Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pSXFGf_E-3egaOFaAiL7xfp0uD8.roa
File:                     pSXFGf_E-3egaOFaAiL7xfp0uD8.roa (raw, json)
Hash identifier:          Y/2StxUivq8+vx8hK34J6M1hvN9oNEapHZ+vU4eKNes=
Subject key identifier:   A5:25:C5:19:FF:C4:FB:77:A0:68:E1:5A:02:22:FB:C5:FA:74:B8:3F
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01869B8DCA86E300F245ED22EE747FC9A974
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pSXFGf_E-3egaOFaAiL7xfp0uD8.roa
Signing time:             Wed 01 Mar 2023 05:03:26 +0000
ROA not before:           Wed 01 Mar 2023 05:03:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58212
IP address blocks:        194.87.207.0/24 maxlen: 24
                          193.124.18.0/24 maxlen: 24
                          193.124.41.0/24 maxlen: 24
                          194.87.30.0/24 maxlen: 24
                          193.124.47.0/24 maxlen: 24
                          195.133.12.0/24 maxlen: 24
                          212.192.7.0/24 maxlen: 24
                          194.58.43.0/24 maxlen: 24
                          194.87.163.0/24 maxlen: 24
                          194.87.161.0/24 maxlen: 24
                          194.58.46.0/24 maxlen: 24
                          212.192.30.0/24 maxlen: 24
                          193.124.205.0/24 maxlen: 24
                          194.87.108.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.64.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 01 Mar 2023 07:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:9b:8d:ca:86:e3:00:f2:45:ed:22:ee:74:7f:c9:a9:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar  1 05:03:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a525c519ffc4fb77a068e15a0222fbc5fa74b83f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:22:c9:f4:fc:7a:e9:73:b0:5c:d8:c4:05:45:
                    a6:f0:32:b9:fc:14:03:e2:45:3d:5e:44:fd:30:4a:
                    ec:47:5b:24:21:5f:86:11:4c:30:5f:cb:2c:53:17:
                    d9:af:06:50:16:25:a4:2e:8a:d5:de:95:c2:f6:9a:
                    31:4b:c8:b8:0b:fd:83:33:f7:33:87:00:24:ac:49:
                    b2:78:19:21:f6:8a:c3:ea:1c:72:ee:da:8c:eb:68:
                    5d:ff:64:91:dc:54:0b:0e:3a:8a:f1:17:92:40:e2:
                    12:39:7b:24:3d:c7:68:9f:ae:1c:7c:e7:80:87:1f:
                    e2:08:ea:e9:1d:67:21:1a:3a:ea:5d:cb:49:d9:56:
                    6b:b2:2c:66:01:da:a2:97:d2:93:87:88:f5:46:d8:
                    99:ec:08:9b:e8:7b:a4:5d:e5:97:04:9d:ca:26:1a:
                    72:07:09:8a:cf:b4:4b:fb:c9:73:d3:6f:98:09:5e:
                    6e:1f:fb:c2:95:78:58:58:fe:67:53:c0:af:ac:36:
                    cf:41:84:74:9f:18:dd:dd:f8:e7:ef:c2:86:77:8d:
                    14:0a:5e:02:95:35:e8:eb:33:7a:38:52:91:8b:2d:
                    ec:c6:4f:b9:0d:0e:fc:ce:f4:e0:07:45:c2:fe:cf:
                    de:6e:06:2a:f4:36:48:27:c9:4f:fd:74:34:ab:e2:
                    a0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:25:C5:19:FF:C4:FB:77:A0:68:E1:5A:02:22:FB:C5:FA:74:B8:3F
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pSXFGf_E-3egaOFaAiL7xfp0uD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.18.0/24
                  193.124.41.0/24
                  193.124.47.0/24
                  193.124.205.0/24
                  194.58.43.0/24
                  194.58.46.0/24
                  194.58.155.0/24
                  194.87.30.0/24
                  194.87.64.0/24
                  194.87.108.0/24
                  194.87.161.0/24
                  194.87.163.0/24
                  194.87.207.0/24
                  195.133.12.0/24
                  212.192.7.0/24
                  212.192.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:f9:61:a6:bf:57:b3:ca:bd:c1:53:4a:6d:a0:23:24:5a:57:
         d5:e5:30:6a:34:01:6b:c4:e9:62:05:4b:e7:9c:56:d7:9f:b9:
         ab:4b:8d:99:3d:02:29:6e:7e:76:94:0a:0e:10:40:1b:3a:56:
         cb:d4:2d:ea:10:55:57:c1:1d:68:12:2a:74:dc:09:e3:dd:ee:
         02:d1:3d:af:3d:a0:dc:18:aa:b3:99:cd:a1:57:2c:7a:43:34:
         b5:e8:50:99:c3:0b:ec:b7:c8:04:36:5b:80:91:ee:9c:8f:58:
         7e:b3:da:e8:54:00:f5:f7:0b:d2:9b:d8:40:70:28:7c:6f:d1:
         26:6d:f5:fd:85:70:55:fc:25:b8:2b:b8:38:4d:4a:79:c9:ac:
         cc:60:fa:58:26:9b:65:5b:33:18:df:41:aa:da:17:7f:58:8d:
         3d:ea:56:11:df:e9:86:b6:eb:9d:60:25:56:22:16:57:d1:82:
         d8:fd:a7:dc:7a:a7:38:f9:a8:a7:d5:45:7d:60:ac:fe:e9:46:
         ce:01:40:b1:b5:0a:60:67:56:7f:02:d0:c0:9d:f0:f3:61:17:
         b6:d5:0c:9f:ae:ca:94:1d:cc:e8:a7:8a:1c:f2:07:37:ff:78:
         4d:b8:03:8a:ba:68:8a:be:a6:5a:34:95:dd:ce:23:7a:b0:e3:
         8b:ba:0a:9c
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYabjcqG4wDyRe0i7nR/yal0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMzAxMDUwMzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTI1YzUxOWZmYzRmYjc3YTA2OGUxNWEwMjIyZmJjNWZhNzRiODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yLJ9Px66XOwXNjEBUWm8DK5/BQD
4kU9XkT9MErsR1skIV+GEUwwX8ssUxfZrwZQFiWkLorV3pXC9poxS8i4C/2DM/cz
hwAkrEmyeBkh9orD6hxy7tqM62hd/2SR3FQLDjqK8ReSQOISOXskPcdon64cfOeA
hx/iCOrpHWchGjrqXctJ2VZrsixmAdqil9KTh4j1RtiZ7Aib6HukXeWXBJ3KJhpy
BwmKz7RL+8lz02+YCV5uH/vClXhYWP5nU8CvrDbPQYR0nxjd3fjn78KGd40UCl4C
lTXo6zN6OFKRiy3sxk+5DQ78zvTgB0XC/s/ebgYq9DZIJ8lP/XQ0q+KgawIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFKUlxRn/xPt3oGjhWgIi+8X6dLg/MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcFNYRkdmX0UtM2VnYU9GYUFpTDd4ZnAwdUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAwXwSAwQA
wXwpAwQAwXwvAwQAwXzNAwQAwjorAwQAwjouAwQAwjqbAwQAwlceAwQAwldAAwQA
wldsAwQAwlehAwQAwlejAwQAwlfPAwQAw4UMAwQA1MAHAwQA1MAeMA0GCSqGSIb3
DQEBCwUAA4IBAQAL+WGmv1ezyr3BU0ptoCMkWlfV5TBqNAFrxOliBUvnnFbXn7mr
S42ZPQIpbn52lAoOEEAbOlbL1C3qEFVXwR1oEip03Anj3e4C0T2vPaDcGKqzmc2h
Vyx6QzS16FCZwwvst8gENluAke6cj1h+s9roVAD19wvSm9hAcCh8b9EmbfX9hXBV
/CW4K7g4TUp5yazMYPpYJptlWzMY30Gq2hd/WI096lYR3+mGtuudYCVWIhZX0YLY
/afceqc4+ain1UV9YKz+6UbOAUCxtQpgZ1Z/AtDAnfDzYRe21QyfrsqUHczop4oc
8gc3/3hNuAOKumiKvqZaNJXdziN6sOOLugqc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:27 2024 by rpki-client on console-fra.rpki-client.org