Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/d10b94-4105-45e2-a707-5224cf13f586/1/ufoBIx89MCSwFo8mP7YdIluwIp8.roa
File:                     ufoBIx89MCSwFo8mP7YdIluwIp8.roa (raw, json)
Hash identifier:          k+H8n4J6XkCxwvEXvsay4qYuVvhZO/zCZlBTF/y0yXQ=
Subject key identifier:   B9:FA:01:23:1F:3D:30:24:B0:16:8F:26:3F:B6:1D:22:5B:B0:22:9F
Certificate issuer:       /CN=3680651aba066b4084a7ed20d7f5201b2296c197
Certificate serial:       0191E5AF49C9BF8899A8206D1BED8AAF15FD
Authority key identifier: 36:80:65:1A:BA:06:6B:40:84:A7:ED:20:D7:F5:20:1B:22:96:C1:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NoBlGroGa0CEp-0g1_UgGyKWwZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/d10b94-4105-45e2-a707-5224cf13f586/1/ufoBIx89MCSwFo8mP7YdIluwIp8.roa
Signing time:             Thu 12 Sep 2024 10:02:35 +0000
ROA not before:           Thu 12 Sep 2024 10:02:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35725
IP address blocks:        89.33.32.0/21 maxlen: 21
                          89.33.48.0/21 maxlen: 21
                          178.138.0.0/16 maxlen: 16
                          178.138.0.0/18 maxlen: 18
                          178.138.32.0/22 maxlen: 22
                          178.138.38.0/24 maxlen: 24
                          178.138.39.0/24 maxlen: 24
                          178.138.40.0/23 maxlen: 23
                          178.138.62.0/24 maxlen: 24
                          178.138.96.0/22 maxlen: 22
                          178.138.96.0/23 maxlen: 23
                          178.138.98.0/23 maxlen: 23
                          178.138.104.0/24 maxlen: 24
                          178.138.126.0/23 maxlen: 23
                          178.138.192.0/23 maxlen: 23
                          178.138.194.0/23 maxlen: 23
                          193.104.247.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 25 Nov 2024 12:14:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:af:49:c9:bf:88:99:a8:20:6d:1b:ed:8a:af:15:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3680651aba066b4084a7ed20d7f5201b2296c197
        Validity
            Not Before: Sep 12 10:02:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9fa01231f3d3024b0168f263fb61d225bb0229f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c8:88:53:b9:98:e3:2f:ca:1c:59:ae:31:52:
                    3a:7b:2e:c0:f0:a8:d0:7b:72:2b:37:79:31:cd:1e:
                    61:55:61:af:7d:f6:33:52:d9:e7:2c:9b:66:1a:96:
                    20:f2:40:a4:bd:db:d1:88:1e:06:4b:74:15:e4:89:
                    bd:6c:ad:d1:24:d2:fa:bc:d5:11:80:23:b4:c9:83:
                    d0:23:55:94:79:db:32:34:93:54:04:9b:3e:39:30:
                    46:95:8b:76:d2:41:8c:c1:10:5c:f2:a8:4e:07:90:
                    ec:9f:30:9f:17:e0:d9:b4:a4:61:69:cc:d4:7e:26:
                    c8:4d:cf:e5:86:8f:b2:5e:1b:8e:8e:4f:53:3d:78:
                    c8:64:b9:5a:77:f1:4c:5d:f7:c3:f4:5d:2d:11:41:
                    8a:d0:de:e9:7f:5e:7c:a7:0f:cb:1b:c0:27:67:3b:
                    80:c5:24:c5:e0:98:52:31:01:d5:08:33:c6:62:85:
                    c9:91:d3:28:11:f1:f5:48:9d:96:31:da:bf:a0:b0:
                    03:1f:17:16:35:ec:88:f9:cc:6a:96:37:99:c9:9e:
                    b9:80:59:19:5e:0e:a8:68:c8:15:8b:be:45:fd:7e:
                    2a:3f:8b:be:f0:af:1e:40:cb:fa:4d:7f:e9:5e:9a:
                    46:65:a7:f1:3b:83:88:1f:e2:01:b8:cd:82:2c:9f:
                    9d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FA:01:23:1F:3D:30:24:B0:16:8F:26:3F:B6:1D:22:5B:B0:22:9F
            X509v3 Authority Key Identifier:
                keyid:36:80:65:1A:BA:06:6B:40:84:A7:ED:20:D7:F5:20:1B:22:96:C1:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NoBlGroGa0CEp-0g1_UgGyKWwZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d10b94-4105-45e2-a707-5224cf13f586/1/ufoBIx89MCSwFo8mP7YdIluwIp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d10b94-4105-45e2-a707-5224cf13f586/1/NoBlGroGa0CEp-0g1_UgGyKWwZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.32.0/21
                  89.33.48.0/21
                  178.138.0.0/16
                  193.104.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:fb:67:fb:de:4f:cf:94:b3:14:95:3e:ad:b5:da:8b:33:b4:
         7b:bf:57:78:76:01:d6:4b:dd:06:dd:b1:ae:5f:b7:9b:35:06:
         cb:d5:43:93:87:54:4a:57:84:be:7a:70:50:98:9d:72:4d:7e:
         e4:6b:d3:b6:e4:d3:09:07:a7:85:0f:cb:d7:34:40:a5:17:0b:
         00:8e:8b:78:88:22:91:8b:fb:62:05:b6:a0:84:6a:d5:f9:e0:
         2e:9e:02:04:dd:14:53:88:eb:99:db:09:f6:1e:37:db:7a:f0:
         84:6e:18:79:23:c4:1d:20:82:6c:1d:5b:7b:19:6b:47:00:2e:
         95:37:3d:e9:a7:90:a2:ac:5e:d5:7a:58:77:46:15:b3:23:80:
         2a:3b:2c:98:81:84:38:ad:19:15:3e:11:19:ac:f5:74:91:3e:
         77:b5:bb:27:1d:25:3f:69:c4:15:c0:9b:a3:24:07:8d:67:99:
         78:6d:a8:82:2b:4d:19:ed:12:4a:1f:a1:ae:a3:8f:86:1f:a6:
         5d:9c:29:1f:a9:d2:2d:9f:ac:64:a3:e2:e8:f8:bc:6f:27:04:
         2f:11:be:de:fb:81:4a:9a:cc:f3:96:28:d9:3f:57:84:80:9b:
         7c:d0:8b:4e:75:cf:e3:27:23:a2:63:45:d7:50:c6:73:bc:e0:
         dd:96:cc:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZHlr0nJv4iZqCBtG+2KrxX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ODA2NTFhYmEwNjZiNDA4NGE3ZWQyMGQ3ZjUyMDFiMjI5
NmMxOTcwHhcNMjQwOTEyMTAwMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZhMDEyMzFmM2QzMDI0YjAxNjhmMjYzZmI2MWQyMjViYjAyMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8iIU7mY4y/KHFmuMVI6ey7A8KjQ
e3IrN3kxzR5hVWGvffYzUtnnLJtmGpYg8kCkvdvRiB4GS3QV5Im9bK3RJNL6vNUR
gCO0yYPQI1WUedsyNJNUBJs+OTBGlYt20kGMwRBc8qhOB5DsnzCfF+DZtKRhaczU
fibITc/lho+yXhuOjk9TPXjIZLlad/FMXffD9F0tEUGK0N7pf158pw/LG8AnZzuA
xSTF4JhSMQHVCDPGYoXJkdMoEfH1SJ2WMdq/oLADHxcWNeyI+cxqljeZyZ65gFkZ
Xg6oaMgVi75F/X4qP4u+8K8eQMv6TX/pXppGZafxO4OIH+IBuM2CLJ+dTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLn6ASMfPTAksBaPJj+2HSJbsCKfMB8GA1UdIwQY
MBaAFDaAZRq6BmtAhKftINf1IBsilsGXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm9CbEdyb0dhMENFcC0wZzFfVWdHeUtXd1pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9kMTBiOTQtNDEwNS00NWUyLWE3MDct
NTIyNGNmMTNmNTg2LzEvdWZvQkl4ODlNQ1N3Rm84bVA3WWRJbHV3SXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9kMTBiOTQtNDEwNS00NWUyLWE3MDctNTIyNGNmMTNmNTg2
LzEvTm9CbEdyb0dhMENFcC0wZzFfVWdHeUtXd1pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwQDWSEgAwQD
WSEwAwMAsooDBADBaPcwDQYJKoZIhvcNAQELBQADggEBAHj7Z/veT8+UsxSVPq21
2osztHu/V3h2AdZL3Qbdsa5ft5s1BsvVQ5OHVEpXhL56cFCYnXJNfuRr07bk0wkH
p4UPy9c0QKUXCwCOi3iIIpGL+2IFtqCEatX54C6eAgTdFFOI65nbCfYeN9t68IRu
GHkjxB0ggmwdW3sZa0cALpU3PemnkKKsXtV6WHdGFbMjgCo7LJiBhDitGRU+ERms
9XSRPne1uycdJT9pxBXAm6MkB41nmXhtqIIrTRntEkofoa6jj4Yfpl2cKR+p0i2f
rGSj4uj4vG8nBC8Rvt77gUqazPOWKNk/V4SAm3zQi051z+MnI6JjRddQxnO84N2W
zDw=
-----END CERTIFICATE-----