Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/udhHvA6yARGXNGpoecAhdL2oStg.roa
File:                     udhHvA6yARGXNGpoecAhdL2oStg.roa (raw, json)
Hash identifier:          12PEF9zj+rrkh+siDkv+uRteasbkh39eZNZPvYm26d4=
Subject key identifier:   B9:D8:47:BC:0E:B2:01:11:97:34:6A:68:79:C0:21:74:BD:A8:4A:D8
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0185814EC8299488576F4A4E07F8A06C4FC5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/udhHvA6yARGXNGpoecAhdL2oStg.roa
Signing time:             Thu 05 Jan 2023 09:41:41 +0000
ROA not before:           Thu 05 Jan 2023 09:41:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58212
IP address blocks:        194.87.207.0/24 maxlen: 24
                          194.87.108.0/24 maxlen: 24
                          195.133.94.0/24 maxlen: 24
                          212.192.7.0/24 maxlen: 24
                          194.58.43.0/24 maxlen: 24
                          194.87.161.0/24 maxlen: 24
                          194.58.46.0/24 maxlen: 24
                          194.87.64.0/24 maxlen: 24
                          193.124.205.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 09 Jan 2023 07:05:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:81:4e:c8:29:94:88:57:6f:4a:4e:07:f8:a0:6c:4f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  5 09:41:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b9d847bc0eb2011197346a6879c02174bda84ad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:44:93:7a:e9:37:82:de:ec:94:0f:ff:13:a6:
                    e2:de:59:ea:13:3b:79:bd:76:38:8d:af:2a:dd:88:
                    08:5d:53:99:4e:78:01:d0:07:0a:54:1d:17:00:a3:
                    4b:42:b7:60:bb:ad:ed:d8:ee:29:da:e4:cb:f5:8c:
                    1a:40:f2:e5:f2:47:92:84:8b:81:3e:c6:84:ee:d7:
                    45:98:c1:b6:e6:3d:d0:70:21:54:c8:fd:b4:6e:ea:
                    77:18:82:f4:e2:2b:7e:12:48:fd:4c:2f:fc:5d:de:
                    df:ba:f2:b8:db:9f:5f:f7:69:d3:37:88:e2:26:38:
                    8b:c2:9e:55:7d:43:a3:31:7c:02:8b:b2:a9:cf:24:
                    22:aa:72:b0:3c:a4:46:cc:a4:9f:10:3e:c8:85:9f:
                    a3:42:8f:8b:0e:9c:b5:e7:fe:ee:a4:0c:19:1b:05:
                    c8:81:a9:99:c5:44:c2:11:71:10:03:36:c8:a1:be:
                    fc:61:7a:7d:7b:64:ee:c0:15:66:af:91:2d:df:e9:
                    90:91:e6:5e:08:07:3d:15:10:af:7c:ed:ba:2b:79:
                    7f:c1:0f:ca:df:9e:08:71:76:59:15:64:d5:73:f3:
                    b7:9d:a1:1e:25:7b:d3:36:68:18:5c:44:fe:c1:ff:
                    60:4c:fe:e7:80:b9:99:30:0b:da:90:12:81:61:d7:
                    cd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D8:47:BC:0E:B2:01:11:97:34:6A:68:79:C0:21:74:BD:A8:4A:D8
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/udhHvA6yARGXNGpoecAhdL2oStg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.205.0/24
                  194.58.43.0/24
                  194.58.46.0/24
                  194.87.64.0/24
                  194.87.108.0/24
                  194.87.161.0/24
                  194.87.207.0/24
                  195.133.94.0/24
                  212.192.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:3b:97:ee:f4:9a:5a:87:92:18:0a:94:93:6c:11:a1:a7:1b:
         9a:42:70:35:41:34:e2:a7:7a:57:f4:58:e1:d2:2e:a8:1c:e6:
         1e:a0:06:b9:4b:1d:d7:b7:cb:91:9e:6e:85:d1:42:36:1c:45:
         70:79:da:04:8c:44:7b:d1:ae:53:36:2b:0c:f4:dd:59:7f:a5:
         a7:28:c6:f8:1a:e0:5c:df:7e:a6:29:40:f4:b3:f6:e8:89:57:
         fb:9f:50:5a:37:c6:aa:94:0f:8e:a6:9b:3a:52:c6:04:e3:34:
         99:b8:7a:3d:02:37:d2:fe:61:11:78:04:6e:89:dd:73:8b:18:
         6c:56:f3:32:63:8f:df:df:c6:51:57:96:cf:39:e9:16:1f:76:
         8d:45:24:6d:5f:2d:fe:76:b0:ce:cf:00:f1:a3:7c:16:b6:8d:
         f0:00:a3:1c:3e:07:73:8d:d9:a6:64:69:82:70:2c:1c:da:51:
         3b:92:22:36:fc:81:2f:31:58:33:c3:bb:ec:3b:2b:2d:14:24:
         4c:4a:7e:14:73:ed:d3:12:4f:c8:ef:cd:6e:a6:da:3d:f8:89:
         2b:64:f0:aa:96:4d:56:9c:d5:7c:61:f9:97:97:e7:ad:56:13:
         ab:b2:be:d8:dc:44:36:91:8c:a6:5d:8a:bc:db:c8:5e:f5:4e:
         78:2c:72:ca
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYWBTsgplIhXb0pOB/igbE/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTA1MDk0MTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWQ4NDdiYzBlYjIwMTExOTczNDZhNjg3OWMwMjE3NGJkYTg0YWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikSTeuk3gt7slA//E6bi3lnqEzt5
vXY4ja8q3YgIXVOZTngB0AcKVB0XAKNLQrdgu63t2O4p2uTL9YwaQPLl8keShIuB
PsaE7tdFmMG25j3QcCFUyP20bup3GIL04it+Ekj9TC/8Xd7fuvK4259f92nTN4ji
JjiLwp5VfUOjMXwCi7KpzyQiqnKwPKRGzKSfED7IhZ+jQo+LDpy15/7upAwZGwXI
gamZxUTCEXEQAzbIob78YXp9e2TuwBVmr5Et3+mQkeZeCAc9FRCvfO26K3l/wQ/K
354IcXZZFWTVc/O3naEeJXvTNmgYXET+wf9gTP7ngLmZMAvakBKBYdfNVwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLnYR7wOsgERlzRqaHnAIXS9qErYMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdWRoSHZBNnlBUkdYTkdwb2VjQWhkTDJvU3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwXzNAwQA
wjorAwQAwjouAwQAwldAAwQAwldsAwQAwlehAwQAwlfPAwQAw4VeAwQA1MAHMA0G
CSqGSIb3DQEBCwUAA4IBAQA/O5fu9Jpah5IYCpSTbBGhpxuaQnA1QTTip3pX9Fjh
0i6oHOYeoAa5Sx3Xt8uRnm6F0UI2HEVwedoEjER70a5TNisM9N1Zf6WnKMb4GuBc
336mKUD0s/boiVf7n1BaN8aqlA+Opps6UsYE4zSZuHo9AjfS/mEReARuid1zixhs
VvMyY4/f38ZRV5bPOekWH3aNRSRtXy3+drDOzwDxo3wWto3wAKMcPgdzjdmmZGmC
cCwc2lE7kiI2/IEvMVgzw7vsOystFCRMSn4Uc+3TEk/I781upto9+IkrZPCqlk1W
nNV8YfmXl+etVhOrsr7Y3EQ2kYymXYq828he9U54LHLK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:29 2024 by rpki-client on console-fra.rpki-client.org