Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rnCi7L1kBmxwgNSs7m4Q0RZ4LIk.roa
File:                     rnCi7L1kBmxwgNSs7m4Q0RZ4LIk.roa (raw, json)
Hash identifier:          U+ZnOv06My0lQrFpkdimwyB946LgBtgtBP7oKpnq6zc=
Subject key identifier:   AE:70:A2:EC:BD:64:06:6C:70:80:D4:AC:EE:6E:10:D1:16:78:2C:89
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018997D8FAFB0869E7A583F1DAD5C27384CB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rnCi7L1kBmxwgNSs7m4Q0RZ4LIk.roa
Signing time:             Thu 27 Jul 2023 14:55:26 +0000
ROA not before:           Thu 27 Jul 2023 14:55:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207633
IP address blocks:        62.76.226.0/24 maxlen: 24
                          194.87.3.0/24 maxlen: 24
                          195.133.84.0/24 maxlen: 24
                          194.87.16.0/24 maxlen: 24
                          194.87.34.0/24 maxlen: 24
                          195.58.56.0/24 maxlen: 24
                          195.58.62.0/24 maxlen: 24
                          195.58.59.0/24 maxlen: 24
                          195.58.61.0/24 maxlen: 24
                          194.87.188.0/24 maxlen: 24
                          194.87.104.0/24 maxlen: 24
                          194.87.117.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.119.0/24 maxlen: 24
                          194.87.42.0/24 maxlen: 24
                          194.87.86.0/24 maxlen: 24
                          194.87.91.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 30 Jul 2023 06:15:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:97:d8:fa:fb:08:69:e7:a5:83:f1:da:d5:c2:73:84:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul 27 14:55:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ae70a2ecbd64066c7080d4acee6e10d116782c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:dc:53:29:9a:03:fe:f6:13:46:d9:06:8a:ea:
                    9f:2a:13:2e:97:82:63:8e:a5:56:7f:14:19:77:47:
                    32:cb:0f:1f:79:e8:10:43:12:17:c0:53:c9:eb:98:
                    9b:cb:cc:0a:a8:36:7d:1d:21:91:4e:45:d6:b4:f0:
                    d0:aa:71:91:1c:06:fc:1d:e0:c2:2f:bb:dc:69:5e:
                    2d:42:c7:cb:ad:84:f9:af:4e:c3:e0:ef:ca:9a:0f:
                    cb:76:bb:08:17:64:f6:1c:c2:74:ef:4b:4f:fe:0a:
                    80:a0:be:30:8f:9d:ec:a4:c2:4e:38:1f:a2:4b:5a:
                    0e:75:de:34:12:cb:79:95:e8:91:d7:6b:23:67:87:
                    66:8a:b0:b7:4c:8a:5a:47:12:0d:3d:43:4d:60:bd:
                    69:ba:0c:56:11:e4:23:7d:b2:81:6a:bb:fe:63:0a:
                    92:14:e9:02:92:ec:53:6f:87:e1:4a:48:13:24:cd:
                    b0:b4:a3:34:08:82:2f:01:f8:6f:2d:5b:c5:2a:2f:
                    5e:07:b0:09:9a:e4:f7:7e:d7:71:80:d1:bc:b1:91:
                    77:84:ec:4e:74:76:54:1a:4d:19:97:9d:e9:c2:df:
                    1d:7a:f7:f0:2b:7e:80:91:fd:a4:7f:83:31:16:ad:
                    f9:56:b9:ec:9b:47:60:6b:15:98:66:c7:8f:9c:db:
                    92:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:70:A2:EC:BD:64:06:6C:70:80:D4:AC:EE:6E:10:D1:16:78:2C:89
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rnCi7L1kBmxwgNSs7m4Q0RZ4LIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.226.0/24
                  194.87.3.0/24
                  194.87.16.0/24
                  194.87.34.0/24
                  194.87.42.0/24
                  194.87.86.0/24
                  194.87.91.0/24
                  194.87.104.0/24
                  194.87.117.0-194.87.119.255
                  194.87.188.0/24
                  195.58.56.0/24
                  195.58.59.0/24
                  195.58.61.0-195.58.62.255
                  195.133.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:58:7d:5c:4f:fe:72:b0:76:33:06:f8:ff:58:f6:84:53:0c:
         c8:fb:3b:2f:25:45:dd:df:80:50:e4:d2:f9:de:6e:ce:db:13:
         e6:f8:50:b4:8d:71:2c:2e:5c:1d:8a:61:b7:fd:4d:d9:0d:7e:
         bc:c0:04:27:e9:4a:26:38:6f:15:0a:c7:40:f7:c5:52:37:c7:
         7f:c4:90:8f:b1:bb:cd:d9:01:27:59:2c:be:ac:7f:40:c4:49:
         4e:6f:ca:f3:0e:ef:22:78:6f:b5:40:8f:b2:8a:c5:8b:8a:86:
         e1:b0:28:fc:5c:1f:1d:1b:4c:e5:de:de:03:8a:b6:fd:2e:95:
         0a:75:34:4a:0c:a4:63:26:1c:e5:dc:dd:62:55:3e:e7:a8:f5:
         33:98:99:00:10:e2:c1:3d:a8:1e:72:0e:4b:e1:ac:d7:45:af:
         db:ad:5e:7e:26:41:ef:8d:fb:b1:8b:d7:a3:74:dc:fe:2e:fd:
         56:97:49:15:fc:9a:71:3f:3c:58:09:a0:d6:23:bb:5d:36:bd:
         7a:10:57:b8:f2:7e:e7:80:cc:a6:fb:3f:4e:9b:8d:89:bd:1e:
         e5:b2:f7:5c:f0:6b:14:38:d7:bd:f3:49:c0:2d:b8:8a:96:a8:
         2c:49:aa:d9:aa:56:b2:d2:08:18:0d:65:aa:c3:e0:2a:57:c5:
         a8:5d:32:1e
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYmX2Pr7CGnnpYPx2tXCc4TLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNzI3MTQ1NTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcwYTJlY2JkNjQwNjZjNzA4MGQ0YWNlZTZlMTBkMTE2NzgyYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9xTKZoD/vYTRtkGiuqfKhMul4Jj
jqVWfxQZd0cyyw8feegQQxIXwFPJ65iby8wKqDZ9HSGRTkXWtPDQqnGRHAb8HeDC
L7vcaV4tQsfLrYT5r07D4O/Kmg/LdrsIF2T2HMJ070tP/gqAoL4wj53spMJOOB+i
S1oOdd40Est5leiR12sjZ4dmirC3TIpaRxINPUNNYL1pugxWEeQjfbKBarv+YwqS
FOkCkuxTb4fhSkgTJM2wtKM0CIIvAfhvLVvFKi9eB7AJmuT3ftdxgNG8sZF3hOxO
dHZUGk0Zl53pwt8devfwK36Akf2kf4MxFq35Vrnsm0dgaxWYZsePnNuS3wIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFK5wouy9ZAZscIDUrO5uENEWeCyJMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcm5DaTdMMWtCbXh3Z05TczdtNFEwUlo0TElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQAPkziAwQA
wlcDAwQAwlcQAwQAwlciAwQAwlcqAwQAwldWAwQAwldbAwQAwldoMAwDBADCV3UD
BAPCV3ADBADCV7wDBADDOjgDBADDOjswDAMEAMM6PQMEAMM6PgMEAMOFVDANBgkq
hkiG9w0BAQsFAAOCAQEAWVh9XE/+crB2Mwb4/1j2hFMMyPs7LyVF3d+AUOTS+d5u
ztsT5vhQtI1xLC5cHYpht/1N2Q1+vMAEJ+lKJjhvFQrHQPfFUjfHf8SQj7G7zdkB
J1ksvqx/QMRJTm/K8w7vInhvtUCPsorFi4qG4bAo/FwfHRtM5d7eA4q2/S6VCnU0
SgykYyYc5dzdYlU+56j1M5iZABDiwT2oHnIOS+Gs10Wv261efiZB7437sYvXo3Tc
/i79VpdJFfyacT88WAmg1iO7XTa9ehBXuPJ+54DMpvs/TpuNib0e5bL3XPBrFDjX
vfNJwC24ipaoLEmq2apWstIIGA1lqsPgKlfFqF0yHg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:28 2024 by rpki-client on console-fra.rpki-client.org