Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/JEIwkTNMmBjLUiyeM2zBVw4x6zw.roa
File:                     JEIwkTNMmBjLUiyeM2zBVw4x6zw.roa (raw, json)
Hash identifier:          NBC6efD7q5TKSysNBquyA+01wXsmQ0Omz1p/vPjZbwU=
Subject key identifier:   24:42:30:91:33:4C:98:18:CB:52:2C:9E:33:6C:C1:57:0E:31:EB:3C
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018E7FDDD4C5A13C9DA0FFC1B87178CA7261
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/JEIwkTNMmBjLUiyeM2zBVw4x6zw.roa
Signing time:             Wed 27 Mar 2024 12:23:48 +0000
ROA not before:           Wed 27 Mar 2024 12:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136787
IP address blocks:        85.254.47.0/24 maxlen: 24
                          85.254.62.0/24 maxlen: 24
                          85.254.104.0/24 maxlen: 24
                          85.254.105.0/24 maxlen: 24
                          85.254.106.0/24 maxlen: 24
                          85.254.107.0/24 maxlen: 24
                          85.254.108.0/24 maxlen: 24
                          85.254.109.0/24 maxlen: 24
                          85.254.110.0/24 maxlen: 24
                          85.254.111.0/24 maxlen: 24
                          85.254.116.0/24 maxlen: 24
                          85.254.122.0/24 maxlen: 24
                          159.148.125.0/24 maxlen: 24
                          159.148.138.0/24 maxlen: 24
                          159.148.150.0/24 maxlen: 24
                          159.148.222.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:48:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:dd:d4:c5:a1:3c:9d:a0:ff:c1:b8:71:78:ca:72:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Mar 27 12:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24423091334c9818cb522c9e336cc1570e31eb3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:02:a1:0c:54:3f:0c:f1:b4:99:d9:c0:d2:4a:
                    bc:57:aa:7a:f9:82:6f:2a:a2:22:d2:2b:b2:0c:d1:
                    b4:ce:c7:6a:92:55:c5:00:e2:9f:fc:14:63:3e:81:
                    4b:05:cd:c6:c5:e0:99:8a:4c:da:12:14:4a:d9:32:
                    c6:3f:ff:26:10:34:61:6b:49:7a:0a:ca:93:75:58:
                    7c:45:28:d4:6c:89:3b:74:2a:b1:4a:5c:d3:e1:e8:
                    76:5d:d9:79:16:0d:3f:97:54:6c:09:30:d5:71:8e:
                    b8:0d:d6:c6:e0:a5:ee:67:ed:d6:d4:a0:70:49:fb:
                    cb:24:e0:55:a3:8b:f4:92:22:98:6f:b9:a0:a6:a7:
                    32:99:06:5d:54:05:62:0a:73:55:6a:ac:f5:6e:4e:
                    d1:8b:13:63:07:d2:53:c0:a5:a4:0b:f4:43:c9:83:
                    81:20:f2:8a:fa:22:b3:af:57:2c:64:9f:9a:6f:fd:
                    11:7f:e5:ce:42:fe:b7:ed:58:1e:ba:6e:81:df:09:
                    e9:e4:f3:6f:86:25:6a:b0:4d:da:09:f7:10:20:1f:
                    21:65:76:0d:1c:04:1d:bb:8a:88:92:7e:15:a1:59:
                    c2:2a:13:21:e1:cb:b3:e6:93:ab:52:82:15:e3:04:
                    b5:50:6e:5b:1d:7a:90:b6:fb:c5:e5:01:da:92:8d:
                    03:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:42:30:91:33:4C:98:18:CB:52:2C:9E:33:6C:C1:57:0E:31:EB:3C
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/JEIwkTNMmBjLUiyeM2zBVw4x6zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.47.0/24
                  85.254.62.0/24
                  85.254.104.0/21
                  85.254.116.0/24
                  85.254.122.0/24
                  159.148.125.0/24
                  159.148.138.0/24
                  159.148.150.0/24
                  159.148.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:99:19:80:30:62:5b:98:b0:78:2e:4f:33:1e:9e:34:59:69:
         ce:fc:4a:80:fe:14:a4:0e:73:6a:87:0d:64:72:7f:31:bb:1a:
         8c:7a:d3:f8:98:87:d9:9e:3f:78:7b:b5:57:7d:a0:b9:57:04:
         4d:d2:23:00:30:ee:3a:71:3e:da:1d:e3:fe:f6:58:5d:90:c7:
         82:84:c0:d2:aa:4b:f0:48:68:b8:ea:81:ed:ba:85:42:5e:c4:
         31:e4:88:0d:b9:1d:da:2b:df:b0:5c:56:79:0c:5d:a2:98:ae:
         fc:2d:03:53:67:ba:65:c0:5b:3f:db:79:ac:a0:25:de:ed:ad:
         3e:de:9e:44:92:c2:80:03:8d:ee:cb:41:b7:46:02:85:97:15:
         65:a9:25:4c:20:f9:98:4d:86:ab:b5:a7:54:9c:1e:dc:e8:4e:
         34:ec:3c:90:05:e5:e2:9f:f2:58:b6:44:a8:c1:f1:d0:b4:37:
         68:16:29:8b:ce:d0:b5:29:e3:fd:68:1e:7d:18:87:bd:de:02:
         33:cb:78:05:d7:f2:99:2f:94:b3:e7:c2:42:37:3e:96:ae:6c:
         de:f2:45:f8:a7:21:f2:19:90:3f:e3:c4:85:a9:8d:71:b3:cb:
         09:61:b5:ee:64:f7:5d:cb:41:31:66:75:74:97:ea:da:48:3b:
         2c:a9:c8:e3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY5/3dTFoTydoP/BuHF4ynJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMzI3MTIyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDQyMzA5MTMzNGM5ODE4Y2I1MjJjOWUzMzZjYzE1NzBlMzFlYjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+gKhDFQ/DPG0mdnA0kq8V6p6+YJv
KqIi0iuyDNG0zsdqklXFAOKf/BRjPoFLBc3GxeCZikzaEhRK2TLGP/8mEDRha0l6
CsqTdVh8RSjUbIk7dCqxSlzT4eh2Xdl5Fg0/l1RsCTDVcY64DdbG4KXuZ+3W1KBw
SfvLJOBVo4v0kiKYb7mgpqcymQZdVAViCnNVaqz1bk7RixNjB9JTwKWkC/RDyYOB
IPKK+iKzr1csZJ+ab/0Rf+XOQv637Vgeum6B3wnp5PNvhiVqsE3aCfcQIB8hZXYN
HAQdu4qIkn4VoVnCKhMh4cuz5pOrUoIV4wS1UG5bHXqQtvvF5QHako0DfwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCRCMJEzTJgYy1IsnjNswVcOMes8MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvSkVJd2tUTk1tQmpMVWl5ZU0yekJWdzR4Nnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVf4vAwQA
Vf4+AwQDVf5oAwQAVf50AwQAVf56AwQAn5R9AwQAn5SKAwQAn5SWAwQAn5TeMA0G
CSqGSIb3DQEBCwUAA4IBAQBDmRmAMGJbmLB4Lk8zHp40WWnO/EqA/hSkDnNqhw1k
cn8xuxqMetP4mIfZnj94e7VXfaC5VwRN0iMAMO46cT7aHeP+9lhdkMeChMDSqkvw
SGi46oHtuoVCXsQx5IgNuR3aK9+wXFZ5DF2imK78LQNTZ7plwFs/23msoCXe7a0+
3p5EksKAA43uy0G3RgKFlxVlqSVMIPmYTYartadUnB7c6E407DyQBeXin/JYtkSo
wfHQtDdoFimLztC1KeP9aB59GIe93gIzy3gF1/KZL5Sz58JCNz6Wrmze8kX4pyHy
GZA/48SFqY1xs8sJYbXuZPddy0ExZnV0l+raSDssqcjj
-----END CERTIFICATE-----