Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Cbwws3Y1tp30jfrBvhtxc1alPQQ.roa
File:                     Cbwws3Y1tp30jfrBvhtxc1alPQQ.roa (raw, json)
Hash identifier:          3teqiNko3zmbihRmGuLIzYS/so2mTjQsmmY+zaxBIhQ=
Subject key identifier:   09:BC:30:B3:76:35:B6:9D:F4:8D:FA:C1:BE:1B:71:73:56:A5:3D:04
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01926827FE9A4AE77FEC106330B78E8BC68A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Cbwws3Y1tp30jfrBvhtxc1alPQQ.roa
Signing time:             Mon 07 Oct 2024 18:05:04 +0000
ROA not before:           Mon 07 Oct 2024 18:05:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.85.251.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.25.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 12 Oct 2024 09:22:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:68:27:fe:9a:4a:e7:7f:ec:10:63:30:b7:8e:8b:c6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct  7 18:05:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09bc30b37635b69df48dfac1be1b717356a53d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e2:a5:7b:0e:34:ab:45:18:4d:63:ac:d8:5e:
                    62:cb:eb:fc:16:68:29:d6:1f:9d:8f:48:1c:02:d2:
                    10:da:68:fb:6a:8e:21:8a:3c:ae:48:52:42:a7:49:
                    65:4c:70:09:84:e9:cf:86:36:c9:e3:d4:87:d1:2f:
                    50:89:4d:63:ee:44:eb:30:0e:a9:01:a5:ec:74:ba:
                    8a:84:43:dc:78:3f:3b:0a:38:7c:8f:ab:1d:75:be:
                    55:f1:39:c2:03:1d:51:f2:76:24:dd:e0:66:be:89:
                    f6:27:39:b1:78:79:0a:ef:d4:1f:4f:5a:77:2b:f8:
                    86:81:fd:3f:0a:5e:6b:f5:1f:9d:15:5d:52:40:52:
                    f5:a2:2c:63:4b:6d:68:dd:bc:62:32:4c:52:8d:69:
                    03:e7:a4:80:81:b4:bf:db:7e:24:a9:ff:6a:33:5d:
                    1e:2d:8e:26:ac:d6:93:80:7d:3a:7e:e3:69:0e:47:
                    d3:82:c2:31:12:e7:47:cf:7a:80:5a:6b:63:6e:ff:
                    5a:66:ca:f1:7d:ef:fe:b5:89:dd:44:46:33:9a:8a:
                    08:35:6b:2b:df:be:ef:8f:82:10:25:6a:3d:b1:62:
                    fb:e0:66:fe:80:96:72:69:88:d7:ab:a3:48:1c:84:
                    bd:1b:d6:bf:92:84:a2:09:12:9e:b3:65:f6:43:a5:
                    52:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:BC:30:B3:76:35:B6:9D:F4:8D:FA:C1:BE:1B:71:73:56:A5:3D:04
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Cbwws3Y1tp30jfrBvhtxc1alPQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.85.251.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.25.0-212.193.27.255
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:62:e4:93:5d:17:b0:5f:49:9c:08:e2:18:9f:a5:b2:7e:fa:
         b6:f2:2f:87:34:ca:19:34:de:68:aa:6a:3f:8a:86:0b:56:8d:
         75:93:64:52:26:44:34:c5:11:b3:57:ad:f3:35:df:a9:e8:4b:
         30:fc:ce:52:67:6e:7b:59:72:78:e6:49:9c:25:13:4c:a5:04:
         fa:bc:47:df:14:d8:c2:77:f4:c9:f1:2a:91:b4:ca:b8:fb:66:
         1e:4f:01:03:00:e6:38:ec:15:21:c2:96:1b:88:a8:ea:4c:1b:
         1f:54:24:1c:21:58:3b:3e:3e:17:0f:04:e1:e7:16:18:32:3b:
         cb:86:fe:4c:34:be:15:0c:bd:1d:b0:56:b9:2e:a8:7f:01:85:
         49:52:f2:c1:26:61:7e:87:22:22:a0:9d:22:2e:f6:0f:00:c4:
         d3:7a:4c:66:1e:a7:e9:33:35:ef:06:ae:27:96:eb:b9:4d:dd:
         5d:63:88:56:b0:77:9d:7b:c3:e6:d6:0d:3d:e5:a5:f9:3b:92:
         52:d0:55:b2:01:30:65:7d:fd:0c:2b:48:26:2d:54:71:05:ee:
         a8:c6:86:99:7a:cc:69:32:6d:b4:ad:97:ba:63:55:98:49:45:
         82:c9:b7:25:30:b2:ef:59:19:49:5d:a7:4e:ec:fe:c7:ba:28:
         df:fb:f6:5c
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZJoJ/6aSud/7BBjMLeOi8aKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMDA3MTgwNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWJjMzBiMzc2MzViNjlkZjQ4ZGZhYzFiZTFiNzE3MzU2YTUzZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+Klew40q0UYTWOs2F5iy+v8Fmgp
1h+dj0gcAtIQ2mj7ao4hijyuSFJCp0llTHAJhOnPhjbJ49SH0S9QiU1j7kTrMA6p
AaXsdLqKhEPceD87Cjh8j6sddb5V8TnCAx1R8nYk3eBmvon2JzmxeHkK79QfT1p3
K/iGgf0/Cl5r9R+dFV1SQFL1oixjS21o3bxiMkxSjWkD56SAgbS/234kqf9qM10e
LY4mrNaTgH06fuNpDkfTgsIxEudHz3qAWmtjbv9aZsrxfe/+tYndREYzmooINWsr
377vj4IQJWo9sWL74Gb+gJZyaYjXq6NIHIS9G9a/koSiCRKes2X2Q6VSfQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFAm8MLN2Nbad9I36wb4bcXNWpT0EMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQ2J3d3MzWTF0cDMwamZyQnZodHhjMWFsUFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQAwjqbAwQA
wlX7AwQAwlepAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MABMAwDBADUwRkD
BALUwRgwFAQCAAIwDgMFAyoBV8ADBQMqDP9AMA0GCSqGSIb3DQEBCwUAA4IBAQCN
YuSTXRewX0mcCOIYn6Wyfvq28i+HNMoZNN5oqmo/ioYLVo11k2RSJkQ0xRGzV63z
Nd+p6Esw/M5SZ257WXJ45kmcJRNMpQT6vEffFNjCd/TJ8SqRtMq4+2YeTwEDAOY4
7BUhwpYbiKjqTBsfVCQcIVg7Pj4XDwTh5xYYMjvLhv5MNL4VDL0dsFa5Lqh/AYVJ
UvLBJmF+hyIioJ0iLvYPAMTTekxmHqfpMzXvBq4nluu5Td1dY4hWsHede8Pm1g09
5aX5O5JS0FWyATBlff0MK0gmLVRxBe6oxoaZesxpMm20rZe6Y1WYSUWCybclMLLv
WRlJXadO7P7Huijf+/Zc
-----END CERTIFICATE-----