Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lptmetjJStP8I5wap4AVH4N3QZo.roa
File:                     lptmetjJStP8I5wap4AVH4N3QZo.roa (raw, json)
Hash identifier:          XiDriYKbXan6EXwaOc5NHItewGlVu1bFfccEqu7n9jQ=
Subject key identifier:   96:9B:66:7A:D8:C9:4A:D3:FC:23:9C:1A:A7:80:15:1F:83:77:41:9A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0188056ED56EA3047C89106D6FC9B772D21C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lptmetjJStP8I5wap4AVH4N3QZo.roa
Signing time:             Wed 10 May 2023 11:32:09 +0000
ROA not before:           Wed 10 May 2023 11:32:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213035
IP address blocks:        212.193.31.0/24 maxlen: 24
                          193.124.227.0/24 maxlen: 24
                          212.193.29.0/24 maxlen: 24
                          212.193.28.0/24 maxlen: 24
                          195.133.16.0/24 maxlen: 24
                          212.192.218.0/24 maxlen: 24
                          212.192.216.0/24 maxlen: 24
                          195.133.17.0/24 maxlen: 24
                          195.133.13.0/24 maxlen: 24
                          212.192.219.0/24 maxlen: 24
                          212.192.217.0/24 maxlen: 24
                          195.133.37.0/24 maxlen: 24
                          212.192.240.0/24 maxlen: 24
                          192.124.188.0/24 maxlen: 24
                          212.192.243.0/24 maxlen: 24
                          195.133.42.0/24 maxlen: 24
                          195.133.43.0/24 maxlen: 24
                          194.87.84.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:05:6e:d5:6e:a3:04:7c:89:10:6d:6f:c9:b7:72:d2:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 10 11:32:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=969b667ad8c94ad3fc239c1aa780151f8377419a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f2:d5:31:18:9d:22:bf:8e:2a:03:f5:8f:c7:
                    a3:e9:51:ca:0a:2b:29:73:1d:2b:6b:6f:48:53:01:
                    76:2c:cf:0b:a6:6a:30:04:47:3e:da:c6:a8:e1:9a:
                    2b:41:58:9b:46:c1:76:94:bc:fd:19:b0:ff:97:96:
                    f7:7e:c3:27:73:30:ed:b1:31:6e:cd:4a:63:97:ad:
                    27:b3:c2:bf:56:c5:dc:9b:5e:d0:a3:1d:c1:b7:03:
                    46:2b:7c:cf:96:89:9e:f8:b6:eb:cc:13:45:95:ec:
                    67:38:90:8d:8a:44:2a:da:32:6e:95:89:8a:b1:dd:
                    b3:73:02:0e:85:d3:51:a3:32:03:0f:9f:cc:35:8a:
                    74:bd:85:db:5b:fd:47:11:8a:07:c7:5c:36:f0:dc:
                    46:3e:01:a3:ac:a3:56:5f:68:4e:76:4f:a3:5c:56:
                    a7:ab:f4:c2:ad:fd:88:03:f1:ce:e5:43:98:36:49:
                    f4:94:45:80:b1:95:5f:b0:fa:73:a2:32:74:a0:42:
                    64:ae:b9:fb:75:e7:d7:9b:c0:71:84:a4:53:02:b2:
                    53:79:93:76:84:5c:6f:96:9d:c5:73:d1:58:96:06:
                    04:70:0c:65:b5:f9:a9:79:9b:93:28:e8:2d:43:1e:
                    c9:bb:80:f3:4b:d8:6d:95:3a:8c:4c:b3:27:06:cc:
                    ab:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:9B:66:7A:D8:C9:4A:D3:FC:23:9C:1A:A7:80:15:1F:83:77:41:9A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lptmetjJStP8I5wap4AVH4N3QZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.188.0/24
                  193.124.227.0/24
                  194.87.84.0/24
                  195.133.13.0/24
                  195.133.16.0/23
                  195.133.37.0/24
                  195.133.42.0/23
                  212.192.216.0/22
                  212.192.240.0/24
                  212.192.243.0/24
                  212.193.28.0/23
                  212.193.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:73:79:73:ac:96:51:18:88:b5:03:07:89:c7:0b:b4:e8:ad:
         d6:ac:da:e6:61:5c:3f:8a:1b:80:b4:46:ae:1b:c8:21:64:3a:
         36:4b:fb:c6:2b:b1:5c:61:b9:f6:e9:d5:1d:fe:67:22:82:5b:
         46:57:ef:ca:99:d9:b2:4a:6e:db:8b:d3:90:75:2b:c7:42:1b:
         8c:a2:19:b9:2e:0c:fa:63:bb:47:54:ad:db:e1:82:4c:a8:d9:
         0f:b7:d1:f9:82:40:1b:01:93:d3:87:c1:52:51:72:d5:45:d6:
         ae:7f:39:a1:a2:3a:1d:11:31:84:0a:9c:57:49:af:77:bc:54:
         d0:c2:e4:2f:d9:69:5c:78:67:b0:08:47:90:07:9c:a2:89:76:
         5a:6d:5a:71:09:3e:79:c2:64:9d:91:57:6e:ee:f3:9b:d8:7b:
         49:52:aa:f1:a2:b6:86:ed:c6:ac:c8:83:6f:b3:b0:92:a8:8a:
         cb:8d:68:63:62:4a:17:11:72:18:36:6b:c3:c8:ae:17:84:3b:
         d1:7a:ca:06:2e:9b:86:de:53:76:40:d5:78:3d:db:48:50:d0:
         a2:9f:89:73:f8:23:b3:17:75:59:9a:22:f5:9c:90:dc:dd:d2:
         e8:0b:9b:8c:ec:44:49:78:53:3d:08:f8:8a:fd:44:27:a0:9a:
         55:6a:ae:c5
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYgFbtVuowR8iRBtb8m3ctIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNTEwMTEzMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjliNjY3YWQ4Yzk0YWQzZmMyMzljMWFhNzgwMTUxZjgzNzc0MTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/LVMRidIr+OKgP1j8ej6VHKCisp
cx0ra29IUwF2LM8LpmowBEc+2sao4ZorQVibRsF2lLz9GbD/l5b3fsMnczDtsTFu
zUpjl60ns8K/VsXcm17Qox3BtwNGK3zPlome+LbrzBNFlexnOJCNikQq2jJulYmK
sd2zcwIOhdNRozIDD5/MNYp0vYXbW/1HEYoHx1w28NxGPgGjrKNWX2hOdk+jXFan
q/TCrf2IA/HO5UOYNkn0lEWAsZVfsPpzojJ0oEJkrrn7defXm8BxhKRTArJTeZN2
hFxvlp3Fc9FYlgYEcAxltfmpeZuTKOgtQx7Ju4DzS9htlTqMTLMnBsyrYQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJabZnrYyUrT/COcGqeAFR+Dd0GaMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbHB0bWV0akpTdFA4STV3YXA0QVZINE4zUVpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAwHy8AwQA
wXzjAwQAwldUAwQAw4UNAwQBw4UQAwQAw4UlAwQBw4UqAwQC1MDYAwQA1MDwAwQA
1MDzAwQB1MEcAwQA1MEfMA0GCSqGSIb3DQEBCwUAA4IBAQCAc3lzrJZRGIi1AweJ
xwu06K3WrNrmYVw/ihuAtEauG8ghZDo2S/vGK7FcYbn26dUd/mcigltGV+/Kmdmy
Sm7bi9OQdSvHQhuMohm5Lgz6Y7tHVK3b4YJMqNkPt9H5gkAbAZPTh8FSUXLVRdau
fzmhojodETGECpxXSa93vFTQwuQv2WlceGewCEeQB5yiiXZabVpxCT55wmSdkVdu
7vOb2HtJUqrxoraG7casyINvs7CSqIrLjWhjYkoXEXIYNmvDyK4XhDvResoGLpuG
3lN2QNV4PdtIUNCin4lz+COzF3VZmiL1nJDc3dLoC5uM7ERJeFM9CPiK/UQnoJpV
aq7F
-----END CERTIFICATE-----