Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zc038fHEP9ZE1zfRQwztUfQBfps.roa
File:                     zc038fHEP9ZE1zfRQwztUfQBfps.roa (raw, json)
Hash identifier:          hVxGIX606RR8m8WNA1SQvYpa6EuoHuvzTACovVv7iR0=
Subject key identifier:   CD:CD:37:F1:F1:C4:3F:D6:44:D7:37:D1:43:0C:ED:51:F4:01:7E:9B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018899B4A30BF29D6FC594CBCADCFC5C6068
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zc038fHEP9ZE1zfRQwztUfQBfps.roa
Signing time:             Thu 08 Jun 2023 06:32:12 +0000
ROA not before:           Thu 08 Jun 2023 06:32:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     26383
IP address blocks:        193.124.22.0/24 maxlen: 24
                          62.76.234.0/24 maxlen: 24
                          194.87.39.0/24 maxlen: 24
                          194.87.47.0/24 maxlen: 24
                          194.58.34.0/24 maxlen: 24
                          185.72.8.0/24 maxlen: 24
                          212.192.12.0/24 maxlen: 24
                          212.192.15.0/24 maxlen: 24
                          212.193.2.0/24 maxlen: 24
                          194.58.68.0/24 maxlen: 24
                          194.87.189.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 10 Jun 2023 11:22:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:99:b4:a3:0b:f2:9d:6f:c5:94:cb:ca:dc:fc:5c:60:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  8 06:32:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cdcd37f1f1c43fd644d737d1430ced51f4017e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e5:d3:d6:a8:2f:54:f4:cc:34:c9:54:9a:c3:
                    2a:03:a8:75:3c:82:a3:d9:03:8f:42:a2:a0:4d:b3:
                    ba:60:db:37:ef:c1:c5:31:15:92:f3:84:c1:73:20:
                    7e:a0:b2:97:98:48:ab:e9:c0:85:72:8c:dc:2e:b6:
                    18:1d:16:85:f9:a8:46:53:66:d5:6a:19:1a:3d:9e:
                    86:88:50:17:f4:ed:2f:18:b5:29:bd:68:b6:19:33:
                    ba:d9:29:e9:79:03:c9:ac:e4:75:b3:d4:3b:ed:1d:
                    91:3d:6f:8d:cf:55:28:be:81:2d:19:95:aa:fe:f1:
                    ed:35:f2:88:1c:53:cf:6f:02:d2:75:85:2d:5f:c0:
                    09:6d:3f:84:d2:a2:4f:f5:c9:a4:2c:f0:9f:f0:2b:
                    dc:0b:37:b2:13:5b:06:fe:de:1d:e1:bb:8a:60:a8:
                    93:9b:cc:c1:53:2b:2d:67:31:39:3b:6b:6c:75:fb:
                    5e:6d:11:8d:e2:1c:30:73:3a:80:39:39:d7:4c:c5:
                    bf:52:a6:be:19:4c:ee:d8:4d:e1:75:c8:a8:d0:42:
                    f5:d6:99:bc:89:7e:48:75:ba:0a:82:bf:c7:c5:d2:
                    a8:71:a1:dd:5e:b4:a2:4d:6b:9e:76:5e:65:bf:16:
                    1a:7b:ca:c5:b3:c9:63:34:27:52:63:2c:87:23:50:
                    d6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CD:37:F1:F1:C4:3F:D6:44:D7:37:D1:43:0C:ED:51:F4:01:7E:9B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zc038fHEP9ZE1zfRQwztUfQBfps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.234.0/24
                  185.72.8.0/24
                  193.124.22.0/24
                  194.58.34.0/24
                  194.58.68.0/24
                  194.87.39.0/24
                  194.87.47.0/24
                  194.87.189.0/24
                  212.192.12.0/24
                  212.192.15.0/24
                  212.193.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:71:8c:34:0f:c7:92:f3:71:b8:a3:1e:43:ab:bb:dc:3d:59:
         13:8a:4b:6e:12:b0:64:36:ba:23:d6:fa:78:e3:0f:8e:37:f6:
         d4:4d:e6:fc:30:bd:65:cb:2f:32:f3:2d:8b:b3:72:52:9b:d4:
         be:e7:ad:26:89:b1:68:ec:5a:9f:13:21:9a:e2:33:31:30:20:
         12:47:dc:db:db:30:d0:8a:c8:6d:3b:1d:33:b9:de:92:16:a3:
         e2:49:25:83:fb:2e:06:c0:bd:46:dc:05:a2:5d:8c:07:7e:6e:
         fa:68:5e:0d:04:e5:5f:33:5b:f3:f1:f7:b1:3e:e7:11:f0:2c:
         ce:bf:9d:44:f5:3e:14:df:b9:f4:d9:ac:74:76:0c:fc:30:3a:
         88:06:81:19:ed:c4:dc:08:a8:ae:4f:76:0b:b6:19:12:27:40:
         c8:e4:e3:49:e9:bc:24:1b:45:d9:d4:26:86:b8:54:65:13:d4:
         b9:96:fe:ff:1f:a9:1b:d1:64:7e:4f:79:f3:9d:c5:cb:3d:c2:
         fa:88:61:68:cf:89:79:6e:84:94:02:ec:72:67:87:3a:aa:46:
         c7:a9:2f:5f:2a:de:75:a7:91:ff:9c:48:98:02:c8:eb:0b:e2:
         39:4c:8f:2e:fd:a8:0d:b5:10:da:f0:54:27:39:76:50:97:8a:
         6e:6c:7c:2c
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYiZtKML8p1vxZTLytz8XGBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjA4MDYzMjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGNkMzdmMWYxYzQzZmQ2NDRkNzM3ZDE0MzBjZWQ1MWY0MDE3ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneXT1qgvVPTMNMlUmsMqA6h1PIKj
2QOPQqKgTbO6YNs378HFMRWS84TBcyB+oLKXmEir6cCFcozcLrYYHRaF+ahGU2bV
ahkaPZ6GiFAX9O0vGLUpvWi2GTO62SnpeQPJrOR1s9Q77R2RPW+Nz1UovoEtGZWq
/vHtNfKIHFPPbwLSdYUtX8AJbT+E0qJP9cmkLPCf8CvcCzeyE1sG/t4d4buKYKiT
m8zBUystZzE5O2tsdftebRGN4hwwczqAOTnXTMW/Uqa+GUzu2E3hdcio0EL11pm8
iX5IdboKgr/HxdKocaHdXrSiTWuedl5lvxYae8rFs8ljNCdSYyyHI1DWBwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFM3NN/HxxD/WRNc30UMM7VH0AX6bMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvemMwMzhmSEVQOVpFMXpmUlF3enRVZlFCZnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAPkzqAwQA
uUgIAwQAwXwWAwQAwjoiAwQAwjpEAwQAwlcnAwQAwlcvAwQAwle9AwQA1MAMAwQA
1MAPAwQA1MECMA0GCSqGSIb3DQEBCwUAA4IBAQBocYw0D8eS83G4ox5Dq7vcPVkT
iktuErBkNroj1vp44w+ON/bUTeb8ML1lyy8y8y2Ls3JSm9S+560mibFo7FqfEyGa
4jMxMCASR9zb2zDQishtOx0zud6SFqPiSSWD+y4GwL1G3AWiXYwHfm76aF4NBOVf
M1vz8fexPucR8CzOv51E9T4U37n02ax0dgz8MDqIBoEZ7cTcCKiuT3YLthkSJ0DI
5ONJ6bwkG0XZ1CaGuFRlE9S5lv7/H6kb0WR+T3nzncXLPcL6iGFoz4l5boSUAuxy
Z4c6qkbHqS9fKt51p5H/nEiYAsjrC+I5TI8u/agNtRDa8FQnOXZQl4pubHws
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:52 2024 by rpki-client on console-ams.rpki-client.org