Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HEx4a9vf7-8G-IMK1t1nNUGi01E.roa
File:                     HEx4a9vf7-8G-IMK1t1nNUGi01E.roa (raw, json)
Hash identifier:          qn9NgojfeKbwt4mumczAAUvYAMmgycSKPKQ02YFMEyY=
Subject key identifier:   1C:4C:78:6B:DB:DF:EF:EF:06:F8:83:0A:D6:DD:67:35:41:A2:D3:51
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018B6743C34E345E89330153B8CE58A6B8AF
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HEx4a9vf7-8G-IMK1t1nNUGi01E.roa
Signing time:             Wed 25 Oct 2023 14:36:16 +0000
ROA not before:           Wed 25 Oct 2023 14:36:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198981
IP address blocks:        194.87.228.0/24 maxlen: 24
                          212.192.250.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 28 Nov 2023 10:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:67:43:c3:4e:34:5e:89:33:01:53:b8:ce:58:a6:b8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 25 14:36:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1c4c786bdbdfefef06f8830ad6dd673541a2d351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:94:01:32:d1:d7:1a:aa:d7:17:b9:b4:f6:4b:
                    51:39:f4:f7:01:4c:82:a3:1c:f0:04:9e:09:2c:ea:
                    f0:34:62:04:f0:da:8c:95:c9:e2:3d:1c:e6:49:90:
                    2b:17:eb:2a:de:16:7c:93:ba:dd:8c:0d:d2:3a:b1:
                    ce:de:d5:15:22:e6:80:57:be:68:f4:fb:6e:74:8f:
                    c0:2c:72:5b:0b:e7:76:1c:e8:ee:5b:01:e3:47:d8:
                    9d:bf:e5:0f:85:61:74:a9:8d:30:d5:db:83:51:f6:
                    ed:d4:2b:39:14:ef:02:aa:08:73:04:25:f9:c8:5c:
                    f2:59:6f:cc:d0:f5:c6:74:0c:9b:8f:d0:c5:a3:3f:
                    d6:41:60:25:ae:0f:e0:41:2b:e8:c2:39:3f:51:8e:
                    a8:37:c9:ef:4d:ae:ee:ec:70:ed:d1:4f:ad:9c:9b:
                    4e:7a:ff:6f:b0:80:ae:c4:96:5d:42:2d:f8:46:25:
                    ca:be:62:c3:e6:24:2a:b8:80:57:e9:ec:a7:58:a4:
                    8d:9a:90:c3:e3:53:75:06:35:24:85:a5:59:68:a2:
                    40:13:a4:ba:7f:74:77:ba:18:b3:1a:48:94:02:2e:
                    21:00:07:95:ef:c2:bc:a2:a6:30:5f:75:30:b5:d9:
                    ee:ee:7f:53:c4:33:44:29:02:5d:82:42:eb:8f:1c:
                    82:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:4C:78:6B:DB:DF:EF:EF:06:F8:83:0A:D6:DD:67:35:41:A2:D3:51
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HEx4a9vf7-8G-IMK1t1nNUGi01E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.228.0/24
                  212.192.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:ab:01:8d:cf:b6:d9:dd:d6:0c:82:fe:c1:89:b8:4f:a1:7e:
         b0:e6:3f:c5:35:fb:10:d9:c3:08:46:e7:1d:18:62:34:a1:42:
         0b:32:c7:ab:00:48:32:ea:a8:2e:43:55:7f:4b:eb:22:ee:d8:
         35:2b:59:08:2e:f7:a3:ec:ec:69:a1:45:5f:2d:50:5a:c8:72:
         61:0d:5b:43:c7:c4:93:d9:08:26:d3:58:1d:8c:a7:c4:64:f2:
         05:d0:a8:01:49:2d:42:6d:88:a5:29:36:c0:6e:c7:1a:76:dd:
         90:fc:87:dd:74:74:53:27:ff:55:90:f6:e1:9f:d3:4e:9b:ff:
         55:dd:70:3e:5a:70:81:e4:16:3c:98:ba:5b:1f:82:5a:73:55:
         a7:73:9a:46:96:58:41:d5:60:ac:48:ab:50:63:56:79:2a:90:
         f6:38:c0:76:9f:b5:ba:18:61:3f:ac:38:20:9f:7f:c6:49:24:
         0b:71:ed:8b:1f:6b:8a:c7:99:3b:2e:48:10:d3:44:b5:0a:3e:
         50:f1:a6:18:1a:10:e9:86:cf:65:bb:66:9b:7a:94:59:6e:97:
         c0:7f:78:75:d8:07:cc:bc:b2:a5:44:b3:1c:88:47:d1:e5:19:
         f2:66:e4:ea:97:d6:66:47:47:76:b3:c7:f3:9a:d8:ac:a9:29:
         26:d0:c0:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYtnQ8NONF6JMwFTuM5YprivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMDI1MTQzNjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzRjNzg2YmRiZGZlZmVmMDZmODgzMGFkNmRkNjczNTQxYTJkMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35QBMtHXGqrXF7m09ktROfT3AUyC
oxzwBJ4JLOrwNGIE8NqMlcniPRzmSZArF+sq3hZ8k7rdjA3SOrHO3tUVIuaAV75o
9PtudI/ALHJbC+d2HOjuWwHjR9idv+UPhWF0qY0w1duDUfbt1Cs5FO8CqghzBCX5
yFzyWW/M0PXGdAybj9DFoz/WQWAlrg/gQSvowjk/UY6oN8nvTa7u7HDt0U+tnJtO
ev9vsICuxJZdQi34RiXKvmLD5iQquIBX6eynWKSNmpDD41N1BjUkhaVZaKJAE6S6
f3R3uhizGkiUAi4hAAeV78K8oqYwX3Uwtdnu7n9TxDNEKQJdgkLrjxyC5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBxMeGvb3+/vBviDCtbdZzVBotNRMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSEV4NGE5dmY3LThHLUlNSzF0MW5OVUdpMDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwlfkAwQA
1MD6MA0GCSqGSIb3DQEBCwUAA4IBAQBgqwGNz7bZ3dYMgv7BibhPoX6w5j/FNfsQ
2cMIRucdGGI0oUILMserAEgy6qguQ1V/S+si7tg1K1kILvej7OxpoUVfLVBayHJh
DVtDx8ST2Qgm01gdjKfEZPIF0KgBSS1CbYilKTbAbscadt2Q/IfddHRTJ/9VkPbh
n9NOm/9V3XA+WnCB5BY8mLpbH4Jac1Wnc5pGllhB1WCsSKtQY1Z5KpD2OMB2n7W6
GGE/rDggn3/GSSQLce2LH2uKx5k7LkgQ00S1Cj5Q8aYYGhDphs9lu2abepRZbpfA
f3h12AfMvLKlRLMciEfR5RnyZuTql9ZmR0d2s8fzmtisqSkm0MAb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:11 2024 by rpki-client on console-fra.rpki-client.org