Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/93XiKP-DmqOtoumvyqYDfdGi-9Y.roa
File:                     93XiKP-DmqOtoumvyqYDfdGi-9Y.roa (raw, json)
Hash identifier:          5p6rsS76nqgs9mmBpQJgcFYxIf2KaZrpJzKRl14F01g=
Subject key identifier:   F7:75:E2:28:FF:83:9A:A3:AD:A2:E9:AF:CA:A6:03:7D:D1:A2:FB:D6
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0194282507424F347EA232685DEC684F29DB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/93XiKP-DmqOtoumvyqYDfdGi-9Y.roa
Signing time:             Thu 02 Jan 2025 17:51:42 +0000
ROA not before:           Thu 02 Jan 2025 17:51:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210644
IP address blocks:        193.124.203.0/24 maxlen: 24
                          194.87.29.0/24 maxlen: 24
                          194.87.77.0/24 maxlen: 24
                          194.87.85.0/24 maxlen: 24
                          194.87.189.0/24 maxlen: 24
                          195.133.2.0/24 maxlen: 24
                          195.133.18.0/24 maxlen: 24
                          195.133.26.0/24 maxlen: 24
                          195.133.28.0/24 maxlen: 24
                          212.192.246.0/24 maxlen: 24
                          212.192.248.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 02 Apr 2025 10:32:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:07:42:4f:34:7e:a2:32:68:5d:ec:68:4f:29:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f775e228ff839aa3ada2e9afcaa6037dd1a2fbd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6b:5f:be:23:be:a0:96:45:25:06:4d:3c:66:
                    92:38:34:87:79:0d:20:c9:b1:c9:4b:9a:a0:b2:56:
                    a2:1d:2f:ba:9f:eb:5c:cb:40:db:7e:6e:27:73:4f:
                    56:ec:d0:91:9a:e8:25:37:48:81:ac:8a:ea:7a:c0:
                    2e:75:08:5f:c9:37:dd:5b:c7:9f:fc:c4:42:78:2e:
                    b4:57:ce:c7:26:cf:ce:b6:3d:8f:b9:35:ed:50:6b:
                    ab:4f:bb:4e:6e:ca:bb:34:d9:c9:03:64:60:98:15:
                    e8:e7:dc:ba:19:04:2b:c3:47:38:0c:6f:52:7a:77:
                    30:bf:40:80:b7:3a:fb:bd:be:2e:07:22:24:12:16:
                    3c:41:23:70:9f:1a:86:ee:1a:24:ca:ad:4f:c8:7a:
                    63:0b:7d:ed:df:54:54:29:e0:01:a2:c3:f3:5a:5b:
                    d3:06:91:fb:a6:d0:1c:8e:0f:83:f9:eb:7c:50:fd:
                    f5:ff:27:88:b4:7f:c7:7d:cd:5d:ea:93:57:49:1d:
                    98:a4:07:9c:fd:c2:74:aa:2a:5d:af:f4:e7:48:24:
                    5e:26:6c:48:ec:d7:8f:7a:65:0e:ea:7c:f6:fb:00:
                    9f:9d:de:6c:c6:01:f5:c8:a7:f2:3c:7e:45:c6:04:
                    f7:86:50:ca:d0:6a:04:c8:9f:b6:84:eb:20:24:9f:
                    78:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:75:E2:28:FF:83:9A:A3:AD:A2:E9:AF:CA:A6:03:7D:D1:A2:FB:D6
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/93XiKP-DmqOtoumvyqYDfdGi-9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.203.0/24
                  194.87.29.0/24
                  194.87.77.0/24
                  194.87.85.0/24
                  194.87.189.0/24
                  195.133.2.0/24
                  195.133.18.0/24
                  195.133.26.0/24
                  195.133.28.0/24
                  212.192.246.0/24
                  212.192.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d4:1b:f7:16:80:d5:0d:ec:48:51:91:29:11:c0:38:e2:a1:
         0e:f4:a9:2d:e8:f8:af:93:ea:aa:ed:b5:e7:54:78:36:01:cf:
         b7:b1:8e:0b:91:63:63:36:d5:48:99:4b:d0:06:59:c6:94:dd:
         a7:c2:cf:c7:33:9c:ff:11:94:e1:97:e0:56:52:39:b8:7e:ec:
         22:97:0c:ba:81:c0:88:ee:aa:52:8c:b4:46:9c:9b:0f:4e:a3:
         a8:29:1b:74:70:a4:5c:63:8d:ae:55:13:14:6d:a0:a7:4f:59:
         7f:3c:0a:64:d6:09:07:e9:f5:78:93:b7:bd:28:c3:f1:b7:57:
         92:d9:08:08:d9:8b:8d:65:3e:11:6f:f4:dd:ec:42:01:61:a2:
         b5:e2:e2:29:55:84:ac:a5:f2:a5:d0:81:cb:6c:f0:50:c0:7e:
         98:56:37:0d:1b:46:f6:ef:a4:03:d2:26:73:03:4a:60:22:b1:
         07:cc:25:fd:9c:81:f8:37:57:06:1d:ba:4d:eb:fd:e4:99:44:
         83:2d:ca:b0:f9:08:f2:44:73:d3:60:31:bf:ed:6d:d2:d6:45:
         7e:45:a9:f5:f6:c6:cd:a1:ca:e8:ea:9c:b8:aa:d4:3a:f8:46:
         1d:c1:90:b1:96:d6:ea:42:6b:ab:82:ca:8e:90:9a:c7:47:1b:
         3c:1b:b9:b7
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQoJQdCTzR+ojJoXexoTynbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzc1ZTIyOGZmODM5YWEzYWRhMmU5YWZjYWE2MDM3ZGQxYTJmYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2tfviO+oJZFJQZNPGaSODSHeQ0g
ybHJS5qgslaiHS+6n+tcy0Dbfm4nc09W7NCRmuglN0iBrIrqesAudQhfyTfdW8ef
/MRCeC60V87HJs/Otj2PuTXtUGurT7tObsq7NNnJA2RgmBXo59y6GQQrw0c4DG9S
encwv0CAtzr7vb4uByIkEhY8QSNwnxqG7hokyq1PyHpjC33t31RUKeABosPzWlvT
BpH7ptAcjg+D+et8UP31/yeItH/Hfc1d6pNXSR2YpAec/cJ0qipdr/TnSCReJmxI
7NePemUO6nz2+wCfnd5sxgH1yKfyPH5FxgT3hlDK0GoEyJ+2hOsgJJ94UQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFPd14ij/g5qjraLpr8qmA33RovvWMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOTNYaUtQLURtcU90b3VtdnlxWURmZEdpLTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAwXzLAwQA
wlcdAwQAwldNAwQAwldVAwQAwle9AwQAw4UCAwQAw4USAwQAw4UaAwQAw4UcAwQA
1MD2AwQA1MD4MA0GCSqGSIb3DQEBCwUAA4IBAQBy1Bv3FoDVDexIUZEpEcA44qEO
9Kkt6Pivk+qq7bXnVHg2Ac+3sY4LkWNjNtVImUvQBlnGlN2nws/HM5z/EZThl+BW
Ujm4fuwilwy6gcCI7qpSjLRGnJsPTqOoKRt0cKRcY42uVRMUbaCnT1l/PApk1gkH
6fV4k7e9KMPxt1eS2QgI2YuNZT4Rb/Td7EIBYaK14uIpVYSspfKl0IHLbPBQwH6Y
VjcNG0b276QD0iZzA0pgIrEHzCX9nIH4N1cGHbpN6/3kmUSDLcqw+QjyRHPTYDG/
7W3S1kV+Ran19sbNocro6py4qtQ6+EYdwZCxltbqQmurgsqOkJrHRxs8G7m3
-----END CERTIFICATE-----