Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8q-3sHjgC3l44iGlcNg-vxMig1I.roa
File:                     8q-3sHjgC3l44iGlcNg-vxMig1I.roa (raw, json)
Hash identifier:          TRjqoqzbjXPkuWF2/aOMWymceMAOjXzlnXY3meuPRDY=
Subject key identifier:   F2:AF:B7:B0:78:E0:0B:79:78:E2:21:A5:70:D8:3E:BF:13:22:83:52
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A7D727BD6ED96AB067F4BEA9E9BFE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8q-3sHjgC3l44iGlcNg-vxMig1I.roa
Signing time:             Tue 02 Jan 2024 12:33:51 +0000
ROA not before:           Tue 02 Jan 2024 12:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63018
IP address blocks:        195.133.29.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 15 Feb 2024 16:42:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7d:72:7b:d6:ed:96:ab:06:7f:4b:ea:9e:9b:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2afb7b078e00b7978e221a570d83ebf13228352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ba:7d:ec:18:84:5b:00:b1:95:c2:2e:62:de:
                    aa:9b:63:f2:bd:ae:5c:5b:d8:13:3a:dc:de:b0:26:
                    a6:43:cb:a0:88:34:21:3e:3e:92:2b:54:fc:ec:40:
                    bf:ec:78:33:e8:12:1e:21:a5:df:0a:ba:ee:b1:68:
                    71:36:98:42:d0:3b:d3:75:80:1c:ac:a6:55:a8:65:
                    72:de:15:86:75:cc:ea:06:ca:29:82:c4:6d:cb:5d:
                    8b:da:38:e0:87:a2:d9:95:7d:6d:17:b2:fb:de:5c:
                    4c:4e:8f:6b:0d:66:b6:34:06:d7:5f:1a:73:b8:24:
                    2f:ab:2c:35:c4:bb:0e:d7:34:71:cc:c9:96:3d:ff:
                    d8:10:55:3c:f5:a2:bf:d0:e0:86:13:21:1a:8a:e8:
                    b6:ef:26:8b:5f:d2:71:d8:e4:72:09:e3:1c:6d:be:
                    67:61:ed:5b:1e:1e:73:37:34:0f:40:72:fd:3e:16:
                    1a:04:05:b8:93:30:72:a4:da:50:23:c0:25:dd:3a:
                    b0:ac:23:cd:0c:c2:82:b5:1a:d3:ea:27:55:98:a1:
                    4f:6a:ec:d3:d6:ce:f3:e6:14:b3:8a:f3:82:9e:3a:
                    22:47:14:bc:39:1c:26:d6:7f:bd:cf:bb:06:ca:23:
                    98:3e:9a:5a:94:d4:6a:4a:11:dd:66:bf:bd:95:6b:
                    ec:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:AF:B7:B0:78:E0:0B:79:78:E2:21:A5:70:D8:3E:BF:13:22:83:52
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8q-3sHjgC3l44iGlcNg-vxMig1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:b0:0b:c4:48:19:a4:33:e9:06:dc:a7:e5:2e:a6:37:2c:34:
         ae:8f:9e:98:b8:54:ea:05:b9:d1:91:10:d5:16:bc:a7:d8:13:
         1d:27:42:5c:00:34:43:32:c5:67:2b:2d:2b:56:97:91:6a:c2:
         23:1e:a5:59:9e:05:18:5a:6e:20:ff:70:0f:47:43:1e:49:cf:
         3a:3c:a6:b4:4d:87:fb:0b:b4:8b:6d:e2:de:66:52:d0:68:60:
         f7:60:e5:11:18:f5:c5:85:b0:6e:47:67:e1:39:4f:1b:9a:d1:
         6d:1c:d4:bc:b0:2a:fa:8f:db:69:39:99:e2:0a:f3:83:8e:64:
         2b:cf:0e:d5:7e:69:d1:f9:ba:f0:a4:8e:e8:e0:10:dd:99:d3:
         84:0f:4b:28:18:95:9f:76:11:cf:87:7d:14:a8:0d:ee:98:f0:
         de:20:67:66:2e:77:2a:f0:2d:58:d1:e7:15:ce:c6:0c:7e:9e:
         7e:29:50:4e:01:71:35:f4:17:f8:d0:b0:a7:23:74:be:18:30:
         50:f3:e5:ee:e6:47:ab:07:bd:89:c0:64:eb:8b:68:50:ec:c1:
         1a:75:19:7f:8b:c7:3f:df:21:8b:47:f5:b6:b4:0c:3b:c1:e9:
         8c:56:bb:3e:80:40:1b:86:18:1e:b6:e2:3b:0e:e7:8f:ac:c9:
         bf:a7:c8:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKn1ye9btlqsGf0vqnpv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmFmYjdiMDc4ZTAwYjc5NzhlMjIxYTU3MGQ4M2ViZjEzMjI4MzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7p97BiEWwCxlcIuYt6qm2Pyva5c
W9gTOtzesCamQ8ugiDQhPj6SK1T87EC/7Hgz6BIeIaXfCrrusWhxNphC0DvTdYAc
rKZVqGVy3hWGdczqBsopgsRty12L2jjgh6LZlX1tF7L73lxMTo9rDWa2NAbXXxpz
uCQvqyw1xLsO1zRxzMmWPf/YEFU89aK/0OCGEyEaiui27yaLX9Jx2ORyCeMcbb5n
Ye1bHh5zNzQPQHL9PhYaBAW4kzBypNpQI8Al3TqwrCPNDMKCtRrT6idVmKFPauzT
1s7z5hSzivOCnjoiRxS8ORwm1n+9z7sGyiOYPppalNRqShHdZr+9lWvszQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKvt7B44At5eOIhpXDYPr8TIoNSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOHEtM3NIamdDM2w0NGlHbGNOZy12eE1pZzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UdMA0G
CSqGSIb3DQEBCwUAA4IBAQCBsAvESBmkM+kG3KflLqY3LDSuj56YuFTqBbnRkRDV
Fryn2BMdJ0JcADRDMsVnKy0rVpeRasIjHqVZngUYWm4g/3APR0MeSc86PKa0TYf7
C7SLbeLeZlLQaGD3YOURGPXFhbBuR2fhOU8bmtFtHNS8sCr6j9tpOZniCvODjmQr
zw7VfmnR+brwpI7o4BDdmdOED0soGJWfdhHPh30UqA3umPDeIGdmLncq8C1Y0ecV
zsYMfp5+KVBOAXE19Bf40LCnI3S+GDBQ8+Xu5kerB72JwGTri2hQ7MEadRl/i8c/
3yGLR/W2tAw7wemMVrs+gEAbhhgetuI7DuePrMm/p8iD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:07 2024 by rpki-client on console-fra.rpki-client.org