Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aSSZ2GP1Fonw7Jo9zbpcrpfqp20.roa
File:                     aSSZ2GP1Fonw7Jo9zbpcrpfqp20.roa (raw, json)
Hash identifier:          AfuJAUH10pkjfkeB+XHLagiMurzTKfL6tcCGP7705zU=
Subject key identifier:   69:24:99:D8:63:F5:16:89:F0:EC:9A:3D:CD:BA:5C:AE:97:EA:A7:6D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01892A996595D4B6F3ED892AE09AA92360A7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aSSZ2GP1Fonw7Jo9zbpcrpfqp20.roa
Signing time:             Thu 06 Jul 2023 09:47:23 +0000
ROA not before:           Thu 06 Jul 2023 09:47:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51722
IP address blocks:        194.87.119.0/24 maxlen: 24
                          194.135.30.0/24 maxlen: 24
                          212.192.0.0/24 maxlen: 24
                          192.124.182.0/24 maxlen: 24
                          194.87.181.0/24 maxlen: 24
                          193.124.201.0/24 maxlen: 24
                          193.124.94.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2a:99:65:95:d4:b6:f3:ed:89:2a:e0:9a:a9:23:60:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  6 09:47:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=692499d863f51689f0ec9a3dcdba5cae97eaa76d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:31:a5:7e:11:6e:f0:23:3e:15:5a:97:9e:3b:
                    6d:41:5d:2a:1f:2d:f1:50:3c:15:29:19:f7:7e:f6:
                    12:36:ca:1b:be:5c:d8:0f:d0:b5:4e:e6:90:e6:28:
                    0a:a2:78:0a:c1:96:e1:50:b5:a3:64:b9:ab:d3:36:
                    09:f7:25:74:60:a2:ae:32:1e:84:41:98:23:bb:17:
                    6b:51:43:a9:5d:37:e5:35:5b:46:b0:d4:21:80:4a:
                    d7:4d:f4:46:51:d4:11:44:8c:1a:f0:ae:83:57:f9:
                    99:19:2b:65:89:36:44:c5:1e:e7:1b:7a:85:e8:9c:
                    7a:1b:e3:c8:19:5e:3a:07:41:46:8f:71:6e:ab:f6:
                    b7:3b:8f:63:9c:75:7c:60:b8:b7:c9:09:d1:3f:bf:
                    c0:f3:62:93:f2:e6:b9:51:b9:98:d3:b6:1b:f3:76:
                    ab:2d:4f:8f:f8:31:58:c1:f7:2a:57:d9:90:cd:77:
                    4e:64:c3:07:fe:f0:85:7b:56:b6:ca:9d:4f:e5:7e:
                    8a:51:bf:38:58:c7:11:5a:c0:e4:16:13:6b:b1:6f:
                    f3:19:46:8a:9a:e2:65:50:95:dc:7c:f0:34:ae:43:
                    68:e5:fd:3d:eb:eb:45:3b:82:ed:a0:c3:5a:bf:c0:
                    00:9f:81:39:57:80:8b:0d:17:d4:8a:78:1f:d9:c5:
                    70:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:24:99:D8:63:F5:16:89:F0:EC:9A:3D:CD:BA:5C:AE:97:EA:A7:6D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aSSZ2GP1Fonw7Jo9zbpcrpfqp20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.182.0/24
                  193.124.94.0/24
                  193.124.201.0/24
                  194.87.119.0/24
                  194.87.181.0/24
                  194.135.30.0/24
                  212.192.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:cd:29:70:e9:4a:83:fe:80:aa:d0:6b:f4:39:6b:d3:9c:b9:
         49:dd:4a:2f:50:ee:f9:96:f6:4e:39:c5:36:d7:57:0d:b1:6b:
         16:66:60:bc:51:e9:6f:e3:9c:f1:24:2f:2e:49:80:82:5b:9c:
         57:7b:8f:e7:a1:43:8d:46:7d:a9:87:da:78:77:7c:13:4d:7d:
         1e:5e:19:38:6f:6c:3f:dd:d1:a9:68:58:77:d0:06:5e:91:d1:
         9b:b7:7c:3b:37:2b:45:01:69:a4:fd:a6:c8:bb:af:7d:3f:f0:
         98:0c:46:67:36:04:d3:39:4d:4d:ed:b7:08:a8:da:20:be:8e:
         93:68:bd:6d:ec:17:4c:f3:d5:ef:bd:12:65:43:ce:23:0e:c0:
         59:f3:ab:6f:fd:cf:ff:55:44:3d:e4:75:04:38:20:1b:a0:7b:
         82:98:38:b9:ad:af:a3:a8:39:ee:6c:f9:82:3f:54:65:62:ee:
         98:ce:55:1e:6e:c6:72:3a:ea:d8:28:ce:d9:4e:5a:0a:f4:81:
         ff:08:df:27:69:a6:78:d4:5e:3b:79:04:4f:fb:70:2c:db:1a:
         c6:39:4b:40:d8:0b:d0:75:ca:41:ba:cf:a4:d8:0a:3d:d1:0b:
         b3:9a:c4:d5:f2:2b:95:b8:c3:24:25:9e:ca:b0:2c:67:8a:9b:
         6f:3d:52:d0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYkqmWWV1Lbz7Ykq4JqpI2CnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNzA2MDk0NzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTI0OTlkODYzZjUxNjg5ZjBlYzlhM2RjZGJhNWNhZTk3ZWFhNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljGlfhFu8CM+FVqXnjttQV0qHy3x
UDwVKRn3fvYSNsobvlzYD9C1TuaQ5igKongKwZbhULWjZLmr0zYJ9yV0YKKuMh6E
QZgjuxdrUUOpXTflNVtGsNQhgErXTfRGUdQRRIwa8K6DV/mZGStliTZExR7nG3qF
6Jx6G+PIGV46B0FGj3Fuq/a3O49jnHV8YLi3yQnRP7/A82KT8ua5UbmY07Yb83ar
LU+P+DFYwfcqV9mQzXdOZMMH/vCFe1a2yp1P5X6KUb84WMcRWsDkFhNrsW/zGUaK
muJlUJXcfPA0rkNo5f096+tFO4LtoMNav8AAn4E5V4CLDRfUingf2cVwnwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGkkmdhj9RaJ8OyaPc26XK6X6qdtMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYVNTWjJHUDFGb253N0pvOXpicGNycGZxcDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwHy2AwQA
wXxeAwQAwXzJAwQAwld3AwQAwle1AwQAwoceAwQA1MAAMA0GCSqGSIb3DQEBCwUA
A4IBAQATzSlw6UqD/oCq0Gv0OWvTnLlJ3UovUO75lvZOOcU211cNsWsWZmC8Uelv
45zxJC8uSYCCW5xXe4/noUONRn2ph9p4d3wTTX0eXhk4b2w/3dGpaFh30AZekdGb
t3w7NytFAWmk/abIu699P/CYDEZnNgTTOU1N7bcIqNogvo6TaL1t7BdM89XvvRJl
Q84jDsBZ86tv/c//VUQ95HUEOCAboHuCmDi5ra+jqDnubPmCP1RlYu6YzlUebsZy
OurYKM7ZTloK9IH/CN8naaZ41F47eQRP+3As2xrGOUtA2AvQdcpBus+k2Ao90Quz
msTV8iuVuMMkJZ7KsCxniptvPVLQ
-----END CERTIFICATE-----
Generated at Sat Jul 22 10:32:38 2023 by rpki-client on console-ams.rpki-client.org