Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lvPjcQNRBtABVFebvsXWS4a-vII.roa
File:                     lvPjcQNRBtABVFebvsXWS4a-vII.roa (raw, json)
Hash identifier:          IrvR0Vxq/v2sIJ+N5p22bB4ItYpFGb7NlR7i0mQpU9Q=
Subject key identifier:   96:F3:E3:71:03:51:06:D0:01:54:57:9B:BE:C5:D6:4B:86:BE:BC:82
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D64EBC61224D82C503F06DD0BDC1A58E4
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lvPjcQNRBtABVFebvsXWS4a-vII.roa
Signing time:             Thu 01 Feb 2024 13:46:29 +0000
ROA not before:           Thu 01 Feb 2024 13:46:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        62.76.227.0/24 maxlen: 24
                          185.72.10.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          193.124.5.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          193.124.47.0/24 maxlen: 24
                          193.124.95.0/24 maxlen: 24
                          193.124.200.0/24 maxlen: 24
                          193.124.202.0/24 maxlen: 24
                          193.124.207.0/24 maxlen: 24
                          194.58.41.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24
                          194.58.66.0/24 maxlen: 24
                          194.58.154.0/24 maxlen: 24
                          194.87.26.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          194.87.76.0/24 maxlen: 24
                          194.87.81.0/24 maxlen: 24
                          194.87.128.0/24 maxlen: 24
                          194.87.149.0/24 maxlen: 24
                          194.87.151.0/24 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          194.87.172.0/24 maxlen: 24
                          194.87.187.0/24 maxlen: 24
                          194.87.190.0/24 maxlen: 24
                          194.87.201.0/24 maxlen: 24
                          194.87.215.0/24 maxlen: 24
                          194.87.224.0/24 maxlen: 24
                          194.87.229.0/24 maxlen: 24
                          194.87.231.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          194.135.33.0/24 maxlen: 24
                          195.58.54.0/24 maxlen: 24
                          195.58.60.0/24 maxlen: 24
                          195.58.63.0/24 maxlen: 24
                          195.133.2.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.27.0/24 maxlen: 24
                          195.133.72.0/24 maxlen: 24
                          195.133.85.0/24 maxlen: 24
                          195.133.192.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.214.0/24 maxlen: 24
                          212.193.13.0/24 maxlen: 24
                          212.193.25.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 02 Feb 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:eb:c6:12:24:d8:2c:50:3f:06:dd:0b:dc:1a:58:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb  1 13:46:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96f3e371035106d00154579bbec5d64b86bebc82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:90:c6:61:90:f8:60:dd:12:35:14:7f:92:cc:
                    17:cc:14:e0:02:f5:5a:d1:6c:a6:c8:d4:52:46:49:
                    e3:46:e7:33:6c:f4:2d:2d:69:60:de:35:f5:a9:e7:
                    1a:89:70:0a:1d:43:b2:2b:62:7a:22:05:99:64:a8:
                    c9:c4:f4:e5:3f:ca:6d:bd:53:42:db:1e:6e:f7:89:
                    be:b8:48:61:20:d2:17:1f:e7:87:fd:e0:8d:54:39:
                    f4:a1:7c:58:56:8d:8b:ca:b3:e1:24:7d:d6:82:a3:
                    80:f2:83:d4:5a:6a:73:b7:a9:66:40:5c:fc:4e:66:
                    b9:a0:cc:6d:81:73:46:7c:72:48:80:e8:34:64:fa:
                    ed:0b:98:d6:8e:69:75:52:3d:2f:6d:21:fd:9a:d0:
                    bd:73:fe:61:e7:c5:5c:f7:00:1a:98:9a:44:82:dd:
                    49:40:a0:91:02:37:e6:10:ba:25:da:07:48:32:c7:
                    22:70:6c:c6:ca:6d:ef:1e:bd:77:a6:30:4b:0b:ec:
                    89:f8:c4:19:3f:b2:45:d6:bb:8e:e7:94:15:ce:8b:
                    34:b9:90:5a:66:b6:e0:35:2f:be:1f:13:6c:89:6d:
                    4f:91:c9:77:7b:3b:88:44:46:e9:f9:07:5d:a9:a1:
                    c9:5f:c8:82:13:24:15:5b:91:6f:c2:ed:87:9c:35:
                    81:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F3:E3:71:03:51:06:D0:01:54:57:9B:BE:C5:D6:4B:86:BE:BC:82
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lvPjcQNRBtABVFebvsXWS4a-vII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.227.0/24
                  185.72.10.0/24
                  192.124.183.0/24
                  193.124.5.0/24
                  193.124.7.0/24
                  193.124.47.0/24
                  193.124.95.0/24
                  193.124.200.0/24
                  193.124.202.0/24
                  193.124.207.0/24
                  194.58.41.0-194.58.42.255
                  194.58.66.0/24
                  194.58.154.0/24
                  194.87.26.0/24
                  194.87.32.0/24
                  194.87.76.0/24
                  194.87.81.0/24
                  194.87.128.0/24
                  194.87.149.0/24
                  194.87.151.0/24
                  194.87.170.0/24
                  194.87.172.0/24
                  194.87.187.0/24
                  194.87.190.0/24
                  194.87.201.0/24
                  194.87.215.0/24
                  194.87.224.0/24
                  194.87.229.0/24
                  194.87.231.0/24
                  194.135.18.0/24
                  194.135.33.0/24
                  195.58.54.0/24
                  195.58.60.0/24
                  195.58.63.0/24
                  195.133.2.0/24
                  195.133.25.0/24
                  195.133.27.0/24
                  195.133.72.0/24
                  195.133.85.0/24
                  195.133.192.0/24
                  212.192.1.0/24
                  212.192.214.0/24
                  212.193.13.0/24
                  212.193.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:c8:1f:70:2e:76:6d:73:c3:a8:be:4b:33:1c:82:2f:ca:6d:
         75:fe:2f:4b:5e:9f:ed:8c:1d:c4:9b:d8:c7:ba:cf:99:9d:57:
         27:fb:de:85:31:05:21:7b:c5:23:32:14:b3:c9:74:54:ca:f7:
         01:0f:3d:25:4d:b0:79:22:40:63:24:87:5b:73:ae:5e:d9:66:
         e0:5f:06:15:11:07:7e:cb:7c:4c:88:22:ad:ff:9e:63:e8:7c:
         08:36:4a:82:4f:8a:63:8f:01:18:e2:e6:b7:78:6b:7b:d3:b6:
         f2:6e:06:50:e1:1c:10:20:63:31:25:bf:1a:04:6d:29:a9:f7:
         21:e0:b7:75:cd:1a:33:63:f8:81:5a:3c:52:41:50:85:41:6e:
         3b:59:cb:c1:97:b9:c7:74:b4:85:91:56:40:0a:48:d9:d6:9d:
         b4:40:ca:d9:bc:e1:c8:22:cc:8b:b9:3a:c3:81:e8:27:b3:92:
         3e:78:aa:a2:ae:07:b3:0d:df:2e:be:ea:ec:27:be:bc:e0:c3:
         11:77:65:37:82:e7:24:8c:55:7c:a4:35:e7:f6:06:6a:79:80:
         d0:c2:15:38:c6:8a:06:ae:96:3c:64:eb:69:1d:90:a2:d4:ea:
         da:1d:67:57:08:29:a8:16:21:1f:9d:95:51:19:fc:c6:d5:00:
         4e:40:ff:4d
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgISAY1k68YSJNgsUD8G3QvcGljkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjAxMTM0NjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmYzZTM3MTAzNTEwNmQwMDE1NDU3OWJiZWM1ZDY0Yjg2YmViYzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZDGYZD4YN0SNRR/kswXzBTgAvVa
0WymyNRSRknjRuczbPQtLWlg3jX1qecaiXAKHUOyK2J6IgWZZKjJxPTlP8ptvVNC
2x5u94m+uEhhINIXH+eH/eCNVDn0oXxYVo2LyrPhJH3WgqOA8oPUWmpzt6lmQFz8
Tma5oMxtgXNGfHJIgOg0ZPrtC5jWjml1Uj0vbSH9mtC9c/5h58Vc9wAamJpEgt1J
QKCRAjfmELol2gdIMscicGzGym3vHr13pjBLC+yJ+MQZP7JF1ruO55QVzos0uZBa
ZrbgNS++HxNsiW1Pkcl3ezuIREbp+QddqaHJX8iCEyQVW5Fvwu2HnDWBYQIDAQAB
o4IDHTCCAxkwHQYDVR0OBBYEFJbz43EDUQbQAVRXm77F1kuGvryCMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbHZQamNRTlJCdEFCVkZlYnZzWFdTNGEtdklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMQYIKwYBBQUHAQcBAf8EggEgMIIBHDCCARgEAgABMIIB
EAMEAD5M4wMEALlICgMEAMB8twMEAMF8BQMEAMF8BwMEAMF8LwMEAMF8XwMEAMF8
yAMEAMF8ygMEAMF8zzAMAwQAwjopAwQAwjoqAwQAwjpCAwQAwjqaAwQAwlcaAwQA
wlcgAwQAwldMAwQAwldRAwQAwleAAwQAwleVAwQAwleXAwQAwleqAwQAwlesAwQA
wle7AwQAwle+AwQAwlfJAwQAwlfXAwQAwlfgAwQAwlflAwQAwlfnAwQAwocSAwQA
wochAwQAwzo2AwQAwzo8AwQAwzo/AwQAw4UCAwQAw4UZAwQAw4UbAwQAw4VIAwQA
w4VVAwQAw4XAAwQA1MABAwQA1MDWAwQA1MENAwQA1MEZMA0GCSqGSIb3DQEBCwUA
A4IBAQBFyB9wLnZtc8OovkszHIIvym11/i9LXp/tjB3Em9jHus+ZnVcn+96FMQUh
e8UjMhSzyXRUyvcBDz0lTbB5IkBjJIdbc65e2WbgXwYVEQd+y3xMiCKt/55j6HwI
NkqCT4pjjwEY4ua3eGt707bybgZQ4RwQIGMxJb8aBG0pqfch4Ld1zRozY/iBWjxS
QVCFQW47WcvBl7nHdLSFkVZACkjZ1p20QMrZvOHIIsyLuTrDgegns5I+eKqirgez
Dd8uvursJ7684MMRd2U3guckjFV8pDXn9gZqeYDQwhU4xooGrpY8ZOtpHZCi1Ora
HWdXCCmoFiEfnZVRGfzG1QBOQP9N
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:25 2024 by rpki-client on console-fra.rpki-client.org