Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/AAt0C5NI3WQP0ZdEckLmLrC1LSg.roa
File:                     AAt0C5NI3WQP0ZdEckLmLrC1LSg.roa (raw, json)
Hash identifier:          hhx75QAtG6f5TcPFaD9ZIR1WP2fi8jhSxaJlPXQA6b4=
Subject key identifier:   00:0B:74:0B:93:48:DD:64:0F:D1:97:44:72:42:E6:2E:B0:B5:2D:28
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CC4119F31A49BE99A82EF2973A37667AD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/AAt0C5NI3WQP0ZdEckLmLrC1LSg.roa
Signing time:             Mon 01 Jan 2024 08:08:58 +0000
ROA not before:           Mon 01 Jan 2024 08:08:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     147186
IP address blocks:        195.133.84.0/24 maxlen: 24
                          194.87.224.0/24 maxlen: 24
                          194.87.229.0/24 maxlen: 24
                          194.87.141.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          195.58.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:11:9f:31:a4:9b:e9:9a:82:ef:29:73:a3:76:67:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  1 08:08:58 2024 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=000b740b9348dd640fd197447242e62eb0b52d28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9f:b3:b5:05:61:10:23:ba:18:ad:ac:88:0e:
                    7b:fa:1e:3c:37:02:b2:7b:24:0a:26:69:97:7b:d6:
                    3e:98:83:e4:c1:d3:88:6b:8a:c2:37:32:12:3f:a5:
                    28:4c:a5:87:c4:41:17:bf:46:9c:4b:06:8d:af:a5:
                    f2:a9:41:6c:8a:3b:1c:b5:f1:d0:c4:b6:cc:df:2d:
                    e1:7f:d4:2d:37:fb:d6:9c:ef:2f:18:bf:01:fd:cc:
                    6b:76:fc:4a:b5:78:60:59:d7:81:20:ec:fd:7e:b9:
                    43:cb:5c:4f:0b:eb:de:40:f3:49:0c:e5:04:e6:4a:
                    9a:9c:0b:23:83:56:c8:76:9e:fe:ed:58:a9:01:3f:
                    f8:a2:34:8c:49:3c:19:08:8a:5d:36:d6:02:af:51:
                    d4:ea:cc:39:50:d1:a1:21:0d:55:9f:6b:e7:ae:ef:
                    8f:ea:da:a2:52:ea:1a:4a:89:76:ff:f5:94:e4:9d:
                    7f:f8:e9:18:c7:8c:4d:ba:fe:43:32:68:58:4c:c4:
                    c7:0c:92:7e:b2:a7:27:cc:fd:0a:0e:97:b3:56:97:
                    06:f2:9e:83:21:b9:62:c8:5e:b4:4a:96:a1:50:0d:
                    57:10:a3:a3:5a:2d:ea:70:87:0b:f8:d0:7a:68:8d:
                    d0:02:b2:d9:9b:68:93:16:34:bf:b6:1d:d9:bb:53:
                    bf:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:0B:74:0B:93:48:DD:64:0F:D1:97:44:72:42:E6:2E:B0:B5:2D:28
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/AAt0C5NI3WQP0ZdEckLmLrC1LSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.141.0/24
                  194.87.168.0/24
                  194.87.170.0/24
                  194.87.224.0/24
                  194.87.229.0/24
                  195.58.54.0/24
                  195.58.63.0/24
                  195.133.84.0/24
                  212.192.1.0/24
                  212.192.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:42:8d:ec:80:bf:d7:71:b3:ae:36:4c:43:9e:41:a1:eb:2b:
         9b:98:f8:3d:65:3e:2e:20:a7:8d:9a:15:54:d1:fd:8f:ef:98:
         04:68:4c:92:4e:66:84:1f:6a:69:09:93:a7:18:1e:16:40:d0:
         36:fa:a8:36:a5:e3:1d:33:8f:72:c0:71:c8:29:76:bd:c6:b4:
         48:ef:33:34:f0:8a:b1:1a:e6:e7:58:d8:a8:e5:09:99:fc:cc:
         2c:bc:32:a1:11:2a:24:97:5e:23:22:e9:f5:6e:4b:ec:2b:27:
         51:61:d5:47:c2:a3:81:36:a7:c2:76:80:de:d5:ad:18:cb:d9:
         bc:99:d3:ed:fa:b2:7b:f3:24:7b:33:15:7c:c8:76:d8:a5:6a:
         cb:a7:b4:a1:cc:17:fb:4e:b4:bf:ff:3d:bf:4e:f8:c9:e7:f2:
         92:39:c8:72:c0:10:63:6a:f8:e1:eb:f2:2e:5b:59:b4:eb:a3:
         05:d9:d8:a0:95:0c:a8:f9:82:5a:49:03:8e:ab:4c:af:20:0c:
         48:96:ee:ad:cb:78:9e:76:13:1b:46:67:6b:61:1e:ce:9f:c9:
         e9:8c:a4:6e:9f:b1:16:52:05:f9:07:e4:e3:5e:25:48:26:16:
         b3:1d:e7:fd:5c:48:fc:20:c8:48:3a:86:7e:3b:38:3a:ef:5c:
         0e:c2:8e:9c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzEEZ8xpJvpmoLvKXOjdmetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAxMDgwODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDBiNzQwYjkzNDhkZDY0MGZkMTk3NDQ3MjQyZTYyZWIwYjUyZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5+ztQVhECO6GK2siA57+h48NwKy
eyQKJmmXe9Y+mIPkwdOIa4rCNzISP6UoTKWHxEEXv0acSwaNr6XyqUFsijsctfHQ
xLbM3y3hf9QtN/vWnO8vGL8B/cxrdvxKtXhgWdeBIOz9frlDy1xPC+veQPNJDOUE
5kqanAsjg1bIdp7+7VipAT/4ojSMSTwZCIpdNtYCr1HU6sw5UNGhIQ1Vn2vnru+P
6tqiUuoaSol2//WU5J1/+OkYx4xNuv5DMmhYTMTHDJJ+sqcnzP0KDpezVpcG8p6D
IbliyF60SpahUA1XEKOjWi3qcIcL+NB6aI3QArLZm2iTFjS/th3Zu1O/SQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAALdAuTSN1kD9GXRHJC5i6wtS0oMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQUF0MEM1TkkzV1FQMFpkRWNrTG1MckMxTFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwleNAwQA
wleoAwQAwleqAwQAwlfgAwQAwlflAwQAwzo2AwQAwzo/AwQAw4VUAwQA1MABAwQA
1MDQMA0GCSqGSIb3DQEBCwUAA4IBAQACQo3sgL/XcbOuNkxDnkGh6yubmPg9ZT4u
IKeNmhVU0f2P75gEaEySTmaEH2ppCZOnGB4WQNA2+qg2peMdM49ywHHIKXa9xrRI
7zM08IqxGubnWNio5QmZ/MwsvDKhESokl14jIun1bkvsKydRYdVHwqOBNqfCdoDe
1a0Yy9m8mdPt+rJ78yR7MxV8yHbYpWrLp7ShzBf7TrS//z2/TvjJ5/KSOchywBBj
avjh6/IuW1m066MF2diglQyo+YJaSQOOq0yvIAxIlu6ty3iedhMbRmdrYR7On8np
jKRun7EWUgX5B+TjXiVIJhazHef9XEj8IMhIOoZ+Ozg671wOwo6c
-----END CERTIFICATE-----
Generated at Tue Jan 2 15:19:18 2024 by rpki-client on console-ams.rpki-client.org