Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Z0AELVUKj5W05f1z1An-VRgQ19o.roa
File:                     Z0AELVUKj5W05f1z1An-VRgQ19o.roa (raw, json)
Hash identifier:          jI6d0CeT2WDWy9PqFDEnYjqO0riaan+H7PT6ph0mTDk=
Subject key identifier:   67:40:04:2D:55:0A:8F:95:B4:E5:FD:73:D4:09:FE:55:18:10:D7:DA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CA72B3F853BF1F24FFBB96565B01A11E4
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Z0AELVUKj5W05f1z1An-VRgQ19o.roa
Signing time:             Tue 26 Dec 2023 17:27:58 +0000
ROA not before:           Tue 26 Dec 2023 17:27:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        212.192.221.0/24 maxlen: 24
                          192.124.182.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.190.0/24 maxlen: 24
                          192.124.188.0/24 maxlen: 24
                          192.124.191.0/24 maxlen: 24
                          192.124.209.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:a7:2b:3f:85:3b:f1:f2:4f:fb:b9:65:65:b0:1a:11:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 26 17:27:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6740042d550a8f95b4e5fd73d409fe551810d7da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0b:57:f5:ff:1f:1f:d1:4a:fc:95:f5:f3:15:
                    ea:c2:99:9d:b0:8f:fc:db:d8:05:f6:22:09:da:b2:
                    0b:f8:ea:2d:c5:4d:cc:44:72:94:7d:cb:bc:a4:61:
                    f7:5b:36:24:ea:10:b8:fa:0d:12:15:34:bd:6a:43:
                    d5:27:82:33:7c:c4:b3:eb:55:cd:19:64:ef:8b:9d:
                    92:e7:14:0b:12:6a:34:38:d7:c9:cd:77:1d:b0:1e:
                    b5:c5:16:38:b7:30:83:e5:07:cc:7d:5e:ab:75:c4:
                    19:df:2c:1a:f2:84:f1:49:b5:c8:3c:c1:3f:94:02:
                    c5:ce:9b:1e:e9:4a:ba:fe:8c:00:22:21:b0:a1:fd:
                    3d:ff:e0:af:70:50:f6:35:b8:fc:43:a8:e0:6c:65:
                    e0:2b:21:09:8c:18:50:33:05:bf:0e:26:0f:79:ac:
                    d5:e4:74:0a:1c:21:e1:8b:2b:28:18:dd:42:e3:79:
                    26:aa:c6:fb:8c:c3:98:69:f0:93:72:07:b9:a3:b3:
                    db:8c:51:da:51:34:3a:9e:20:91:c4:64:40:9a:63:
                    e5:00:b0:f1:f5:e6:54:fd:72:42:5b:91:5e:81:fc:
                    22:ab:e8:c7:27:8b:73:f8:dd:31:8c:89:17:52:3d:
                    ea:68:5a:8c:aa:1d:6d:9f:af:87:05:c3:77:d2:aa:
                    58:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:40:04:2D:55:0A:8F:95:B4:E5:FD:73:D4:09:FE:55:18:10:D7:DA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Z0AELVUKj5W05f1z1An-VRgQ19o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.180.0-192.124.182.255
                  192.124.188.0/24
                  192.124.190.0/23
                  192.124.209.0/24
                  212.192.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:2c:8a:0b:7a:b1:3d:6c:4e:32:7b:ce:21:46:91:ab:dd:e8:
         3c:88:76:2e:d7:fe:c1:88:2f:0c:27:ab:c7:b5:60:c6:a1:82:
         5e:db:e1:6b:ee:66:42:b4:f0:cd:14:29:dc:89:22:05:0d:94:
         11:f4:91:b0:19:bd:2a:e1:1d:6a:d1:a0:1e:f6:28:b9:36:27:
         65:03:01:ff:b6:18:67:80:60:bd:2b:7b:27:b8:11:82:d9:2d:
         05:8e:14:18:14:75:00:f6:6e:31:7b:8b:61:7b:d7:de:e9:7e:
         be:c4:6b:85:de:79:b9:d1:79:a5:16:f8:95:b9:47:46:49:68:
         b8:5e:dc:04:a6:56:f3:1e:c9:df:d1:2e:dc:8b:94:72:3d:24:
         21:3b:d1:7e:a9:bf:e3:9d:94:b7:3c:e4:13:25:6a:9e:c4:5b:
         48:4f:d1:9f:f0:f9:16:36:0e:a2:1b:fc:ab:f0:a9:f7:7b:37:
         72:86:b2:26:6b:88:21:89:f4:6f:99:62:89:30:07:e4:95:85:
         18:e4:34:6b:a5:86:d3:22:0b:bc:17:c1:37:11:c9:01:87:e3:
         de:25:b2:f3:42:17:d2:33:ff:32:d6:0f:51:c7:e1:4b:8b:96:
         13:7c:d5:5b:a9:b9:51:72:55:32:1a:65:bc:fd:3b:b0:54:59:
         fc:7c:86:7d
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYynKz+FO/HyT/u5ZWWwGhHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMjI2MTcyNzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQwMDQyZDU1MGE4Zjk1YjRlNWZkNzNkNDA5ZmU1NTE4MTBkN2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAtX9f8fH9FK/JX18xXqwpmdsI/8
29gF9iIJ2rIL+OotxU3MRHKUfcu8pGH3WzYk6hC4+g0SFTS9akPVJ4IzfMSz61XN
GWTvi52S5xQLEmo0ONfJzXcdsB61xRY4tzCD5QfMfV6rdcQZ3ywa8oTxSbXIPME/
lALFzpse6Uq6/owAIiGwof09/+CvcFD2Nbj8Q6jgbGXgKyEJjBhQMwW/DiYPeazV
5HQKHCHhiysoGN1C43kmqsb7jMOYafCTcge5o7PbjFHaUTQ6niCRxGRAmmPlALDx
9eZU/XJCW5Fegfwiq+jHJ4tz+N0xjIkXUj3qaFqMqh1tn6+HBcN30qpYbwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFGdABC1VCo+VtOX9c9QJ/lUYENfaMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWjBBRUxWVUtqNVcwNWYxejFBbi1WUmdRMTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBALAfLQD
BADAfLYDBADAfLwDBAHAfL4DBADAfNEDBADUwN0wDQYJKoZIhvcNAQELBQADggEB
AJAsigt6sT1sTjJ7ziFGkavd6DyIdi7X/sGILwwnq8e1YMahgl7b4WvuZkK08M0U
KdyJIgUNlBH0kbAZvSrhHWrRoB72KLk2J2UDAf+2GGeAYL0reye4EYLZLQWOFBgU
dQD2bjF7i2F7197pfr7Ea4XeebnReaUW+JW5R0ZJaLhe3ASmVvMeyd/RLtyLlHI9
JCE70X6pv+OdlLc85BMlap7EW0hP0Z/w+RY2DqIb/Kvwqfd7N3KGsiZriCGJ9G+Z
YokwB+SVhRjkNGulhtMiC7wXwTcRyQGH494lsvNCF9Iz/zLWD1HH4UuLlhN81Vup
uVFyVTIaZbz9O7BUWfx8hn0=
-----END CERTIFICATE-----
Generated at Tue Jan 2 15:19:18 2024 by rpki-client on console-ams.rpki-client.org