Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aNgNLzK7uMoURC4ECIlFxnSp1CU.roa
File:                     aNgNLzK7uMoURC4ECIlFxnSp1CU.roa (raw, json)
Hash identifier:          urCKFghjd9SnMOIUIMBks/CHj023/A7j2+cv76fxd64=
Subject key identifier:   68:D8:0D:2F:32:BB:B8:CA:14:44:2E:04:08:89:45:C6:74:A9:D4:25
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D6A29034AB6D94DB820AD8B8BF23A0583
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aNgNLzK7uMoURC4ECIlFxnSp1CU.roa
Signing time:             Fri 02 Feb 2024 14:11:29 +0000
ROA not before:           Fri 02 Feb 2024 14:11:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.183.0/24 maxlen: 24
                          193.124.5.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          193.124.95.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24
                          193.124.202.0/24 maxlen: 24
                          193.124.207.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24
                          194.87.22.0/24 maxlen: 24
                          194.87.26.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          194.87.81.0/24 maxlen: 24
                          194.87.149.0/24 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          194.87.172.0/24 maxlen: 24
                          194.87.201.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          195.58.60.0/24 maxlen: 24
                          195.133.2.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.72.0/24 maxlen: 24
                          195.133.85.0/24 maxlen: 24
                          195.133.192.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.193.13.0/24 maxlen: 24
                          212.193.25.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 03 Feb 2024 07:38:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6a:29:03:4a:b6:d9:4d:b8:20:ad:8b:8b:f2:3a:05:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb  2 14:11:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68d80d2f32bbb8ca14442e04088945c674a9d425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d8:a2:0b:51:80:10:e4:75:5f:c9:02:d1:fb:
                    7f:b8:26:8e:fb:48:4d:c4:0e:a0:77:2b:07:d5:b8:
                    d9:17:b4:2a:b1:af:0d:5b:7c:a5:88:41:1e:9c:f4:
                    70:59:04:0a:0f:cb:d8:49:85:b4:26:3b:79:b4:ff:
                    a7:04:ed:28:f9:3d:d1:41:72:2c:95:79:f3:54:bd:
                    66:93:b9:27:da:2d:b2:99:dc:08:00:19:61:49:3f:
                    41:9b:a4:51:69:1b:d1:fd:35:7c:b2:bb:e9:8a:43:
                    cf:79:b6:d8:ee:14:1f:d2:38:49:f7:83:3d:e1:fe:
                    45:2d:f7:da:af:07:03:93:b7:86:a7:0e:0b:4e:71:
                    c8:93:c5:e3:3c:20:c8:50:5d:be:7b:e3:51:7c:8e:
                    39:a2:4e:c3:eb:a1:e7:96:8a:c0:43:a9:d4:4e:64:
                    e4:48:b4:25:d5:11:2e:d0:14:3c:47:de:85:59:d0:
                    2a:55:38:b8:3b:6d:9a:be:24:5d:aa:92:98:a6:d6:
                    c9:97:76:05:a8:1f:60:f9:ac:95:ab:1c:76:86:69:
                    cd:6b:b7:a5:c6:6a:52:8b:9c:a6:76:90:af:58:cf:
                    ee:23:fa:f6:4c:df:80:ac:81:0f:09:a9:0a:64:5b:
                    37:d2:8a:9e:72:39:0f:18:05:fb:a0:ac:e2:68:cf:
                    20:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D8:0D:2F:32:BB:B8:CA:14:44:2E:04:08:89:45:C6:74:A9:D4:25
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aNgNLzK7uMoURC4ECIlFxnSp1CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.183.0/24
                  193.124.5.0/24
                  193.124.7.0/24
                  193.124.95.0/24
                  193.124.200.0/24
                  193.124.202.0/24
                  193.124.207.0/24
                  194.58.42.0/24
                  194.87.22.0/24
                  194.87.26.0/24
                  194.87.32.0/24
                  194.87.81.0/24
                  194.87.149.0/24
                  194.87.170.0/24
                  194.87.172.0/24
                  194.87.201.0/24
                  194.135.18.0/24
                  195.58.54.0/24
                  195.58.60.0/24
                  195.133.2.0/24
                  195.133.25.0/24
                  195.133.72.0/24
                  195.133.85.0/24
                  195.133.192.0/24
                  212.192.1.0/24
                  212.193.13.0/24
                  212.193.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:fc:91:a0:f3:87:f9:fd:ef:b2:ac:b3:50:6f:13:24:0f:39:
         90:45:89:e7:4c:fe:d7:b9:cf:87:1b:e7:b2:5e:10:a4:91:32:
         f8:59:67:91:37:23:e2:86:e9:0a:bf:32:df:be:f5:cb:52:7c:
         c8:b3:4f:1f:65:5e:eb:ce:81:ab:42:1b:7a:c2:c3:d8:1b:a8:
         40:7e:5b:44:8f:e7:4a:47:d2:cc:da:53:04:bb:4b:24:f9:26:
         83:e6:49:93:9f:bd:af:f0:e2:90:28:d2:7b:14:d0:26:a7:72:
         6c:0b:f0:9a:a8:3f:5d:da:58:b7:fa:96:c8:5f:4f:0c:ed:37:
         b1:9d:d6:4b:0e:13:b8:25:01:49:1b:d2:b4:9b:60:ee:86:bd:
         8c:8d:b2:b4:ca:0d:9c:3f:cc:e4:b7:74:d5:f6:76:e7:d4:9b:
         65:70:2d:16:ee:2a:37:5d:30:bf:e1:e0:3e:88:cb:e9:99:a3:
         c5:35:18:b8:24:8d:c0:11:da:64:94:57:14:dd:a0:b2:06:89:
         f2:ea:df:b6:eb:31:66:c5:d2:a1:42:70:36:79:ba:d3:79:36:
         9f:49:06:b8:ad:dd:c8:00:97:da:7c:cd:2a:c8:5e:b0:85:10:
         d5:fb:09:a2:f8:99:f7:7d:82:cd:ff:84:71:c6:95:31:d5:96:
         da:ec:e5:fe
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgISAY1qKQNKttlNuCCti4vyOgWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjAyMTQxMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ4MGQyZjMyYmJiOGNhMTQ0NDJlMDQwODg5NDVjNjc0YTlkNDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9iiC1GAEOR1X8kC0ft/uCaO+0hN
xA6gdysH1bjZF7Qqsa8NW3yliEEenPRwWQQKD8vYSYW0Jjt5tP+nBO0o+T3RQXIs
lXnzVL1mk7kn2i2ymdwIABlhST9Bm6RRaRvR/TV8srvpikPPebbY7hQf0jhJ94M9
4f5FLffarwcDk7eGpw4LTnHIk8XjPCDIUF2+e+NRfI45ok7D66HnlorAQ6nUTmTk
SLQl1REu0BQ8R96FWdAqVTi4O22aviRdqpKYptbJl3YFqB9g+ayVqxx2hmnNa7el
xmpSi5ymdpCvWM/uI/r2TN+ArIEPCakKZFs30oqecjkPGAX7oKziaM8gGQIDAQAB
o4ICqjCCAqYwHQYDVR0OBBYEFGjYDS8yu7jKFEQuBAiJRcZ0qdQlMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYU5nTkx6Szd1TW9VUkM0RUNJbEZ4blNwMUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG/BggrBgEFBQcBBwEB/wSBrzCBrDCBqQQCAAEwgaIDBADA
fLcDBADBfAUDBADBfAcDBADBfF8DBADBfMgDBADBfMoDBADBfM8DBADCOioDBADC
VxYDBADCVxoDBADCVyADBADCV1EDBADCV5UDBADCV6oDBADCV6wDBADCV8kDBADC
hxIDBADDOjYDBADDOjwDBADDhQIDBADDhRkDBADDhUgDBADDhVUDBADDhcADBADU
wAEDBADUwQ0DBADUwRkwDQYJKoZIhvcNAQELBQADggEBAIr8kaDzh/n977Kss1Bv
EyQPOZBFiedM/te5z4cb57JeEKSRMvhZZ5E3I+KG6Qq/Mt++9ctSfMizTx9lXuvO
gatCG3rCw9gbqEB+W0SP50pH0szaUwS7SyT5JoPmSZOfva/w4pAo0nsU0CancmwL
8JqoP13aWLf6lshfTwztN7Gd1ksOE7glAUkb0rSbYO6GvYyNsrTKDZw/zOS3dNX2
dufUm2VwLRbuKjddML/h4D6Iy+mZo8U1GLgkjcAR2mSUVxTdoLIGifLq37brMWbF
0qFCcDZ5utN5Np9JBrit3cgAl9p8zSrIXrCFENX7CaL4mfd9gs3/hHHGlTHVltrs
5f4=
-----END CERTIFICATE-----
Generated at Sat Feb 3 08:35:28 2024 by rpki-client on console-ams.rpki-client.org