Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/086277-821c-405a-9e75-9ba719f259cb/1/wGhlx2kVYMpXPic2WrAahI_dI38.roa
File:                     wGhlx2kVYMpXPic2WrAahI_dI38.roa (raw, json)
Hash identifier:          zkgbW+jo9fVGo4ZAyKQaOwBcBu1Oyczx//a3ZkoAw5I=
Subject key identifier:   C0:68:65:C7:69:15:60:CA:57:3E:27:36:5A:B0:1A:84:8F:DD:23:7F
Certificate issuer:       /CN=1746948856a2b0adf304a16d0d3ad66857f7fd39
Certificate serial:       018CC500DF2DCB17CEF4FC2CD4879F9CACFC
Authority key identifier: 17:46:94:88:56:A2:B0:AD:F3:04:A1:6D:0D:3A:D6:68:57:F7:FD:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0aUiFaisK3zBKFtDTrWaFf3_Tk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/086277-821c-405a-9e75-9ba719f259cb/1/wGhlx2kVYMpXPic2WrAahI_dI38.roa
Signing time:             Mon 01 Jan 2024 12:30:17 +0000
ROA not before:           Mon 01 Jan 2024 12:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15699
IP address blocks:        87.236.216.0/21 maxlen: 32
                          88.151.212.0/23 maxlen: 32
                          88.151.208.0/22 maxlen: 32
                          88.151.214.0/23 maxlen: 32
                          185.11.200.0/22 maxlen: 32
                          94.24.114.0/24 maxlen: 32
                          94.24.112.0/20 maxlen: 32
                          212.36.64.0/19 maxlen: 32
                          109.235.128.0/21 maxlen: 32
                          2a01:1c8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 15 May 2024 07:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:df:2d:cb:17:ce:f4:fc:2c:d4:87:9f:9c:ac:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1746948856a2b0adf304a16d0d3ad66857f7fd39
        Validity
            Not Before: Jan  1 12:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c06865c7691560ca573e27365ab01a848fdd237f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:2b:00:5d:98:b1:1b:23:89:28:f1:f6:80:a1:
                    79:f7:bc:55:41:32:9f:41:09:cb:63:72:2e:47:84:
                    c8:23:cc:f0:32:ea:24:82:e3:1e:93:ef:f3:79:1a:
                    37:77:2c:e6:c8:c4:dd:8c:9e:3a:7a:2b:b3:a6:e8:
                    c3:c0:45:47:47:e5:0c:5e:eb:44:a0:ef:cb:3e:d2:
                    ac:88:c7:27:89:61:d2:fe:55:5f:63:77:3f:82:29:
                    19:4c:24:1c:f9:d3:60:10:38:d1:92:e8:dc:43:24:
                    05:65:26:ab:40:19:09:74:64:99:91:a1:6c:61:8f:
                    65:53:66:9d:27:2d:7f:17:ef:2e:b0:7b:f3:7f:08:
                    16:5f:af:6a:42:74:e0:ff:c1:37:05:32:b4:08:93:
                    13:40:c3:1c:73:e5:b9:66:53:fc:b6:74:ea:a4:11:
                    ee:c5:67:c5:ad:8e:b7:c5:e0:73:cc:8f:1d:15:55:
                    6c:46:ed:ea:3e:b2:e1:1c:d4:87:a9:58:18:e5:8f:
                    af:81:e2:21:78:23:ee:fc:95:46:8c:92:cc:06:d8:
                    b1:13:df:57:0d:86:19:8b:e5:4c:10:1a:97:e7:77:
                    34:20:d8:57:2a:a5:d6:81:2a:f4:3f:11:18:1f:35:
                    36:f1:6c:60:ef:84:43:06:d2:8d:0f:49:9f:2e:14:
                    4e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:68:65:C7:69:15:60:CA:57:3E:27:36:5A:B0:1A:84:8F:DD:23:7F
            X509v3 Authority Key Identifier:
                keyid:17:46:94:88:56:A2:B0:AD:F3:04:A1:6D:0D:3A:D6:68:57:F7:FD:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0aUiFaisK3zBKFtDTrWaFf3_Tk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/086277-821c-405a-9e75-9ba719f259cb/1/wGhlx2kVYMpXPic2WrAahI_dI38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/086277-821c-405a-9e75-9ba719f259cb/1/F0aUiFaisK3zBKFtDTrWaFf3_Tk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.216.0/21
                  88.151.208.0/21
                  94.24.112.0/20
                  109.235.128.0/21
                  185.11.200.0/22
                  212.36.64.0/19
                IPv6:
                  2a01:1c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:70:c9:9b:1f:89:bb:52:bc:9d:61:96:28:ea:ff:0b:9e:1c:
         4c:a0:30:71:2d:00:f9:be:fb:2a:c2:8e:9d:72:b7:74:c8:55:
         4a:e8:e0:2a:ed:45:ba:a0:49:5c:63:75:20:85:78:24:0e:ab:
         51:c8:05:0d:b6:fe:1f:36:9e:52:cc:a8:8b:4a:1c:d1:64:d3:
         1c:0e:89:8c:56:65:df:27:f7:58:94:f9:2a:c1:46:1e:fc:57:
         6d:5c:5e:b7:d0:31:ec:8f:a7:aa:29:3f:6d:b9:a5:94:41:49:
         fb:c8:8a:86:fb:49:c4:8d:1c:cf:a7:8f:8c:f8:d0:31:70:70:
         82:b9:5a:43:39:5d:73:95:4c:9a:2a:1c:11:f8:60:05:00:3e:
         d4:a9:23:9b:bd:63:16:42:62:19:51:9b:28:50:13:ef:16:6e:
         33:6f:48:62:ec:ec:e3:ff:7d:d4:16:75:43:f1:63:91:0e:08:
         93:6f:d7:c0:ea:96:55:0a:78:24:e9:ad:c2:75:a1:b6:48:b2:
         bd:dd:ca:d2:39:89:d4:8d:ff:05:33:95:70:ef:18:52:21:35:
         81:10:f2:d7:1f:89:fb:d2:11:b6:f5:fe:8b:ac:84:31:8b:55:
         eb:be:d2:a1:57:21:0f:fb:c4:4c:44:6b:13:59:48:56:cc:70:
         6d:44:3f:02
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzFAN8tyxfO9Pws1IefnKz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDY5NDg4NTZhMmIwYWRmMzA0YTE2ZDBkM2FkNjY4NTdm
N2ZkMzkwHhcNMjQwMTAxMTIzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDY4NjVjNzY5MTU2MGNhNTczZTI3MzY1YWIwMWE4NDhmZGQyMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSsAXZixGyOJKPH2gKF597xVQTKf
QQnLY3IuR4TII8zwMuokguMek+/zeRo3dyzmyMTdjJ46eiuzpujDwEVHR+UMXutE
oO/LPtKsiMcniWHS/lVfY3c/gikZTCQc+dNgEDjRkujcQyQFZSarQBkJdGSZkaFs
YY9lU2adJy1/F+8usHvzfwgWX69qQnTg/8E3BTK0CJMTQMMcc+W5ZlP8tnTqpBHu
xWfFrY63xeBzzI8dFVVsRu3qPrLhHNSHqVgY5Y+vgeIheCPu/JVGjJLMBtixE99X
DYYZi+VMEBqX53c0INhXKqXWgSr0PxEYHzU28Wxg74RDBtKND0mfLhROaQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFMBoZcdpFWDKVz4nNlqwGoSP3SN/MB8GA1UdIwQY
MBaAFBdGlIhWorCt8wShbQ061mhX9/05MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBhVWlGYWlzSzN6QktGdERUcldhRmYzX1RrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8wODYyNzctODIxYy00MDVhLTllNzUt
OWJhNzE5ZjI1OWNiLzEvd0dobHgya1ZZTXBYUGljMldyQWFoSV9kSTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8wODYyNzctODIxYy00MDVhLTllNzUtOWJhNzE5ZjI1OWNi
LzEvRjBhVWlGYWlzSzN6QktGdERUcldhRmYzX1RrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDV+zYAwQD
WJfQAwQEXhhwAwQDbeuAAwQCuQvIAwQF1CRAMA0EAgACMAcDBQAqAQHIMA0GCSqG
SIb3DQEBCwUAA4IBAQBqcMmbH4m7UrydYZYo6v8LnhxMoDBxLQD5vvsqwo6dcrd0
yFVK6OAq7UW6oElcY3UghXgkDqtRyAUNtv4fNp5SzKiLShzRZNMcDomMVmXfJ/dY
lPkqwUYe/FdtXF630DHsj6eqKT9tuaWUQUn7yIqG+0nEjRzPp4+M+NAxcHCCuVpD
OV1zlUyaKhwR+GAFAD7UqSObvWMWQmIZUZsoUBPvFm4zb0hi7Ozj/33UFnVD8WOR
DgiTb9fA6pZVCngk6a3CdaG2SLK93crSOYnUjf8FM5Vw7xhSITWBEPLXH4n70hG2
9f6LrIQxi1XrvtKhVyEP+8RMRGsTWUhWzHBtRD8C
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:08 2024 by rpki-client on console-fra.rpki-client.org