Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JRYVWznTQioDVEPW6FqTpRzbGkg.roa
File:                     JRYVWznTQioDVEPW6FqTpRzbGkg.roa (raw, json)
Hash identifier:          6tR/nam2NHqdPdT5KpACJ2kuOvO0OoB5U2OtpUFy1SU=
Subject key identifier:   25:16:15:5B:39:D3:42:2A:03:54:43:D6:E8:5A:93:A5:1C:DB:1A:48
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0196A555DF9AE8AF6E8202BCC4832E3ECF35
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JRYVWznTQioDVEPW6FqTpRzbGkg.roa
Signing time:             Tue 06 May 2025 11:23:10 +0000
ROA not before:           Tue 06 May 2025 11:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.124.7.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.53.0/24 maxlen: 24
                          194.87.119.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.29.0/24 maxlen: 24
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.241.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Fri 09 May 2025 08:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:55:df:9a:e8:af:6e:82:02:bc:c4:83:2e:3e:cf:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May  6 11:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2516155b39d3422a035443d6e85a93a51cdb1a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ef:f2:7c:b3:7a:85:24:e6:19:36:6b:2d:d2:
                    7b:0b:f3:f6:07:59:87:4b:da:9d:2d:12:f8:f6:b8:
                    48:b1:94:48:b3:09:02:0f:f6:ed:76:d3:fa:df:d1:
                    fc:8e:7f:e8:2c:79:95:74:70:5a:25:c7:34:19:1c:
                    51:03:48:b5:6a:21:2c:66:d9:b8:37:9c:1d:e5:44:
                    dc:e2:fa:31:c1:22:87:b3:7b:b6:89:b3:42:03:60:
                    dd:cb:b9:77:d2:79:36:9d:50:d4:45:ad:48:22:a2:
                    bf:af:52:2d:24:8d:8f:b4:3c:8c:dc:46:e4:15:45:
                    3b:70:ba:ba:e7:3d:10:e9:5c:d2:7f:70:37:2a:13:
                    ec:b6:06:19:27:c7:57:50:cf:44:7a:28:80:0b:4b:
                    a5:e4:f8:38:a8:ee:9c:a2:e9:e7:af:34:52:a3:da:
                    75:85:20:2c:61:d7:f2:37:42:65:89:26:d7:47:35:
                    16:2e:69:e1:3f:2c:0a:32:11:84:43:96:72:2a:7e:
                    54:48:a6:87:de:d9:9d:0f:e9:97:34:69:8b:82:1d:
                    89:fc:b0:1f:52:ce:29:fd:6a:e6:b8:3a:56:2d:ed:
                    fb:ac:5a:f8:b0:ef:19:41:92:56:94:08:b2:9e:e4:
                    35:4e:dd:30:7e:56:f8:33:f4:e1:b4:23:11:e0:2e:
                    17:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:16:15:5B:39:D3:42:2A:03:54:43:D6:E8:5A:93:A5:1C:DB:1A:48
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JRYVWznTQioDVEPW6FqTpRzbGkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  194.58.155.0/24
                  194.87.53.0/24
                  194.87.119.0/24
                  194.87.169.0/24
                  194.87.179.0/24
                  195.133.24.0/23
                  195.133.29.0/24
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.241.0/24
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:95:f7:17:ed:90:ce:76:ba:d2:32:3b:e7:54:12:c2:f3:9c:
         b3:25:d4:11:f4:a7:e1:73:0d:8c:84:18:1d:a6:44:b0:dc:d4:
         04:ec:4d:7b:8f:53:79:7f:e0:54:b1:19:bd:a3:03:7d:b0:3c:
         82:07:df:1e:8e:56:26:37:26:8e:d4:5b:68:5d:27:d2:54:9d:
         72:bc:d8:d9:0c:6c:38:99:4c:73:8d:57:e6:1d:88:40:e3:ac:
         a9:87:a8:6d:ed:38:42:e2:3a:94:f8:72:77:42:fe:10:1b:fa:
         fb:b2:0d:8c:a9:18:7b:76:a0:8a:67:0d:fd:6f:cb:e6:b9:d9:
         3e:05:00:38:35:36:2f:32:85:39:4a:d3:01:59:71:9b:aa:41:
         72:3b:e8:d1:2b:80:7c:6c:96:c4:d4:2f:06:c1:d8:41:b8:14:
         39:af:bd:9e:c4:48:81:2c:56:91:59:46:43:bf:6e:f3:f9:69:
         1d:88:2e:96:9c:a0:f6:cc:27:07:4a:44:8c:e5:99:b9:2c:34:
         45:4b:82:7e:19:92:d0:99:5d:4c:36:20:41:e3:7b:42:6b:10:
         97:e0:7d:7f:fb:3a:2e:97:98:07:f7:6b:a3:e8:a6:d9:20:a8:
         7e:11:fd:58:59:aa:11:59:3a:23:59:6d:b1:a5:e6:02:8c:08:
         a3:fd:6c:41
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZalVd+a6K9uggK8xIMuPs81MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNTA2MTEyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTE2MTU1YjM5ZDM0MjJhMDM1NDQzZDZlODVhOTNhNTFjZGIxYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1O/yfLN6hSTmGTZrLdJ7C/P2B1mH
S9qdLRL49rhIsZRIswkCD/btdtP639H8jn/oLHmVdHBaJcc0GRxRA0i1aiEsZtm4
N5wd5UTc4voxwSKHs3u2ibNCA2Ddy7l30nk2nVDURa1IIqK/r1ItJI2PtDyM3Ebk
FUU7cLq65z0Q6VzSf3A3KhPstgYZJ8dXUM9EeiiAC0ul5Pg4qO6counnrzRSo9p1
hSAsYdfyN0JliSbXRzUWLmnhPywKMhGEQ5ZyKn5USKaH3tmdD+mXNGmLgh2J/LAf
Us4p/WrmuDpWLe37rFr4sO8ZQZJWlAiynuQ1Tt0wflb4M/ThtCMR4C4XAwIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFCUWFVs500IqA1RD1uhak6Uc2xpIMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSlJZVld6blRRaW9EVkVQVzZGcVRwUnpiR2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQAwXwHAwQA
wjqbAwQAwlc1AwQAwld3AwQAwlepAwQAwlezAwQBw4UYAwQAw4UdAwQBw4UoAwQB
w4UyAwQBw4VcAwQA1MDxAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkq
hkiG9w0BAQsFAAOCAQEAQZX3F+2Qzna60jI751QSwvOcsyXUEfSn4XMNjIQYHaZE
sNzUBOxNe49TeX/gVLEZvaMDfbA8ggffHo5WJjcmjtRbaF0n0lSdcrzY2QxsOJlM
c41X5h2IQOOsqYeobe04QuI6lPhyd0L+EBv6+7INjKkYe3agimcN/W/L5rnZPgUA
ODU2LzKFOUrTAVlxm6pBcjvo0SuAfGyWxNQvBsHYQbgUOa+9nsRIgSxWkVlGQ79u
8/lpHYgulpyg9swnB0pEjOWZuSw0RUuCfhmS0JldTDYgQeN7QmsQl+B9f/s6LpeY
B/dro+im2SCofhH9WFmqEVk6I1ltsaXmAowIo/1sQQ==
-----END CERTIFICATE-----