Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/CBmNPjD5Va-fCIrGVefnTtwJbi8.roa
File:                     CBmNPjD5Va-fCIrGVefnTtwJbi8.roa (raw, json)
Hash identifier:          t1D11DqpJymifw5KWPVxe67wlxDWGRSTWpMvucVgitk=
Subject key identifier:   08:19:8D:3E:30:F9:55:AF:9F:08:8A:C6:55:E7:E7:4E:DC:09:6E:2F
Certificate issuer:       /CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Certificate serial:       0194ABC7346864C390A02F02D66E6E62745C
Authority key identifier: A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/CBmNPjD5Va-fCIrGVefnTtwJbi8.roa
Signing time:             Tue 28 Jan 2025 07:19:06 +0000
ROA not before:           Tue 28 Jan 2025 07:19:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216134
IP address blocks:        140.171.0.0/16 maxlen: 16
                          149.223.0.0/16 maxlen: 24
                          149.238.0.0/16 maxlen: 24
                          149.238.0.0/19 maxlen: 24
                          149.238.32.0/19 maxlen: 24
                          149.238.64.0/19 maxlen: 24
                          149.238.96.0/19 maxlen: 24
                          149.238.128.0/19 maxlen: 24
                          149.238.159.0/24 maxlen: 24
                          149.238.160.0/19 maxlen: 24
                          149.238.192.0/19 maxlen: 24
                          149.238.224.0/19 maxlen: 24
                          170.205.192.0/18 maxlen: 24
                          192.77.114.0/23 maxlen: 24
                          192.112.208.0/24 maxlen: 24
                          193.33.52.0/23 maxlen: 24
                          2a13:cb40::/29 maxlen: 48
Validation:               Failed, certificate revoked on Wed 29 Jan 2025 09:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ab:c7:34:68:64:c3:90:a0:2f:02:d6:6e:6e:62:74:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
        Validity
            Not Before: Jan 28 07:19:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08198d3e30f955af9f088ac655e7e74edc096e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f0:10:d5:6a:f2:d5:56:9d:65:a2:79:c0:34:
                    48:ad:54:66:d0:ac:97:aa:e8:b8:5d:fd:99:d2:3e:
                    b3:2e:af:55:6a:2e:f0:09:61:27:fc:f1:7f:8c:7d:
                    f5:65:e7:79:d1:fc:f4:a3:c9:0f:07:92:ca:bf:75:
                    ab:71:2d:ff:81:61:78:1b:79:63:ba:07:01:c8:2f:
                    94:95:40:b1:02:ab:f0:d8:10:d4:06:29:c7:5d:f7:
                    b8:33:61:19:ad:9e:34:06:63:c3:8c:fa:ad:36:a3:
                    e3:3a:44:28:05:dc:b0:59:a7:51:3c:e4:92:80:79:
                    c8:7f:af:94:0c:50:a7:7a:6f:3b:f7:8c:15:b2:33:
                    ab:55:5b:b7:0f:12:a0:a7:0d:71:5a:49:60:7c:73:
                    d8:32:60:56:ba:59:ba:3c:00:a8:98:02:16:45:48:
                    26:74:c8:9a:05:ce:6d:4f:8b:dc:b3:29:ca:09:b5:
                    7f:d8:21:3d:4c:3f:de:ed:8a:e6:75:70:92:e7:ad:
                    98:6c:6d:93:5a:d0:2e:23:ca:e6:1c:1c:06:fd:76:
                    50:43:5a:a6:50:1b:e8:23:10:6a:02:a4:e4:81:69:
                    fb:e4:76:2b:1d:cf:e3:8c:c2:d3:c3:a3:aa:3c:9a:
                    30:60:ad:75:37:c1:03:ed:42:ee:5e:69:b4:fc:f1:
                    f9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:19:8D:3E:30:F9:55:AF:9F:08:8A:C6:55:E7:E7:4E:DC:09:6E:2F
            X509v3 Authority Key Identifier:
                keyid:A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/CBmNPjD5Va-fCIrGVefnTtwJbi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.171.0.0/16
                  149.223.0.0/16
                  149.238.0.0/16
                  170.205.192.0/18
                  192.77.114.0/23
                  192.112.208.0/24
                  193.33.52.0/23
                IPv6:
                  2a13:cb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:c2:17:8b:9e:94:c1:5e:ed:1e:22:45:ef:cf:c6:eb:5c:46:
         05:a3:3d:d6:f8:5b:af:e4:74:bc:19:86:ec:03:4d:bf:13:c6:
         a8:69:b1:5b:b6:5a:79:2b:82:33:65:d0:59:f7:b5:db:ec:eb:
         0f:4b:12:02:3c:f7:ca:f1:c0:a9:0d:2f:c8:a3:8f:f3:7e:35:
         75:2d:ca:f8:41:50:12:df:37:d3:e5:b2:8d:c9:d7:09:e3:dd:
         a3:b6:71:2b:dc:3f:1a:73:2f:ab:4a:1c:91:c4:f2:db:30:c7:
         09:56:57:29:bb:81:84:ee:52:39:be:f3:0f:07:fe:53:4e:df:
         a5:f3:64:51:57:76:45:be:3e:ee:29:e2:99:df:5d:23:61:fa:
         d6:15:eb:ae:8a:53:f0:72:0a:94:ee:23:96:f1:4f:e1:13:48:
         7b:ee:db:81:d0:af:f2:63:6c:7e:c8:4b:f9:80:8f:6b:75:d7:
         9d:43:c6:7d:d7:0c:ef:1f:b4:d9:0f:1d:b6:ab:af:9b:0e:66:
         ab:41:ef:94:58:30:7d:b2:7f:b3:04:1e:3a:ab:77:5e:e1:b1:
         81:17:c8:3b:68:96:31:09:7c:1b:b3:f5:d4:c6:e6:bf:ab:55:
         66:47:48:51:e3:cc:4b:10:2c:42:4d:7b:8b:6d:ab:5a:f6:64:
         60:6b:71:19
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZSrxzRoZMOQoC8C1m5uYnRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzI3YzU2ZTk0MTE3MWVhM2JlYmEyNmViYjllMjNmNGRm
NWJjZjMwHhcNMjUwMTI4MDcxOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE5OGQzZTMwZjk1NWFmOWYwODhhYzY1NWU3ZTc0ZWRjMDk2ZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvAQ1Wry1VadZaJ5wDRIrVRm0KyX
qui4Xf2Z0j6zLq9Vai7wCWEn/PF/jH31Zed50fz0o8kPB5LKv3WrcS3/gWF4G3lj
ugcByC+UlUCxAqvw2BDUBinHXfe4M2EZrZ40BmPDjPqtNqPjOkQoBdywWadRPOSS
gHnIf6+UDFCnem8794wVsjOrVVu3DxKgpw1xWklgfHPYMmBWulm6PAComAIWRUgm
dMiaBc5tT4vcsynKCbV/2CE9TD/e7YrmdXCS562YbG2TWtAuI8rmHBwG/XZQQ1qm
UBvoIxBqAqTkgWn75HYrHc/jjMLTw6OqPJowYK11N8ED7ULuXmm0/PH5bwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAgZjT4w+VWvnwiKxlXn507cCW4vMB8GA1UdIwQY
MBaAFKQyfFbpQRceo766Juu54j9N9bzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWIt
MjhjMzQzY2U5ZDVkLzEvQ0JtTlBqRDVWYS1mQ0lyR1ZlZm5UdHdKYmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWItMjhjMzQzY2U5ZDVk
LzEvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAtBAIAATAnAwMAjKsDAwCV
3wMDAJXuAwQGqs3AAwQBwE1yAwQAwHDQAwQBwSE0MA0EAgACMAcDBQMqE8tAMA0G
CSqGSIb3DQEBCwUAA4IBAQBewheLnpTBXu0eIkXvz8brXEYFoz3W+Fuv5HS8GYbs
A02/E8aoabFbtlp5K4IzZdBZ97Xb7OsPSxICPPfK8cCpDS/Io4/zfjV1Lcr4QVAS
3zfT5bKNydcJ492jtnEr3D8acy+rShyRxPLbMMcJVlcpu4GE7lI5vvMPB/5TTt+l
82RRV3ZFvj7uKeKZ310jYfrWFeuuilPwcgqU7iOW8U/hE0h77tuB0K/yY2x+yEv5
gI9rddedQ8Z91wzvH7TZDx22q6+bDmarQe+UWDB9sn+zBB46q3de4bGBF8g7aJYx
CXwbs/XUxua/q1VmR0hR48xLECxCTXuLbata9mRga3EZ
-----END CERTIFICATE-----