Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/erxX2Wq8OxcV9EbtSwyy-2fL3F0.roa
File:                     erxX2Wq8OxcV9EbtSwyy-2fL3F0.roa (raw, json)
Hash identifier:          XOKRSCvo8idWPvfCtEoHQPs3Lj2LO/E7yN8ONo3mQ2w=
Subject key identifier:   7A:BC:57:D9:6A:BC:3B:17:15:F4:46:ED:4B:0C:B2:FB:67:CB:DC:5D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018C804E550B02100FB480A08DCB8000EFB5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/erxX2Wq8OxcV9EbtSwyy-2fL3F0.roa
Signing time:             Tue 19 Dec 2023 04:21:06 +0000
ROA not before:           Tue 19 Dec 2023 04:21:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     399045
IP address blocks:        194.87.201.0/24 maxlen: 24
                          195.133.72.0/24 maxlen: 24
                          194.87.128.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24
                          194.87.151.0/24 maxlen: 24
                          194.87.88.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 30 Dec 2023 10:23:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:80:4e:55:0b:02:10:0f:b4:80:a0:8d:cb:80:00:ef:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 19 04:21:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7abc57d96abc3b1715f446ed4b0cb2fb67cbdc5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c7:c6:2f:7e:22:eb:fc:ae:2d:64:04:e7:0e:
                    e0:e1:c6:89:de:d5:86:9f:ab:bf:1a:d3:4b:49:01:
                    a2:db:47:d9:59:3c:92:ed:04:de:91:c7:7b:0b:c6:
                    78:03:e7:87:e0:3c:e2:08:64:e0:21:70:48:a6:0b:
                    ac:c9:4d:a2:3d:d9:97:2b:d5:fe:93:50:bf:05:17:
                    e2:72:56:a8:7a:c0:08:e7:73:a3:32:4b:ea:f0:3b:
                    ce:04:5a:60:f8:2f:cb:60:c7:42:3e:a5:49:05:ab:
                    3d:a8:42:ce:e0:3f:47:83:f5:cb:f6:93:54:71:c4:
                    b4:6c:4f:6d:e2:b9:01:75:93:1c:c9:b2:1e:95:40:
                    64:3b:12:91:2c:5f:5f:73:61:8b:4c:13:b4:8e:c6:
                    7c:77:7a:ca:c6:88:26:7d:c2:4e:cb:fe:f9:bc:7e:
                    25:03:0a:9e:80:1f:e2:ec:63:61:db:28:2d:ad:0e:
                    30:3b:b3:88:ae:3b:80:1b:bc:51:0b:4f:45:67:1e:
                    c4:29:b0:da:54:75:16:cf:06:91:bb:cf:b4:40:82:
                    28:47:b5:28:64:ff:c2:30:de:d5:6b:12:92:fc:e1:
                    37:ff:d5:30:14:d9:d7:d7:68:3b:d9:46:d6:6e:c7:
                    25:2f:43:c7:26:4f:c1:b0:64:db:3d:65:58:12:7e:
                    ff:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:BC:57:D9:6A:BC:3B:17:15:F4:46:ED:4B:0C:B2:FB:67:CB:DC:5D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/erxX2Wq8OxcV9EbtSwyy-2fL3F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.88.0/24
                  194.87.128.0/24
                  194.87.151.0/24
                  194.87.201.0/24
                  194.87.245.0/24
                  195.133.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:6c:b8:df:38:a3:e6:af:a1:c1:39:85:8e:18:84:fc:f7:6a:
         c0:a0:7b:6b:ca:b7:8b:f4:7a:6b:d1:23:0d:b6:0a:69:94:b2:
         79:f7:61:43:ff:69:bf:fb:86:f4:ac:d0:e9:8b:69:6d:42:27:
         1d:48:38:c0:39:c3:94:c2:d6:2f:33:23:5b:15:0f:5f:f4:ae:
         92:3b:40:76:e1:d7:51:20:fa:aa:4e:4e:07:aa:39:1f:dc:dc:
         85:b2:3e:30:98:7f:81:02:b9:ca:cb:6b:c9:3b:8e:5c:a5:91:
         c8:90:58:3e:37:2b:1b:d7:08:65:d0:d7:b8:e7:26:c3:27:14:
         7e:72:bf:97:fd:2a:e5:f5:78:57:8f:18:86:8e:9a:a1:84:1f:
         89:ee:ad:d1:df:ce:80:48:db:fc:7d:10:6a:7e:78:58:f5:b0:
         83:eb:2c:17:83:a3:f1:ac:ad:63:e8:89:ac:92:b4:4d:68:86:
         18:35:8c:cf:a7:61:e9:09:db:20:15:22:98:53:23:1d:f7:aa:
         f0:48:6d:5b:7e:55:22:17:26:1a:57:ea:d5:df:2b:8d:0d:f5:
         b5:41:87:8c:54:69:ee:c2:bf:e4:2e:04:99:51:08:4f:6d:22:
         0d:7a:93:a6:a1:29:b9:c2:1e:74:0e:04:d4:eb:12:d5:27:0a:
         c4:2b:4e:79
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYyATlULAhAPtICgjcuAAO+1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMjE5MDQyMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWJjNTdkOTZhYmMzYjE3MTVmNDQ2ZWQ0YjBjYjJmYjY3Y2JkYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMfGL34i6/yuLWQE5w7g4caJ3tWG
n6u/GtNLSQGi20fZWTyS7QTekcd7C8Z4A+eH4DziCGTgIXBIpgusyU2iPdmXK9X+
k1C/BRficlaoesAI53OjMkvq8DvOBFpg+C/LYMdCPqVJBas9qELO4D9Hg/XL9pNU
ccS0bE9t4rkBdZMcybIelUBkOxKRLF9fc2GLTBO0jsZ8d3rKxogmfcJOy/75vH4l
AwqegB/i7GNh2ygtrQ4wO7OIrjuAG7xRC09FZx7EKbDaVHUWzwaRu8+0QIIoR7Uo
ZP/CMN7VaxKS/OE3/9UwFNnX12g72UbWbsclL0PHJk/BsGTbPWVYEn7/UQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHq8V9lqvDsXFfRG7UsMsvtny9xdMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZXJ4WDJXcThPeGNWOUVidFN3eXktMmZMM0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwldYAwQA
wleAAwQAwleXAwQAwlfJAwQAwlf1AwQAw4VIMA0GCSqGSIb3DQEBCwUAA4IBAQAW
bLjfOKPmr6HBOYWOGIT892rAoHtryreL9Hpr0SMNtgpplLJ592FD/2m/+4b0rNDp
i2ltQicdSDjAOcOUwtYvMyNbFQ9f9K6SO0B24ddRIPqqTk4Hqjkf3NyFsj4wmH+B
ArnKy2vJO45cpZHIkFg+Nysb1whl0Ne45ybDJxR+cr+X/Srl9XhXjxiGjpqhhB+J
7q3R386ASNv8fRBqfnhY9bCD6ywXg6PxrK1j6ImskrRNaIYYNYzPp2HpCdsgFSKY
UyMd96rwSG1bflUiFyYaV+rV3yuNDfW1QYeMVGnuwr/kLgSZUQhPbSINepOmoSm5
wh50DgTU6xLVJwrEK055
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:22 2024 by rpki-client on console-fra.rpki-client.org