Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/apoJ2NALZpwhseynS92aXPNVCvs.roa
File:                     apoJ2NALZpwhseynS92aXPNVCvs.roa (raw, json)
Hash identifier:          Go/yH95p1xY7WJKPF0kcyHHrQULwyqzmieCWsgnOTDA=
Subject key identifier:   6A:9A:09:D8:D0:0B:66:9C:21:B1:EC:A7:4B:DD:9A:5C:F3:55:0A:FB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01922E86F32D815E38D6AE360C2835BB12D1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/apoJ2NALZpwhseynS92aXPNVCvs.roa
Signing time:             Thu 26 Sep 2024 13:30:48 +0000
ROA not before:           Thu 26 Sep 2024 13:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.6.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 28 Sep 2024 01:24:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2e:86:f3:2d:81:5e:38:d6:ae:36:0c:28:35:bb:12:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 26 13:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a9a09d8d00b669c21b1eca74bdd9a5cf3550afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:80:89:4a:4f:3e:5d:42:71:f2:a4:4c:6f:16:
                    14:b9:c9:91:df:e8:6e:74:35:a2:e4:a4:c5:3d:40:
                    8a:1b:68:d2:1f:d6:de:48:a4:08:7c:89:40:db:fb:
                    52:12:78:8e:05:96:41:e3:cf:36:ff:0d:56:03:f7:
                    78:04:9e:c5:91:b3:19:9a:f5:f5:40:be:23:18:13:
                    b6:2a:c8:c5:9d:d7:54:1b:80:52:a7:81:85:b6:eb:
                    49:47:6f:c3:b1:20:aa:03:d8:64:58:a4:f9:d6:5d:
                    1f:66:07:0a:ee:0d:21:5d:14:a7:38:f1:cc:5b:f0:
                    99:98:a7:a4:14:c3:1e:1e:42:17:24:38:59:a7:3e:
                    00:40:bd:4a:45:36:e9:d4:97:74:b9:9e:1c:91:1f:
                    2c:67:f5:3b:8d:0e:5b:78:57:e2:69:54:0d:cc:4b:
                    94:b0:f4:d3:ac:d0:37:3d:93:3d:3f:e6:3e:97:b3:
                    4e:3d:70:91:c0:a0:22:0c:ce:50:d2:e0:55:19:60:
                    a3:48:3b:f8:da:96:d6:64:17:a6:75:e3:8b:3b:97:
                    b1:0d:dd:d4:31:a7:00:fa:7b:76:6c:0e:b1:b7:8e:
                    50:40:2f:08:0b:2c:0a:8c:cd:6c:5e:eb:3b:7b:74:
                    cd:5b:34:30:e2:1c:c0:2a:f2:ec:c6:63:d2:d0:1c:
                    68:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:9A:09:D8:D0:0B:66:9C:21:B1:EC:A7:4B:DD:9A:5C:F3:55:0A:FB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/apoJ2NALZpwhseynS92aXPNVCvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.87.82.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.6.0/24
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:28:92:fd:86:66:8a:31:9b:d1:5c:09:44:bc:ac:e5:a1:39:
         b7:78:77:25:07:93:92:a0:df:ed:47:a7:79:8a:2d:70:34:f2:
         ee:5f:2b:ab:b6:93:a9:f2:f9:d4:61:f4:9d:3f:74:04:f2:76:
         78:16:58:c0:86:7f:93:53:03:4e:e9:2d:15:59:b2:c3:5a:67:
         ec:9e:d9:e8:74:58:6d:b8:5e:be:85:31:a3:e8:0e:2f:18:86:
         0b:d9:5c:d8:b3:e5:de:13:d6:1f:49:e4:03:cf:14:08:3e:c2:
         b9:54:c4:1b:11:c7:e0:f9:52:20:c1:41:d8:a0:0b:d6:7a:94:
         14:55:06:91:15:60:85:24:d2:d7:a0:88:4f:f9:eb:7c:6c:f5:
         b7:9b:19:77:f9:b7:1d:6f:9e:0c:e5:18:fb:ec:36:11:f6:50:
         64:1e:d6:fd:54:36:3d:b1:d0:57:2a:4b:99:67:84:20:1f:51:
         fc:5d:4e:6f:94:66:41:4e:0e:64:fe:92:7e:5f:5d:16:b1:5d:
         3d:46:e0:2f:28:ee:70:c2:a1:4d:eb:77:59:19:6c:ef:d1:33:
         6e:33:6f:56:1c:59:80:02:15:9d:91:ea:fe:d2:e3:68:a3:a5:
         17:1a:83:e3:e4:66:7f:5b:ec:7f:9c:70:8e:a5:f2:15:4d:15:
         88:d3:fd:aa
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZIuhvMtgV441q42DCg1uxLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTI2MTMzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTlhMDlkOGQwMGI2NjljMjFiMWVjYTc0YmRkOWE1Y2YzNTUwYWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoCJSk8+XUJx8qRMbxYUucmR3+hu
dDWi5KTFPUCKG2jSH9beSKQIfIlA2/tSEniOBZZB4882/w1WA/d4BJ7FkbMZmvX1
QL4jGBO2KsjFnddUG4BSp4GFtutJR2/DsSCqA9hkWKT51l0fZgcK7g0hXRSnOPHM
W/CZmKekFMMeHkIXJDhZpz4AQL1KRTbp1Jd0uZ4ckR8sZ/U7jQ5beFfiaVQNzEuU
sPTTrNA3PZM9P+Y+l7NOPXCRwKAiDM5Q0uBVGWCjSDv42pbWZBemdeOLO5exDd3U
MacA+nt2bA6xt45QQC8ICywKjM1sXus7e3TNWzQw4hzAKvLsxmPS0BxoEwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFGqaCdjQC2acIbHsp0vdmlzzVQr7MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYXBvSjJOQUxacHdoc2V5blM5MmFYUE5WQ3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQAwjqbAwQA
wldSAwQAwlepAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MABAwQA1MEGAwQB
1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEADyiS
/YZmijGb0VwJRLys5aE5t3h3JQeTkqDf7UeneYotcDTy7l8rq7aTqfL51GH0nT90
BPJ2eBZYwIZ/k1MDTuktFVmyw1pn7J7Z6HRYbbhevoUxo+gOLxiGC9lc2LPl3hPW
H0nkA88UCD7CuVTEGxHH4PlSIMFB2KAL1nqUFFUGkRVghSTS16CIT/nrfGz1t5sZ
d/m3HW+eDOUY++w2EfZQZB7W/VQ2PbHQVypLmWeEIB9R/F1Ob5RmQU4OZP6Sfl9d
FrFdPUbgLyjucMKhTet3WRls79EzbjNvVhxZgAIVnZHq/tLjaKOlFxqD4+Rmf1vs
f5xwjqXyFU0ViNP9qg==
-----END CERTIFICATE-----