Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8VcKotBJ2EHuyykv-b957WvOZRo.roa
File:                     8VcKotBJ2EHuyykv-b957WvOZRo.roa (raw, json)
Hash identifier:          jQ4Ef6txgm4/g+WXJWPsDmrMl0ca1UsUqxgXG/0YaIc=
Subject key identifier:   F1:57:0A:A2:D0:49:D8:41:EE:CB:29:2F:F9:BF:79:ED:6B:CE:65:1A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019088F5F469ECC75F763083B93F1699AD4F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8VcKotBJ2EHuyykv-b957WvOZRo.roa
Signing time:             Sat 06 Jul 2024 16:52:18 +0000
ROA not before:           Sat 06 Jul 2024 16:52:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.56.0/23 maxlen: 23
                          194.85.249.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.39.0/24 maxlen: 24
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 12 Jul 2024 05:19:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:88:f5:f4:69:ec:c7:5f:76:30:83:b9:3f:16:99:ad:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  6 16:52:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1570aa2d049d841eecb292ff9bf79ed6bce651a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:21:30:09:ae:1e:8c:74:06:9d:59:29:00:be:
                    b9:29:08:27:26:7c:e8:72:cf:cd:04:3e:e6:0b:1e:
                    ba:d2:42:69:38:35:af:ed:58:ef:63:b4:a1:95:6c:
                    10:d2:5b:36:c4:d8:23:86:66:48:4b:78:59:bf:d5:
                    3d:b5:c9:ac:6b:67:28:ad:c8:11:bc:c4:26:10:97:
                    1a:82:fd:c7:6e:36:ef:47:5a:4c:ee:7e:66:79:23:
                    85:6c:d6:d2:dc:49:58:df:0f:a7:53:43:c9:5a:74:
                    df:9c:15:a7:73:75:ca:85:0a:05:42:3c:45:90:45:
                    45:97:c2:f7:1c:8b:e4:a1:fd:56:1b:35:be:79:dc:
                    5a:dd:88:ef:3f:d9:d7:f6:43:d6:3f:ee:bc:50:57:
                    3f:c2:33:a2:cf:c4:34:5c:1c:4c:7f:cf:ae:ac:93:
                    80:dc:39:9c:8b:e3:bd:7a:db:c9:d8:84:e6:0f:4e:
                    40:00:0e:b2:c3:8c:2e:4d:b8:92:7c:68:0c:f4:05:
                    29:50:46:c7:20:31:8b:1b:2e:9c:28:21:92:f6:c6:
                    7d:f0:74:40:fd:71:a6:a0:0f:3a:9b:25:15:73:b7:
                    ff:dc:09:82:ee:45:d6:41:00:b3:08:0e:48:4d:4d:
                    72:ed:43:af:5c:8b:12:02:76:f0:25:61:03:3d:4b:
                    e5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:57:0A:A2:D0:49:D8:41:EE:CB:29:2F:F9:BF:79:ED:6B:CE:65:1A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8VcKotBJ2EHuyykv-b957WvOZRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.56.0/23
                  194.85.249.0/24
                  194.87.169.0/24
                  195.133.25.0/24
                  195.133.39.0/24
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:e0:50:0c:97:50:13:48:af:be:b7:c1:f6:41:8c:76:ba:93:
         4e:e9:ff:5a:3a:f8:be:46:70:f3:95:23:30:0f:1a:3a:9f:ea:
         76:c6:43:fd:e7:b9:87:10:57:ed:87:4f:0e:dd:a2:84:05:6e:
         77:fc:8f:92:00:39:b9:43:3d:a7:e6:75:d9:22:fd:e5:91:a9:
         4f:b5:17:cb:96:85:ad:84:84:59:39:d7:0d:82:92:d6:41:f9:
         d0:2d:20:08:a7:3d:73:0a:0b:4a:e7:d4:d7:1b:21:2d:55:c9:
         03:8a:b5:33:43:3c:36:0d:bd:28:5c:4d:af:18:92:7a:61:0d:
         0f:b3:9f:a5:f4:e0:87:9f:b0:f6:96:1b:39:cf:a1:4a:3b:5b:
         39:49:34:91:3d:62:b2:36:d1:f4:7b:80:79:8b:2d:60:cf:c3:
         f7:c4:f1:5c:3e:a5:81:96:78:b9:8f:d1:97:3d:bc:77:3a:ed:
         09:55:a2:05:de:e6:5a:c6:9a:fb:19:57:3d:3b:88:a6:1f:3d:
         99:8c:45:09:d9:82:52:24:4e:88:a7:0f:1c:ca:7f:a6:3c:5c:
         cc:2f:2c:04:53:ef:96:c2:10:32:96:10:a9:ea:b4:1a:fa:f3:
         60:63:59:f8:65:be:f9:be:52:58:b5:1e:1f:cc:3d:ac:15:66:
         71:4e:b9:33
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZCI9fRp7MdfdjCDuT8Wma1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzA2MTY1MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTU3MGFhMmQwNDlkODQxZWVjYjI5MmZmOWJmNzllZDZiY2U2NTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCEwCa4ejHQGnVkpAL65KQgnJnzo
cs/NBD7mCx660kJpODWv7VjvY7ShlWwQ0ls2xNgjhmZIS3hZv9U9tcmsa2corcgR
vMQmEJcagv3HbjbvR1pM7n5meSOFbNbS3ElY3w+nU0PJWnTfnBWnc3XKhQoFQjxF
kEVFl8L3HIvkof1WGzW+edxa3YjvP9nX9kPWP+68UFc/wjOiz8Q0XBxMf8+urJOA
3Dmci+O9etvJ2ITmD05AAA6yw4wuTbiSfGgM9AUpUEbHIDGLGy6cKCGS9sZ98HRA
/XGmoA86myUVc7f/3AmC7kXWQQCzCA5ITU1y7UOvXIsSAnbwJWEDPUvl2wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFPFXCqLQSdhB7sspL/m/ee1rzmUaMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOFZjS290QkoyRUh1eXlrdi1iOTU3V3ZPWlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQBwjo4AwQA
wlX5AwQAwlepAwQAw4UZAwQAw4UnAwQBw4UyAwQBw4VcAwQA1MABMBQEAgACMA4D
BQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAX+BQDJdQE0ivvrfB9kGM
drqTTun/Wjr4vkZw85UjMA8aOp/qdsZD/ee5hxBX7YdPDt2ihAVud/yPkgA5uUM9
p+Z12SL95ZGpT7UXy5aFrYSEWTnXDYKS1kH50C0gCKc9cwoLSufU1xshLVXJA4q1
M0M8Ng29KFxNrxiSemEND7OfpfTgh5+w9pYbOc+hSjtbOUk0kT1isjbR9HuAeYst
YM/D98TxXD6lgZZ4uY/Rlz28dzrtCVWiBd7mWsaa+xlXPTuIph89mYxFCdmCUiRO
iKcPHMp/pjxczC8sBFPvlsIQMpYQqeq0GvrzYGNZ+GW++b5SWLUeH8w9rBVmcU65
Mw==
-----END CERTIFICATE-----