Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/653d510ZChqJxXpEMy6pcsXlWYY.roa
File:                     653d510ZChqJxXpEMy6pcsXlWYY.roa (raw, json)
Hash identifier:          nMP9IOP1PbYxITj0gUi8IF960UBYYXKghjwNJy9/V44=
Subject key identifier:   EB:9D:DD:E7:5D:19:0A:1A:89:C5:7A:44:33:2E:A9:72:C5:E5:59:86
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018C66B411FD6C2C8C8F79F0B9DFEB8D26DB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/653d510ZChqJxXpEMy6pcsXlWYY.roa
Signing time:             Thu 14 Dec 2023 05:02:06 +0000
ROA not before:           Thu 14 Dec 2023 05:02:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     147186
IP address blocks:        194.87.224.0/24 maxlen: 24
                          194.87.229.0/24 maxlen: 24
                          194.87.26.0/24 maxlen: 24
                          194.87.138.0/24 maxlen: 24
                          194.87.250.0/24 maxlen: 24
                          194.87.141.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          195.58.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 15 Dec 2023 12:45:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:66:b4:11:fd:6c:2c:8c:8f:79:f0:b9:df:eb:8d:26:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 14 05:02:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eb9ddde75d190a1a89c57a44332ea972c5e55986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:53:a7:37:cb:f4:ba:98:f2:14:a3:d7:c4:b3:
                    2a:70:95:de:80:81:cc:ca:f8:c3:da:e2:ce:b4:05:
                    9a:73:d4:e5:e8:f6:a3:6f:e7:16:b5:6c:e8:a1:c9:
                    59:0c:e8:d9:0a:60:39:98:65:b6:b3:79:ac:f5:72:
                    3e:f6:92:99:e4:22:a3:14:72:61:f2:0f:6f:1a:08:
                    bd:f3:76:a2:e5:7e:72:3f:3d:58:a7:ae:ca:1a:89:
                    68:29:ee:9e:13:05:e5:f1:4f:e3:2c:81:b2:eb:e4:
                    d6:aa:6e:b6:63:de:49:e5:94:46:7e:ca:41:09:de:
                    63:17:4e:8c:46:87:67:23:5c:9a:c6:36:d1:2f:25:
                    e4:04:41:9c:af:70:6c:e4:9a:de:6a:50:f6:7c:91:
                    e1:c7:37:68:1b:c9:f5:93:61:37:d7:af:83:ca:4d:
                    8c:29:df:4b:9e:9b:7e:d6:3f:f7:4b:fb:16:2b:94:
                    79:da:65:f8:33:03:d5:59:d7:c1:8f:d4:41:dd:a0:
                    54:44:ee:ad:0f:6a:b2:c0:5e:ea:20:a6:8b:86:88:
                    0c:31:4f:e7:e8:07:83:98:6a:16:ef:89:b3:ce:d0:
                    ae:39:fc:27:d7:2a:29:9a:d3:80:51:38:96:c2:10:
                    fd:cc:7a:84:9a:48:bf:78:4d:fe:20:23:d6:fe:ce:
                    20:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:9D:DD:E7:5D:19:0A:1A:89:C5:7A:44:33:2E:A9:72:C5:E5:59:86
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/653d510ZChqJxXpEMy6pcsXlWYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.26.0/24
                  194.87.138.0/24
                  194.87.141.0/24
                  194.87.168.0/24
                  194.87.170.0/24
                  194.87.224.0/24
                  194.87.229.0/24
                  194.87.250.0/24
                  195.58.54.0/24
                  195.58.63.0/24
                  212.192.1.0/24
                  212.192.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:d0:a4:df:61:ac:d2:12:f8:5a:c8:ad:7f:48:22:34:a4:4e:
         a4:27:48:18:b1:2a:fe:34:40:c6:f1:fc:c5:00:2a:f2:e4:fe:
         a3:dd:09:62:b8:0f:c7:c1:7c:11:48:9b:70:a9:99:75:26:28:
         87:0a:f4:8a:9d:0c:e4:21:0f:a5:7c:ce:66:8c:d4:dc:39:91:
         08:8c:2f:b7:91:83:7f:42:60:af:14:1f:78:f8:77:10:f9:a1:
         20:37:79:94:e0:1b:b2:1e:3a:cc:58:4b:96:f7:5b:24:53:03:
         a6:4c:52:eb:e6:43:ec:0d:fe:40:f6:d2:e6:f4:00:40:28:59:
         82:3b:b3:ef:6a:8c:5a:31:a2:bd:6f:c0:65:ae:14:67:68:e2:
         2a:c6:26:43:26:63:eb:42:7c:61:20:42:78:3c:55:99:c1:a0:
         0c:97:e0:93:09:bd:f4:18:3d:19:b1:da:ca:6f:27:d3:9b:7d:
         5e:e6:94:6c:4b:e9:8c:4d:6e:c3:c7:50:96:ca:39:fb:91:52:
         37:95:66:ea:36:e0:5f:ce:49:df:f0:5b:24:d2:cd:00:f7:55:
         f8:3f:d8:74:cd:86:29:b0:e9:a6:6b:fc:30:81:cc:d2:9e:90:
         a5:f6:f0:cc:13:80:4c:15:f4:d6:30:c1:ac:94:03:f4:bf:c2:
         56:c0:b4:9e
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYxmtBH9bCyMj3nwud/rjSbbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMjE0MDUwMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjlkZGRlNzVkMTkwYTFhODljNTdhNDQzMzJlYTk3MmM1ZTU1OTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1OnN8v0upjyFKPXxLMqcJXegIHM
yvjD2uLOtAWac9Tl6Pajb+cWtWzooclZDOjZCmA5mGW2s3ms9XI+9pKZ5CKjFHJh
8g9vGgi983ai5X5yPz1Yp67KGoloKe6eEwXl8U/jLIGy6+TWqm62Y95J5ZRGfspB
Cd5jF06MRodnI1yaxjbRLyXkBEGcr3Bs5JrealD2fJHhxzdoG8n1k2E316+Dyk2M
Kd9Lnpt+1j/3S/sWK5R52mX4MwPVWdfBj9RB3aBURO6tD2qywF7qIKaLhogMMU/n
6AeDmGoW74mzztCuOfwn1yopmtOAUTiWwhD9zHqEmki/eE3+ICPW/s4gqwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFOud3eddGQoaicV6RDMuqXLF5VmGMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNjUzZDUxMFpDaHFKeFhwRU15NnBjc1hsV1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAwlcaAwQA
wleKAwQAwleNAwQAwleoAwQAwleqAwQAwlfgAwQAwlflAwQAwlf6AwQAwzo2AwQA
wzo/AwQA1MABAwQA1MDQMA0GCSqGSIb3DQEBCwUAA4IBAQAs0KTfYazSEvhayK1/
SCI0pE6kJ0gYsSr+NEDG8fzFACry5P6j3QliuA/HwXwRSJtwqZl1JiiHCvSKnQzk
IQ+lfM5mjNTcOZEIjC+3kYN/QmCvFB94+HcQ+aEgN3mU4BuyHjrMWEuW91skUwOm
TFLr5kPsDf5A9tLm9ABAKFmCO7PvaoxaMaK9b8BlrhRnaOIqxiZDJmPrQnxhIEJ4
PFWZwaAMl+CTCb30GD0ZsdrKbyfTm31e5pRsS+mMTW7Dx1CWyjn7kVI3lWbqNuBf
zknf8Fsk0s0A91X4P9h0zYYpsOmma/wwgczSnpCl9vDME4BMFfTWMMGslAP0v8JW
wLSe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:06 2024 by rpki-client on console-fra.rpki-client.org