Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Af7NZj1hq536dtz5n1SpP4GD66o.roa
File:                     Af7NZj1hq536dtz5n1SpP4GD66o.roa (raw, json)
Hash identifier:          TGaFLCdD0V8iCDpJKyEk9JkPpD3ZT8eWInqp5/JPKws=
Subject key identifier:   01:FE:CD:66:3D:61:AB:9D:FA:76:DC:F9:9F:54:A9:3F:81:83:EB:AA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018BDB7729FCC1D9484D3C3B3F79287B31C6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Af7NZj1hq536dtz5n1SpP4GD66o.roa
Signing time:             Fri 17 Nov 2023 04:08:21 +0000
ROA not before:           Fri 17 Nov 2023 04:08:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        194.87.1.0/24 maxlen: 24
                          193.124.16.0/24 maxlen: 24
                          194.87.11.0/24 maxlen: 24
                          194.87.12.0/24 maxlen: 24
                          194.87.21.0/24 maxlen: 24
                          194.87.18.0/24 maxlen: 24
                          194.87.30.0/24 maxlen: 24
                          212.192.214.0/24 maxlen: 24
                          195.58.35.0/24 maxlen: 24
                          194.58.47.0/24 maxlen: 24
                          195.58.58.0/23 maxlen: 23
                          195.58.62.0/23 maxlen: 23
                          194.87.104.0/24 maxlen: 24
                          194.87.114.0/23 maxlen: 23
                          194.87.122.0/24 maxlen: 24
                          194.87.124.0/24 maxlen: 24
                          193.124.133.0/24 maxlen: 24
                          194.87.131.0/24 maxlen: 24
                          195.133.0.0/24 maxlen: 24
                          194.87.134.0/23 maxlen: 23
                          194.87.56.0/24 maxlen: 24
                          193.124.80.0/24 maxlen: 24
                          194.87.83.0/24 maxlen: 24
                          194.87.200.0/24 maxlen: 24
                          195.133.84.0/23 maxlen: 23
                          192.124.178.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          192.124.189.0/24 maxlen: 24
                          195.133.40.0/23 maxlen: 23
                          193.124.200.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:db:77:29:fc:c1:d9:48:4d:3c:3b:3f:79:28:7b:31:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 17 04:08:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=01fecd663d61ab9dfa76dcf99f54a93f8183ebaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3d:17:74:f5:ab:5d:3a:68:30:ef:a6:cf:0f:
                    32:89:42:80:89:91:0b:d3:31:df:29:82:b2:37:c4:
                    3e:c8:4f:d1:f0:ea:ea:c3:bb:d6:40:9e:97:1d:85:
                    9b:4f:cc:8c:61:be:41:d8:45:ee:b3:eb:b3:a8:96:
                    25:4a:29:16:dc:2b:4f:c0:f4:43:d0:25:fd:03:90:
                    17:93:b4:6b:1e:72:27:a7:0c:a8:b7:aa:cb:ee:24:
                    1c:42:d4:4f:42:ee:92:7b:f2:f3:06:3f:67:83:35:
                    0d:22:c2:02:e6:b5:ef:8e:93:15:07:e2:8a:a9:8f:
                    77:39:1a:b7:38:12:44:f4:5b:50:0a:1e:a2:32:74:
                    9a:b8:25:84:d3:87:f1:8f:7b:4e:20:ee:d5:c5:40:
                    af:85:01:cd:d5:79:37:b1:eb:e9:80:0c:77:08:97:
                    97:30:5c:24:07:1d:e7:db:ac:8b:5c:1c:46:d4:e2:
                    9e:70:74:d3:55:51:ce:30:74:a2:90:6e:94:97:0e:
                    05:25:8e:11:e8:73:cd:00:fa:3c:94:dd:18:df:4c:
                    84:b1:12:fb:c4:20:4d:47:68:3e:7d:e8:58:f6:9f:
                    40:2d:91:a8:d3:7e:22:37:39:5a:5b:03:13:34:db:
                    78:a7:58:04:6a:3c:e6:5b:9b:f1:10:ea:06:20:2e:
                    f2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:FE:CD:66:3D:61:AB:9D:FA:76:DC:F9:9F:54:A9:3F:81:83:EB:AA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Af7NZj1hq536dtz5n1SpP4GD66o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.178.0/24
                  192.124.189.0/24
                  193.124.16.0/24
                  193.124.80.0/24
                  193.124.133.0/24
                  193.124.200.0/24
                  194.58.47.0/24
                  194.87.1.0/24
                  194.87.11.0-194.87.12.255
                  194.87.18.0/24
                  194.87.21.0/24
                  194.87.30.0/24
                  194.87.56.0/24
                  194.87.83.0/24
                  194.87.104.0/24
                  194.87.114.0/23
                  194.87.122.0/24
                  194.87.124.0/24
                  194.87.131.0/24
                  194.87.134.0/23
                  194.87.168.0/24
                  194.87.179.0/24
                  194.87.200.0/24
                  195.58.35.0/24
                  195.58.58.0/23
                  195.58.62.0/23
                  195.133.0.0/24
                  195.133.40.0/23
                  195.133.84.0/23
                  212.192.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:fb:ff:cc:dc:3e:5e:27:2f:1e:b0:35:4b:54:af:f7:87:f0:
         b7:3c:29:5e:b5:42:53:f5:84:92:5f:6a:56:64:7c:7a:ab:7b:
         8f:9c:2e:d0:da:a8:06:8d:3c:dd:ed:e9:90:7b:1f:05:2d:c3:
         22:6b:7f:67:de:8b:1f:58:bd:51:78:a6:46:f8:9c:55:cd:65:
         67:a8:7b:92:87:00:0b:09:91:99:71:0d:a8:45:c9:1f:0f:79:
         a7:97:75:79:ff:67:03:4e:8a:fd:4b:78:fe:87:ea:9d:d4:a7:
         42:38:24:3d:98:74:bc:46:53:56:da:8b:68:e8:89:fa:02:13:
         17:ce:db:8f:9d:63:2a:15:e6:49:46:4c:46:eb:3e:43:19:74:
         29:12:6c:d0:1f:51:69:ed:02:d4:df:f2:0e:ca:2b:7d:49:6b:
         24:6a:03:a4:77:7f:e0:ee:10:39:0a:fa:52:bb:92:c2:31:b5:
         0c:f0:70:2b:ad:32:81:74:d0:b7:33:72:a7:a6:56:93:5c:a3:
         aa:d0:a0:e1:4e:61:03:41:79:30:81:8a:d5:39:27:73:8d:3f:
         1d:bc:80:f4:e5:64:9b:82:67:8d:d9:5d:7d:0c:99:de:cf:b8:
         ec:4f:53:2f:23:97:85:68:a3:b6:80:c5:22:16:c9:f9:f6:c9:
         d4:2b:76:28
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISAYvbdyn8wdlITTw7P3koezHGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMTE3MDQwODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWZlY2Q2NjNkNjFhYjlkZmE3NmRjZjk5ZjU0YTkzZjgxODNlYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT0XdPWrXTpoMO+mzw8yiUKAiZEL
0zHfKYKyN8Q+yE/R8Orqw7vWQJ6XHYWbT8yMYb5B2EXus+uzqJYlSikW3CtPwPRD
0CX9A5AXk7RrHnInpwyot6rL7iQcQtRPQu6Se/LzBj9ngzUNIsIC5rXvjpMVB+KK
qY93ORq3OBJE9FtQCh6iMnSauCWE04fxj3tOIO7VxUCvhQHN1Xk3sevpgAx3CJeX
MFwkBx3n26yLXBxG1OKecHTTVVHOMHSikG6Ulw4FJY4R6HPNAPo8lN0Y30yEsRL7
xCBNR2g+fehY9p9ALZGo034iNzlaWwMTNNt4p1gEajzmW5vxEOoGIC7yhQIDAQAB
o4ICxDCCAsAwHQYDVR0OBBYEFAH+zWY9Yaud+nbc+Z9UqT+Bg+uqMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQWY3TlpqMWhxNTM2ZHR6NW4xU3BQNEdENjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHZBggrBgEFBQcBBwEB/wSByTCBxjCBwwQCAAEwgbwDBADA
fLIDBADAfL0DBADBfBADBADBfFADBADBfIUDBADBfMgDBADCOi8DBADCVwEwDAME
AMJXCwMEAMJXDAMEAMJXEgMEAMJXFQMEAMJXHgMEAMJXOAMEAMJXUwMEAMJXaAME
AcJXcgMEAMJXegMEAMJXfAMEAMJXgwMEAcJXhgMEAMJXqAMEAMJXswMEAMJXyAME
AMM6IwMEAcM6OgMEAcM6PgMEAMOFAAMEAcOFKAMEAcOFVAMEANTA1jANBgkqhkiG
9w0BAQsFAAOCAQEAdvv/zNw+XicvHrA1S1Sv94fwtzwpXrVCU/WEkl9qVmR8eqt7
j5wu0NqoBo083e3pkHsfBS3DImt/Z96LH1i9UXimRvicVc1lZ6h7kocACwmRmXEN
qEXJHw95p5d1ef9nA06K/Ut4/ofqndSnQjgkPZh0vEZTVtqLaOiJ+gITF87bj51j
KhXmSUZMRus+Qxl0KRJs0B9Rae0C1N/yDsorfUlrJGoDpHd/4O4QOQr6UruSwjG1
DPBwK60ygXTQtzNyp6ZWk1yjqtCg4U5hA0F5MIGK1Tknc40/HbyA9OVkm4Jnjdld
fQyZ3s+47E9TLyOXhWijtoDFIhbJ+fbJ1Ct2KA==
-----END CERTIFICATE-----
Generated at Wed Nov 22 06:01:56 2023 by rpki-client on console-ams.rpki-client.org