Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EhRlTuuFI06fh9gDxW5kEzuKkbI.roa
File:                     EhRlTuuFI06fh9gDxW5kEzuKkbI.roa (raw, json)
Hash identifier:          FCSel/mLAEUHIHSffd9GwQhJPJnjliy5KQxNN+AB+TU=
Subject key identifier:   12:14:65:4E:EB:85:23:4E:9F:87:D8:03:C5:6E:64:13:3B:8A:91:B2
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D1C474F78F306396B74DF01F0B4C37BCE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EhRlTuuFI06fh9gDxW5kEzuKkbI.roa
Signing time:             Thu 18 Jan 2024 11:14:11 +0000
ROA not before:           Thu 18 Jan 2024 11:14:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        194.87.32.0/24 maxlen: 24
                          194.87.66.0/24 maxlen: 24
                          194.135.30.0/24 maxlen: 24
                          195.58.35.0/24 maxlen: 24
                          195.133.40.0/22 maxlen: 22
                          212.192.254.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Jan 2024 03:50:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:47:4f:78:f3:06:39:6b:74:df:01:f0:b4:c3:7b:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 18 11:14:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1214654eeb85234e9f87d803c56e64133b8a91b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9f:f0:36:55:90:7f:9c:51:53:f6:97:34:28:
                    16:d9:ba:48:a4:01:00:f4:fe:1c:7f:3d:08:9e:db:
                    b7:ff:61:80:30:33:d3:92:e1:3a:fe:e4:d3:57:be:
                    df:99:83:28:fc:80:8d:61:f2:b3:f7:5c:4b:fd:03:
                    5b:a5:10:b0:88:f3:da:9f:bd:d8:c7:e8:4e:80:d3:
                    e8:ea:f8:66:ff:da:29:51:d5:8b:c0:fb:1e:e4:22:
                    c0:30:40:5c:e7:61:e5:58:f0:0a:83:c7:b7:50:83:
                    45:7b:71:c6:71:21:9d:99:cc:00:d5:71:43:a2:10:
                    e4:d9:73:fc:6f:da:5e:2e:d5:12:46:86:81:d3:17:
                    4d:e1:b7:ae:e3:d4:05:a4:e8:53:14:f5:fa:52:05:
                    c4:06:de:5e:77:e0:02:a7:60:8e:c2:30:76:2b:3c:
                    ce:e0:40:6b:66:13:ef:a6:12:e8:2a:9c:7b:22:6f:
                    17:43:13:8b:05:5f:6f:a6:ce:81:49:df:20:e7:31:
                    89:1d:81:b7:5f:57:7c:2d:e3:48:06:0d:9f:16:cd:
                    b0:36:21:b4:d2:c3:19:ba:57:c1:41:e4:af:cb:03:
                    7c:9f:87:41:82:b2:39:09:f0:20:a7:1b:26:48:12:
                    1c:fd:09:41:5e:72:4b:df:07:95:33:b1:b1:e0:05:
                    a8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:14:65:4E:EB:85:23:4E:9F:87:D8:03:C5:6E:64:13:3B:8A:91:B2
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EhRlTuuFI06fh9gDxW5kEzuKkbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.32.0/24
                  194.87.66.0/24
                  194.135.30.0/24
                  195.58.35.0/24
                  195.133.40.0/22
                  212.192.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:29:ca:3f:3c:c7:0a:c1:e9:ea:c2:64:65:6c:57:71:f0:7a:
         07:c9:e0:6c:31:c3:93:e5:cb:97:70:d9:8b:3c:47:8c:3d:22:
         e2:54:75:b4:a9:b5:45:2a:56:48:bf:48:ee:0f:f0:5a:61:24:
         93:65:6b:4d:a4:e9:d4:ee:bc:98:41:f7:c4:40:ac:49:37:e2:
         e7:71:a7:d5:63:a9:75:d9:94:f6:07:1f:08:cb:5c:7a:2e:4e:
         7c:49:88:7e:6e:81:76:37:7e:44:36:8c:ec:0d:32:07:ab:0f:
         c7:2f:9e:a4:0e:10:27:73:ed:e5:3f:69:11:53:2f:13:c5:b4:
         d4:1a:62:9e:95:b1:51:14:c3:08:88:21:87:2a:47:15:28:a2:
         8c:45:dc:a4:81:ee:f5:09:b0:ef:b1:41:79:3e:1c:04:48:7c:
         79:e7:b3:4f:e2:7c:67:1f:57:8b:50:9c:ee:ea:76:aa:6d:78:
         b4:ef:cc:b3:7d:9d:29:d1:6d:72:5d:e3:95:d2:5e:dd:85:11:
         95:df:cd:21:75:d0:ec:cf:5d:e2:dd:f8:c6:cc:aa:b0:6a:bf:
         3b:ef:47:c1:f5:a7:13:50:5a:92:d2:9a:48:97:a5:c2:5b:af:
         34:8c:a5:85:5b:80:04:eb:de:23:9b:dd:22:35:fd:b5:ce:39:
         4d:69:d7:b2
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY0cR0948wY5a3TfAfC0w3vOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTE4MTExNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjE0NjU0ZWViODUyMzRlOWY4N2Q4MDNjNTZlNjQxMzNiOGE5MWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5/wNlWQf5xRU/aXNCgW2bpIpAEA
9P4cfz0Intu3/2GAMDPTkuE6/uTTV77fmYMo/ICNYfKz91xL/QNbpRCwiPPan73Y
x+hOgNPo6vhm/9opUdWLwPse5CLAMEBc52HlWPAKg8e3UINFe3HGcSGdmcwA1XFD
ohDk2XP8b9peLtUSRoaB0xdN4beu49QFpOhTFPX6UgXEBt5ed+ACp2COwjB2KzzO
4EBrZhPvphLoKpx7Im8XQxOLBV9vps6BSd8g5zGJHYG3X1d8LeNIBg2fFs2wNiG0
0sMZulfBQeSvywN8n4dBgrI5CfAgpxsmSBIc/QlBXnJL3weVM7Gx4AWokQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFBIUZU7rhSNOn4fYA8VuZBM7ipGyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRWhSbFR1dUZJMDZmaDlnRHhXNWtFenVLa2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwlcgAwQA
wldCAwQAwoceAwQAwzojAwQCw4UoAwQA1MD+MA0GCSqGSIb3DQEBCwUAA4IBAQAL
Kco/PMcKwenqwmRlbFdx8HoHyeBsMcOT5cuXcNmLPEeMPSLiVHW0qbVFKlZIv0ju
D/BaYSSTZWtNpOnU7ryYQffEQKxJN+LncafVY6l12ZT2Bx8Iy1x6Lk58SYh+boF2
N35ENozsDTIHqw/HL56kDhAnc+3lP2kRUy8TxbTUGmKelbFRFMMIiCGHKkcVKKKM
Rdykge71CbDvsUF5PhwESHx557NP4nxnH1eLUJzu6naqbXi078yzfZ0p0W1yXeOV
0l7dhRGV380hddDsz13i3fjGzKqwar8770fB9acTUFqS0ppIl6XCW680jKWFW4AE
694jm90iNf21zjlNadey
-----END CERTIFICATE-----
Generated at Tue Jan 30 08:44:05 2024 by rpki-client on console-ams.rpki-client.org