Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/74PfePFVLxH1EHshrGJ-lu-F2cE.roa
File:                     74PfePFVLxH1EHshrGJ-lu-F2cE.roa (raw, json)
Hash identifier:          Do9gWFSK4T1KafTbJcyZN/wi97OIuv38zBo5E1uB6ao=
Subject key identifier:   EF:83:DF:78:F1:55:2F:11:F5:10:7B:21:AC:62:7E:96:EF:85:D9:C1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0185FCDD6FD69FB212BA15782CB04D84C016
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/74PfePFVLxH1EHshrGJ-lu-F2cE.roa
Signing time:             Sun 29 Jan 2023 09:30:48 +0000
ROA not before:           Sun 29 Jan 2023 09:30:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     400377
IP address blocks:        194.87.205.0/24 maxlen: 24
                          195.133.76.0/24 maxlen: 24
                          62.76.226.0/24 maxlen: 24
                          194.87.2.0/24 maxlen: 24
                          194.87.10.0/24 maxlen: 24
                          194.87.233.0/24 maxlen: 24
                          194.87.252.0/24 maxlen: 24
                          193.124.46.0/24 maxlen: 24
                          212.192.9.0/24 maxlen: 24
                          194.58.40.0/24 maxlen: 24
                          195.58.51.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24
                          194.87.125.0/24 maxlen: 24
                          194.87.124.0/24 maxlen: 24
                          194.87.139.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:fc:dd:6f:d6:9f:b2:12:ba:15:78:2c:b0:4d:84:c0:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 29 09:30:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef83df78f1552f11f5107b21ac627e96ef85d9c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:31:c1:32:11:52:0e:11:c2:1a:ea:30:e9:77:
                    68:e6:e3:02:b7:b5:5a:93:08:35:1c:bc:65:39:c8:
                    fd:aa:ca:51:fc:7c:42:b0:e7:88:fe:4f:2c:43:0b:
                    be:33:f5:70:35:cb:d5:d4:f3:6b:e5:ed:d1:45:25:
                    7a:4c:72:5f:f5:53:66:75:aa:ea:2d:f4:e5:26:ca:
                    a5:26:03:9b:e6:bc:3d:5b:ac:ea:ba:ee:4a:cc:dd:
                    72:70:1f:cf:4f:f5:0b:0d:3c:55:e4:bd:b2:4f:40:
                    6c:4f:2d:db:f1:1d:72:fc:56:9c:15:1b:1c:19:58:
                    93:7e:34:b9:9f:98:e6:a1:7e:5e:f1:e9:dd:4e:4c:
                    c2:5d:80:7e:62:5b:f0:cf:89:f8:6a:11:92:a7:01:
                    dc:3f:64:f0:ab:67:b6:b8:31:9c:08:fd:99:98:08:
                    74:30:22:ca:79:37:67:11:eb:a0:9e:fa:fd:b8:23:
                    cf:36:d4:5b:95:3c:2b:1f:ff:e5:0e:51:3b:0e:6a:
                    14:0d:60:eb:31:62:b9:2e:d5:87:f3:15:cb:76:32:
                    76:32:7e:2d:44:78:e7:a2:58:dc:08:95:e9:76:90:
                    13:c2:3f:f8:a2:98:1f:5b:06:0c:27:c1:bc:97:b9:
                    ec:26:dc:c9:34:b8:87:6d:ab:90:04:ed:be:b8:77:
                    30:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:83:DF:78:F1:55:2F:11:F5:10:7B:21:AC:62:7E:96:EF:85:D9:C1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/74PfePFVLxH1EHshrGJ-lu-F2cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.226.0/24
                  192.124.180.0/24
                  193.124.46.0/24
                  193.124.90.0/24
                  193.124.200.0/24
                  194.58.40.0/24
                  194.87.2.0/24
                  194.87.10.0/24
                  194.87.124.0/23
                  194.87.139.0/24
                  194.87.205.0/24
                  194.87.233.0/24
                  194.87.252.0/24
                  195.58.51.0/24
                  195.133.76.0/24
                  212.192.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:fc:72:85:09:bc:56:89:e7:df:e4:a6:7f:b7:2a:e7:17:9b:
         6f:e3:c9:98:6a:a9:27:34:49:0e:7c:ef:2c:32:1a:97:23:6f:
         e6:3c:af:d9:c6:ee:1b:df:31:eb:ec:66:7f:7e:ea:b7:e2:3d:
         bf:28:a8:ca:d5:8e:c3:8e:3d:29:0d:94:f5:c3:08:2a:d1:f2:
         33:11:ec:db:e1:d0:7a:f5:7a:71:de:91:8b:0e:e9:4b:a0:50:
         46:80:2f:2a:17:07:ab:1b:79:d8:45:1c:d5:f2:c5:6f:60:ba:
         0f:18:49:95:e2:b2:13:ec:83:14:e5:4d:84:54:5f:17:08:0b:
         b0:d3:d8:42:ba:d2:91:5a:2a:e8:88:db:20:4e:35:f2:86:9a:
         47:bd:e3:cf:90:c5:36:99:87:ab:eb:1e:f7:c8:8d:87:b2:6b:
         42:15:90:2a:0a:93:06:2a:33:f1:46:81:f4:b7:98:24:5d:02:
         fd:44:45:78:f7:41:e0:67:9d:ab:d7:08:68:00:9c:17:3e:d0:
         da:1d:f7:b8:65:d0:7d:62:fe:ac:db:c6:e0:2b:b8:ca:f0:3a:
         9d:87:ff:fc:82:61:1b:2f:dd:c0:25:f7:02:ab:c0:e8:1a:c8:
         c5:8a:1b:ff:52:13:d5:d5:8e:4d:16:96:0d:f7:2d:a9:d8:28:
         b9:1f:bf:59
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYX83W/Wn7ISuhV4LLBNhMAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTI5MDkzMDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjgzZGY3OGYxNTUyZjExZjUxMDdiMjFhYzYyN2U5NmVmODVkOWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszHBMhFSDhHCGuow6Xdo5uMCt7Va
kwg1HLxlOcj9qspR/HxCsOeI/k8sQwu+M/VwNcvV1PNr5e3RRSV6THJf9VNmdarq
LfTlJsqlJgOb5rw9W6zquu5KzN1ycB/PT/ULDTxV5L2yT0BsTy3b8R1y/FacFRsc
GViTfjS5n5jmoX5e8endTkzCXYB+Ylvwz4n4ahGSpwHcP2Twq2e2uDGcCP2ZmAh0
MCLKeTdnEeugnvr9uCPPNtRblTwrH//lDlE7DmoUDWDrMWK5LtWH8xXLdjJ2Mn4t
RHjnoljcCJXpdpATwj/4opgfWwYMJ8G8l7nsJtzJNLiHbauQBO2+uHcw+QIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFO+D33jxVS8R9RB7IaxifpbvhdnBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNzRQZmVQRlZMeEgxRUhzaHJHSi1sdS1GMmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAPkziAwQA
wHy0AwQAwXwuAwQAwXxaAwQAwXzIAwQAwjooAwQAwlcCAwQAwlcKAwQBwld8AwQA
wleLAwQAwlfNAwQAwlfpAwQAwlf8AwQAwzozAwQAw4VMAwQA1MAJMA0GCSqGSIb3
DQEBCwUAA4IBAQAE/HKFCbxWieff5KZ/tyrnF5tv48mYaqknNEkOfO8sMhqXI2/m
PK/Zxu4b3zHr7GZ/fuq34j2/KKjK1Y7Djj0pDZT1wwgq0fIzEezb4dB69Xpx3pGL
DulLoFBGgC8qFwerG3nYRRzV8sVvYLoPGEmV4rIT7IMU5U2EVF8XCAuw09hCutKR
WiroiNsgTjXyhppHvePPkMU2mYer6x73yI2HsmtCFZAqCpMGKjPxRoH0t5gkXQL9
REV490HgZ52r1whoAJwXPtDaHfe4ZdB9Yv6s28bgK7jK8Dqdh//8gmEbL93AJfcC
q8DoGsjFihv/UhPV1Y5NFpYN9y2p2Ci5H79Z
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:51 2023 by rpki-client on console-ams.rpki-client.org