Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fDHCPEoAZ3D1uBt3PkWZ0V2LNB0.roa
File:                     fDHCPEoAZ3D1uBt3PkWZ0V2LNB0.roa (raw, json)
Hash identifier:          JE1EyXAhRc9/SamaksV2uEtlV4MD2ZPYLcqzZ1rMIeY=
Subject key identifier:   7C:31:C2:3C:4A:00:67:70:F5:B8:1B:77:3E:45:99:D1:5D:8B:34:1D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0192363AFF2D769F13E9266E78C704FD2538
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fDHCPEoAZ3D1uBt3PkWZ0V2LNB0.roa
Signing time:             Sat 28 Sep 2024 01:24:48 +0000
ROA not before:           Sat 28 Sep 2024 01:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 07 Oct 2024 10:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:36:3a:ff:2d:76:9f:13:e9:26:6e:78:c7:04:fd:25:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 28 01:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c31c23c4a006770f5b81b773e4599d15d8b341d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7b:c3:62:7a:cc:af:8d:89:b7:47:63:da:35:
                    b8:89:cc:36:f8:5d:b5:57:6a:b4:0c:4a:89:a3:0c:
                    9d:81:c0:a1:a2:ba:c1:5d:ab:47:c6:c1:9d:75:79:
                    55:b2:18:c4:df:b4:2a:a3:08:02:22:b2:6e:c4:27:
                    70:3b:3c:77:26:49:49:89:47:36:7a:af:2d:d3:a6:
                    6e:c2:85:12:9a:2a:01:65:ee:69:b3:c2:22:b3:a2:
                    70:4f:ea:9e:4f:55:90:d8:ca:61:11:5a:66:82:ec:
                    02:68:32:2e:fd:41:b9:48:13:09:60:cb:a0:c0:f6:
                    b5:42:00:4e:89:87:1f:9b:28:a0:b8:9a:e5:57:b2:
                    66:a1:44:fb:f6:33:44:ba:52:da:da:ca:ec:aa:96:
                    76:00:39:e2:8d:7f:4b:04:e6:af:72:8d:31:26:cf:
                    69:1a:f7:7b:15:66:32:8e:cb:7c:b0:d8:86:8b:85:
                    c0:3a:e1:04:5c:73:fc:d8:e6:5a:38:0e:dc:03:b0:
                    d7:ee:ac:11:ac:42:84:85:b6:d7:8f:fc:44:52:cd:
                    95:f8:8d:20:da:b7:26:24:d8:01:10:62:b0:5f:e4:
                    a4:a9:1b:d1:fb:19:13:17:cf:ea:b2:93:df:9b:dc:
                    36:d7:f5:60:a1:bf:e5:aa:ae:3c:93:a8:93:1f:61:
                    8c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:31:C2:3C:4A:00:67:70:F5:B8:1B:77:3E:45:99:D1:5D:8B:34:1D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fDHCPEoAZ3D1uBt3PkWZ0V2LNB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:07:24:61:ce:0e:69:d9:cb:e5:dd:b5:45:09:2e:a7:74:77:
         24:0b:26:3f:4c:9e:05:ff:e7:f1:58:26:61:6d:52:0b:f0:99:
         f8:45:31:bd:80:d6:33:e3:d7:b8:af:ea:21:31:00:74:3e:d1:
         4d:6c:61:c9:ee:3f:35:4b:8b:a5:b0:0d:1d:3d:f5:0e:af:a6:
         72:08:bc:bc:3d:4a:da:b0:d8:dc:f5:b4:9d:1d:02:16:1d:7a:
         2a:4b:38:1f:5f:b7:00:cd:c9:7f:39:13:9d:c9:17:a4:e8:1e:
         0d:33:7e:6a:2e:13:5d:8c:a4:d1:d9:e7:cc:46:ed:a3:10:72:
         cd:ed:29:03:ef:55:6e:2e:9c:8e:3c:5e:bf:a8:03:1d:9e:c3:
         b4:b2:e2:d5:c5:4d:54:14:b5:a5:d8:b5:8a:d9:2b:68:cc:70:
         a7:74:fe:bf:b1:9b:16:04:f1:e1:c0:e4:8f:b8:70:fb:79:ca:
         de:2b:ae:d6:e1:12:57:9e:1a:1f:3c:10:14:d3:ea:73:34:4f:
         54:71:97:7b:6e:ea:11:e3:71:66:66:65:35:eb:ed:e6:be:11:
         fa:9c:f5:b7:9b:88:2e:96:7e:ed:b7:04:d8:98:dd:17:f7:af:
         c7:2b:d3:cf:7e:dd:52:46:67:fd:a8:c3:ae:3c:98:11:19:e7:
         a9:ad:45:b3
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZI2Ov8tdp8T6SZueMcE/SU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTI4MDEyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMxYzIzYzRhMDA2NzcwZjViODFiNzczZTQ1OTlkMTVkOGIzNDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnvDYnrMr42Jt0dj2jW4icw2+F21
V2q0DEqJowydgcChorrBXatHxsGddXlVshjE37QqowgCIrJuxCdwOzx3JklJiUc2
eq8t06ZuwoUSmioBZe5ps8Iis6JwT+qeT1WQ2MphEVpmguwCaDIu/UG5SBMJYMug
wPa1QgBOiYcfmyiguJrlV7JmoUT79jNEulLa2srsqpZ2ADnijX9LBOavco0xJs9p
Gvd7FWYyjst8sNiGi4XAOuEEXHP82OZaOA7cA7DX7qwRrEKEhbbXj/xEUs2V+I0g
2rcmJNgBEGKwX+SkqRvR+xkTF8/qspPfm9w21/Vgob/lqq48k6iTH2GMrQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHwxwjxKAGdw9bgbdz5FmdFdizQdMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZkRIQ1BFb0FaM0QxdUJ0M1BrV1owVjJMTkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQAwjqbAwQA
wlepAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MABAwQB1MEaMBQEAgACMA4D
BQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEADAckYc4OadnL5d21RQku
p3R3JAsmP0yeBf/n8VgmYW1SC/CZ+EUxvYDWM+PXuK/qITEAdD7RTWxhye4/NUuL
pbANHT31Dq+mcgi8vD1K2rDY3PW0nR0CFh16Kks4H1+3AM3JfzkTnckXpOgeDTN+
ai4TXYyk0dnnzEbtoxByze0pA+9Vbi6cjjxev6gDHZ7DtLLi1cVNVBS1pdi1itkr
aMxwp3T+v7GbFgTx4cDkj7hw+3nK3iuu1uESV54aHzwQFNPqczRPVHGXe27qEeNx
ZmZlNevt5r4R+pz1t5uILpZ+7bcE2JjdF/evxyvTz37dUkZn/ajDrjyYERnnqa1F
sw==
-----END CERTIFICATE-----