Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8kDQ4prDJzN-tObZXVKT7gH-oD4.roa
File:                     8kDQ4prDJzN-tObZXVKT7gH-oD4.roa (raw, json)
Hash identifier:          cEcq/cfpvw2QBXOkjFhF9n6JMEz1Jg3tCxmxEWuwGPg=
Subject key identifier:   F2:40:D0:E2:9A:C3:27:33:7E:B4:E6:D9:5D:52:93:EE:01:FE:A0:3E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018C6CFCA9CAFF99A1BD5A242567D9D6553D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8kDQ4prDJzN-tObZXVKT7gH-oD4.roa
Signing time:             Fri 15 Dec 2023 10:19:07 +0000
ROA not before:           Fri 15 Dec 2023 10:19:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208287
IP address blocks:        193.124.7.0/24 maxlen: 24
                          194.87.215.0/24 maxlen: 24
                          195.133.6.0/24 maxlen: 24
                          212.192.217.0/24 maxlen: 24
                          194.58.154.0/24 maxlen: 24
                          194.87.190.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 18 Dec 2023 16:56:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:6c:fc:a9:ca:ff:99:a1:bd:5a:24:25:67:d9:d6:55:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 15 10:19:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f240d0e29ac327337eb4e6d95d5293ee01fea03e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bc:c7:a3:d0:da:d8:7d:d9:66:16:1c:60:02:
                    bf:27:06:43:d7:e6:78:49:25:9e:be:5b:17:96:65:
                    17:5c:5f:16:70:43:c6:e2:21:71:11:50:6d:15:9f:
                    04:bb:d8:b5:f8:42:4f:98:38:93:66:55:b2:e2:1c:
                    be:d5:4d:5f:4a:1e:c9:68:fa:e5:55:bc:c4:69:0d:
                    11:09:d0:6d:77:57:07:84:25:67:be:b4:fa:d8:d3:
                    f2:a3:99:cd:36:d4:c1:b9:08:57:33:b6:67:1f:cb:
                    4e:4b:6e:1a:5d:5f:d5:fa:fe:c7:fc:20:b9:a9:ff:
                    27:4e:ae:a2:81:65:dd:9d:e2:fa:33:6b:56:e5:3d:
                    56:40:ae:37:3c:9b:4f:6b:8c:71:96:3a:9a:81:7d:
                    e3:ba:a2:22:7e:30:a1:17:16:80:f2:d4:12:25:77:
                    75:30:c5:21:b2:e0:97:14:7a:54:bb:48:e2:2a:0e:
                    56:41:0a:97:a0:cf:67:50:3a:37:4a:7a:2d:a6:64:
                    bf:d4:e8:e3:46:dc:33:9b:62:c7:55:b9:4b:1f:6d:
                    4d:72:1a:32:47:e9:b6:d7:19:ba:59:46:ff:e5:97:
                    52:a4:49:1b:11:58:35:bc:02:d2:78:de:e7:4e:da:
                    ac:07:68:55:f5:a4:c7:73:a9:b3:32:1c:9a:89:ba:
                    9d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:40:D0:E2:9A:C3:27:33:7E:B4:E6:D9:5D:52:93:EE:01:FE:A0:3E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8kDQ4prDJzN-tObZXVKT7gH-oD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  193.124.200.0/24
                  194.58.154.0/24
                  194.87.190.0/24
                  194.87.215.0/24
                  195.133.6.0/24
                  212.192.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:b6:ba:12:b8:c7:52:cb:92:32:b1:85:0a:7a:11:f5:26:25:
         39:d3:03:aa:1e:1a:d1:23:d6:cc:45:9a:22:d2:cf:2e:e6:fc:
         ed:b3:c8:da:c8:af:1c:9e:7d:c1:f0:31:dd:e0:17:86:b2:5e:
         34:54:a9:a3:9b:a0:26:54:4d:1d:2d:c6:40:71:fd:b9:31:d1:
         78:c2:10:bd:f3:00:82:16:09:82:d6:75:2f:37:f4:6d:32:88:
         74:40:7a:6b:e3:10:eb:be:2e:52:e5:40:7e:5e:17:24:92:f0:
         ac:42:ae:7f:ef:6c:bd:23:96:b4:c7:32:5b:58:b9:b8:b7:5a:
         8f:9a:e3:f4:42:12:03:84:18:20:5f:96:55:56:72:3b:3f:25:
         62:0b:d8:db:97:02:e4:aa:a2:27:6a:f1:a1:bd:1a:a3:ea:3c:
         7c:86:8f:df:f2:e9:eb:12:07:b3:a8:bd:e5:f3:ae:3c:63:9e:
         5f:31:55:8a:3a:f1:2a:9e:94:71:04:02:76:55:04:25:56:9f:
         10:f2:8e:79:d2:ed:02:7f:3d:c5:a2:a2:71:4f:38:76:4e:59:
         a8:4d:f1:76:ae:ae:81:2b:db:35:79:86:a0:5b:2c:23:be:25:
         34:85:ed:af:72:d0:88:df:95:95:97:4a:48:4a:e4:b9:77:dc:
         cd:b3:62:80
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYxs/KnK/5mhvVokJWfZ1lU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMjE1MTAxOTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQwZDBlMjlhYzMyNzMzN2ViNGU2ZDk1ZDUyOTNlZTAxZmVhMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrzHo9Da2H3ZZhYcYAK/JwZD1+Z4
SSWevlsXlmUXXF8WcEPG4iFxEVBtFZ8Eu9i1+EJPmDiTZlWy4hy+1U1fSh7JaPrl
VbzEaQ0RCdBtd1cHhCVnvrT62NPyo5nNNtTBuQhXM7ZnH8tOS24aXV/V+v7H/CC5
qf8nTq6igWXdneL6M2tW5T1WQK43PJtPa4xxljqagX3juqIifjChFxaA8tQSJXd1
MMUhsuCXFHpUu0jiKg5WQQqXoM9nUDo3SnotpmS/1OjjRtwzm2LHVblLH21Nchoy
R+m21xm6WUb/5ZdSpEkbEVg1vALSeN7nTtqsB2hV9aTHc6mzMhyaibqdMwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFPJA0OKawyczfrTm2V1Sk+4B/qA+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOGtEUTRwckRKek4tdE9iWlhWS1Q3Z0gtb0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwXwHAwQA
wXzIAwQAwjqaAwQAwle+AwQAwlfXAwQAw4UGAwQA1MDZMA0GCSqGSIb3DQEBCwUA
A4IBAQBftroSuMdSy5IysYUKehH1JiU50wOqHhrRI9bMRZoi0s8u5vzts8jayK8c
nn3B8DHd4BeGsl40VKmjm6AmVE0dLcZAcf25MdF4whC98wCCFgmC1nUvN/RtMoh0
QHpr4xDrvi5S5UB+XhckkvCsQq5/72y9I5a0xzJbWLm4t1qPmuP0QhIDhBggX5ZV
VnI7PyViC9jblwLkqqInavGhvRqj6jx8ho/f8unrEgezqL3l8648Y55fMVWKOvEq
npRxBAJ2VQQlVp8Q8o550u0Cfz3FoqJxTzh2TlmoTfF2rq6BK9s1eYagWywjviU0
he2vctCI35WVl0pISuS5d9zNs2KA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:07 2024 by rpki-client on console-fra.rpki-client.org