Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UunWvrYno1lTxcdKWi7750NnftE.roa
File:                     UunWvrYno1lTxcdKWi7750NnftE.roa (raw, json)
Hash identifier:          U0lCaHKpEWBjGVDxeDvl5UXXJQdpbYGgjz0SRKmekWg=
Subject key identifier:   52:E9:D6:BE:B6:27:A3:59:53:C5:C7:4A:5A:2E:FB:E7:43:67:7E:D1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0192DDA884E02C668BEAF6CE9A483F2791D1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UunWvrYno1lTxcdKWi7750NnftE.roa
Signing time:             Wed 30 Oct 2024 13:41:01 +0000
ROA not before:           Wed 30 Oct 2024 13:41:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.180.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.178.0/24 maxlen: 24
                          194.87.224.0/24 maxlen: 24
                          194.135.33.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.25.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 04 Nov 2024 09:28:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dd:a8:84:e0:2c:66:8b:ea:f6:ce:9a:48:3f:27:91:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 30 13:41:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52e9d6beb627a35953c5c74a5a2efbe743677ed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:74:d5:12:e4:65:b8:29:59:e8:1b:ce:c6:1c:
                    a4:03:64:04:5e:bf:29:c3:46:fb:9f:55:16:aa:f1:
                    71:35:d4:1a:c9:7d:7c:12:02:b0:74:ee:ad:aa:68:
                    49:d4:f9:e4:22:36:8f:b7:ef:d1:ac:13:62:3b:65:
                    c2:37:1d:e4:c9:a5:d8:74:37:e1:ec:94:c6:2c:35:
                    d6:b3:11:53:81:91:88:94:b9:89:d2:d1:8b:fe:98:
                    cf:45:32:a8:07:c8:44:36:0f:b3:7b:2b:7d:d3:d8:
                    42:bd:92:fe:75:98:45:75:3c:ed:81:95:30:ba:43:
                    df:07:21:dd:94:36:32:f5:9d:0d:82:11:0d:ed:e6:
                    49:a5:2e:01:ef:11:85:fe:30:d6:fa:36:58:9f:b4:
                    8d:19:e1:dd:e2:d5:ba:df:54:65:ba:57:09:f6:be:
                    1d:ae:73:23:1f:5b:3f:21:1f:5d:34:62:a3:f4:f4:
                    37:4b:c1:10:9c:4b:fa:b1:b1:10:cf:9c:ce:f4:62:
                    6e:59:9d:91:4b:0d:68:31:b1:b9:0b:82:66:c8:01:
                    d7:64:5e:65:97:ac:fd:bb:8a:b6:46:98:06:16:0e:
                    65:de:4e:38:cc:4d:10:ca:6d:dd:b8:bb:52:09:34:
                    d3:a1:5c:11:f3:4e:76:eb:60:14:0b:91:9d:06:6a:
                    1f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E9:D6:BE:B6:27:A3:59:53:C5:C7:4A:5A:2E:FB:E7:43:67:7E:D1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UunWvrYno1lTxcdKWi7750NnftE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.180.0/24
                  194.58.155.0/24
                  194.87.169.0/24
                  194.87.178.0/24
                  194.87.224.0/24
                  194.135.33.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.25.0-212.193.27.255
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:fc:73:f7:61:5f:c7:5c:2c:39:6b:03:88:af:a4:a1:ab:38:
         9f:02:7e:21:f3:d1:9e:35:fa:3c:c9:3c:db:13:c7:7a:4c:68:
         d0:f5:37:3d:75:49:81:2c:0b:d9:bb:d7:79:04:d0:2d:90:11:
         4b:46:7b:8c:32:7f:ff:1c:ac:d0:02:96:45:fa:0f:b0:23:ff:
         09:76:e2:c3:0d:32:e8:79:95:c7:d4:60:e4:52:6c:65:94:dc:
         d9:9a:f5:25:d3:d0:54:71:85:1d:16:ab:5d:35:b2:fc:eb:11:
         9e:59:c7:76:81:f2:17:06:54:88:f8:c3:14:fd:c1:e6:67:80:
         b1:fb:ce:17:4f:22:5a:f5:1c:be:bd:63:48:ec:54:1c:6c:18:
         a9:65:5f:7e:68:cb:40:1d:37:19:f0:de:ee:f7:5e:24:fd:57:
         02:0c:16:a0:0f:e1:75:fe:b4:75:d5:3e:2e:2b:71:7d:8a:c1:
         af:6f:5f:49:89:85:43:72:cd:11:6b:eb:e4:1a:dc:a8:46:4f:
         53:09:05:7b:63:b6:bd:09:2b:0d:0a:23:f9:db:d4:53:3c:14:
         76:4e:f5:75:9f:47:e2:23:8e:ed:af:5d:53:04:74:7e:41:a6:
         94:ed:a8:07:b6:36:0b:54:d4:7e:8e:8b:53:ba:0e:e7:4f:9f:
         38:03:e9:1c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZLdqITgLGaL6vbOmkg/J5HRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMDMwMTM0MTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmU5ZDZiZWI2MjdhMzU5NTNjNWM3NGE1YTJlZmJlNzQzNjc3ZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4XTVEuRluClZ6BvOxhykA2QEXr8p
w0b7n1UWqvFxNdQayX18EgKwdO6tqmhJ1PnkIjaPt+/RrBNiO2XCNx3kyaXYdDfh
7JTGLDXWsxFTgZGIlLmJ0tGL/pjPRTKoB8hENg+zeyt909hCvZL+dZhFdTztgZUw
ukPfByHdlDYy9Z0NghEN7eZJpS4B7xGF/jDW+jZYn7SNGeHd4tW631RlulcJ9r4d
rnMjH1s/IR9dNGKj9PQ3S8EQnEv6sbEQz5zO9GJuWZ2RSw1oMbG5C4JmyAHXZF5l
l6z9u4q2RpgGFg5l3k44zE0Qym3duLtSCTTToVwR805262AUC5GdBmofuQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFFLp1r62J6NZU8XHSlou++dDZ37RMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVXVuV3ZyWW5vMWxUeGNkS1dpNzc1ME5uZnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQAwQAwHy0AwQA
wjqbAwQAwlepAwQAwleyAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQBw4UyAwQB
w4VcAwQA1MABMAwDBADUwRkDBALUwRgwFAQCAAIwDgMFAyoBV8ADBQMqDP9AMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ/HP3YV/HXCw5awOIr6ShqzifAn4h89GeNfo8yTzb
E8d6TGjQ9Tc9dUmBLAvZu9d5BNAtkBFLRnuMMn//HKzQApZF+g+wI/8JduLDDTLo
eZXH1GDkUmxllNzZmvUl09BUcYUdFqtdNbL86xGeWcd2gfIXBlSI+MMU/cHmZ4Cx
+84XTyJa9Ry+vWNI7FQcbBipZV9+aMtAHTcZ8N7u914k/VcCDBagD+F1/rR11T4u
K3F9isGvb19JiYVDcs0Ra+vkGtyoRk9TCQV7Y7a9CSsNCiP529RTPBR2TvV1n0fi
I47tr11TBHR+QaaU7agHtjYLVNR+jotTug7nT584A+kc
-----END CERTIFICATE-----