0=
Subject key identifier:   EB:49:AB:F2:C1:5F:0C:D1:13:08:A1:E4:45:29:D9:D8:19:83:37:1E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0186EB88A937914B4FCD2E448E7052F20411
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/60mr8sFfDNETCKHkRSnZ2BmDNx4.roa
Signing time:             Thu 16 Mar 2023 17:47:27 +0000
ROA not before:           Thu 16 Mar 2023 17:47:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2118
IP address blocks:        212.193.12.0/24 maxlen: 24
                          194.87.22.0/24 maxlen: 24
                          194.87.27.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24
                          194.58.46.0/23 maxlen: 24
                          194.58.45.0/24 maxlen: 24
                          195.58.50.0/24 maxlen: 24
                          195.58.52.0/22 maxlen: 22
                          195.58.58.0/24 maxlen: 24
                          195.58.56.0/21 maxlen: 24
                          195.58.59.0/24 maxlen: 24
                          195.58.61.0/24 maxlen: 24
                          195.58.62.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          194.87.115.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.114.0/24 maxlen: 24
                          193.124.133.0/24 maxlen: 24
                          194.87.136.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          194.87.208.0/23 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          212.192.0.0/23 maxlen: 24
                          194.87.165.0/24 maxlen: 24
                          194.87.171.0/24 maxlen: 24
                          192.124.182.0/24 maxlen: 24
                          195.133.55.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          195.133.195.0/24 maxlen: 24
                          212.192.208.0/23 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:eb:88:a9:37:91:4b:4f:cd:2e:44:8e:70:52:f2:04:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 16 17:47:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eb49abf2c15f0cd11308a1e44529d9d81983371e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cf:d2:7c:2a:47:9f:7b:cf:50:c1:0c:a7:63:
                    17:57:f1:e9:8c:62:ef:91:80:78:1f:a4:c5:d4:4c:
                    ac:76:6c:b0:f2:98:93:a5:df:3b:78:82:34:9c:49:
                    7f:a7:53:61:32:0c:28:c9:de:6b:75:85:11:6f:aa:
                    d1:55:62:0c:c4:f9:9f:24:90:8e:76:70:78:62:4f:
                    bd:9c:c1:91:15:63:0c:a8:29:ab:cb:a9:48:35:2f:
                    a4:15:8c:6c:45:8e:bb:ec:8d:4f:d0:fd:47:ce:a7:
                    01:ec:4d:b4:1e:93:de:de:ea:29:5a:27:ad:36:1e:
                    04:7b:52:9d:69:e5:51:ff:9e:6b:e6:52:3a:62:85:
                    6f:fa:b9:fa:7a:71:98:e0:28:84:85:5f:5c:13:69:
                    e9:f0:15:3e:ae:f1:49:23:92:7e:b4:61:06:66:87:
                    9b:a6:90:de:80:e1:9a:fe:26:be:de:46:8e:74:f5:
                    3f:8c:11:8a:37:84:1d:bf:36:47:87:82:ac:e1:a5:
                    c2:ec:35:de:a2:ab:a9:76:fa:6e:7c:f9:a5:e3:55:
                    7b:f4:5a:65:55:db:23:0d:6c:18:7f:7e:09:b1:df:
                    5b:20:40:5a:38:71:a8:0f:5b:f3:74:a5:3d:ca:e8:
                    58:5f:5f:33:64:27:c9:77:63:0f:76:82:16:66:13:
                    35:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:49:AB:F2:C1:5F:0C:D1:13:08:A1:E4:45:29:D9:D8:19:83:37:1E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/60mr8sFfDNETCKHkRSnZ2BmDNx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.182.0/24
                  193.124.133.0/24
                  193.124.203.0/24
                  194.58.42.0/24
                  194.58.45.0-194.58.47.255
                  194.87.22.0/24
                  194.87.27.0/24
                  194.87.82.0/24
                  194.87.114.0/23
                  194.87.118.0/24
                  194.87.136.0/24
                  194.87.165.0/24
                  194.87.171.0/24
                  194.87.198.0/24
                  194.87.208.0/23
                  194.87.222.0/23
                  195.58.50.0/24
                  195.58.52.0-195.58.63.255
                  195.133.55.0/24
                  195.133.195.0/24
                  212.192.0.0/23
                  212.192.208.0/23
                  212.193.0.0/24
                  212.193.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:e6:f9:16:65:a8:9f:fa:29:ef:ec:90:3c:3b:2a:05:98:a4:
         87:b5:23:c1:b8:ed:7e:e0:68:73:aa:5f:a0:99:dd:84:3d:7c:
         88:7d:a1:77:14:f6:87:8f:81:62:9d:6d:f9:ea:02:5f:41:11:
         5d:6a:48:4f:8c:ef:cf:74:11:aa:0a:ff:04:ac:cb:fb:6b:d1:
         ca:d9:52:3f:c0:40:73:d7:de:4b:ea:34:14:bf:6f:85:fc:2d:
         30:9a:17:6c:13:34:0c:98:4b:57:29:bb:c8:8d:19:da:62:f3:
         e5:72:8c:59:24:60:1e:f3:fc:98:bd:04:f6:86:92:a8:8a:c8:
         f7:f3:35:4b:fc:ba:bd:6d:08:07:94:6a:7e:a7:81:81:f5:f9:
         e7:e6:5f:c2:fb:2d:24:80:bb:1d:d3:1e:68:1b:a6:6e:4a:b3:
         ce:27:09:c7:68:5e:89:09:e9:62:f1:dc:3b:b8:a4:4b:a0:80:
         f3:e4:40:13:18:51:cd:0f:d5:c5:42:6b:7f:01:4b:52:a9:a3:
         50:c3:5b:12:cc:fa:db:89:07:42:fe:d0:1e:f4:1c:23:4c:f3:
         57:00:e5:71:f2:8e:b6:39:28:0c:94:ff:64:f7:f0:5b:30:0b:
         ad:f5:15:76:f1:5a:31:29:6d:9f:fc:bb:8f:cf:b7:94:a0:13:
         2d:33:7b:ac
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYbriKk3kUtPzS5EjnBS8gQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMzE2MTc0NzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQ5YWJmMmMxNWYwY2QxMTMwOGExZTQ0NTI5ZDlkODE5ODMzNzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAic/SfCpHn3vPUMEMp2MXV/HpjGLv
kYB4H6TF1Eysdmyw8piTpd87eII0nEl/p1NhMgwoyd5rdYURb6rRVWIMxPmfJJCO
dnB4Yk+9nMGRFWMMqCmry6lINS+kFYxsRY677I1P0P1HzqcB7E20HpPe3uopWiet
Nh4Ee1KdaeVR/55r5lI6YoVv+rn6enGY4CiEhV9cE2np8BU+rvFJI5J+tGEGZoeb
ppDegOGa/ia+3kaOdPU/jBGKN4QdvzZHh4Ks4aXC7DXeoqupdvpufPml41V79Fpl
VdsjDWwYf34Jsd9bIEBaOHGoD1vzdKU9yuhYX18zZCfJd2MPdoIWZhM1pQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFOtJq/LBXwzREwih5EUp2dgZgzceMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNjBtcjhzRmZETkVUQ0tIa1JTbloyQm1ETng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBADA
fLYDBADBfIUDBADBfMsDBADCOiowDAMEAMI6LQMEBMI6IAMEAMJXFgMEAMJXGwME
AMJXUgMEAcJXcgMEAMJXdgMEAMJXiAMEAMJXpQMEAMJXqwMEAMJXxgMEAcJX0AME
AcJX3gMEAMM6MjAMAwQCwzo0AwQGwzoAAwQAw4U3AwQAw4XDAwQB1MAAAwQB1MDQ
AwQA1MEAAwQA1MEMMA0GCSqGSIb3DQEBCwUAA4IBAQCE5vkWZaif+inv7JA8OyoF
mKSHtSPBuO1+4Ghzql+gmd2EPXyIfaF3FPaHj4FinW356gJfQRFdakhPjO/PdBGq
Cv8ErMv7a9HK2VI/wEBz195L6jQUv2+F/C0wmhdsEzQMmEtXKbvIjRnaYvPlcoxZ
JGAe8/yYvQT2hpKoisj38zVL/Lq9bQgHlGp+p4GB9fnn5l/C+y0kgLsd0x5oG6Zu
SrPOJwnHaF6JCeli8dw7uKRLoIDz5EATGFHND9XFQmt/AUtSqaNQw1sSzPrbiQdC
/tAe9BwjTPNXAOVx8o62OSgMlP9k9/BbMAut9RV28VoxKW2f/LuPz7eUoBMtM3us
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:50 2023 by rpki-client on console-ams.rpki-client.org