Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P5oOTt2EHj9C8yB9_07CU6aCZJs.roa
File:                     P5oOTt2EHj9C8yB9_07CU6aCZJs.roa (raw, json)
Hash identifier:          XO3KpR4vEaEzuS+Fj4mRve76X4hG/9yh5Fr25jRpVAc=
Subject key identifier:   3F:9A:0E:4E:DD:84:1E:3F:42:F3:20:7D:FF:4E:C2:53:A6:82:64:9B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0195ACF19B49D7136BE465E8D4A862F893ED
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P5oOTt2EHj9C8yB9_07CU6aCZJs.roa
Signing time:             Wed 19 Mar 2025 05:47:49 +0000
ROA not before:           Wed 19 Mar 2025 05:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.124.7.0/24 maxlen: 24
                          193.124.44.0/24 maxlen: 24
                          194.58.36.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.53.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Fri 21 Mar 2025 12:48:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ac:f1:9b:49:d7:13:6b:e4:65:e8:d4:a8:62:f8:93:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 19 05:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f9a0e4edd841e3f42f3207dff4ec253a682649b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:0a:b1:10:5b:ae:b1:3f:74:76:bf:16:8d:57:
                    d8:1e:72:80:d3:ec:fa:08:60:f5:22:2f:57:d9:26:
                    69:31:35:ae:f1:71:8f:9e:92:9e:86:9d:4e:7e:ab:
                    90:27:20:01:c5:81:fa:48:17:bc:5c:51:35:57:da:
                    f5:dc:19:c9:e4:63:14:d6:03:21:53:d1:63:62:07:
                    b6:31:00:af:16:f0:5d:2a:62:36:f8:4e:32:6c:66:
                    9b:82:dd:5b:39:55:d0:11:af:1e:64:b2:17:cd:dd:
                    7c:28:d5:15:ab:1c:f1:c3:b0:b1:b1:94:87:1e:4d:
                    20:56:a8:16:c7:a4:07:a9:70:3b:0c:32:7d:f8:d3:
                    a7:b9:34:c1:28:ff:bc:71:2a:8e:24:07:61:e6:ef:
                    c5:3e:27:a4:90:64:29:ab:02:e8:bc:4c:ac:d5:4c:
                    06:94:c3:92:e4:ba:e3:68:de:5a:d5:26:61:29:2e:
                    c1:6d:68:3c:00:ac:ef:6b:2a:76:8d:a6:53:2c:27:
                    80:a7:4a:74:d8:d3:21:a1:b9:22:82:1b:26:9c:94:
                    c1:e5:8d:23:d1:50:7a:b5:2e:e3:de:2b:fc:a2:d9:
                    7f:f8:79:3a:d6:dd:83:eb:45:09:2f:19:68:dc:be:
                    01:52:83:ca:1c:94:32:9a:30:7c:e5:39:77:7c:bc:
                    3e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9A:0E:4E:DD:84:1E:3F:42:F3:20:7D:FF:4E:C2:53:A6:82:64:9B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P5oOTt2EHj9C8yB9_07CU6aCZJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  193.124.44.0/24
                  194.58.36.0/24
                  194.58.155.0/24
                  194.87.53.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:f3:a3:dd:6a:95:80:31:41:a7:a5:2a:d9:a5:8f:46:87:b6:
         c8:ce:7a:9a:c1:3e:b9:a8:aa:f0:67:a3:cc:ec:c5:a6:6d:00:
         07:fa:b5:ca:d4:63:07:24:26:3d:55:d2:1f:5b:97:e9:5b:7b:
         bd:23:35:5f:ea:b0:11:46:b6:5c:88:16:be:9e:7f:0d:8e:6a:
         74:c7:bc:42:59:be:21:bd:32:20:4a:8f:86:04:cb:c9:7b:ab:
         bc:f8:56:c4:53:b7:9e:c1:25:51:7f:19:13:08:c8:e8:3d:cc:
         69:7e:f6:06:76:3f:13:5c:07:f2:f1:16:56:92:33:a3:ea:f5:
         83:8c:f5:e2:e1:a7:38:35:88:5a:10:af:84:36:00:e3:f0:bc:
         c4:8c:6c:8e:f3:50:4a:6d:ce:2f:9f:cc:61:71:80:bc:94:79:
         74:d9:0f:e4:73:3d:bb:a4:de:3b:63:b7:f3:d4:3f:f9:dc:d7:
         31:ae:92:21:7b:0f:fd:b8:16:8e:37:42:2b:21:d4:77:f7:c5:
         46:0a:09:35:b4:0a:ac:f2:1c:da:50:ef:68:3f:cc:03:11:58:
         2f:4b:a7:a0:0c:86:76:4d:7e:70:13:2c:9d:fe:36:6b:1e:29:
         f3:4b:e8:54:f3:d8:b3:36:3c:a9:8f:d1:6d:0f:4a:68:1e:9d:
         0a:07:7a:46
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZWs8ZtJ1xNr5GXo1Khi+JPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMzE5MDU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjlhMGU0ZWRkODQxZTNmNDJmMzIwN2RmZjRlYzI1M2E2ODI2NDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgqxEFuusT90dr8WjVfYHnKA0+z6
CGD1Ii9X2SZpMTWu8XGPnpKehp1OfquQJyABxYH6SBe8XFE1V9r13BnJ5GMU1gMh
U9FjYge2MQCvFvBdKmI2+E4ybGabgt1bOVXQEa8eZLIXzd18KNUVqxzxw7CxsZSH
Hk0gVqgWx6QHqXA7DDJ9+NOnuTTBKP+8cSqOJAdh5u/FPiekkGQpqwLovEys1UwG
lMOS5LrjaN5a1SZhKS7BbWg8AKzvayp2jaZTLCeAp0p02NMhobkighsmnJTB5Y0j
0VB6tS7j3iv8otl/+Hk61t2D60UJLxlo3L4BUoPKHJQymjB85Tl3fLw+wwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFD+aDk7dhB4/QvMgff9OwlOmgmSbMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUDVvT1R0MkVIajlDOHlCOV8wN0NVNmFDWkpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQAwXwHAwQA
wXwsAwQAwjokAwQAwjqbAwQAwlc1AwQAwlepAwQBw4UYAwQBw4UoAwQBw4UyAwQB
w4VcAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOC
AQEACfOj3WqVgDFBp6Uq2aWPRoe2yM56msE+uaiq8GejzOzFpm0AB/q1ytRjByQm
PVXSH1uX6Vt7vSM1X+qwEUa2XIgWvp5/DY5qdMe8Qlm+Ib0yIEqPhgTLyXurvPhW
xFO3nsElUX8ZEwjI6D3MaX72BnY/E1wH8vEWVpIzo+r1g4z14uGnODWIWhCvhDYA
4/C8xIxsjvNQSm3OL5/MYXGAvJR5dNkP5HM9u6TeO2O389Q/+dzXMa6SIXsP/bgW
jjdCKyHUd/fFRgoJNbQKrPIc2lDvaD/MAxFYL0unoAyGdk1+cBMsnf42ax4p80vo
VPPYszY8qY/RbQ9KaB6dCgd6Rg==
-----END CERTIFICATE-----