Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/7oWMXMZVIO9OMb1KJU65KcOwVxo.roa
File:                     7oWMXMZVIO9OMb1KJU65KcOwVxo.roa (raw, json)
Hash identifier:          SgfC4FUDOlxAgNPHBkULQkhfaE3d5DI/Vg16mx1Jo4M=
Subject key identifier:   EE:85:8C:5C:C6:55:20:EF:4E:31:BD:4A:25:4E:B9:29:C3:B0:57:1A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01957063BC2A2A7B7B131B76F65FD1230DA9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/7oWMXMZVIO9OMb1KJU65KcOwVxo.roa
Signing time:             Fri 07 Mar 2025 11:35:39 +0000
ROA not before:           Fri 07 Mar 2025 11:35:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.124.7.0/24 maxlen: 24
                          193.124.44.0/24 maxlen: 24
                          194.58.36.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 19 Mar 2025 05:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:70:63:bc:2a:2a:7b:7b:13:1b:76:f6:5f:d1:23:0d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar  7 11:35:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee858c5cc65520ef4e31bd4a254eb929c3b0571a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:cb:a3:76:9b:be:ff:d9:db:82:d2:3d:7b:95:
                    68:dd:e5:aa:61:43:59:27:f2:f3:a9:69:15:67:b0:
                    13:3e:71:43:75:29:0e:3a:03:c7:95:91:81:e6:b9:
                    32:14:f6:0c:90:f6:ec:fe:34:57:08:6d:b6:ee:2c:
                    12:49:df:e6:d0:04:be:7a:a2:16:4d:ad:75:bc:43:
                    71:71:23:62:dd:59:23:98:c1:1e:c7:08:5b:e9:b1:
                    b5:b0:ed:08:9c:74:79:32:e1:4d:27:a3:33:c4:48:
                    63:8a:08:ef:05:14:b1:64:86:85:74:69:2d:a5:b8:
                    70:6d:a4:7b:2d:2b:fc:32:7f:af:18:22:e9:de:9b:
                    44:ec:40:b7:f7:37:3c:b2:74:a6:7f:f7:76:32:46:
                    e0:b1:4c:a8:83:0e:4a:2f:2e:3a:e9:75:42:8f:44:
                    7b:8a:18:5e:b3:13:f5:b6:bf:b3:85:50:8b:a9:f2:
                    fe:84:cd:10:56:87:c0:59:df:67:19:88:a4:38:ad:
                    77:48:20:63:f9:ac:89:8f:67:26:c2:51:55:7d:9f:
                    38:bb:41:4e:0a:17:a9:de:30:8a:f0:37:15:3e:e3:
                    85:d3:5b:3a:ed:5b:c1:08:28:f0:8f:e5:36:8d:e9:
                    6d:aa:36:1c:8a:07:b3:00:fc:ce:8f:e0:d1:61:1a:
                    6e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:85:8C:5C:C6:55:20:EF:4E:31:BD:4A:25:4E:B9:29:C3:B0:57:1A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/7oWMXMZVIO9OMb1KJU65KcOwVxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  193.124.44.0/24
                  194.58.36.0/24
                  194.58.155.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:54:af:43:a8:a1:9d:f2:2c:8d:58:82:af:6b:88:93:c8:f3:
         0e:b1:bd:2a:e2:a1:87:d3:cd:00:b0:cb:99:84:dc:e1:22:21:
         d2:b7:17:62:0a:51:53:65:1e:bb:08:c2:ff:61:4c:be:a3:5e:
         b1:8e:b4:10:71:97:51:7d:e5:38:3f:0f:fa:f1:ba:d3:39:9f:
         ab:a4:6d:8c:96:8b:a1:b6:8f:92:06:3b:43:f1:ed:14:62:63:
         cd:ca:d5:c8:2a:60:b0:3e:32:e5:19:8a:f1:79:6a:02:14:75:
         51:9c:05:c7:d3:c5:97:b7:08:3e:b3:16:a9:00:c9:ca:d4:7f:
         09:58:05:01:1c:60:5e:20:2c:79:5c:e7:b7:0f:b8:68:94:b5:
         da:f5:8b:b9:31:20:de:c6:d4:cb:15:a1:07:96:2f:4f:2d:a8:
         a0:42:e2:86:5a:a4:a4:45:6c:09:19:56:d0:9b:1e:60:a6:b1:
         fa:0c:a5:08:f6:c5:6e:73:57:00:d9:dc:dd:c0:5b:09:6a:a4:
         05:f4:7a:43:b7:ea:0d:02:58:86:da:25:c1:b7:b1:d1:fc:e5:
         79:83:b5:b1:ef:8f:3d:9b:ff:f5:da:b7:9b:f1:ab:02:3c:b0:
         ad:60:6b:b4:ba:7a:50:cd:ed:74:c0:ec:8f:53:7b:c9:73:2e:
         bd:5a:24:02
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZVwY7wqKnt7Ext29l/RIw2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMzA3MTEzNTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTg1OGM1Y2M2NTUyMGVmNGUzMWJkNGEyNTRlYjkyOWMzYjA1NzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28ujdpu+/9nbgtI9e5Vo3eWqYUNZ
J/LzqWkVZ7ATPnFDdSkOOgPHlZGB5rkyFPYMkPbs/jRXCG227iwSSd/m0AS+eqIW
Ta11vENxcSNi3VkjmMEexwhb6bG1sO0InHR5MuFNJ6MzxEhjigjvBRSxZIaFdGkt
pbhwbaR7LSv8Mn+vGCLp3ptE7EC39zc8snSmf/d2MkbgsUyogw5KLy466XVCj0R7
ihhesxP1tr+zhVCLqfL+hM0QVofAWd9nGYikOK13SCBj+ayJj2cmwlFVfZ84u0FO
Chep3jCK8DcVPuOF01s67VvBCCjwj+U2jeltqjYcigezAPzOj+DRYRpu8QIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFO6FjFzGVSDvTjG9SiVOuSnDsFcaMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvN29XTVhNWlZJTzlPTWIxS0pVNjVLY093VnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQAwXwHAwQA
wXwsAwQAwjokAwQAwjqbAwQAwlepAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQB
1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAIVSv
Q6ihnfIsjViCr2uIk8jzDrG9KuKhh9PNALDLmYTc4SIh0rcXYgpRU2UeuwjC/2FM
vqNesY60EHGXUX3lOD8P+vG60zmfq6RtjJaLobaPkgY7Q/HtFGJjzcrVyCpgsD4y
5RmK8XlqAhR1UZwFx9PFl7cIPrMWqQDJytR/CVgFARxgXiAseVzntw+4aJS12vWL
uTEg3sbUyxWhB5YvTy2ooELihlqkpEVsCRlW0JseYKax+gylCPbFbnNXANnc3cBb
CWqkBfR6Q7fqDQJYhtolwbex0fzleYO1se+PPZv/9dq3m/GrAjywrWBrtLp6UM3t
dMDsj1N7yXMuvVokAg==
-----END CERTIFICATE-----