Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bcG8wA4iHyQZ1s3hlnmCM62D-9Q.roa
File:                     bcG8wA4iHyQZ1s3hlnmCM62D-9Q.roa (raw, json)
Hash identifier:          wdv2HT8TQ2bvFks2Yd9PSxJW+qNO86gzq9TW3lLeg7I=
Subject key identifier:   6D:C1:BC:C0:0E:22:1F:24:19:D6:CD:E1:96:79:82:33:AD:83:FB:D4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018BBE43834F54C6A03914BB811A67C6541A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bcG8wA4iHyQZ1s3hlnmCM62D-9Q.roa
Signing time:             Sat 11 Nov 2023 12:02:57 +0000
ROA not before:           Sat 11 Nov 2023 12:02:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398343
IP address blocks:        194.135.104.0/24 maxlen: 24
                          193.124.15.0/24 maxlen: 24
                          195.133.83.0/24 maxlen: 24
                          193.124.24.0/24 maxlen: 24
                          194.87.123.0/24 maxlen: 24
                          194.58.223.0/24 maxlen: 24
                          194.87.29.0/24 maxlen: 24
                          195.133.26.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:be:43:83:4f:54:c6:a0:39:14:bb:81:1a:67:c6:54:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 11 12:02:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6dc1bcc00e221f2419d6cde196798233ad83fbd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:05:4f:c7:1c:ed:90:a5:1b:40:a8:ad:f3:c6:
                    18:17:64:2a:e3:b5:1b:5a:23:96:33:33:13:67:63:
                    8b:fa:77:be:7c:9d:82:a6:cc:3a:95:d2:60:a4:21:
                    d4:db:e4:53:9f:2d:ad:74:05:c7:59:c7:3a:08:a9:
                    98:95:e4:c2:28:d2:88:d4:c9:e9:1d:3c:fb:60:04:
                    d3:64:4a:53:76:f4:d5:df:16:2b:68:88:62:23:c8:
                    65:03:3b:fa:2f:01:2a:a5:c6:fe:74:2b:a9:bb:11:
                    62:5c:fc:c7:79:57:8e:40:ef:ab:3a:58:b7:31:6e:
                    62:e9:af:01:7c:cf:8b:72:bc:07:ec:5b:1b:ce:4a:
                    3d:bc:38:81:ea:32:69:85:1e:ff:ca:ea:00:5b:67:
                    e5:56:a0:75:6a:34:a4:01:77:ef:ea:b9:51:ab:d4:
                    4c:03:51:62:50:63:b4:04:be:25:80:13:fe:fe:bd:
                    40:22:d7:7a:8a:a2:f8:ac:e1:ef:e3:2e:54:18:3f:
                    e1:fe:8f:fa:d8:1f:1c:42:cc:b2:88:6f:fe:f0:4a:
                    59:96:b7:3b:19:21:7d:6e:b0:05:db:32:ed:19:d9:
                    b2:51:96:cd:6f:75:4b:12:28:0c:85:0a:04:e2:6d:
                    7b:fe:2a:72:16:1c:c8:23:e2:5d:ae:6d:bf:10:40:
                    15:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:C1:BC:C0:0E:22:1F:24:19:D6:CD:E1:96:79:82:33:AD:83:FB:D4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bcG8wA4iHyQZ1s3hlnmCM62D-9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.15.0/24
                  193.124.24.0/24
                  194.58.223.0/24
                  194.87.29.0/24
                  194.87.123.0/24
                  194.135.104.0/24
                  195.133.26.0/23
                  195.133.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:20:11:6a:d1:bc:97:f5:5d:04:bc:2a:e4:f9:25:68:9d:0d:
         59:57:dc:52:10:80:99:37:bb:85:65:19:fd:d1:e0:1a:e3:c3:
         68:ba:94:58:12:62:c9:7e:9b:01:a3:b2:53:49:7d:08:13:de:
         c6:3b:23:36:9d:5f:54:aa:e7:b0:73:8c:0c:b7:fe:8e:d6:84:
         2f:32:4b:eb:af:83:00:48:7b:f6:2a:3d:e8:01:9a:6c:7a:7c:
         80:84:42:e6:ec:61:e3:e5:fc:86:8f:1c:0d:2a:04:1e:b1:82:
         7b:c6:23:80:b6:34:07:14:c6:cb:6e:20:88:9b:28:9b:ef:3e:
         a5:39:34:fd:d2:e6:16:b2:9e:d3:8c:10:48:9e:87:bc:90:8d:
         21:8b:3f:1f:9a:73:88:14:f5:30:3c:29:77:27:70:21:59:9a:
         6d:95:3d:37:23:d3:dd:0d:06:ce:cc:70:7f:e8:78:19:df:12:
         a7:b9:2e:17:37:d5:a9:be:5e:63:d9:4e:3e:4b:69:fd:49:44:
         fc:c8:b6:ae:ef:82:1e:a3:5d:d6:c6:df:13:43:00:4c:20:33:
         8a:36:12:0e:dd:25:da:7f:36:61:41:a3:4c:2b:f1:93:0d:78:
         25:7d:82:0f:ec:22:c6:1f:c9:39:50:4a:23:21:13:fe:53:e5:
         13:2d:39:d2
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYu+Q4NPVMagORS7gRpnxlQaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMTExMTIwMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGMxYmNjMDBlMjIxZjI0MTlkNmNkZTE5Njc5ODIzM2FkODNmYmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQVPxxztkKUbQKit88YYF2Qq47Ub
WiOWMzMTZ2OL+ne+fJ2Cpsw6ldJgpCHU2+RTny2tdAXHWcc6CKmYleTCKNKI1Mnp
HTz7YATTZEpTdvTV3xYraIhiI8hlAzv6LwEqpcb+dCupuxFiXPzHeVeOQO+rOli3
MW5i6a8BfM+LcrwH7Fsbzko9vDiB6jJphR7/yuoAW2flVqB1ajSkAXfv6rlRq9RM
A1FiUGO0BL4lgBP+/r1AItd6iqL4rOHv4y5UGD/h/o/62B8cQsyyiG/+8EpZlrc7
GSF9brAF2zLtGdmyUZbNb3VLEigMhQoE4m17/ipyFhzII+Jdrm2/EEAVnwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFG3BvMAOIh8kGdbN4ZZ5gjOtg/vUMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYmNHOHdBNGlIeVFaMXMzaGxubUNNNjJELTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAwXwPAwQA
wXwYAwQAwjrfAwQAwlcdAwQAwld7AwQAwodoAwQBw4UaAwQAw4VTMA0GCSqGSIb3
DQEBCwUAA4IBAQBNIBFq0byX9V0EvCrk+SVonQ1ZV9xSEICZN7uFZRn90eAa48No
upRYEmLJfpsBo7JTSX0IE97GOyM2nV9Uquewc4wMt/6O1oQvMkvrr4MASHv2Kj3o
AZpsenyAhELm7GHj5fyGjxwNKgQesYJ7xiOAtjQHFMbLbiCImyib7z6lOTT90uYW
sp7TjBBInoe8kI0hiz8fmnOIFPUwPCl3J3AhWZptlT03I9PdDQbOzHB/6HgZ3xKn
uS4XN9Wpvl5j2U4+S2n9SUT8yLau74Ieo13Wxt8TQwBMIDOKNhIO3SXafzZhQaNM
K/GTDXglfYIP7CLGH8k5UEojIRP+U+UTLTnS
-----END CERTIFICATE-----
Generated at Wed Nov 15 04:50:12 2023 by rpki-client on console-ams.rpki-client.org