Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QgfcDbOQxbqac6c8qRCj3cMDfkg.roa
File:                     QgfcDbOQxbqac6c8qRCj3cMDfkg.roa (raw, json)
Hash identifier:          gCkxhU3p6ce9aeJ2u6nAJpknpOnx4cUEUrmQN92F8kE=
Subject key identifier:   42:07:DC:0D:B3:90:C5:BA:9A:73:A7:3C:A9:10:A3:DD:C3:03:7E:48
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01856F66EAB38A405FECC8012A0667AD0E9B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QgfcDbOQxbqac6c8qRCj3cMDfkg.roa
Signing time:             Sun 01 Jan 2023 22:14:53 +0000
ROA not before:           Sun 01 Jan 2023 22:14:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     10010
IP address blocks:        194.87.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:66:ea:b3:8a:40:5f:ec:c8:01:2a:06:67:ad:0e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  1 22:14:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4207dc0db390c5ba9a73a73ca910a3ddc3037e48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2b:8e:30:d4:1b:18:87:ef:96:89:8e:9f:45:
                    67:b3:60:db:9b:79:4e:6d:84:b6:84:b1:4a:65:3a:
                    49:ea:30:16:17:1b:0e:3f:43:64:9a:60:7b:c0:0c:
                    c3:3c:64:5e:b8:0b:8f:81:e3:28:e8:7b:c4:00:92:
                    cd:fa:0f:68:d3:76:f7:b5:51:08:b9:37:d6:8e:f7:
                    6e:4f:a6:31:84:71:0d:9e:ec:3c:ab:50:dc:b8:d3:
                    05:3f:04:40:47:94:5c:fe:ce:f6:aa:4d:20:af:aa:
                    17:5d:3a:a8:58:71:0b:4e:c5:cf:07:89:df:91:1f:
                    fd:f8:5c:85:28:01:95:48:17:c2:f5:2c:20:b3:d9:
                    aa:b6:7b:ce:8b:cd:f1:4a:1c:ce:12:b0:8e:9f:8b:
                    ad:1f:ef:6f:7e:dc:33:bc:60:34:48:2c:ad:f1:d3:
                    7b:2b:32:49:7f:55:f0:46:04:e0:55:05:ec:53:5c:
                    ee:1e:d0:ac:69:35:bc:01:9b:9d:a3:c6:c4:32:51:
                    86:af:b1:92:49:d6:70:7c:98:53:17:8e:66:71:f1:
                    28:48:a7:5a:4e:3c:61:b9:c6:9f:e7:18:be:39:16:
                    92:47:62:3e:f2:7f:4c:48:31:c6:12:7c:2a:49:14:
                    9f:59:80:e1:c0:78:28:7b:05:f5:6f:d0:ac:2e:07:
                    f8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:07:DC:0D:B3:90:C5:BA:9A:73:A7:3C:A9:10:A3:DD:C3:03:7E:48
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QgfcDbOQxbqac6c8qRCj3cMDfkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:2f:51:ef:6d:6b:82:30:df:86:8d:85:1c:7a:bb:20:37:d6:
         c3:99:34:d2:20:65:11:86:f3:42:61:f8:1a:6b:dd:07:4f:05:
         84:c9:ec:df:16:f7:58:a3:6e:c1:09:86:1a:9f:9a:71:5c:b7:
         cf:fb:9f:a8:74:db:29:e5:fd:e1:f9:a0:c7:60:38:df:5b:b3:
         4d:eb:77:53:b4:fb:ad:02:84:52:ec:94:39:8a:21:de:71:1e:
         35:07:11:59:6d:88:11:89:4f:c8:22:1b:c1:26:bb:a3:15:59:
         7a:74:6e:1e:d7:4c:1c:95:2a:61:28:49:4d:dc:fc:a2:b6:81:
         83:15:ca:da:8c:2b:87:e1:84:7f:f9:d3:41:88:3e:44:5f:c1:
         97:53:ea:80:b2:4a:4d:40:8d:c9:fd:ea:dd:c1:d1:94:dc:ce:
         08:51:c5:9f:8b:c5:81:3b:4d:33:f5:21:68:e4:3b:ff:ad:47:
         aa:d8:8e:39:06:27:4c:5e:ec:eb:eb:99:9b:14:da:8e:a2:34:
         d5:ea:d5:3b:3e:23:df:b7:64:f7:09:3a:15:ca:f3:c5:cb:76:
         ae:1e:35:1c:03:d1:1d:ef:70:f6:de:3d:29:de:15:1c:6a:11:
         37:21:86:a6:11:d2:97:13:ea:c1:08:86:c2:28:e6:d2:5d:9b:
         a2:e1:63:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvZuqzikBf7MgBKgZnrQ6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTAxMjIxNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjA3ZGMwZGIzOTBjNWJhOWE3M2E3M2NhOTEwYTNkZGMzMDM3ZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiuOMNQbGIfvlomOn0Vns2Dbm3lO
bYS2hLFKZTpJ6jAWFxsOP0NkmmB7wAzDPGReuAuPgeMo6HvEAJLN+g9o03b3tVEI
uTfWjvduT6YxhHENnuw8q1DcuNMFPwRAR5Rc/s72qk0gr6oXXTqoWHELTsXPB4nf
kR/9+FyFKAGVSBfC9Swgs9mqtnvOi83xShzOErCOn4utH+9vftwzvGA0SCyt8dN7
KzJJf1XwRgTgVQXsU1zuHtCsaTW8AZudo8bEMlGGr7GSSdZwfJhTF45mcfEoSKda
Tjxhucaf5xi+ORaSR2I+8n9MSDHGEnwqSRSfWYDhwHgoewX1b9CsLgf47QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIH3A2zkMW6mnOnPKkQo93DA35IMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUWdmY0RiT1F4YnFhYzZjOHFSQ2ozY01EZmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfhMA0G
CSqGSIb3DQEBCwUAA4IBAQAVL1HvbWuCMN+GjYUcersgN9bDmTTSIGURhvNCYfga
a90HTwWEyezfFvdYo27BCYYan5pxXLfP+5+odNsp5f3h+aDHYDjfW7NN63dTtPut
AoRS7JQ5iiHecR41BxFZbYgRiU/IIhvBJrujFVl6dG4e10wclSphKElN3PyitoGD
FcrajCuH4YR/+dNBiD5EX8GXU+qAskpNQI3J/erdwdGU3M4IUcWfi8WBO00z9SFo
5Dv/rUeq2I45BidMXuzr65mbFNqOojTV6tU7PiPft2T3CToVyvPFy3auHjUcA9Ed
73D23j0p3hUcahE3IYamEdKXE+rBCIbCKObSXZui4WPy
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:57 2023 by rpki-client on console-ams.rpki-client.org