Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cVCofB5O313UvSmH3SQOPq_-Iv4.roa
File:                     cVCofB5O313UvSmH3SQOPq_-Iv4.roa (raw, json)
Hash identifier:          4ujdwribX7c9/LWK2s4OQvMWyEkrok4xj+DSLLWiz04=
Subject key identifier:   71:50:A8:7C:1E:4E:DF:5D:D4:BD:29:87:DD:24:0E:3E:AF:FE:22:FE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018601429F13CE408BA6413A476C1E7F7F95
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cVCofB5O313UvSmH3SQOPq_-Iv4.roa
Signing time:             Mon 30 Jan 2023 05:59:48 +0000
ROA not before:           Mon 30 Jan 2023 05:59:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2118
IP address blocks:        212.193.12.0/24 maxlen: 24
                          193.124.8.0/24 maxlen: 24
                          193.124.16.0/24 maxlen: 24
                          194.87.6.0/24 maxlen: 24
                          194.87.22.0/24 maxlen: 24
                          194.87.27.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24
                          194.58.46.0/23 maxlen: 24
                          194.58.45.0/24 maxlen: 24
                          195.58.50.0/24 maxlen: 24
                          195.58.52.0/22 maxlen: 22
                          195.58.58.0/24 maxlen: 24
                          195.58.56.0/21 maxlen: 24
                          195.58.59.0/24 maxlen: 24
                          195.58.61.0/24 maxlen: 24
                          195.58.62.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          194.87.115.0/24 maxlen: 24
                          194.87.116.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.114.0/24 maxlen: 24
                          194.87.123.0/24 maxlen: 24
                          193.124.133.0/24 maxlen: 24
                          194.87.122.0/24 maxlen: 24
                          194.87.126.0/24 maxlen: 24
                          194.87.138.0/23 maxlen: 23
                          194.87.136.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          194.87.208.0/23 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          194.87.233.0/24 maxlen: 24
                          195.133.94.0/24 maxlen: 24
                          212.192.0.0/23 maxlen: 24
                          195.133.12.0/24 maxlen: 24
                          192.124.172.0/24 maxlen: 24
                          194.87.165.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          194.87.171.0/24 maxlen: 24
                          192.124.182.0/24 maxlen: 24
                          194.87.177.0/24 maxlen: 24
                          195.133.55.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          194.87.199.0/24 maxlen: 24
                          195.133.193.0/24 maxlen: 24
                          195.133.195.0/24 maxlen: 24
                          212.192.208.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 30 Jan 2023 14:12:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:01:42:9f:13:ce:40:8b:a6:41:3a:47:6c:1e:7f:7f:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 30 05:59:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7150a87c1e4edf5dd4bd2987dd240e3eaffe22fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ea:46:fe:06:69:67:20:b9:fc:e1:31:18:fa:
                    b3:57:98:81:a9:9b:8a:35:ed:dd:33:4a:c0:d5:df:
                    77:df:35:de:f7:0c:e1:c5:72:74:16:4e:14:ab:78:
                    c2:87:84:69:f8:08:41:57:64:d0:32:0a:39:b8:5e:
                    a1:6f:92:eb:18:14:ae:01:1c:5c:29:ab:9f:d4:02:
                    27:1a:8f:f5:97:11:cb:c1:5a:53:c8:8e:0d:cf:3d:
                    00:04:6b:ee:06:21:6c:b8:8b:8c:cf:a1:8e:1f:85:
                    2b:d9:bc:45:2a:e9:02:43:29:cb:14:cc:e5:2c:b6:
                    cc:49:c2:f4:1f:2c:14:41:ca:d7:9f:bb:2d:3d:a5:
                    1f:d9:1c:d4:e6:a0:01:ff:13:17:7e:4a:92:57:11:
                    7e:71:88:e1:80:6d:22:fb:34:00:59:51:8f:c2:88:
                    50:90:63:84:82:5a:6f:d7:e0:e7:21:4b:c0:2e:7b:
                    f9:dd:a1:d2:3a:12:60:58:dc:22:e7:49:af:fa:32:
                    18:0b:ed:d5:91:0c:4c:39:b2:4a:b2:4c:00:09:7a:
                    ca:ae:93:9d:aa:a0:22:c9:72:25:20:84:b8:7a:40:
                    77:ac:75:4e:77:c9:73:aa:1f:f4:74:6e:9f:da:63:
                    7c:34:0c:85:ec:24:13:24:3e:1c:eb:7e:d1:02:39:
                    fe:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:50:A8:7C:1E:4E:DF:5D:D4:BD:29:87:DD:24:0E:3E:AF:FE:22:FE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cVCofB5O313UvSmH3SQOPq_-Iv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  192.124.182.0/23
                  193.124.8.0/24
                  193.124.16.0/24
                  193.124.133.0/24
                  193.124.203.0/24
                  194.58.42.0/24
                  194.58.45.0-194.58.47.255
                  194.87.6.0/24
                  194.87.22.0/24
                  194.87.27.0/24
                  194.87.82.0/24
                  194.87.114.0-194.87.116.255
                  194.87.118.0/24
                  194.87.122.0/23
                  194.87.126.0/24
                  194.87.136.0/24
                  194.87.138.0/23
                  194.87.165.0/24
                  194.87.171.0/24
                  194.87.177.0/24
                  194.87.198.0/23
                  194.87.208.0/23
                  194.87.222.0/23
                  194.87.233.0/24
                  195.58.50.0/24
                  195.58.52.0-195.58.63.255
                  195.133.12.0/24
                  195.133.55.0/24
                  195.133.94.0/24
                  195.133.193.0/24
                  195.133.195.0/24
                  212.192.0.0/23
                  212.192.208.0/23
                  212.193.0.0/24
                  212.193.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:c5:6c:5d:f4:be:f0:e6:74:92:15:6a:b9:42:e9:5f:18:5e:
         8e:9d:d0:3c:af:ee:ad:35:ea:12:7f:db:66:b3:8e:39:a4:d0:
         e6:11:1b:c9:63:d3:5b:ab:e5:ba:8f:db:2a:c9:e4:6f:3c:05:
         fc:47:35:96:a7:39:0f:73:8b:f0:33:59:d0:ac:a0:7b:88:7c:
         1c:54:01:45:a5:5d:c8:78:5e:e7:a7:c5:91:25:0c:51:7f:a2:
         b4:de:97:6a:76:a3:4d:5a:4a:1a:61:5c:f2:34:20:fd:0e:1c:
         17:e8:27:38:37:af:37:f4:03:de:fe:84:64:2c:db:a1:b7:aa:
         6e:a2:9f:98:ed:74:f4:fd:1c:19:70:5d:f8:a6:53:cb:68:32:
         b7:a5:c2:ad:62:1c:57:b2:47:8e:a8:6e:e9:38:60:59:34:77:
         7a:e6:0e:0e:24:e0:12:f0:a3:34:33:88:0f:a1:11:a2:a1:85:
         b9:2b:0a:d4:8e:68:24:f7:8e:39:4d:50:eb:6a:ac:81:bf:ee:
         75:63:71:72:91:83:b5:9d:62:12:c2:38:24:dc:4b:0d:59:83:
         60:86:ea:60:3d:1b:68:59:89:cd:23:83:a4:74:00:e7:e8:f5:
         77:71:b8:26:4c:fa:5e:87:a6:11:91:ca:c9:10:d3:99:b5:be:
         94:a4:72:7f
-----BEGIN CERTIFICATE-----
MIIF7TCCBNWgAwIBAgISAYYBQp8TzkCLpkE6R2wef3+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTMwMDU1OTQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTUwYTg3YzFlNGVkZjVkZDRiZDI5ODdkZDI0MGUzZWFmZmUyMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoupG/gZpZyC5/OExGPqzV5iBqZuK
Ne3dM0rA1d933zXe9wzhxXJ0Fk4Uq3jCh4Rp+AhBV2TQMgo5uF6hb5LrGBSuARxc
Kauf1AInGo/1lxHLwVpTyI4Nzz0ABGvuBiFsuIuMz6GOH4Ur2bxFKukCQynLFMzl
LLbMScL0HywUQcrXn7stPaUf2RzU5qAB/xMXfkqSVxF+cYjhgG0i+zQAWVGPwohQ
kGOEglpv1+DnIUvALnv53aHSOhJgWNwi50mv+jIYC+3VkQxMObJKskwACXrKrpOd
qqAiyXIlIIS4ekB3rHVOd8lzqh/0dG6f2mN8NAyF7CQTJD4c637RAjn+QwIDAQAB
o4IC+TCCAvUwHQYDVR0OBBYEFHFQqHweTt9d1L0ph90kDj6v/iL+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvY1ZDb2ZCNU8zMTNVdlNtSDNTUU9QcV8tSXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBDQYIKwYBBQUHAQcBAf8Egf0wgfowgfcEAgABMIHwAwQA
wHysAwQBwHy2AwQAwXwIAwQAwXwQAwQAwXyFAwQAwXzLAwQAwjoqMAwDBADCOi0D
BATCOiADBADCVwYDBADCVxYDBADCVxsDBADCV1IwDAMEAcJXcgMEAMJXdAMEAMJX
dgMEAcJXegMEAMJXfgMEAMJXiAMEAcJXigMEAMJXpQMEAMJXqwMEAMJXsQMEAcJX
xgMEAcJX0AMEAcJX3gMEAMJX6QMEAMM6MjAMAwQCwzo0AwQGwzoAAwQAw4UMAwQA
w4U3AwQAw4VeAwQAw4XBAwQAw4XDAwQB1MAAAwQB1MDQAwQA1MEAAwQA1MEMMA0G
CSqGSIb3DQEBCwUAA4IBAQAExWxd9L7w5nSSFWq5QulfGF6OndA8r+6tNeoSf9tm
s445pNDmERvJY9Nbq+W6j9sqyeRvPAX8RzWWpzkPc4vwM1nQrKB7iHwcVAFFpV3I
eF7np8WRJQxRf6K03pdqdqNNWkoaYVzyNCD9DhwX6Cc4N6839APe/oRkLNuht6pu
op+Y7XT0/RwZcF34plPLaDK3pcKtYhxXskeOqG7pOGBZNHd65g4OJOAS8KM0M4gP
oRGioYW5KwrUjmgk9445TVDraqyBv+51Y3FykYO1nWISwjgk3EsNWYNghupgPRto
WYnNI4OkdADn6PV3cbgmTPpeh6YRkcrJENOZtb6UpHJ/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:22 2024 by rpki-client on console-fra.rpki-client.org