Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ChucNmltCHv9eoHDUb099SUc584.roa
File:                     ChucNmltCHv9eoHDUb099SUc584.roa (raw, json)
Hash identifier:          w+y29jc0wxULzGzOMJU3r9+A4mXvM1w1IGQ9XnPqNpQ=
Subject key identifier:   0A:1B:9C:36:69:6D:08:7B:FD:7A:81:C3:51:BD:3D:F5:25:1C:E7:CE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018EE6E22DB0CCB9D8E7ADDD7F92C8159C34
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ChucNmltCHv9eoHDUb099SUc584.roa
Signing time:             Tue 16 Apr 2024 12:29:26 +0000
ROA not before:           Tue 16 Apr 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.172.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24
                          194.58.56.0/23 maxlen: 23
                          194.87.17.0/24 maxlen: 24
                          194.87.56.0/24 maxlen: 24
                          194.87.131.0/24 maxlen: 24
                          194.87.141.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24
                          195.133.20.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.76.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          212.193.4.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 20 Apr 2024 15:25:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:e2:2d:b0:cc:b9:d8:e7:ad:dd:7f:92:c8:15:9c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 16 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a1b9c36696d087bfd7a81c351bd3df5251ce7ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:41:81:6d:1b:15:8d:61:59:1c:9e:4b:90:27:
                    c3:aa:ae:58:a9:e3:9f:a2:c5:d1:f8:7e:ca:24:94:
                    15:a6:e5:ca:2a:25:d3:2f:11:de:da:63:0c:59:e9:
                    a1:96:d7:a6:a5:28:3c:07:7f:c0:01:6d:25:bf:33:
                    01:d4:78:19:92:d4:2a:f1:43:64:81:69:d7:8e:4f:
                    62:7c:7d:6a:86:8c:1e:cc:94:19:fb:c3:1f:d7:7f:
                    a2:de:34:66:5b:84:a6:1d:a3:27:47:85:2c:a5:2e:
                    0f:8d:37:80:d1:22:ee:3d:6e:4c:cb:10:45:1c:2a:
                    7a:0b:bd:f9:9a:03:4b:0d:67:f5:45:d9:8d:67:fa:
                    58:5b:e0:13:e6:42:25:5d:82:05:bf:a6:5c:f3:ab:
                    43:50:86:e6:38:85:2a:42:07:f0:27:e9:fb:cd:23:
                    02:b2:ce:9b:4d:b8:20:7a:99:34:5d:5b:43:f5:fe:
                    e4:2d:15:9a:98:d6:04:be:8d:72:27:2a:11:ca:1a:
                    82:2e:1e:f8:39:b6:21:0b:af:c5:08:d3:3b:e0:a5:
                    57:fc:b7:c5:b5:a7:70:7a:61:0f:ab:e0:4e:7c:e3:
                    e9:a3:eb:60:49:86:fd:29:88:ca:9e:e9:7d:1d:de:
                    73:8b:27:cd:43:12:c0:1b:9b:fb:43:de:89:bd:76:
                    8e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:1B:9C:36:69:6D:08:7B:FD:7A:81:C3:51:BD:3D:F5:25:1C:E7:CE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ChucNmltCHv9eoHDUb099SUc584.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  193.124.7.0/24
                  193.124.90.0/24
                  194.58.56.0/23
                  194.87.17.0/24
                  194.87.56.0/24
                  194.87.131.0/24
                  194.87.141.0/24
                  194.87.169.0/24
                  194.87.245.0/24
                  195.133.20.0/24
                  195.133.25.0/24
                  195.133.76.0/24
                  212.192.1.0/24
                  212.192.208.0/24
                  212.193.4.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:d1:46:b3:99:86:ae:db:ca:06:43:3e:82:b4:ab:03:36:6a:
         aa:47:de:9e:80:75:d9:0c:47:1c:3b:49:f2:e5:c5:22:f0:1d:
         e9:f5:38:55:c3:c1:6b:87:2f:26:6d:7a:e7:60:7c:6e:02:a8:
         df:ff:fb:75:3c:fa:c9:a2:25:f3:01:3d:cc:e3:31:b2:f3:84:
         b3:3b:18:ad:e7:8b:0d:a4:9c:a3:a6:cc:5e:c1:fa:bd:bf:f3:
         3b:ba:ff:ba:a8:ff:d0:08:86:95:a7:b1:d8:3c:cd:15:ab:d0:
         aa:75:5f:fc:a1:c3:f8:09:7f:68:97:0a:02:1e:83:5f:8c:83:
         f3:d8:29:fe:95:ac:0e:07:b1:ad:31:58:62:f2:24:ca:47:d4:
         0b:21:c8:c1:d0:d4:cc:60:58:8b:c7:52:49:63:73:78:d2:ca:
         21:37:37:e6:0b:80:3c:0b:42:43:14:08:23:9b:f5:f8:01:67:
         20:de:ad:81:26:a8:c5:4c:de:b2:83:f9:15:f4:05:20:cf:e9:
         3e:db:e4:df:63:98:c2:ab:27:f8:9f:e6:00:02:7a:9c:b8:a5:
         4f:b0:e0:bf:c6:e9:aa:01:49:af:94:cc:fc:02:bf:9c:6f:40:
         cc:9d:23:2e:f8:4f:b8:ed:f6:e6:d5:79:55:b3:4f:1f:d9:51:
         ab:d3:90:b9
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAY7m4i2wzLnY563df5LIFZw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNDE2MTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTFiOWMzNjY5NmQwODdiZmQ3YTgxYzM1MWJkM2RmNTI1MWNlN2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEGBbRsVjWFZHJ5LkCfDqq5YqeOf
osXR+H7KJJQVpuXKKiXTLxHe2mMMWemhltempSg8B3/AAW0lvzMB1HgZktQq8UNk
gWnXjk9ifH1qhowezJQZ+8Mf13+i3jRmW4SmHaMnR4UspS4PjTeA0SLuPW5MyxBF
HCp6C735mgNLDWf1RdmNZ/pYW+AT5kIlXYIFv6Zc86tDUIbmOIUqQgfwJ+n7zSMC
ss6bTbggepk0XVtD9f7kLRWamNYEvo1yJyoRyhqCLh74ObYhC6/FCNM74KVX/LfF
tadwemEPq+BOfOPpo+tgSYb9KYjKnul9Hd5ziyfNQxLAG5v7Q96JvXaO/wIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFAobnDZpbQh7/XqBw1G9PfUlHOfOMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQ2h1Y05tbHRDSHY5ZW9IRFViMDk5U1VjNTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MGYEAgABMGADBADAfKwD
BADBfAcDBADBfFoDBAHCOjgDBADCVxEDBADCVzgDBADCV4MDBADCV40DBADCV6kD
BADCV/UDBADDhRQDBADDhRkDBADDhUwDBADUwAEDBADUwNADBADUwQQwFAQCAAIw
DgMFAyoBV8ADBQMqDP9AMA0GCSqGSIb3DQEBCwUAA4IBAQA80UazmYau28oGQz6C
tKsDNmqqR96egHXZDEccO0ny5cUi8B3p9ThVw8Frhy8mbXrnYHxuAqjf//t1PPrJ
oiXzAT3M4zGy84SzOxit54sNpJyjpsxewfq9v/M7uv+6qP/QCIaVp7HYPM0Vq9Cq
dV/8ocP4CX9olwoCHoNfjIPz2Cn+lawOB7GtMVhi8iTKR9QLIcjB0NTMYFiLx1JJ
Y3N40sohNzfmC4A8C0JDFAgjm/X4AWcg3q2BJqjFTN6yg/kV9AUgz+k+2+TfY5jC
qyf4n+YAAnqcuKVPsOC/xumqAUmvlMz8Ar+cb0DMnSMu+E+47fbm1XlVs08f2VGr
05C5
-----END CERTIFICATE-----
Generated at Sat Apr 20 16:26:23 2024 by rpki-client on console-ams.rpki-client.org