Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LGczVhEtXZLqUL5fNjJcGEcTK7M.roa
File:                     LGczVhEtXZLqUL5fNjJcGEcTK7M.roa (raw, json)
Hash identifier:          /bZSz2jXqWBOLfXjUtJ3oGjhvggR7AmSCIxLZVJdXOE=
Subject key identifier:   2C:67:33:56:11:2D:5D:92:EA:50:BE:5F:36:32:5C:18:47:13:2B:B3
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018E51B33E8DFB8BD6B8C5C2FAFE8AB82920
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LGczVhEtXZLqUL5fNjJcGEcTK7M.roa
Signing time:             Mon 18 Mar 2024 13:14:45 +0000
ROA not before:           Mon 18 Mar 2024 13:14:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.172.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 17:58:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:b3:3e:8d:fb:8b:d6:b8:c5:c2:fa:fe:8a:b8:29:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 18 13:14:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c673356112d5d92ea50be5f36325c1847132bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:51:d9:71:1e:49:b9:0b:05:a9:44:f5:75:54:
                    44:ff:a3:ca:ab:3e:88:18:8e:b6:de:c9:2f:c5:fc:
                    a6:98:9e:e6:9b:06:ae:1f:50:d7:bf:a0:84:46:6a:
                    e9:49:c0:70:d4:ba:f9:7b:1f:53:e2:30:7f:90:6e:
                    87:e2:84:48:38:d5:de:2f:e8:b1:ed:64:a5:a4:a9:
                    e5:0b:94:d9:60:05:55:8c:44:02:df:b0:e0:bd:d6:
                    69:73:d8:21:6f:fa:0c:76:dd:86:b1:9c:89:93:a3:
                    5e:ef:95:04:2a:fa:63:01:87:57:b2:0d:b4:ec:86:
                    69:cd:d0:5a:93:2c:d2:90:2b:b2:1f:ab:f1:18:d6:
                    80:2c:95:8d:53:91:3e:12:09:8a:a1:ed:dd:85:68:
                    ed:8e:db:28:69:48:47:de:f3:eb:5c:d2:05:90:64:
                    2f:d9:e8:6c:a2:d7:78:51:7e:24:55:b7:03:0c:95:
                    34:2f:32:6d:b2:21:25:9a:49:77:4a:6e:2f:18:e1:
                    ad:a4:18:10:eb:5a:1b:59:00:4a:08:6f:60:6f:06:
                    26:a8:78:22:ab:68:21:26:28:01:c5:87:88:77:51:
                    2c:32:ea:f9:c1:10:c1:21:28:fb:2f:91:0c:28:6f:
                    3a:df:5b:07:c4:8c:41:d5:dc:f5:41:b4:b5:ee:34:
                    f6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:67:33:56:11:2D:5D:92:EA:50:BE:5F:36:32:5C:18:47:13:2B:B3
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LGczVhEtXZLqUL5fNjJcGEcTK7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  193.124.7.0/24
                  194.87.168.0/23
                  194.87.245.0/24
                  195.133.25.0/24
                  212.192.1.0/24
                  212.192.208.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:dc:12:40:b4:9b:6c:22:97:c3:91:81:3b:7f:59:51:db:3d:
         b3:ea:bb:48:96:be:17:45:13:df:e3:84:4a:96:98:35:2d:0b:
         36:f8:e6:b9:03:75:86:5c:a0:01:b2:76:0b:16:01:cd:b8:4d:
         18:b4:f4:3e:01:23:17:38:7c:41:73:21:45:c9:70:34:03:1f:
         2b:67:bf:d7:4d:ec:8f:ed:d3:e0:74:31:f6:b4:13:71:14:55:
         82:ec:b9:79:95:93:4f:29:19:0b:eb:36:be:1e:80:2c:93:28:
         fa:3a:fc:07:01:43:04:f3:ea:b1:62:05:8b:2c:71:a3:e8:28:
         65:0a:35:a7:f1:3d:16:57:9b:23:71:e9:b0:6b:ca:d5:d1:4e:
         fe:93:9e:46:a6:54:c6:f9:7f:c0:9b:ec:44:a0:ec:99:ba:80:
         7a:59:ee:11:ad:cb:2e:5e:65:d8:cb:ca:ec:61:61:5e:6a:83:
         0d:ec:03:62:0b:2c:9a:de:a6:34:43:80:6a:16:4d:33:2a:74:
         bb:74:ed:52:21:46:40:34:c2:51:09:ed:fb:bd:df:eb:e5:19:
         a2:d8:f5:7c:e5:94:94:9c:d7:f9:24:ff:51:35:e0:88:62:04:
         04:f9:7f:13:0d:0a:e3:c6:76:00:4b:bf:90:7a:f5:21:20:aa:
         2e:84:ed:c0
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAY5Rsz6N+4vWuMXC+v6KuCkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMzE4MTMxNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzY3MzM1NjExMmQ1ZDkyZWE1MGJlNWYzNjMyNWMxODQ3MTMyYmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1HZcR5JuQsFqUT1dVRE/6PKqz6I
GI623skvxfymmJ7mmwauH1DXv6CERmrpScBw1Lr5ex9T4jB/kG6H4oRIONXeL+ix
7WSlpKnlC5TZYAVVjEQC37DgvdZpc9ghb/oMdt2GsZyJk6Ne75UEKvpjAYdXsg20
7IZpzdBakyzSkCuyH6vxGNaALJWNU5E+EgmKoe3dhWjtjtsoaUhH3vPrXNIFkGQv
2ehsotd4UX4kVbcDDJU0LzJtsiElmkl3Sm4vGOGtpBgQ61obWQBKCG9gbwYmqHgi
q2ghJigBxYeId1EsMur5wRDBISj7L5EMKG8631sHxIxB1dz1QbS17jT2dwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFCxnM1YRLV2S6lC+XzYyXBhHEyuzMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTEdjelZoRXRYWkxxVUw1Zk5qSmNHRWNUSzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQAwHysAwQA
wXwHAwQBwleoAwQAwlf1AwQAw4UZAwQA1MABAwQA1MDQMBQEAgACMA4DBQMqAVfA
AwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAEtwSQLSbbCKXw5GBO39ZUds9s+q7
SJa+F0UT3+OESpaYNS0LNvjmuQN1hlygAbJ2CxYBzbhNGLT0PgEjFzh8QXMhRclw
NAMfK2e/103sj+3T4HQx9rQTcRRVguy5eZWTTykZC+s2vh6ALJMo+jr8BwFDBPPq
sWIFiyxxo+goZQo1p/E9FlebI3HpsGvK1dFO/pOeRqZUxvl/wJvsRKDsmbqAelnu
Ea3LLl5l2MvK7GFhXmqDDewDYgssmt6mNEOAahZNMyp0u3TtUiFGQDTCUQnt+73f
6+UZotj1fOWUlJzX+ST/UTXgiGIEBPl/Ew0K48Z2AEu/kHr1ISCqLoTtwA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:13 2024 by rpki-client on console-fra.rpki-client.org