Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KU9vCsO34Cz0SXmEHoIGf94-lW8.roa
File:                     KU9vCsO34Cz0SXmEHoIGf94-lW8.roa (raw, json)
Hash identifier:          uxAnhl+bvxDW5XLAtIPBHdRbagAXkaib46NEZbhLkl8=
Subject key identifier:   29:4F:6F:0A:C3:B7:E0:2C:F4:49:79:84:1E:82:06:7F:DE:3E:95:6F
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018AA773FA80D2B1844ED65337F1596CC1F7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KU9vCsO34Cz0SXmEHoIGf94-lW8.roa
Signing time:             Mon 18 Sep 2023 08:41:50 +0000
ROA not before:           Mon 18 Sep 2023 08:41:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211256
IP address blocks:        195.58.38.0/24 maxlen: 24
                          194.87.54.0/24 maxlen: 24
                          194.58.44.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Sep 2023 09:32:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a7:73:fa:80:d2:b1:84:4e:d6:53:37:f1:59:6c:c1:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 18 08:41:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=294f6f0ac3b7e02cf44979841e82067fde3e956f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4b:d5:fd:8b:2a:1d:a9:a4:86:cd:f5:54:18:
                    c9:ad:c2:7c:a1:e0:b8:73:29:9d:6a:51:86:8f:a3:
                    88:e8:c2:54:3d:0c:4b:df:d9:e2:5f:b8:75:4f:f1:
                    29:cb:94:a4:0c:63:1e:22:8d:1d:48:bc:79:22:10:
                    44:b0:99:9a:a8:be:cf:db:aa:93:fd:2a:d7:10:f2:
                    c9:63:39:e9:2e:d5:0d:4b:08:b8:e9:2a:55:5f:60:
                    d2:cb:d6:25:7b:02:fd:1b:26:d9:07:3f:7a:b9:45:
                    94:f6:d0:af:2c:da:15:07:74:f3:17:f4:79:a4:ec:
                    f9:bb:89:19:4d:5d:77:b3:48:fe:64:9f:eb:e1:2c:
                    d7:e8:c7:f5:54:6b:60:5d:58:14:1c:74:03:ea:7b:
                    cb:1c:57:3d:ee:9c:90:1a:cf:77:2b:43:b3:59:4f:
                    70:40:f1:50:96:23:9e:9c:a9:db:3a:fe:e2:d1:f4:
                    a3:f2:d1:a0:36:41:30:ad:da:32:3a:99:99:d9:e9:
                    16:12:41:79:f4:86:3e:91:d4:f3:ea:14:4b:38:2c:
                    ab:a0:6f:9a:8f:a3:dc:26:bb:f4:50:da:27:a5:6a:
                    03:af:49:df:79:55:89:51:ee:f2:3f:f0:ef:f0:a9:
                    07:ce:41:9b:c6:30:e3:76:e2:37:c6:19:0e:c4:75:
                    a7:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:4F:6F:0A:C3:B7:E0:2C:F4:49:79:84:1E:82:06:7F:DE:3E:95:6F
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KU9vCsO34Cz0SXmEHoIGf94-lW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.44.0/24
                  194.87.54.0/24
                  195.58.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:2b:9c:f2:38:d0:bb:86:ce:bb:17:a7:d9:93:82:40:27:df:
         0f:77:4b:d9:ff:c0:73:12:ab:de:5b:4f:86:06:44:21:d1:e8:
         f1:ef:83:2f:38:2d:24:af:61:5d:2a:2f:b6:6e:1a:a2:54:da:
         32:47:49:a2:12:1a:dd:4d:5c:dc:c8:78:2b:26:bf:3b:0b:60:
         fd:db:44:e2:39:a6:fd:15:0f:fd:b7:bf:89:af:60:75:fd:87:
         be:d1:e1:d2:d3:11:83:95:f1:be:ad:43:22:85:0f:13:36:3c:
         51:ca:72:5d:02:fa:a3:2e:0f:75:01:8c:e9:a8:3c:4a:99:43:
         7f:e4:00:e9:d6:64:62:48:e5:e8:31:d8:22:9c:6f:e9:97:2a:
         96:4b:c2:42:fd:a7:3e:f2:5b:46:d9:78:72:bd:9e:e5:c2:5f:
         bd:65:a3:9a:cb:7e:03:bc:75:52:85:17:b3:cf:49:9a:00:db:
         3d:b6:07:a5:89:1e:ba:33:51:0e:51:d5:dd:0c:ed:82:31:91:
         08:2f:7f:69:a8:3d:78:f4:8c:5f:76:5c:81:ad:15:7b:e7:9a:
         01:ea:6f:7e:7e:06:4c:56:ec:9e:85:d3:41:8b:60:01:97:a6:
         04:13:fc:54:92:1e:d2:53:61:0e:3e:3f:a9:10:49:2c:6d:6f:
         62:b0:2d:f5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYqnc/qA0rGETtZTN/FZbMH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTE4MDg0MTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRmNmYwYWMzYjdlMDJjZjQ0OTc5ODQxZTgyMDY3ZmRlM2U5NTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkvV/YsqHamkhs31VBjJrcJ8oeC4
cymdalGGj6OI6MJUPQxL39niX7h1T/Epy5SkDGMeIo0dSLx5IhBEsJmaqL7P26qT
/SrXEPLJYznpLtUNSwi46SpVX2DSy9YlewL9GybZBz96uUWU9tCvLNoVB3TzF/R5
pOz5u4kZTV13s0j+ZJ/r4SzX6Mf1VGtgXVgUHHQD6nvLHFc97pyQGs93K0OzWU9w
QPFQliOenKnbOv7i0fSj8tGgNkEwrdoyOpmZ2ekWEkF59IY+kdTz6hRLOCyroG+a
j6PcJrv0UNonpWoDr0nfeVWJUe7yP/Dv8KkHzkGbxjDjduI3xhkOxHWntwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFClPbwrDt+As9El5hB6CBn/ePpVvMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvS1U5dkNzTzM0Q3owU1htRUhvSUdmOTQtbFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwjosAwQA
wlc2AwQAwzomMA0GCSqGSIb3DQEBCwUAA4IBAQAcK5zyONC7hs67F6fZk4JAJ98P
d0vZ/8BzEqveW0+GBkQh0ejx74MvOC0kr2FdKi+2bhqiVNoyR0miEhrdTVzcyHgr
Jr87C2D920TiOab9FQ/9t7+Jr2B1/Ye+0eHS0xGDlfG+rUMihQ8TNjxRynJdAvqj
Lg91AYzpqDxKmUN/5ADp1mRiSOXoMdginG/plyqWS8JC/ac+8ltG2XhyvZ7lwl+9
ZaOay34DvHVShRezz0maANs9tgeliR66M1EOUdXdDO2CMZEIL39pqD149IxfdlyB
rRV755oB6m9+fgZMVuyehdNBi2ABl6YEE/xUkh7SU2EOPj+pEEksbW9isC31
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:13 2024 by rpki-client on console-fra.rpki-client.org