Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/D_UGbMd2sTBInpvhK1VPxewmHHM.roa
File:                     D_UGbMd2sTBInpvhK1VPxewmHHM.roa (raw, json)
Hash identifier:          trsA8WepdW7S7LeH8R2qwYV6gatkHwH/tn4Y+RANXo4=
Subject key identifier:   0F:F5:06:6C:C7:76:B1:30:48:9E:9B:E1:2B:55:4F:C5:EC:26:1C:73
Certificate issuer:       /CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Certificate serial:       019421B1C9854218C23DEC1DDB14B319CEFD
Authority key identifier: A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/D_UGbMd2sTBInpvhK1VPxewmHHM.roa
Signing time:             Wed 01 Jan 2025 11:48:07 +0000
ROA not before:           Wed 01 Jan 2025 11:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216134
IP address blocks:        149.223.0.0/16 maxlen: 24
                          149.238.0.0/16 maxlen: 24
                          149.238.0.0/19 maxlen: 24
                          149.238.32.0/19 maxlen: 24
                          149.238.64.0/19 maxlen: 24
                          149.238.96.0/19 maxlen: 24
                          149.238.128.0/19 maxlen: 24
                          149.238.159.0/24 maxlen: 24
                          149.238.160.0/19 maxlen: 24
                          149.238.192.0/19 maxlen: 24
                          149.238.224.0/19 maxlen: 24
                          170.205.192.0/18 maxlen: 24
                          192.77.114.0/23 maxlen: 24
                          192.112.208.0/24 maxlen: 24
                          193.33.52.0/23 maxlen: 24
                          2a13:cb40::/29 maxlen: 48
Validation:               Failed, certificate revoked on Tue 28 Jan 2025 07:19:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c9:85:42:18:c2:3d:ec:1d:db:14:b3:19:ce:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
        Validity
            Not Before: Jan  1 11:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ff5066cc776b130489e9be12b554fc5ec261c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c0:68:14:97:36:7e:6e:5f:24:4d:65:b7:d0:
                    6e:60:8e:41:f8:65:e3:17:dc:5e:ba:40:ae:bb:f3:
                    1b:d8:dc:1a:d7:26:cc:5b:a8:81:3c:82:eb:7d:d7:
                    f4:47:03:79:87:52:2a:e6:54:94:7e:42:84:9d:19:
                    3c:12:cf:eb:e3:38:e8:45:83:e4:ec:e8:7b:b5:28:
                    6d:ca:06:53:e0:17:34:1c:5c:69:91:58:22:bd:42:
                    4b:97:27:42:68:82:f0:b2:4d:c0:8c:b8:62:54:c5:
                    3a:a0:47:a7:b1:94:f9:38:81:94:a6:53:98:b0:71:
                    1b:d1:6e:5c:fa:35:a7:20:7f:e1:1a:31:78:6d:1e:
                    81:c3:28:03:0c:bf:8a:e6:ea:ab:98:a9:9d:44:6d:
                    f9:82:46:69:d5:41:dc:c3:94:9d:ff:d6:31:5a:23:
                    84:10:eb:38:bb:5f:1c:9f:2d:bd:ef:1e:0e:c4:cd:
                    34:aa:be:ca:9e:cf:91:bb:fa:a4:30:8c:a2:14:07:
                    ce:55:8b:a4:12:0a:b4:cc:fd:cc:8f:2e:36:30:37:
                    56:ce:5b:98:4e:31:d0:2d:8c:a2:4c:f1:85:8b:c9:
                    ca:b3:ae:7e:95:85:81:2f:70:4c:86:b3:ee:c1:f1:
                    51:65:45:42:9d:53:f6:97:07:23:62:f9:83:77:4c:
                    f5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F5:06:6C:C7:76:B1:30:48:9E:9B:E1:2B:55:4F:C5:EC:26:1C:73
            X509v3 Authority Key Identifier:
                keyid:A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/D_UGbMd2sTBInpvhK1VPxewmHHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.223.0.0/16
                  149.238.0.0/16
                  170.205.192.0/18
                  192.77.114.0/23
                  192.112.208.0/24
                  193.33.52.0/23
                IPv6:
                  2a13:cb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:8a:11:01:32:d1:c3:85:83:4f:21:81:89:46:05:eb:f8:b3:
         e5:e6:40:37:0c:68:98:e5:34:12:86:72:d7:69:22:96:00:a3:
         12:33:e1:2d:69:bc:65:dd:df:48:19:fa:2a:88:7b:2d:69:b8:
         e0:56:4d:b5:0c:bc:48:18:e8:a9:84:0f:0e:5d:68:06:4d:34:
         35:3f:39:8a:82:d5:52:e4:6c:1a:d5:34:16:f4:12:6c:b5:50:
         da:5b:b2:a0:fe:b8:aa:28:13:12:ee:79:bd:1c:c0:e9:c3:9f:
         55:19:70:92:80:a3:92:e7:87:3c:62:fe:a1:86:b3:8b:1a:67:
         4e:de:4e:34:b2:18:f8:60:a9:f9:d5:3d:3a:60:d5:47:a4:53:
         20:14:1a:85:41:69:37:06:05:78:c3:b4:82:31:ce:a4:29:3a:
         1d:01:83:cb:ff:0e:31:30:e1:d9:ba:7d:2a:1b:61:87:d4:47:
         3c:ca:b2:42:3b:d6:24:6f:a0:87:db:f9:a4:c9:6e:1b:1b:f0:
         6f:18:9c:15:4d:fe:bc:a9:18:3c:ee:88:1e:97:19:7a:b7:61:
         8f:c0:68:23:1d:c8:73:97:e6:55:fb:27:73:9b:6d:93:e6:e8:
         60:72:f4:29:81:7a:69:42:33:42:7c:a3:36:bc:1f:2f:6a:6c:
         42:b7:8c:0c
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZQhscmFQhjCPewd2xSzGc79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzI3YzU2ZTk0MTE3MWVhM2JlYmEyNmViYjllMjNmNGRm
NWJjZjMwHhcNMjUwMTAxMTE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmY1MDY2Y2M3NzZiMTMwNDg5ZTliZTEyYjU1NGZjNWVjMjYxYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysBoFJc2fm5fJE1lt9BuYI5B+GXj
F9xeukCuu/Mb2Nwa1ybMW6iBPILrfdf0RwN5h1Iq5lSUfkKEnRk8Es/r4zjoRYPk
7Oh7tShtygZT4Bc0HFxpkVgivUJLlydCaILwsk3AjLhiVMU6oEensZT5OIGUplOY
sHEb0W5c+jWnIH/hGjF4bR6BwygDDL+K5uqrmKmdRG35gkZp1UHcw5Sd/9YxWiOE
EOs4u18cny297x4OxM00qr7Kns+Ru/qkMIyiFAfOVYukEgq0zP3Mjy42MDdWzluY
TjHQLYyiTPGFi8nKs65+lYWBL3BMhrPuwfFRZUVCnVP2lwcjYvmDd0z1IwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFA/1BmzHdrEwSJ6b4StVT8XsJhxzMB8GA1UdIwQY
MBaAFKQyfFbpQRceo766Juu54j9N9bzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWIt
MjhjMzQzY2U5ZDVkLzEvRF9VR2JNZDJzVEJJbnB2aEsxVlB4ZXdtSEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWItMjhjMzQzY2U5ZDVk
LzEvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAoBAIAATAiAwMAld8DAwCV
7gMEBqrNwAMEAcBNcgMEAMBw0AMEAcEhNDANBAIAAjAHAwUDKhPLQDANBgkqhkiG
9w0BAQsFAAOCAQEAW4oRATLRw4WDTyGBiUYF6/iz5eZANwxomOU0EoZy12kilgCj
EjPhLWm8Zd3fSBn6Koh7LWm44FZNtQy8SBjoqYQPDl1oBk00NT85ioLVUuRsGtU0
FvQSbLVQ2luyoP64qigTEu55vRzA6cOfVRlwkoCjkueHPGL+oYazixpnTt5ONLIY
+GCp+dU9OmDVR6RTIBQahUFpNwYFeMO0gjHOpCk6HQGDy/8OMTDh2bp9Khthh9RH
PMqyQjvWJG+gh9v5pMluGxvwbxicFU3+vKkYPO6IHpcZerdhj8BoIx3Ic5fmVfsn
c5ttk+boYHL0KYF6aUIzQnyjNrwfL2psQreMDA==
-----END CERTIFICATE-----