Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NlwlgJ6XGjZ-KbKMn4nURJHzKXA.roa
File:                     NlwlgJ6XGjZ-KbKMn4nURJHzKXA.roa (raw, json)
Hash identifier:          PifjEmwDvopt8ZtJkL7C7xCsN48VdRrsoIXe1WTbBbI=
Subject key identifier:   36:5C:25:80:9E:97:1A:36:7E:29:B2:8C:9F:89:D4:44:91:F3:29:70
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018ECD31A6DB33AE1FA3DDFCBEC93FBCBD4B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NlwlgJ6XGjZ-KbKMn4nURJHzKXA.roa
Signing time:             Thu 11 Apr 2024 12:46:06 +0000
ROA not before:           Thu 11 Apr 2024 12:46:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.172.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          194.87.141.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sun 14 Apr 2024 19:07:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cd:31:a6:db:33:ae:1f:a3:dd:fc:be:c9:3f:bc:bd:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 11 12:46:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=365c25809e971a367e29b28c9f89d44491f32970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:03:33:85:85:c9:4e:e1:50:6d:2e:ed:1f:2f:
                    fe:9e:5b:83:c4:0e:7e:ac:f6:37:d2:cc:1d:34:cc:
                    b0:dc:4f:79:3e:21:a3:fe:1f:e8:5a:af:2f:a7:76:
                    4a:f3:5c:c3:71:bb:00:e1:61:9c:7e:c9:ff:bf:06:
                    70:34:10:66:47:bf:fe:e2:96:c9:38:69:0f:bc:e7:
                    dc:ba:36:53:7c:10:a3:ea:37:20:b1:08:6a:5d:2c:
                    7b:bd:78:26:a9:ca:8f:ed:eb:87:57:74:a5:53:8a:
                    2a:94:53:59:ca:3c:fc:16:50:6a:bd:2a:db:03:b2:
                    4f:1f:ab:a4:c2:55:f7:7e:3a:b2:51:eb:c8:67:7d:
                    91:66:e5:80:ad:1e:fc:77:66:24:fc:4d:9f:c4:a6:
                    35:2e:62:48:1e:35:e0:43:1a:80:d0:18:42:0b:8c:
                    e0:fd:c0:17:44:08:20:c1:27:c3:71:ef:67:17:3f:
                    32:41:ea:e6:c9:f6:d9:b7:26:bb:b8:88:8b:2b:4e:
                    87:4d:6c:d7:d3:03:0f:6c:b4:25:d9:af:d2:be:9a:
                    e2:d9:8d:3b:24:c0:39:90:7b:57:00:0c:b6:ff:83:
                    f0:d3:23:3c:39:cb:8d:6d:68:1f:45:a5:43:27:af:
                    a8:05:25:11:80:4c:d5:30:4f:a9:72:63:d0:f9:0c:
                    bc:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:5C:25:80:9E:97:1A:36:7E:29:B2:8C:9F:89:D4:44:91:F3:29:70
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NlwlgJ6XGjZ-KbKMn4nURJHzKXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  193.124.7.0/24
                  194.87.141.0/24
                  194.87.169.0/24
                  194.87.245.0/24
                  195.133.25.0/24
                  212.192.1.0/24
                  212.192.208.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:af:22:08:35:03:88:a0:b8:d6:c0:d7:60:2a:8c:da:ca:c9:
         0f:a4:d7:fc:31:9e:59:5f:cd:68:8e:cb:31:b6:8f:16:79:40:
         8f:c0:87:ae:fe:a2:f9:52:42:7c:d2:26:4d:2b:f5:e4:93:c8:
         13:eb:7e:ec:ec:cd:ff:4d:d4:82:e1:57:a9:30:cd:ec:98:e8:
         9c:d2:07:47:c0:1e:f4:ad:a5:fd:2f:95:9b:60:7b:9b:26:b4:
         72:4c:8f:3a:4f:7d:3a:61:59:e0:08:48:5b:30:e5:ba:cf:09:
         dc:51:61:66:88:a6:75:c1:af:ea:00:7b:6a:df:14:15:01:bd:
         89:9b:49:6b:90:ff:e9:23:d5:92:32:33:52:37:3b:c7:1f:b2:
         ac:b1:6e:69:0f:95:bc:58:6e:66:c4:a2:c3:b8:ff:f9:e8:06:
         9a:66:2a:ed:30:21:4e:ce:e5:43:c7:36:12:a1:85:93:7b:7f:
         43:61:87:d5:8d:3d:10:12:f2:ef:71:54:a2:82:68:07:2d:c9:
         2d:46:21:77:ce:6f:b7:46:9a:c4:d6:b4:d1:d0:e3:0f:e1:2a:
         f6:8d:1a:93:e8:e0:87:f0:d5:d9:c2:7d:44:b5:8e:11:4d:1f:
         fd:82:cb:51:cf:eb:19:8b:2d:54:61:24:51:ab:e7:d0:ee:af:
         67:66:78:f0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY7NMabbM64fo938vsk/vL1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNDExMTI0NjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjVjMjU4MDllOTcxYTM2N2UyOWIyOGM5Zjg5ZDQ0NDkxZjMyOTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAMzhYXJTuFQbS7tHy/+nluDxA5+
rPY30swdNMyw3E95PiGj/h/oWq8vp3ZK81zDcbsA4WGcfsn/vwZwNBBmR7/+4pbJ
OGkPvOfcujZTfBCj6jcgsQhqXSx7vXgmqcqP7euHV3SlU4oqlFNZyjz8FlBqvSrb
A7JPH6ukwlX3fjqyUevIZ32RZuWArR78d2Yk/E2fxKY1LmJIHjXgQxqA0BhCC4zg
/cAXRAggwSfDce9nFz8yQermyfbZtya7uIiLK06HTWzX0wMPbLQl2a/Svpri2Y07
JMA5kHtXAAy2/4Pw0yM8OcuNbWgfRaVDJ6+oBSURgEzVME+pcmPQ+Qy8HwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDZcJYCelxo2fimyjJ+J1ESR8ylwMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTmx3bGdKNlhHalotS2JLTW40blVSSkh6S1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQAwHysAwQA
wXwHAwQAwleNAwQAwlepAwQAwlf1AwQAw4UZAwQA1MABAwQA1MDQMBQEAgACMA4D
BQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAB68iCDUDiKC41sDXYCqM
2srJD6TX/DGeWV/NaI7LMbaPFnlAj8CHrv6i+VJCfNImTSv15JPIE+t+7OzN/03U
guFXqTDN7JjonNIHR8Ae9K2l/S+Vm2B7mya0ckyPOk99OmFZ4AhIWzDlus8J3FFh
ZoimdcGv6gB7at8UFQG9iZtJa5D/6SPVkjIzUjc7xx+yrLFuaQ+VvFhuZsSiw7j/
+egGmmYq7TAhTs7lQ8c2EqGFk3t/Q2GH1Y09EBLy73FUooJoBy3JLUYhd85vt0aa
xNa00dDjD+Eq9o0ak+jgh/DV2cJ9RLWOEU0f/YLLUc/rGYstVGEkUavn0O6vZ2Z4
8A==
-----END CERTIFICATE-----
Generated at Sun Apr 14 22:16:51 2024 by rpki-client on console-ams.rpki-client.org