Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N_DE9As9dbZ_Zvmx3QOBl5zF-94.roa
File:                     N_DE9As9dbZ_Zvmx3QOBl5zF-94.roa (raw, json)
Hash identifier:          IAKWJdcOvagvsq4CF76E3HAfqRj+TwHPlVPX52lCB3g=
Subject key identifier:   37:F0:C4:F4:0B:3D:75:B6:7F:66:F9:B1:DD:03:81:97:9C:C5:FB:DE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0191271EF18B3AB970C9716E7F21142A41FC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N_DE9As9dbZ_Zvmx3QOBl5zF-94.roa
Signing time:             Tue 06 Aug 2024 09:57:04 +0000
ROA not before:           Tue 06 Aug 2024 09:57:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        192.124.191.0/24 maxlen: 24
                          193.124.5.0/24 maxlen: 24
                          194.87.12.0/24 maxlen: 24
                          194.87.22.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          194.87.40.0/24 maxlen: 24
                          194.87.88.0/24 maxlen: 24
                          194.87.89.0/24 maxlen: 24
                          194.87.108.0/24 maxlen: 24
                          194.87.124.0/24 maxlen: 24
                          194.87.136.0/24 maxlen: 24
                          194.87.142.0/24 maxlen: 24
                          194.87.150.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.185.0/24 maxlen: 24
                          195.133.2.0/24 maxlen: 24
                          195.133.6.0/24 maxlen: 24
                          195.133.29.0/24 maxlen: 24
                          195.133.42.0/24 maxlen: 24
                          195.133.43.0/24 maxlen: 24
                          195.133.72.0/24 maxlen: 24
                          195.133.85.0/24 maxlen: 24
                          195.133.192.0/24 maxlen: 24
                          212.193.14.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 17 Sep 2024 18:55:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:27:1e:f1:8b:3a:b9:70:c9:71:6e:7f:21:14:2a:41:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug  6 09:57:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37f0c4f40b3d75b67f66f9b1dd0381979cc5fbde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:91:18:5c:6e:94:b6:b4:42:28:d7:d4:90:fd:
                    87:9a:44:02:32:2e:4b:64:dc:33:ad:9b:3d:57:63:
                    7a:45:72:73:3f:a0:9b:f2:df:75:42:47:c1:9a:58:
                    20:f5:fd:4c:85:71:71:0d:f2:88:39:7a:96:8a:a4:
                    9e:b8:64:bc:c6:56:b2:54:bb:7d:12:94:de:51:25:
                    1a:8b:fb:47:af:08:96:6e:ee:f9:81:0a:79:e4:f1:
                    f2:77:ef:1c:03:02:50:6c:d6:01:df:c8:bc:7b:e3:
                    54:a9:50:34:c1:e3:c9:ee:31:dd:f9:3c:e0:26:70:
                    2f:34:8f:06:a6:e6:67:8c:7f:21:f0:47:6b:f8:70:
                    70:41:a5:5a:f0:5d:cf:74:81:df:5b:43:de:df:62:
                    96:3b:c0:e9:eb:1c:83:d2:a2:57:46:13:be:48:c7:
                    52:a7:d6:14:0a:7a:d3:45:a7:8f:dc:18:d4:87:65:
                    bf:b6:09:69:43:9b:f1:78:5e:4b:19:dd:95:b6:d2:
                    8f:96:da:65:a8:9a:be:8a:34:c8:3e:2a:de:7c:02:
                    87:29:7f:09:c7:68:0b:4d:5c:7a:13:30:ff:5c:86:
                    bf:9c:15:37:ef:63:1e:a7:65:f8:fb:67:dc:99:89:
                    ca:f2:d5:39:04:8f:7e:08:4b:28:03:89:9a:92:2d:
                    3c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:F0:C4:F4:0B:3D:75:B6:7F:66:F9:B1:DD:03:81:97:9C:C5:FB:DE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N_DE9As9dbZ_Zvmx3QOBl5zF-94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.191.0/24
                  193.124.5.0/24
                  194.87.12.0/24
                  194.87.22.0/24
                  194.87.32.0/24
                  194.87.40.0/24
                  194.87.88.0/23
                  194.87.108.0/24
                  194.87.124.0/24
                  194.87.136.0/24
                  194.87.142.0/24
                  194.87.150.0/24
                  194.87.169.0/24
                  194.87.185.0/24
                  195.133.2.0/24
                  195.133.6.0/24
                  195.133.29.0/24
                  195.133.42.0/23
                  195.133.72.0/24
                  195.133.85.0/24
                  195.133.192.0/24
                  212.193.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:de:56:ba:58:27:69:89:2d:0d:c8:79:f9:1d:99:0a:c3:3b:
         8a:a8:97:ce:f6:5d:cd:51:f3:b2:db:56:86:d0:5d:10:69:38:
         5b:87:73:66:07:86:a9:6e:b4:80:e2:2a:41:bc:a5:69:f3:67:
         97:73:dd:41:15:2c:18:49:00:af:4f:41:d9:ec:fe:ae:d3:b5:
         8e:2a:d4:e1:a7:33:b9:94:23:0c:5d:b3:e5:16:dc:c1:ce:d4:
         05:aa:52:fa:af:24:4e:a3:3a:75:6e:ee:54:1e:f8:9f:cc:d7:
         38:de:ae:05:d8:e4:bf:fa:fd:d6:dd:52:27:84:4e:98:cc:23:
         dc:c3:53:2d:52:64:98:b5:01:d3:00:8f:90:9b:11:e2:2b:92:
         57:fd:50:ff:ba:60:da:50:5d:ac:0a:52:d4:79:8e:47:a8:13:
         9d:4a:7a:30:7b:58:cc:d7:7f:b4:eb:b7:c7:1d:5a:68:55:be:
         28:0b:c0:8c:0e:ee:ff:8b:aa:31:39:d3:89:36:0f:9a:43:ec:
         72:ae:97:91:8c:51:d4:5c:fd:ec:e4:2f:33:15:8d:40:6c:5d:
         53:2e:04:bf:85:93:56:99:1e:46:62:22:9b:c0:95:2a:b2:f9:
         c2:22:24:d7:bc:fa:ba:10:ff:ae:2a:50:05:9e:16:fd:5b:19:
         cd:7f:97:1b
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAZEnHvGLOrlwyXFufyEUKkH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwODA2MDk1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2YwYzRmNDBiM2Q3NWI2N2Y2NmY5YjFkZDAzODE5NzljYzVmYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5EYXG6UtrRCKNfUkP2HmkQCMi5L
ZNwzrZs9V2N6RXJzP6Cb8t91QkfBmlgg9f1MhXFxDfKIOXqWiqSeuGS8xlayVLt9
EpTeUSUai/tHrwiWbu75gQp55PHyd+8cAwJQbNYB38i8e+NUqVA0wePJ7jHd+Tzg
JnAvNI8GpuZnjH8h8Edr+HBwQaVa8F3PdIHfW0Pe32KWO8Dp6xyD0qJXRhO+SMdS
p9YUCnrTRaeP3BjUh2W/tglpQ5vxeF5LGd2VttKPltplqJq+ijTIPirefAKHKX8J
x2gLTVx6EzD/XIa/nBU372Mep2X4+2fcmYnK8tU5BI9+CEsoA4maki08ewIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFDfwxPQLPXW2f2b5sd0DgZecxfveMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTl9ERTlBczlkYlpfWnZteDNRT0JsNXpGLTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBADA
fL8DBADBfAUDBADCVwwDBADCVxYDBADCVyADBADCVygDBAHCV1gDBADCV2wDBADC
V3wDBADCV4gDBADCV44DBADCV5YDBADCV6kDBADCV7kDBADDhQIDBADDhQYDBADD
hR0DBAHDhSoDBADDhUgDBADDhVUDBADDhcADBADUwQ4wDQYJKoZIhvcNAQELBQAD
ggEBAE3eVrpYJ2mJLQ3IefkdmQrDO4qol872Xc1R87LbVobQXRBpOFuHc2YHhqlu
tIDiKkG8pWnzZ5dz3UEVLBhJAK9PQdns/q7TtY4q1OGnM7mUIwxds+UW3MHO1AWq
UvqvJE6jOnVu7lQe+J/M1zjergXY5L/6/dbdUieETpjMI9zDUy1SZJi1AdMAj5Cb
EeIrklf9UP+6YNpQXawKUtR5jkeoE51KejB7WMzXf7Trt8cdWmhVvigLwIwO7v+L
qjE504k2D5pD7HKul5GMUdRc/ezkLzMVjUBsXVMuBL+Fk1aZHkZiIpvAlSqy+cIi
JNe8+roQ/64qUAWeFv1bGc1/lxs=
-----END CERTIFICATE-----
Generated at Tue Sep 17 21:03:17 2024 by rpki-client on console-ams.rpki-client.org