Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nNf3U9a7tj6cPD-jlJGKoS58qr8.roa
File:                     nNf3U9a7tj6cPD-jlJGKoS58qr8.roa (raw, json)
Hash identifier:          bxGNaMqVjzVChBKhBj+C2GzIbrGSmoQk0gicIZz5nt8=
Subject key identifier:   9C:D7:F7:53:D6:BB:B6:3E:9C:3C:3F:A3:94:91:8A:A1:2E:7C:AA:BF
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018BF2A2DDF30CFB2D161B217C77D5C0F493
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nNf3U9a7tj6cPD-jlJGKoS58qr8.roa
Signing time:             Tue 21 Nov 2023 16:07:21 +0000
ROA not before:           Tue 21 Nov 2023 16:07:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        212.192.221.0/24 maxlen: 24
                          192.124.181.0/24 maxlen: 24
                          192.124.190.0/24 maxlen: 24
                          192.124.188.0/24 maxlen: 24
                          192.124.191.0/24 maxlen: 24
                          192.124.209.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 29 Nov 2023 17:51:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f2:a2:dd:f3:0c:fb:2d:16:1b:21:7c:77:d5:c0:f4:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 21 16:07:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9cd7f753d6bbb63e9c3c3fa394918aa12e7caabf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:4c:e9:3e:f8:6d:8d:44:48:cc:a3:56:7f:ce:
                    76:ab:a5:05:68:05:a6:7d:c8:80:18:fc:c5:1d:e6:
                    01:10:68:59:c5:c1:d5:44:80:81:38:82:e7:0b:53:
                    26:55:70:ff:66:ac:ce:b2:6a:5f:04:cd:af:43:7c:
                    a8:f8:a9:92:a7:bf:a7:98:3c:4c:77:1d:e7:14:43:
                    1e:d5:79:8c:dc:08:c0:9f:8c:b2:78:6d:db:09:ca:
                    bf:5a:96:1f:2f:4c:b4:57:eb:b1:fb:88:54:c9:c5:
                    64:06:2a:ea:91:fb:be:49:57:4a:41:71:f4:a2:01:
                    ae:d9:1a:fa:90:0c:1f:0a:5e:fa:16:7a:89:a2:d5:
                    11:eb:fb:d4:04:35:fa:ba:dd:07:43:69:87:fa:41:
                    2b:c1:89:3b:62:4a:cb:41:b9:75:b2:84:62:2a:e0:
                    00:12:05:74:19:5d:21:68:90:0c:1f:e6:9e:1e:2e:
                    9b:25:10:3a:68:01:ad:ec:6e:08:b0:7b:f7:85:8b:
                    eb:dd:6c:0c:87:4f:eb:7c:9e:a3:dd:9d:1c:bb:79:
                    41:37:ee:4e:3e:86:6b:90:50:ed:57:58:2e:3c:2c:
                    c8:6d:0d:e8:00:f8:0e:9c:9c:ad:73:21:28:67:e4:
                    7b:05:89:ff:48:b5:91:0b:76:ab:6b:bd:f2:5e:69:
                    dd:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D7:F7:53:D6:BB:B6:3E:9C:3C:3F:A3:94:91:8A:A1:2E:7C:AA:BF
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nNf3U9a7tj6cPD-jlJGKoS58qr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.181.0/24
                  192.124.188.0/24
                  192.124.190.0/23
                  192.124.209.0/24
                  212.192.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:96:04:c2:b2:f7:93:c6:c0:25:04:0f:95:64:a3:c8:e2:c7:
         76:d8:2b:bb:7c:e2:77:f0:06:81:37:01:29:16:3f:47:c1:ca:
         8f:65:68:92:8d:01:1a:fe:06:5f:95:c2:62:c9:a3:29:b0:29:
         44:8d:a1:c6:62:38:a0:f2:b3:f9:08:49:0f:b9:67:f4:b7:b1:
         7a:30:52:7f:33:1d:32:d1:01:54:60:e2:06:ac:8e:77:46:db:
         2e:a2:47:26:14:da:e8:0f:7f:cf:07:7c:69:d6:e0:31:59:9b:
         d6:d5:10:ef:fc:68:5f:62:9c:c6:73:f5:e6:d1:b8:b5:ad:fa:
         8d:70:72:71:5c:f7:ad:42:01:89:d9:73:bc:16:7b:3c:d6:a2:
         98:e7:46:af:74:55:f2:ef:48:15:26:07:df:d9:15:6b:83:8e:
         7d:f0:0a:55:0a:03:dd:d8:fa:b2:28:c0:18:ee:c9:79:b6:8f:
         0d:31:c4:b4:1f:7a:a5:a2:4b:3d:db:74:83:a6:42:9f:68:bc:
         1c:2c:ed:5f:c1:9b:f1:dd:d2:3b:8d:c0:72:96:fa:fb:d5:2a:
         68:0f:57:d5:96:51:2f:11:0e:33:28:bf:31:93:00:99:15:00:
         bf:a8:44:b5:27:b6:b6:21:13:1f:1a:9b:08:96:b1:d0:22:54:
         4b:51:65:98
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYvyot3zDPstFhshfHfVwPSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMTIxMTYwNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Q3Zjc1M2Q2YmJiNjNlOWMzYzNmYTM5NDkxOGFhMTJlN2NhYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEzpPvhtjURIzKNWf852q6UFaAWm
fciAGPzFHeYBEGhZxcHVRICBOILnC1MmVXD/ZqzOsmpfBM2vQ3yo+KmSp7+nmDxM
dx3nFEMe1XmM3AjAn4yyeG3bCcq/WpYfL0y0V+ux+4hUycVkBirqkfu+SVdKQXH0
ogGu2Rr6kAwfCl76FnqJotUR6/vUBDX6ut0HQ2mH+kErwYk7YkrLQbl1soRiKuAA
EgV0GV0haJAMH+aeHi6bJRA6aAGt7G4IsHv3hYvr3WwMh0/rfJ6j3Z0cu3lBN+5O
PoZrkFDtV1guPCzIbQ3oAPgOnJytcyEoZ+R7BYn/SLWRC3ara73yXmndBQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJzX91PWu7Y+nDw/o5SRiqEufKq/MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbk5mM1U5YTd0ajZjUEQtamxKR0tvUzU4cXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwHy1AwQA
wHy8AwQBwHy+AwQAwHzRAwQA1MDdMA0GCSqGSIb3DQEBCwUAA4IBAQB/lgTCsveT
xsAlBA+VZKPI4sd22Cu7fOJ38AaBNwEpFj9HwcqPZWiSjQEa/gZflcJiyaMpsClE
jaHGYjig8rP5CEkPuWf0t7F6MFJ/Mx0y0QFUYOIGrI53RtsuokcmFNroD3/PB3xp
1uAxWZvW1RDv/GhfYpzGc/Xm0bi1rfqNcHJxXPetQgGJ2XO8Fns81qKY50avdFXy
70gVJgff2RVrg4598ApVCgPd2PqyKMAY7sl5to8NMcS0H3qloks923SDpkKfaLwc
LO1fwZvx3dI7jcBylvr71SpoD1fVllEvEQ4zKL8xkwCZFQC/qES1J7a2IRMfGpsI
lrHQIlRLUWWY
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:45 2024 by rpki-client on console-ams.rpki-client.org