Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YlDPxuZSiKacNi0_gW8xRLPkJTs.roa
File:                     YlDPxuZSiKacNi0_gW8xRLPkJTs.roa (raw, json)
Hash identifier:          hI00cARilHnpEZ40NnisFCCEUEpH4eex2cFR0zQL9U0=
Subject key identifier:   62:50:CF:C6:E6:52:88:A6:9C:36:2D:3F:81:6F:31:44:B3:E4:25:3B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A92BE660428EF0FD84921B81422EE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YlDPxuZSiKacNi0_gW8xRLPkJTs.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        62.76.232.0/24 maxlen: 24
                          194.87.125.0/24 maxlen: 24
                          194.87.139.0/24 maxlen: 24
                          195.58.33.0/24 maxlen: 24
                          195.58.57.0/24 maxlen: 24
                          193.124.206.0/24 maxlen: 24
                          212.193.9.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 15 Nov 2024 14:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:92:be:66:04:28:ef:0f:d8:49:21:b8:14:22:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6250cfc6e65288a69c362d3f816f3144b3e4253b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:af:2e:7f:50:e2:23:6e:8f:f6:e6:e3:44:77:
                    74:4c:16:88:82:d5:25:bd:83:e8:0e:82:92:b6:55:
                    96:b1:50:1e:b6:73:5a:b3:2f:1a:9d:be:07:54:d8:
                    96:d6:f1:51:ec:32:ad:d7:ae:e1:75:25:6f:e4:3f:
                    e2:10:54:10:3f:e4:0e:eb:37:81:f6:4b:c1:57:81:
                    1c:2c:e9:c1:37:a2:56:77:39:a3:00:27:62:65:69:
                    36:cb:e3:2a:e4:a7:d9:23:ef:6c:12:74:44:0d:0a:
                    51:49:b1:65:2f:be:4e:6d:b7:6c:5d:33:b4:1d:89:
                    6a:2e:47:d8:cd:b7:70:de:cb:73:d0:66:f4:77:55:
                    a8:57:41:2a:0b:b3:09:36:84:69:25:8a:eb:0a:90:
                    67:9c:3f:9c:6b:42:33:60:1f:e8:68:4b:dd:98:ad:
                    d5:48:28:7c:4a:b5:ff:14:c9:f1:e9:63:75:0b:34:
                    a6:21:46:14:11:fc:e7:26:ab:8b:a7:7d:8f:b4:55:
                    14:ef:2f:7f:a3:44:d9:39:3b:db:e1:03:61:88:b7:
                    b0:64:42:15:d7:1f:c7:c9:51:5a:54:9f:93:50:7b:
                    11:b7:58:54:e0:68:23:28:29:90:f7:95:9e:75:eb:
                    0c:33:00:e8:01:b4:0a:48:01:83:b2:7d:ff:9d:6f:
                    c8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:50:CF:C6:E6:52:88:A6:9C:36:2D:3F:81:6F:31:44:B3:E4:25:3B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YlDPxuZSiKacNi0_gW8xRLPkJTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.232.0/24
                  193.124.206.0/24
                  194.87.125.0/24
                  194.87.139.0/24
                  195.58.33.0/24
                  195.58.57.0/24
                  212.193.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f5:51:51:31:e8:e4:7c:a0:d1:dc:0b:df:00:63:c9:4d:87:
         ed:71:2e:9a:60:8b:79:02:a1:ff:86:d9:f5:17:bc:c5:ba:ff:
         39:ef:f3:a9:8a:2d:1a:cf:16:f9:4f:6e:d6:0a:51:61:6d:10:
         37:34:9f:e3:43:00:f0:2b:9f:41:36:18:08:b2:7a:06:3c:59:
         50:12:1f:8f:c9:70:fc:b3:11:36:2b:42:a1:38:cf:6a:f6:f1:
         c7:17:1b:b4:d0:42:6d:e7:da:11:ab:dc:a5:b7:3f:bd:8a:bf:
         b2:f2:a8:3f:44:5f:d1:b9:65:eb:f7:b8:4f:05:80:de:a1:73:
         1e:12:f9:44:95:ef:e3:f4:4f:fa:6c:4c:78:2b:84:91:97:e2:
         18:e7:78:45:a9:d9:46:fe:5e:16:35:2a:37:0a:8b:7b:5c:c1:
         74:d8:c7:5c:ef:84:2d:0e:9f:ca:33:18:2d:98:ed:5b:f4:47:
         41:02:a9:ba:c9:90:20:1f:94:de:cd:92:d1:70:27:ab:5d:70:
         db:12:81:9c:ad:1b:f3:6e:db:a0:05:77:82:2d:6c:4c:9b:cc:
         de:de:88:ff:96:f2:c3:b9:24:4c:d6:29:2f:2b:7a:50:8e:cc:
         a3:d1:f6:22:ae:41:8c:df:20:54:8e:ee:60:3b:e3:70:b1:14:
         32:0c:4f:6e
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzKKpK+ZgQo7w/YSSG4FCLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjUwY2ZjNmU2NTI4OGE2OWMzNjJkM2Y4MTZmMzE0NGIzZTQyNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkq8uf1DiI26P9ubjRHd0TBaIgtUl
vYPoDoKStlWWsVAetnNasy8anb4HVNiW1vFR7DKt167hdSVv5D/iEFQQP+QO6zeB
9kvBV4EcLOnBN6JWdzmjACdiZWk2y+Mq5KfZI+9sEnREDQpRSbFlL75ObbdsXTO0
HYlqLkfYzbdw3stz0Gb0d1WoV0EqC7MJNoRpJYrrCpBnnD+ca0IzYB/oaEvdmK3V
SCh8SrX/FMnx6WN1CzSmIUYUEfznJquLp32PtFUU7y9/o0TZOTvb4QNhiLewZEIV
1x/HyVFaVJ+TUHsRt1hU4GgjKCmQ95WedesMMwDoAbQKSAGDsn3/nW/ImwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGJQz8bmUoimnDYtP4FvMUSz5CU7MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWWxEUHh1WlNpS2FjTmkwX2dXOHhSTFBrSlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAPkzoAwQA
wXzOAwQAwld9AwQAwleLAwQAwzohAwQAwzo5AwQA1MEJMA0GCSqGSIb3DQEBCwUA
A4IBAQBl9VFRMejkfKDR3AvfAGPJTYftcS6aYIt5AqH/htn1F7zFuv857/Opii0a
zxb5T27WClFhbRA3NJ/jQwDwK59BNhgIsnoGPFlQEh+PyXD8sxE2K0KhOM9q9vHH
Fxu00EJt59oRq9yltz+9ir+y8qg/RF/RuWXr97hPBYDeoXMeEvlEle/j9E/6bEx4
K4SRl+IY53hFqdlG/l4WNSo3Cot7XMF02Mdc74QtDp/KMxgtmO1b9EdBAqm6yZAg
H5TezZLRcCerXXDbEoGcrRvzbtugBXeCLWxMm8ze3oj/lvLDuSRM1ikvK3pQjsyj
0fYirkGM3yBUju5gO+NwsRQyDE9u
-----END CERTIFICATE-----
Generated at Fri Nov 15 18:09:03 2024 by rpki-client on console-fra.rpki-client.org