Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hrv7a7aQkUcZ3Czo8EoxW2xXrfY.roa
File:                     hrv7a7aQkUcZ3Czo8EoxW2xXrfY.roa (raw, json)
Hash identifier:          pc6fQGNzNlfqJ6AqOwFtCqs19E/JZjmMCMEkzN7/llI=
Subject key identifier:   86:BB:FB:6B:B6:90:91:47:19:DC:2C:E8:F0:4A:31:5B:6C:57:AD:F6
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0191C9034F58FDF95BE6467E4E971B399DB5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hrv7a7aQkUcZ3Czo8EoxW2xXrfY.roa
Signing time:             Fri 06 Sep 2024 20:25:23 +0000
ROA not before:           Fri 06 Sep 2024 20:25:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398343
IP address blocks:        193.124.15.0/24 maxlen: 24
                          193.124.24.0/24 maxlen: 24
                          194.87.123.0/24 maxlen: 24
                          194.135.104.0/24 maxlen: 24
                          195.133.83.0/24 maxlen: 24
                          212.193.6.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 26 Sep 2024 13:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c9:03:4f:58:fd:f9:5b:e6:46:7e:4e:97:1b:39:9d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep  6 20:25:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86bbfb6bb690914719dc2ce8f04a315b6c57adf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1b:46:33:f0:81:b8:ec:ab:8a:8a:26:ec:c5:
                    59:ce:b7:02:49:2f:40:34:de:22:31:46:0e:dc:ad:
                    52:90:06:6d:f7:6b:6e:0a:16:05:9f:4b:29:c2:95:
                    31:ff:02:d5:66:db:eb:1e:65:ba:4b:40:b3:6e:e8:
                    8d:86:93:53:95:03:ac:3d:05:0e:bd:cc:27:48:3e:
                    5a:d0:d9:6c:6e:bb:50:1c:c0:7e:fd:3b:9e:e4:58:
                    d6:9d:4b:36:f7:d1:f5:af:06:4d:f2:14:69:7b:b2:
                    52:c5:2c:ab:49:a7:90:e5:bf:49:e2:ae:94:7c:3d:
                    96:06:fa:ab:f7:60:fd:bf:42:77:8a:6f:cd:2e:07:
                    80:59:4b:0b:8d:3a:32:de:cc:c4:5d:bb:98:8d:2c:
                    ff:28:99:d8:94:06:6f:24:05:4e:3b:13:ed:0e:97:
                    36:55:4e:b5:9a:f0:c4:73:0f:64:57:fe:be:57:cb:
                    5c:7f:b4:a9:b3:0f:e5:f6:9c:4a:8d:d2:d7:16:c3:
                    02:1c:16:e4:6b:83:a9:c5:be:9a:38:68:20:49:4b:
                    8e:9d:80:91:f6:25:88:68:4e:64:7a:5c:9b:c3:e3:
                    77:8c:e1:60:1c:df:47:88:7c:ef:00:a0:0b:cb:49:
                    63:5b:b4:51:7e:fa:c7:6b:b6:e7:e4:3b:f5:72:19:
                    05:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BB:FB:6B:B6:90:91:47:19:DC:2C:E8:F0:4A:31:5B:6C:57:AD:F6
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hrv7a7aQkUcZ3Czo8EoxW2xXrfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.15.0/24
                  193.124.24.0/24
                  194.87.123.0/24
                  194.135.104.0/24
                  195.133.83.0/24
                  212.193.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:8a:ad:90:59:b9:3f:03:5c:b3:cf:07:9a:2e:ac:bb:5b:7a:
         b7:e4:9e:ad:80:ad:2f:d9:f3:2e:91:bf:e8:1f:4c:46:cc:7d:
         db:93:fc:80:eb:ed:44:19:d0:23:ce:f3:32:ef:48:ce:20:08:
         30:cc:d0:cd:ca:b5:b0:4a:5a:c3:a1:e0:ed:d1:d2:05:34:8e:
         b4:84:f2:79:f2:93:5c:1f:af:a8:a1:ed:48:e6:19:74:f5:6c:
         10:df:01:20:40:f9:0a:de:a6:79:d9:62:11:b7:9f:3d:3b:70:
         df:b4:a8:a1:0c:06:48:ba:25:e2:8f:a6:6f:57:96:bb:e5:5e:
         a9:af:63:4a:f0:79:2a:3d:93:86:1d:a7:df:f6:0f:bc:0f:43:
         17:4f:2e:4d:d1:96:ff:0a:3c:b8:5b:4c:58:37:fe:6a:8f:75:
         05:ea:af:00:8e:4a:0e:49:28:86:36:27:29:67:fe:7c:70:54:
         f5:0e:3a:8c:75:5d:2c:d6:95:42:3c:e3:af:f0:ad:8c:65:ea:
         f8:c3:a9:02:e1:56:7e:3d:80:7c:5c:89:d7:21:db:b2:7a:ca:
         f3:5f:0c:c6:33:75:4b:a5:4e:f8:b6:5e:bc:33:02:d9:83:9a:
         7b:91:68:f7:b5:a4:8d:17:f0:c3:02:8c:5a:9f:4c:51:44:7f:
         b2:3b:b5:aa
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZHJA09Y/flb5kZ+TpcbOZ21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTA2MjAyNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmJiZmI2YmI2OTA5MTQ3MTlkYzJjZThmMDRhMzE1YjZjNTdhZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBtGM/CBuOyrioom7MVZzrcCSS9A
NN4iMUYO3K1SkAZt92tuChYFn0spwpUx/wLVZtvrHmW6S0CzbuiNhpNTlQOsPQUO
vcwnSD5a0NlsbrtQHMB+/Tue5FjWnUs299H1rwZN8hRpe7JSxSyrSaeQ5b9J4q6U
fD2WBvqr92D9v0J3im/NLgeAWUsLjToy3szEXbuYjSz/KJnYlAZvJAVOOxPtDpc2
VU61mvDEcw9kV/6+V8tcf7Spsw/l9pxKjdLXFsMCHBbka4Opxb6aOGggSUuOnYCR
9iWIaE5kelybw+N3jOFgHN9HiHzvAKALy0ljW7RRfvrHa7bn5Dv1chkFSQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIa7+2u2kJFHGdws6PBKMVtsV632MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaHJ2N2E3YVFrVWNaM0N6bzhFb3hXMnhYcmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwXwPAwQA
wXwYAwQAwld7AwQAwodoAwQAw4VTAwQA1MEGMA0GCSqGSIb3DQEBCwUAA4IBAQAa
iq2QWbk/A1yzzweaLqy7W3q35J6tgK0v2fMukb/oH0xGzH3bk/yA6+1EGdAjzvMy
70jOIAgwzNDNyrWwSlrDoeDt0dIFNI60hPJ58pNcH6+ooe1I5hl09WwQ3wEgQPkK
3qZ52WIRt589O3DftKihDAZIuiXij6ZvV5a75V6pr2NK8HkqPZOGHaff9g+8D0MX
Ty5N0Zb/Cjy4W0xYN/5qj3UF6q8AjkoOSSiGNicpZ/58cFT1DjqMdV0s1pVCPOOv
8K2MZer4w6kC4VZ+PYB8XInXIduyesrzXwzGM3VLpU74tl68MwLZg5p7kWj3taSN
F/DDAoxan0xRRH+yO7Wq
-----END CERTIFICATE-----
Generated at Thu Sep 26 16:48:09 2024 by rpki-client on console-ams.rpki-client.org