Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UAzNnNUqfcNWRLUkI8QsXUnPruo.roa
File:                     UAzNnNUqfcNWRLUkI8QsXUnPruo.roa (raw, json)
Hash identifier:          HTxnXvkSLqglX4aIqStez/KRFjkgWtaV/KUfCJQrdsw=
Subject key identifier:   50:0C:CD:9C:D5:2A:7D:C3:56:44:B5:24:23:C4:2C:5D:49:CF:AE:EA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F66ED45682BCB4D6D69F816A0BF97DA71
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UAzNnNUqfcNWRLUkI8QsXUnPruo.roa
Signing time:             Sat 11 May 2024 09:12:56 +0000
ROA not before:           Sat 11 May 2024 09:12:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.45.0/24 maxlen: 24
                          194.58.56.0/23 maxlen: 23
                          194.87.141.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          194.87.201.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.38.0/24 maxlen: 24
                          195.133.54.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.212.0/24 maxlen: 24
                          212.193.4.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 11 May 2024 09:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:66:ed:45:68:2b:cb:4d:6d:69:f8:16:a0:bf:97:da:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 11 09:12:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=500ccd9cd52a7dc35644b52423c42c5d49cfaeea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c8:db:0d:78:1b:62:58:c8:a9:81:08:19:47:
                    99:61:fd:35:ba:d7:7f:73:84:7b:cb:7c:d6:c3:bd:
                    78:ff:e2:aa:7f:8d:da:37:9e:ba:40:50:b9:e3:42:
                    ab:c4:26:07:72:34:1f:aa:ea:9f:1a:4c:6c:9d:e9:
                    b5:39:d1:b6:3c:53:b3:dc:47:85:18:2b:08:df:f0:
                    a4:e9:e6:c0:e6:78:8b:81:72:f7:74:c4:a4:26:35:
                    9c:4e:f6:c6:3a:18:7b:ed:b3:85:32:13:a7:ef:28:
                    51:27:0d:9a:3e:4f:43:0e:2c:35:6b:ae:0d:80:26:
                    49:3f:ff:c2:28:93:3d:2f:78:01:df:19:67:6c:e5:
                    04:60:e5:c8:b3:85:37:60:09:b6:2a:d4:ec:03:d7:
                    d9:18:bb:c2:f2:c9:d3:32:22:d5:fb:9e:b3:b2:d3:
                    e8:f6:08:fa:64:2e:de:f2:c2:8e:1c:ff:78:85:ec:
                    b0:c5:32:fa:35:ae:5a:a5:f3:c6:9b:bc:07:15:c9:
                    5d:43:65:82:61:87:e0:2f:6e:b3:f8:74:18:cd:24:
                    b2:96:d2:e5:6c:ba:05:84:a3:25:ef:12:9c:a4:71:
                    b6:f3:2b:45:55:75:0f:35:17:11:92:64:bf:e5:9b:
                    cf:b1:08:01:2e:b7:27:fb:b0:0d:f5:bc:0b:2f:83:
                    34:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:0C:CD:9C:D5:2A:7D:C3:56:44:B5:24:23:C4:2C:5D:49:CF:AE:EA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UAzNnNUqfcNWRLUkI8QsXUnPruo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.45.0/24
                  194.58.56.0/23
                  194.87.141.0/24
                  194.87.169.0/24
                  194.87.198.0/24
                  194.87.201.0/24
                  195.133.25.0/24
                  195.133.38.0/24
                  195.133.54.0/24
                  212.192.1.0/24
                  212.192.212.0/24
                  212.193.4.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:7f:a1:3b:2a:fa:36:50:c5:8d:1c:e3:2e:e5:f1:4f:31:f4:
         c4:41:63:98:0a:32:ec:2b:ed:81:97:33:2c:f6:7d:b3:84:0e:
         00:14:83:f8:e9:c2:78:bf:1b:12:2e:f1:00:a1:b7:c9:c6:a4:
         3b:ef:d0:20:98:eb:d0:99:ff:02:4a:95:f6:be:66:69:29:64:
         b5:0a:be:a7:8e:23:18:69:75:a5:9d:23:a1:e2:21:d0:21:80:
         28:5c:da:5d:3d:24:11:2f:a5:3c:78:e3:92:a5:37:88:4f:53:
         38:53:c3:bc:ca:0f:d5:a8:5e:cc:31:54:b8:c9:a9:60:8c:e1:
         fa:a2:73:e0:66:be:84:a2:4a:b4:ab:82:a3:0d:44:1c:b0:5d:
         dc:83:f2:31:63:30:e5:c3:a7:4c:87:df:a9:f6:f9:f9:c9:cc:
         a6:d8:08:0b:51:23:c6:20:62:c0:95:13:d6:f6:2c:fd:c7:56:
         e9:66:e4:de:b3:33:ba:f1:c7:92:74:39:ae:d5:63:7f:cb:58:
         d9:6d:32:60:8c:3a:16:dd:dd:6e:00:09:44:90:fa:16:04:63:
         67:7f:ac:9e:69:96:80:21:33:b5:29:dc:08:d3:fd:13:10:c8:
         ce:3d:7b:a8:91:06:0d:2c:7e:0e:ec:fd:63:b6:10:3d:d6:c2:
         0a:5f:19:aa
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAY9m7UVoK8tNbWn4FqC/l9pxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTExMDkxMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDBjY2Q5Y2Q1MmE3ZGMzNTY0NGI1MjQyM2M0MmM1ZDQ5Y2ZhZWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsjbDXgbYljIqYEIGUeZYf01utd/
c4R7y3zWw714/+Kqf43aN566QFC540KrxCYHcjQfquqfGkxsnem1OdG2PFOz3EeF
GCsI3/Ck6ebA5niLgXL3dMSkJjWcTvbGOhh77bOFMhOn7yhRJw2aPk9DDiw1a64N
gCZJP//CKJM9L3gB3xlnbOUEYOXIs4U3YAm2KtTsA9fZGLvC8snTMiLV+56zstPo
9gj6ZC7e8sKOHP94heywxTL6Na5apfPGm7wHFcldQ2WCYYfgL26z+HQYzSSyltLl
bLoFhKMl7xKcpHG28ytFVXUPNRcRkmS/5ZvPsQgBLrcn+7AN9bwLL4M0kQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFFAMzZzVKn3DVkS1JCPELF1Jz67qMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVUF6Tm5OVXFmY05XUkxVa0k4UXNYVW5QcnVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBOBAIAATBIAwQAwjotAwQB
wjo4AwQAwleNAwQAwlepAwQAwlfGAwQAwlfJAwQAw4UZAwQAw4UmAwQAw4U2AwQA
1MABAwQA1MDUAwQA1MEEMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0B
AQsFAAOCAQEAR3+hOyr6NlDFjRzjLuXxTzH0xEFjmAoy7CvtgZczLPZ9s4QOABSD
+OnCeL8bEi7xAKG3ycakO+/QIJjr0Jn/AkqV9r5maSlktQq+p44jGGl1pZ0joeIh
0CGAKFzaXT0kES+lPHjjkqU3iE9TOFPDvMoP1ahezDFUuMmpYIzh+qJz4Ga+hKJK
tKuCow1EHLBd3IPyMWMw5cOnTIffqfb5+cnMptgIC1EjxiBiwJUT1vYs/cdW6Wbk
3rMzuvHHknQ5rtVjf8tY2W0yYIw6Ft3dbgAJRJD6FgRjZ3+snmmWgCEztSncCNP9
ExDIzj17qJEGDSx+Duz9Y7YQPdbCCl8Zqg==
-----END CERTIFICATE-----