Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yxAlUl5af1xr_kcAx3QX2yXopZs.roa
File:                     yxAlUl5af1xr_kcAx3QX2yXopZs.roa (raw, json)
Hash identifier:          1YEWlB0U/1Msq8Fftlebn96EruKtqu+RsWsdZAioU28=
Subject key identifier:   CB:10:25:52:5E:5A:7F:5C:6B:FE:47:00:C7:74:17:DB:25:E8:A5:9B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F063A84669A0E0C75D97EF0B1322B67BB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yxAlUl5af1xr_kcAx3QX2yXopZs.roa
Signing time:             Mon 22 Apr 2024 14:34:09 +0000
ROA not before:           Mon 22 Apr 2024 14:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.172.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24
                          194.58.56.0/23 maxlen: 23
                          194.87.141.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.76.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          212.193.4.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 25 Apr 2024 08:57:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:3a:84:66:9a:0e:0c:75:d9:7e:f0:b1:32:2b:67:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 22 14:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb1025525e5a7f5c6bfe4700c77417db25e8a59b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a3:34:08:58:ce:ba:1e:df:1b:97:d9:21:68:
                    e6:19:73:d0:74:85:eb:06:f3:8f:af:cf:96:b5:a7:
                    34:f6:44:7c:a9:01:19:96:79:a4:a1:46:47:b3:be:
                    10:fb:96:4a:d2:24:9b:86:18:ae:af:f3:d6:3d:96:
                    23:8f:fe:ab:41:03:65:a3:be:6c:aa:c5:aa:d9:d7:
                    26:94:5c:93:48:23:d0:2c:dd:95:44:13:ee:b3:be:
                    d4:72:56:d6:14:2a:b3:f4:76:f9:51:a3:ae:ea:5c:
                    b1:a2:51:cb:00:84:14:90:27:a2:83:7d:e0:38:8c:
                    69:29:40:f2:b6:19:b3:fd:39:2c:70:e4:75:b1:c6:
                    1d:5a:05:8b:a6:d0:59:16:2a:b3:ab:05:58:73:a0:
                    fd:f5:a0:a8:8d:a9:83:b1:47:66:2f:a9:b4:e1:7b:
                    36:77:2a:f9:d8:3d:34:fa:d7:53:b3:28:e6:cf:6e:
                    fa:46:d8:78:b0:d9:7f:31:bf:e7:e0:66:ce:9c:f6:
                    57:97:62:2b:79:98:30:c5:05:16:dc:64:c2:7b:9d:
                    e9:95:50:06:5f:ba:37:28:37:f6:ec:ba:75:8c:44:
                    34:2f:19:2d:e5:68:51:bc:a3:b6:0a:2b:18:0f:b9:
                    1b:3e:4d:4c:c3:18:e0:d6:7c:97:99:61:7f:5f:15:
                    fc:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:10:25:52:5E:5A:7F:5C:6B:FE:47:00:C7:74:17:DB:25:E8:A5:9B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yxAlUl5af1xr_kcAx3QX2yXopZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  193.124.7.0/24
                  193.124.90.0/24
                  194.58.56.0/23
                  194.87.141.0/24
                  194.87.169.0/24
                  194.87.245.0/24
                  195.133.25.0/24
                  195.133.76.0/24
                  212.192.1.0/24
                  212.192.208.0/24
                  212.193.4.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:6f:da:20:99:08:6e:4f:3e:65:79:64:72:47:ca:82:c6:68:
         11:66:c6:e5:f3:cf:21:7d:29:6e:7e:22:cc:95:72:80:65:6b:
         36:b0:f6:e2:5f:80:4e:a7:db:c2:88:99:cd:12:ba:a3:02:b9:
         9e:89:4f:aa:f7:56:25:35:e0:31:c0:e6:e6:5d:9b:af:b1:60:
         5b:b7:58:6c:5b:b3:0e:4b:49:fb:c3:e2:5a:ef:88:28:01:91:
         da:20:76:a6:2a:99:87:48:fe:77:5a:86:10:a5:99:51:0f:7f:
         bf:45:8a:0c:fe:84:a1:dc:b5:a0:22:26:b7:20:de:9c:79:14:
         59:4a:0a:5c:5b:b3:70:10:ed:b9:15:f0:0a:7f:42:58:af:d0:
         59:9b:23:11:ed:06:d6:32:e8:ca:e9:06:c5:ef:c6:d8:0f:bb:
         c2:7e:12:c1:a6:38:05:ca:9f:bf:aa:ea:e5:8f:b8:8e:6e:5c:
         43:18:19:58:9a:04:bc:82:33:2e:04:42:7c:c6:68:a3:59:14:
         21:d8:2d:93:cf:8b:e1:77:8a:f8:50:71:dd:9b:d0:ea:ee:81:
         ab:25:12:15:c4:4f:0c:be:d5:a1:0c:30:41:42:7e:fd:e2:08:
         2c:42:f6:31:0e:94:cf:9a:2d:c0:a0:e3:d1:ef:bc:1d:37:13:
         2f:49:c9:e8
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAY8GOoRmmg4Mddl+8LEyK2e7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNDIyMTQzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjEwMjU1MjVlNWE3ZjVjNmJmZTQ3MDBjNzc0MTdkYjI1ZThhNTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6M0CFjOuh7fG5fZIWjmGXPQdIXr
BvOPr8+Wtac09kR8qQEZlnmkoUZHs74Q+5ZK0iSbhhiur/PWPZYjj/6rQQNlo75s
qsWq2dcmlFyTSCPQLN2VRBPus77UclbWFCqz9Hb5UaOu6lyxolHLAIQUkCeig33g
OIxpKUDythmz/TkscOR1scYdWgWLptBZFiqzqwVYc6D99aCojamDsUdmL6m04Xs2
dyr52D00+tdTsyjmz276Rth4sNl/Mb/n4GbOnPZXl2IreZgwxQUW3GTCe53plVAG
X7o3KDf27Lp1jEQ0Lxkt5WhRvKO2CisYD7kbPk1Mwxjg1nyXmWF/XxX8MQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFMsQJVJeWn9ca/5HAMd0F9sl6KWbMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveXhBbFVsNWFmMXhyX2tjQXgzUVgyeVhvcFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBOBAIAATBIAwQAwHysAwQA
wXwHAwQAwXxaAwQBwjo4AwQAwleNAwQAwlepAwQAwlf1AwQAw4UZAwQAw4VMAwQA
1MABAwQA1MDQAwQA1MEEMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0B
AQsFAAOCAQEAAm/aIJkIbk8+ZXlkckfKgsZoEWbG5fPPIX0pbn4izJVygGVrNrD2
4l+ATqfbwoiZzRK6owK5nolPqvdWJTXgMcDm5l2br7FgW7dYbFuzDktJ+8PiWu+I
KAGR2iB2piqZh0j+d1qGEKWZUQ9/v0WKDP6Eody1oCImtyDenHkUWUoKXFuzcBDt
uRXwCn9CWK/QWZsjEe0G1jLoyukGxe/G2A+7wn4SwaY4Bcqfv6rq5Y+4jm5cQxgZ
WJoEvIIzLgRCfMZoo1kUIdgtk8+L4XeK+FBx3ZvQ6u6BqyUSFcRPDL7VoQwwQUJ+
/eIILEL2MQ6Uz5otwKDj0e+8HTcTL0nJ6A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:31 2024 by rpki-client on console-fra.rpki-client.org