Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LbOEeA0sgaDauvKJY1FrMl49-XI.roa
File:                     LbOEeA0sgaDauvKJY1FrMl49-XI.roa (raw, json)
Hash identifier:          3tSBB23g0NsIkCkEtCYxw12LUilwUeDyL+If74sIp+g=
Subject key identifier:   2D:B3:84:78:0D:2C:81:A0:DA:BA:F2:89:63:51:6B:32:5E:3D:F9:72
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018B147E7E1172B7AD0E2FE8426CF3AA28BA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LbOEeA0sgaDauvKJY1FrMl49-XI.roa
Signing time:             Mon 09 Oct 2023 12:51:56 +0000
ROA not before:           Mon 09 Oct 2023 12:51:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        194.87.1.0/24 maxlen: 24
                          193.124.16.0/24 maxlen: 24
                          194.87.11.0/24 maxlen: 24
                          194.87.12.0/24 maxlen: 24
                          194.87.21.0/24 maxlen: 24
                          194.87.18.0/24 maxlen: 24
                          212.192.214.0/24 maxlen: 24
                          194.58.47.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          195.58.58.0/24 maxlen: 24
                          195.58.53.0/24 maxlen: 24
                          195.58.58.0/23 maxlen: 23
                          195.58.62.0/23 maxlen: 23
                          194.87.104.0/24 maxlen: 24
                          194.87.108.0/24 maxlen: 24
                          194.87.114.0/23 maxlen: 23
                          194.87.122.0/24 maxlen: 24
                          194.87.124.0/24 maxlen: 24
                          193.124.133.0/24 maxlen: 24
                          194.87.131.0/24 maxlen: 24
                          195.133.0.0/24 maxlen: 24
                          194.87.134.0/23 maxlen: 23
                          194.87.133.0/24 maxlen: 24
                          195.133.6.0/24 maxlen: 24
                          195.133.7.0/24 maxlen: 24
                          194.87.40.0/24 maxlen: 24
                          194.87.56.0/24 maxlen: 24
                          194.58.154.0/24 maxlen: 24
                          193.124.80.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24
                          194.87.83.0/24 maxlen: 24
                          194.87.200.0/24 maxlen: 24
                          195.133.73.0/24 maxlen: 24
                          195.133.85.0/24 maxlen: 24
                          195.133.84.0/23 maxlen: 23
                          194.87.222.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          194.87.151.0/24 maxlen: 24
                          192.124.178.0/24 maxlen: 24
                          195.133.30.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          195.133.37.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          192.124.191.0/24 maxlen: 24
                          195.133.40.0/23 maxlen: 23
                          194.87.187.0/24 maxlen: 24
                          194.87.190.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:14:7e:7e:11:72:b7:ad:0e:2f:e8:42:6c:f3:aa:28:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct  9 12:51:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2db384780d2c81a0dabaf28963516b325e3df972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cc:f5:92:a0:41:46:a3:ff:a2:8d:f8:a9:37:
                    8e:01:c1:09:69:7f:14:84:ec:f0:04:ae:bf:80:fc:
                    22:b2:42:20:3a:ec:be:2d:d0:e5:5f:bb:b4:b8:5c:
                    b8:78:2f:dd:fe:79:0d:37:5f:51:23:55:49:c1:ad:
                    19:41:ea:0c:8f:42:ec:fb:cd:3d:fb:28:5e:2c:be:
                    3e:dc:4d:65:5a:07:26:69:a2:2e:7e:ea:0b:d5:57:
                    4f:22:1d:3e:42:4e:fa:7c:55:16:0b:62:e8:53:72:
                    00:f1:f2:f7:f3:eb:c1:8c:9c:18:66:67:48:7c:19:
                    67:7e:04:e9:c7:87:c7:ab:dd:3c:66:93:e9:4e:5d:
                    0d:f5:9a:f1:06:0b:31:2c:ff:55:90:9d:ed:26:48:
                    71:bc:1a:68:e8:fb:00:54:5f:e7:02:51:07:d5:c7:
                    fd:a2:5f:79:2d:d7:ca:61:38:d0:ca:5c:aa:f3:b2:
                    09:4d:f8:55:98:2f:7c:6b:43:5d:05:34:08:59:0c:
                    1b:7a:89:f9:86:1e:c9:92:64:77:5b:f6:f5:b5:56:
                    1f:c7:bf:fe:83:a0:a1:1f:6e:90:90:95:1c:fb:8b:
                    2e:30:17:b1:4f:86:10:ae:af:e4:73:b2:77:20:93:
                    29:82:e4:7b:2b:0c:5e:64:4e:33:52:a7:b2:2d:88:
                    d0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B3:84:78:0D:2C:81:A0:DA:BA:F2:89:63:51:6B:32:5E:3D:F9:72
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LbOEeA0sgaDauvKJY1FrMl49-XI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.178.0/24
                  192.124.191.0/24
                  193.124.16.0/24
                  193.124.80.0/24
                  193.124.133.0/24
                  193.124.200.0/24
                  194.58.47.0/24
                  194.58.154.0/24
                  194.87.1.0/24
                  194.87.11.0-194.87.12.255
                  194.87.18.0/24
                  194.87.21.0/24
                  194.87.40.0/24
                  194.87.56.0/24
                  194.87.73.0/24
                  194.87.83.0/24
                  194.87.104.0/24
                  194.87.108.0/24
                  194.87.114.0/23
                  194.87.122.0/24
                  194.87.124.0/24
                  194.87.131.0/24
                  194.87.133.0-194.87.135.255
                  194.87.151.0/24
                  194.87.168.0/24
                  194.87.179.0/24
                  194.87.187.0/24
                  194.87.190.0/24
                  194.87.200.0/24
                  194.87.222.0/24
                  194.135.18.0/24
                  195.58.53.0-195.58.54.255
                  195.58.58.0/23
                  195.58.62.0/23
                  195.133.0.0/24
                  195.133.6.0/23
                  195.133.30.0/24
                  195.133.37.0/24
                  195.133.40.0/23
                  195.133.73.0/24
                  195.133.84.0/23
                  212.192.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:5e:1d:9a:ce:f7:4f:51:6d:d9:32:cb:2d:c2:9b:7e:e6:25:
         b4:5e:55:12:c7:8a:49:53:22:b5:88:60:ee:25:0c:c9:ab:53:
         3a:64:28:14:6a:1d:b4:14:92:32:06:c0:7f:b3:62:49:36:87:
         97:b2:ad:83:41:5f:ae:38:41:c2:01:2d:d2:16:5e:72:21:4d:
         0c:a3:f0:76:e3:a0:c4:28:9b:e5:a9:29:80:38:29:b7:21:59:
         55:4d:db:d2:3c:37:72:7e:a8:a5:0c:39:8f:a7:ff:ef:08:85:
         ae:c9:2f:60:69:15:98:fc:a2:2f:71:93:2f:f7:a7:5f:3b:8a:
         32:e8:01:45:e1:f1:73:02:55:e2:37:34:14:24:5c:c4:f2:2c:
         de:5a:2a:a1:03:8c:c3:75:a3:28:3b:28:ad:32:fe:7e:f8:85:
         69:52:5f:6f:30:1b:1a:3f:d0:36:2b:91:20:72:a0:ee:ec:37:
         61:a9:88:3c:7c:67:fd:e8:93:fb:55:16:77:28:74:a1:1c:61:
         cd:a7:35:32:99:63:02:e7:aa:f3:a6:77:78:4c:84:23:50:3c:
         66:0e:54:86:1d:7c:fc:5c:03:a1:b2:41:60:25:a6:81:37:4d:
         76:8b:32:0f:9a:21:b6:ce:28:5e:c8:c7:8e:e1:b2:df:af:56:
         9f:28:67:8f
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgISAYsUfn4RcretDi/oQmzzqii6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMDA5MTI1MTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGIzODQ3ODBkMmM4MWEwZGFiYWYyODk2MzUxNmIzMjVlM2RmOTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMz1kqBBRqP/oo34qTeOAcEJaX8U
hOzwBK6/gPwiskIgOuy+LdDlX7u0uFy4eC/d/nkNN19RI1VJwa0ZQeoMj0Ls+809
+yheLL4+3E1lWgcmaaIufuoL1VdPIh0+Qk76fFUWC2LoU3IA8fL38+vBjJwYZmdI
fBlnfgTpx4fHq908ZpPpTl0N9ZrxBgsxLP9VkJ3tJkhxvBpo6PsAVF/nAlEH1cf9
ol95LdfKYTjQylyq87IJTfhVmC98a0NdBTQIWQwbeon5hh7JkmR3W/b1tVYfx7/+
g6ChH26QkJUc+4suMBexT4YQrq/kc7J3IJMpguR7KwxeZE4zUqeyLYjQiQIDAQAB
o4IDITCCAx0wHQYDVR0OBBYEFC2zhHgNLIGg2rryiWNRazJePflyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTGJPRWVBMHNnYURhdXZLSlkxRnJNbDQ5LVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNQYIKwYBBQUHAQcBAf8EggEkMIIBIDCCARwEAgABMIIB
FAMEAMB8sgMEAMB8vwMEAMF8EAMEAMF8UAMEAMF8hQMEAMF8yAMEAMI6LwMEAMI6
mgMEAMJXATAMAwQAwlcLAwQAwlcMAwQAwlcSAwQAwlcVAwQAwlcoAwQAwlc4AwQA
wldJAwQAwldTAwQAwldoAwQAwldsAwQBwldyAwQAwld6AwQAwld8AwQAwleDMAwD
BADCV4UDBAPCV4ADBADCV5cDBADCV6gDBADCV7MDBADCV7sDBADCV74DBADCV8gD
BADCV94DBADChxIwDAMEAMM6NQMEAMM6NgMEAcM6OgMEAcM6PgMEAMOFAAMEAcOF
BgMEAMOFHgMEAMOFJQMEAcOFKAMEAMOFSQMEAcOFVAMEANTA1jANBgkqhkiG9w0B
AQsFAAOCAQEACl4dms73T1Ft2TLLLcKbfuYltF5VEseKSVMitYhg7iUMyatTOmQo
FGodtBSSMgbAf7NiSTaHl7Ktg0FfrjhBwgEt0hZeciFNDKPwduOgxCib5akpgDgp
tyFZVU3b0jw3cn6opQw5j6f/7wiFrskvYGkVmPyiL3GTL/enXzuKMugBReHxcwJV
4jc0FCRcxPIs3loqoQOMw3WjKDsorTL+fviFaVJfbzAbGj/QNiuRIHKg7uw3YamI
PHxn/eiT+1UWdyh0oRxhzac1MpljAueq86Z3eEyEI1A8Zg5Uhh18/FwDobJBYCWm
gTdNdosyD5ohts4oXsjHjuGy369Wnyhnjw==
-----END CERTIFICATE-----
Generated at Tue Oct 10 18:46:15 2023 by rpki-client on console-ams.rpki-client.org