Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OhweD1L3m5CjlaGnIZG6zV080lw.roa
File:                     OhweD1L3m5CjlaGnIZG6zV080lw.roa (raw, json)
Hash identifier:          kp7Wnb5C4eFCSlsx/ACQEUF0i479c3BfJOeJK1/XWms=
Subject key identifier:   3A:1C:1E:0F:52:F7:9B:90:A3:95:A1:A7:21:91:BA:CD:5D:3C:D2:5C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0189E9550023378E9A419BCB4DBA9423CF8D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OhweD1L3m5CjlaGnIZG6zV080lw.roa
Signing time:             Sat 12 Aug 2023 10:40:09 +0000
ROA not before:           Sat 12 Aug 2023 10:40:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51722
IP address blocks:        194.87.21.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          194.87.33.0/24 maxlen: 24
                          194.87.166.0/24 maxlen: 24
                          195.58.55.0/24 maxlen: 24
                          212.192.251.0/24 maxlen: 24
                          194.87.181.0/24 maxlen: 24
                          212.192.250.0/24 maxlen: 24
                          195.58.59.0/24 maxlen: 24
                          212.192.248.0/24 maxlen: 24
                          193.124.201.0/24 maxlen: 24
                          194.87.187.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e9:55:00:23:37:8e:9a:41:9b:cb:4d:ba:94:23:cf:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 12 10:40:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a1c1e0f52f79b90a395a1a72191bacd5d3cd25c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:f3:31:81:a0:3b:9e:fd:73:57:e4:03:c8:
                    4d:cd:66:47:d7:a0:53:6a:55:d4:70:3b:69:2a:d9:
                    2f:7a:7d:41:00:79:44:a9:0c:eb:4f:5f:e5:4d:2e:
                    ee:fa:bd:b9:f4:f0:7c:06:cf:f1:a0:0c:1f:e3:09:
                    0d:5a:9f:82:ba:d1:d3:9f:c9:e7:56:1b:dc:60:11:
                    ea:7f:8a:78:73:7a:2c:31:54:99:51:3a:d2:cc:b6:
                    6d:d7:d5:86:7d:47:c0:4b:71:3d:19:6b:cf:60:49:
                    73:48:bb:ad:5c:ef:89:26:89:0f:76:e4:4b:78:f2:
                    61:62:11:2a:57:d0:3d:3b:6e:25:7e:f6:ef:54:e6:
                    e6:a3:5a:d2:8c:ff:72:58:9a:52:8c:0f:4f:a3:73:
                    c2:ac:dd:28:89:ff:f0:21:03:a4:8b:91:41:45:c9:
                    9b:7c:e1:a3:53:6d:6b:9f:d8:f3:b6:5d:35:11:78:
                    8c:50:f8:c4:7b:6b:e4:4d:83:b3:bd:60:0a:f6:4c:
                    1d:0b:af:3a:c0:d0:22:3d:c6:16:31:fb:61:d8:dc:
                    3a:81:7c:29:71:d2:35:33:78:32:63:ea:53:f5:3f:
                    1d:22:15:5b:a2:8f:b8:ff:62:82:25:96:61:0b:e6:
                    d5:b7:08:b1:52:c1:f6:7a:14:57:fc:ee:9f:3d:ce:
                    0a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:1C:1E:0F:52:F7:9B:90:A3:95:A1:A7:21:91:BA:CD:5D:3C:D2:5C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OhweD1L3m5CjlaGnIZG6zV080lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.201.0/24
                  194.87.21.0/24
                  194.87.33.0/24
                  194.87.166.0/24
                  194.87.181.0/24
                  194.87.187.0/24
                  194.135.18.0/24
                  195.58.55.0/24
                  195.58.59.0/24
                  212.192.248.0/24
                  212.192.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:40:1a:36:70:87:92:5b:c4:9f:95:3c:94:e2:b0:e1:f5:30:
         20:6c:b4:5e:33:b9:26:b1:7c:c7:bb:99:63:97:0a:b3:bd:2c:
         8c:2b:fd:af:6d:be:15:7d:7b:ef:cc:e4:d8:5a:1a:cb:0f:82:
         bc:fb:4e:d4:8d:9d:e9:6b:da:53:49:2b:b6:84:14:42:c6:44:
         65:a2:bc:0e:e3:1d:cf:3b:f8:a2:15:5e:ba:a9:92:7b:6c:82:
         ee:b0:6f:55:e9:f2:2e:2e:91:48:0f:8a:ab:52:5e:9b:8e:8c:
         f7:b2:cf:b5:f3:bc:18:8a:de:06:33:fa:44:e6:21:ca:ad:f9:
         e3:72:fe:ec:e1:33:91:ad:55:14:9c:4c:36:57:a4:a5:5e:a2:
         f8:52:39:37:b4:a6:0d:6a:67:7a:3b:1f:73:d7:f4:cc:2e:e8:
         70:a1:79:ce:41:75:5a:44:a6:74:1a:df:77:7d:a4:3f:0e:fc:
         71:f4:05:10:6e:8f:81:e1:3f:04:2a:2e:da:cc:ac:7f:cc:23:
         fa:af:e7:cd:53:3f:bc:2a:85:83:1b:1c:69:d3:09:41:5c:c1:
         2b:49:89:27:67:df:7d:d2:11:1f:9a:55:c7:5e:99:63:39:55:
         c8:ff:29:0c:5d:bc:d4:09:ce:d3:80:8b:14:ba:39:d2:10:96:
         8f:e7:85:ab
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYnpVQAjN46aQZvLTbqUI8+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwODEyMTA0MDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTFjMWUwZjUyZjc5YjkwYTM5NWExYTcyMTkxYmFjZDVkM2NkMjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJLzMYGgO579c1fkA8hNzWZH16BT
alXUcDtpKtkven1BAHlEqQzrT1/lTS7u+r259PB8Bs/xoAwf4wkNWp+CutHTn8nn
VhvcYBHqf4p4c3osMVSZUTrSzLZt19WGfUfAS3E9GWvPYElzSLutXO+JJokPduRL
ePJhYhEqV9A9O24lfvbvVObmo1rSjP9yWJpSjA9Po3PCrN0oif/wIQOki5FBRcmb
fOGjU21rn9jztl01EXiMUPjEe2vkTYOzvWAK9kwdC686wNAiPcYWMfth2Nw6gXwp
cdI1M3gyY+pT9T8dIhVboo+4/2KCJZZhC+bVtwixUsH2ehRX/O6fPc4KRwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDocHg9S95uQo5WhpyGRus1dPNJcMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvT2h3ZUQxTDNtNUNqbGFHbklaRzZ6VjA4MGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAwXzJAwQA
wlcVAwQAwlchAwQAwlemAwQAwle1AwQAwle7AwQAwocSAwQAwzo3AwQAwzo7AwQA
1MD4AwQB1MD6MA0GCSqGSIb3DQEBCwUAA4IBAQB0QBo2cIeSW8SflTyU4rDh9TAg
bLReM7kmsXzHu5ljlwqzvSyMK/2vbb4VfXvvzOTYWhrLD4K8+07UjZ3pa9pTSSu2
hBRCxkRlorwO4x3PO/iiFV66qZJ7bILusG9V6fIuLpFID4qrUl6bjoz3ss+187wY
it4GM/pE5iHKrfnjcv7s4TORrVUUnEw2V6SlXqL4Ujk3tKYNamd6Ox9z1/TMLuhw
oXnOQXVaRKZ0Gt93faQ/Dvxx9AUQbo+B4T8EKi7azKx/zCP6r+fNUz+8KoWDGxxp
0wlBXMErSYknZ9990hEfmlXHXpljOVXI/ykMXbzUCc7TgIsUujnSEJaP54Wr
-----END CERTIFICATE-----