Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_8pYVNvT1fpB_CPAYYeEjRdaN-I.roa
File:                     _8pYVNvT1fpB_CPAYYeEjRdaN-I.roa (raw, json)
Hash identifier:          O7baWGt/TX8Pq9hO3tzfaszwsXc1nla5cjS8fR/ali4=
Subject key identifier:   FF:CA:58:54:DB:D3:D5:FA:41:FC:23:C0:61:87:84:8D:17:5A:37:E2
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018EBD2D6560A9CB2AACD10630A9AFD1375D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_8pYVNvT1fpB_CPAYYeEjRdaN-I.roa
Signing time:             Mon 08 Apr 2024 10:07:32 +0000
ROA not before:           Mon 08 Apr 2024 10:07:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.172.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          193.124.89.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 08 Apr 2024 14:51:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:2d:65:60:a9:cb:2a:ac:d1:06:30:a9:af:d1:37:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  8 10:07:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffca5854dbd3d5fa41fc23c06187848d175a37e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:aa:09:af:68:82:c7:2c:c1:8b:ed:4f:d5:3c:
                    2b:55:8a:c1:7d:55:dd:77:b1:73:a6:8b:ec:65:b2:
                    35:9c:0a:f1:e1:12:4d:b1:6d:bc:65:2f:61:48:6f:
                    7f:4f:93:ee:30:df:e2:36:af:48:93:9c:25:4d:60:
                    67:ab:50:97:1f:10:52:49:f4:5c:1e:17:c0:cc:34:
                    93:45:4f:c9:c4:e2:3b:13:11:5e:39:66:6c:7b:a4:
                    24:4a:90:b0:f7:c9:97:70:97:3e:00:d9:7c:43:3b:
                    a1:e2:de:3c:26:57:e2:e9:30:eb:bd:a9:bf:3b:29:
                    c7:66:17:4a:be:27:09:e5:93:d2:e6:2f:2e:7e:a2:
                    8d:1b:c1:e1:aa:a7:f8:d6:bd:26:a6:52:36:6a:a6:
                    5c:92:53:e1:6b:d4:4b:32:50:d1:5d:0c:94:a7:5f:
                    c1:e4:d2:8b:4f:c9:1b:b5:d4:1a:27:86:c5:17:28:
                    a4:07:1f:64:69:11:9e:66:e7:22:87:b3:4b:1d:8a:
                    05:74:8f:2b:6a:76:18:d4:da:72:cb:cc:e8:f9:b7:
                    da:23:0b:19:3e:b9:bd:62:b1:63:b9:5b:23:d6:d1:
                    90:8b:ac:ac:34:24:a6:7e:1f:2d:ab:68:d9:34:92:
                    83:09:a9:6d:22:8b:f6:fc:75:0d:0d:99:3c:7a:1d:
                    f0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:CA:58:54:DB:D3:D5:FA:41:FC:23:C0:61:87:84:8D:17:5A:37:E2
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_8pYVNvT1fpB_CPAYYeEjRdaN-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  193.124.7.0/24
                  193.124.89.0/24
                  194.87.73.0/24
                  194.87.169.0/24
                  194.87.245.0/24
                  195.133.25.0/24
                  212.192.1.0/24
                  212.192.208.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:04:7e:a8:4e:94:3a:67:ea:29:44:2c:26:be:9c:9b:91:a6:
         1f:e1:93:29:5d:32:3a:3c:84:45:70:8c:c1:5e:1b:65:cd:98:
         77:c8:20:57:07:a8:83:ec:f2:61:c1:c0:8f:a9:93:49:1f:72:
         d2:7c:34:3b:09:99:a1:a0:ab:35:77:7e:2e:bd:a0:46:a8:ca:
         8a:55:f3:27:52:a3:b1:4d:03:75:e3:b9:1b:08:29:71:49:26:
         94:ea:08:70:9e:f8:2a:45:27:90:41:20:eb:43:51:6c:ba:57:
         ee:b2:94:74:c1:6c:aa:0c:c8:36:5b:9d:47:d0:d5:14:9b:c6:
         50:7f:2d:21:84:15:95:6e:35:ae:3d:81:89:07:d0:72:ba:2a:
         bc:1d:d6:ea:d7:87:e9:b3:58:03:87:45:e9:66:a7:b0:54:7a:
         37:48:79:0d:ea:ba:4f:65:9a:8b:b9:93:31:89:25:63:df:c1:
         07:c9:bf:5f:62:3b:1f:9d:c5:37:0b:26:aa:5b:70:00:f0:05:
         41:40:0b:bd:ed:a6:e0:9d:cf:5c:fa:ab:aa:02:09:88:2a:28:
         d5:93:af:53:df:a4:04:fa:d3:1c:3d:87:3b:9f:95:cb:0c:17:
         4a:8d:36:cc:51:0a:3f:ef:26:93:57:8c:4b:8a:2b:65:83:f3:
         ad:df:a7:c6
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAY69LWVgqcsqrNEGMKmv0TddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNDA4MTAwNzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmNhNTg1NGRiZDNkNWZhNDFmYzIzYzA2MTg3ODQ4ZDE3NWEzN2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqoJr2iCxyzBi+1P1TwrVYrBfVXd
d7FzpovsZbI1nArx4RJNsW28ZS9hSG9/T5PuMN/iNq9Ik5wlTWBnq1CXHxBSSfRc
HhfAzDSTRU/JxOI7ExFeOWZse6QkSpCw98mXcJc+ANl8Qzuh4t48Jlfi6TDrvam/
OynHZhdKvicJ5ZPS5i8ufqKNG8Hhqqf41r0mplI2aqZcklPha9RLMlDRXQyUp1/B
5NKLT8kbtdQaJ4bFFyikBx9kaRGeZucih7NLHYoFdI8ranYY1Npyy8zo+bfaIwsZ
Prm9YrFjuVsj1tGQi6ysNCSmfh8tq2jZNJKDCaltIov2/HUNDZk8eh3wIQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFP/KWFTb09X6QfwjwGGHhI0XWjfiMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvXzhwWVZOdlQxZnBCX0NQQVlZZUVqUmRhTi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQAwHysAwQA
wXwHAwQAwXxZAwQAwldJAwQAwlepAwQAwlf1AwQAw4UZAwQA1MABAwQA1MDQMBQE
AgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEACwR+qE6UOmfq
KUQsJr6cm5GmH+GTKV0yOjyERXCMwV4bZc2Yd8ggVweog+zyYcHAj6mTSR9y0nw0
OwmZoaCrNXd+Lr2gRqjKilXzJ1KjsU0DdeO5GwgpcUkmlOoIcJ74KkUnkEEg60NR
bLpX7rKUdMFsqgzINludR9DVFJvGUH8tIYQVlW41rj2BiQfQcroqvB3W6teH6bNY
A4dF6WansFR6N0h5Deq6T2Wai7mTMYklY9/BB8m/X2I7H53FNwsmqltwAPAFQUAL
ve2m4J3PXPqrqgIJiCoo1ZOvU9+kBPrTHD2HO5+VywwXSo02zFEKP+8mk1eMS4or
ZYPzrd+nxg==
-----END CERTIFICATE-----
Generated at Mon Apr 8 19:28:53 2024 by rpki-client on console-ams.rpki-client.org