Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kNw-ILW08SYYyiSo1Br5WdEQET4.roa
File:                     kNw-ILW08SYYyiSo1Br5WdEQET4.roa (raw, json)
Hash identifier:          akExDsBuzM7QhRDws4e2yESeqSaVPZ/2JFMz+d4HyJ8=
Subject key identifier:   90:DC:3E:20:B5:B4:F1:26:18:CA:24:A8:D4:1A:F9:59:D1:10:11:3E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018B1E32506CA80A88D43BE88E064B691D1B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kNw-ILW08SYYyiSo1Br5WdEQET4.roa
Signing time:             Wed 11 Oct 2023 10:04:55 +0000
ROA not before:           Wed 11 Oct 2023 10:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203639
IP address blocks:        212.193.14.0/24 maxlen: 24
                          194.87.208.0/24 maxlen: 24
                          194.87.2.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.231.0/24 maxlen: 24
                          212.192.4.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          195.133.14.0/24 maxlen: 24
                          212.192.8.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.27.0/24 maxlen: 24
                          194.87.172.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          195.133.35.0/24 maxlen: 24
                          194.87.136.0/24 maxlen: 24
                          185.72.11.0/24 maxlen: 24
                          194.87.76.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24
                          194.87.81.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 23 Oct 2023 14:42:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1e:32:50:6c:a8:0a:88:d4:3b:e8:8e:06:4b:69:1d:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 11 10:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=90dc3e20b5b4f12618ca24a8d41af959d110113e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:59:1e:39:c9:f1:6b:2b:67:e3:8e:b9:26:59:
                    8f:86:d0:29:69:e4:d9:ab:cb:c1:0e:82:b6:4c:75:
                    9b:0f:6f:45:ee:fd:4c:e7:69:67:22:1a:cd:91:60:
                    01:b8:7c:c3:a6:6a:43:34:01:df:27:fc:5a:be:1b:
                    01:ee:11:a5:98:60:d8:d8:26:4e:3c:0f:3c:41:10:
                    f9:5a:ca:b7:84:9e:36:0e:a2:dc:d0:9c:b7:a5:e2:
                    f7:f7:9a:61:a8:c7:c8:c5:ca:01:ac:d3:a6:8c:6a:
                    fa:dc:fe:9f:c2:b2:44:1d:77:dd:23:a9:f0:19:8e:
                    e2:16:64:92:ac:13:b2:a3:0c:f8:bf:68:57:f1:cf:
                    ee:28:98:7c:72:86:49:04:0e:40:0d:cf:11:d2:2d:
                    8f:cf:3f:7d:43:3a:9f:a5:84:d2:2c:77:f0:0e:29:
                    04:99:25:22:3f:ab:de:67:d8:a0:2f:0d:fa:6f:56:
                    19:dd:87:9a:e4:22:44:20:77:1f:c0:73:90:b7:8c:
                    df:61:14:24:c6:09:23:18:a2:90:b1:dc:c6:d1:9c:
                    74:61:ee:4c:ef:35:d5:dc:0c:37:96:e5:c4:81:7b:
                    0e:f6:64:e1:bd:ea:2e:25:e0:1f:fc:18:4a:e9:24:
                    87:a3:ae:a4:6d:91:5a:7b:99:5d:20:81:c6:60:c5:
                    3c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:DC:3E:20:B5:B4:F1:26:18:CA:24:A8:D4:1A:F9:59:D1:10:11:3E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kNw-ILW08SYYyiSo1Br5WdEQET4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.11.0/24
                  192.124.180.0/24
                  193.124.90.0/24
                  194.58.42.0/24
                  194.87.2.0/24
                  194.87.76.0/24
                  194.87.81.0/24
                  194.87.136.0/24
                  194.87.172.0/24
                  194.87.208.0/24
                  194.87.226.0/24
                  194.87.231.0/24
                  195.133.14.0/23
                  195.133.25.0/24
                  195.133.27.0/24
                  195.133.35.0/24
                  212.192.4.0/24
                  212.192.8.0/24
                  212.193.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a8:fa:35:91:05:21:68:ab:34:4b:9b:3b:3a:9c:a9:14:c2:
         48:c4:b4:5e:d2:67:a2:07:ab:05:2c:ce:f0:ba:8c:0d:39:00:
         6a:cc:d2:42:b8:dd:3b:ff:01:d1:a4:ed:3c:23:33:58:2d:66:
         c9:3b:41:d7:04:8d:58:55:fb:25:db:32:a6:72:26:3b:83:70:
         2e:a5:63:46:8b:fd:e4:03:2f:fa:29:d8:d0:2d:b0:f7:4a:91:
         76:a3:1d:66:56:86:e7:bb:0e:4d:88:2c:6e:c4:73:ca:41:12:
         95:03:6c:a3:4f:cd:cf:ba:75:2b:e3:5c:73:5d:f2:c0:97:29:
         95:77:f1:38:f3:70:43:10:c8:c4:ce:db:73:c7:57:57:9e:0f:
         7f:e2:c0:41:a7:7c:22:9d:31:17:93:b3:14:c7:ca:57:93:2c:
         5e:0e:6a:f1:fe:07:ab:50:97:62:78:1e:61:31:2c:29:e0:ed:
         99:14:11:cd:40:87:dc:96:0b:88:16:8d:4f:2e:8d:4a:42:ef:
         95:9d:58:79:e0:24:38:44:e0:ff:18:dc:88:90:2b:1b:67:10:
         d6:8c:69:40:4b:12:98:be:c8:f0:01:80:59:1f:49:f0:bc:1c:
         b3:6d:c7:7a:04:b1:e8:f9:c8:ac:c7:be:af:ea:0b:06:6e:79:
         74:6d:58:6d
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAYseMlBsqAqI1DvojgZLaR0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMDExMTAwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGRjM2UyMGI1YjRmMTI2MThjYTI0YThkNDFhZjk1OWQxMTAxMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFkeOcnxaytn4465JlmPhtApaeTZ
q8vBDoK2THWbD29F7v1M52lnIhrNkWABuHzDpmpDNAHfJ/xavhsB7hGlmGDY2CZO
PA88QRD5Wsq3hJ42DqLc0Jy3peL395phqMfIxcoBrNOmjGr63P6fwrJEHXfdI6nw
GY7iFmSSrBOyowz4v2hX8c/uKJh8coZJBA5ADc8R0i2Pzz99QzqfpYTSLHfwDikE
mSUiP6veZ9igLw36b1YZ3Yea5CJEIHcfwHOQt4zfYRQkxgkjGKKQsdzG0Zx0Ye5M
7zXV3Aw3luXEgXsO9mThveouJeAf/BhK6SSHo66kbZFae5ldIIHGYMU8hwIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFJDcPiC1tPEmGMokqNQa+VnREBE+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEva053LUlMVzA4U1lZeWlTbzFCcjVXZEVRRVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcgMEALlICwME
AMB8tAMEAMF8WgMEAMI6KgMEAMJXAgMEAMJXTAMEAMJXUQMEAMJXiAMEAMJXrAME
AMJX0AMEAMJX4gMEAMJX5wMEAcOFDgMEAMOFGQMEAMOFGwMEAMOFIwMEANTABAME
ANTACAMEANTBDjANBgkqhkiG9w0BAQsFAAOCAQEAIKj6NZEFIWirNEubOzqcqRTC
SMS0XtJnogerBSzO8LqMDTkAaszSQrjdO/8B0aTtPCMzWC1myTtB1wSNWFX7Jdsy
pnImO4NwLqVjRov95AMv+inY0C2w90qRdqMdZlaG57sOTYgsbsRzykESlQNso0/N
z7p1K+Ncc13ywJcplXfxOPNwQxDIxM7bc8dXV54Pf+LAQad8Ip0xF5OzFMfKV5Ms
Xg5q8f4Hq1CXYngeYTEsKeDtmRQRzUCH3JYLiBaNTy6NSkLvlZ1YeeAkOETg/xjc
iJArG2cQ1oxpQEsSmL7I8AGAWR9J8Lwcs23HegSx6PnIrMe+r+oLBm55dG1YbQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:44 2024 by rpki-client on console-ams.rpki-client.org