Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8-VjFmF2ch1MujjLLmfUMdsoZdI.roa
File:                     8-VjFmF2ch1MujjLLmfUMdsoZdI.roa (raw, json)
Hash identifier:          v15tfLyrIyASX90nKb5eJwLCg+VzvSABzCWGft4FZYM=
Subject key identifier:   F3:E5:63:16:61:76:72:1D:4C:BA:38:CB:2E:67:D4:31:DB:28:65:D2
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0194C75A2B456E07AC30292C2DFA27C5000F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8-VjFmF2ch1MujjLLmfUMdsoZdI.roa
Signing time:             Sun 02 Feb 2025 15:49:22 +0000
ROA not before:           Sun 02 Feb 2025 15:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.124.227.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.224.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Mon 03 Feb 2025 08:58:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c7:5a:2b:45:6e:07:ac:30:29:2c:2d:fa:27:c5:00:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb  2 15:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3e563166176721d4cba38cb2e67d431db2865d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c3:43:fe:56:de:bf:b7:c3:64:09:5e:31:cd:
                    a9:89:04:25:c1:bc:44:ba:e4:76:44:ee:d7:3d:17:
                    9f:f2:6f:4f:f8:9c:9b:68:4f:88:ad:43:87:9f:5c:
                    89:8c:6b:ee:ca:72:8e:78:a8:5d:36:4a:46:c2:8b:
                    f6:bd:de:48:19:6d:c5:7e:ce:06:1d:5b:bd:d7:6a:
                    e7:c6:ec:27:83:e2:c5:14:f1:09:8a:0d:1e:78:a2:
                    86:27:24:50:ce:62:5f:0f:79:af:0e:81:c9:f6:77:
                    45:b1:02:88:ca:c6:f7:90:32:12:58:0c:3f:bc:9b:
                    42:ea:e4:db:89:71:0e:67:3d:99:f6:ec:d6:43:b4:
                    31:c1:62:da:94:31:65:6b:18:4b:9b:9f:b2:f3:52:
                    6c:98:31:e0:95:19:27:0d:8b:d6:7c:a5:08:2b:76:
                    5e:24:91:56:63:2c:51:33:c0:f8:92:25:81:c9:01:
                    9f:cf:c6:08:77:ba:19:b6:c6:f6:4a:ff:ab:8a:80:
                    e1:07:36:30:82:de:51:8c:7b:88:fb:ba:71:58:bd:
                    95:e0:fd:dd:22:8c:ac:c3:6f:23:50:77:5a:17:b9:
                    0f:49:e3:70:66:9e:75:85:ba:e0:df:66:1a:31:4b:
                    87:13:94:18:96:5c:9a:0a:c1:6b:7f:78:c9:f6:73:
                    51:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:E5:63:16:61:76:72:1D:4C:BA:38:CB:2E:67:D4:31:DB:28:65:D2
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8-VjFmF2ch1MujjLLmfUMdsoZdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.227.0/24
                  194.58.155.0/24
                  194.87.169.0/24
                  194.87.224.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:7d:a6:18:f7:d1:f6:2a:37:2d:94:f8:c1:52:d6:14:41:c0:
         6b:66:11:f5:53:20:e4:74:18:03:81:ae:8e:cc:c9:15:f0:59:
         b4:81:48:5e:e9:f9:9f:50:77:36:10:23:e8:f6:4b:59:aa:28:
         49:9d:d6:be:3b:30:43:4f:79:9d:30:2f:0c:ac:2f:39:12:3f:
         ba:47:c6:29:a2:e2:bb:cb:1c:ca:c1:31:57:b1:8e:8b:65:10:
         ae:01:a2:f4:35:7c:c8:c1:2b:76:f9:51:fb:62:f2:ef:3b:e5:
         00:ec:d7:f8:5b:2e:2e:17:28:60:3c:a8:f6:bd:5a:87:d7:a9:
         6e:6b:df:db:03:a1:69:97:ef:2c:4f:38:ca:49:2e:5c:6e:6e:
         d4:22:4d:d1:a7:a0:99:ef:0b:bf:35:45:f3:90:f2:bb:7c:21:
         0f:52:ae:d1:7c:c2:b7:68:d8:76:b4:02:22:cd:7f:61:79:70:
         8b:0b:21:30:7a:b7:a1:0a:15:15:e7:d0:10:1d:93:e2:2e:01:
         09:92:d7:d0:70:96:d4:ad:67:49:ec:84:af:46:ec:e7:d0:32:
         1e:7e:80:b0:ee:c4:31:99:a6:06:15:5b:fd:bf:ea:0e:58:0f:
         5e:89:c7:08:39:16:b8:f8:4e:5f:51:32:65:78:40:c9:1d:d9:
         d9:cf:ee:ae
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZTHWitFbgesMCksLfonxQAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMjAyMTU0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2U1NjMxNjYxNzY3MjFkNGNiYTM4Y2IyZTY3ZDQzMWRiMjg2NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsND/lbev7fDZAleMc2piQQlwbxE
uuR2RO7XPRef8m9P+JybaE+IrUOHn1yJjGvuynKOeKhdNkpGwov2vd5IGW3Ffs4G
HVu912rnxuwng+LFFPEJig0eeKKGJyRQzmJfD3mvDoHJ9ndFsQKIysb3kDISWAw/
vJtC6uTbiXEOZz2Z9uzWQ7QxwWLalDFlaxhLm5+y81JsmDHglRknDYvWfKUIK3Ze
JJFWYyxRM8D4kiWByQGfz8YId7oZtsb2Sv+rioDhBzYwgt5RjHuI+7pxWL2V4P3d
Ioysw28jUHdaF7kPSeNwZp51hbrg32YaMUuHE5QYllyaCsFrf3jJ9nNRuwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFPPlYxZhdnIdTLo4yy5n1DHbKGXSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOC1WakZtRjJjaDFNdWpqTExtZlVNZHNvWmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQAwXzjAwQA
wjqbAwQAwlepAwQAwlfgAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQB1MEaMBQE
AgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAJX2mGPfR9io3
LZT4wVLWFEHAa2YR9VMg5HQYA4GujszJFfBZtIFIXun5n1B3NhAj6PZLWaooSZ3W
vjswQ095nTAvDKwvORI/ukfGKaLiu8scysExV7GOi2UQrgGi9DV8yMErdvlR+2Ly
7zvlAOzX+FsuLhcoYDyo9r1ah9epbmvf2wOhaZfvLE84ykkuXG5u1CJN0aegme8L
vzVF85Dyu3whD1Ku0XzCt2jYdrQCIs1/YXlwiwshMHq3oQoVFefQEB2T4i4BCZLX
0HCW1K1nSeyEr0bs59AyHn6AsO7EMZmmBhVb/b/qDlgPXonHCDkWuPhOX1EyZXhA
yR3Z2c/urg==
-----END CERTIFICATE-----