Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b94A2_84npH5zF_NSxLd59MQCVE.roa
File:                     b94A2_84npH5zF_NSxLd59MQCVE.roa (raw, json)
Hash identifier:          LCG7xis8kknRBzxOH/yITc1f2F2e8Ya5LF+bDKA7Zco=
Subject key identifier:   6F:DE:00:DB:FF:38:9E:91:F9:CC:5F:CD:4B:12:DD:E7:D3:10:09:51
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F670169CF2D3F395D5E33E004783AFD0C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b94A2_84npH5zF_NSxLd59MQCVE.roa
Signing time:             Sat 11 May 2024 09:34:56 +0000
ROA not before:           Sat 11 May 2024 09:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.56.0/23 maxlen: 23
                          194.87.141.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          194.87.201.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.38.0/24 maxlen: 24
                          195.133.54.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24
                          212.192.212.0/24 maxlen: 24
                          212.193.4.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sun 12 May 2024 11:55:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:67:01:69:cf:2d:3f:39:5d:5e:33:e0:04:78:3a:fd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 11 09:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fde00dbff389e91f9cc5fcd4b12dde7d3100951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:15:ee:1e:e6:3e:ca:52:5a:63:a9:9d:a4:ea:
                    b9:ef:6d:74:8c:3b:b0:f6:a1:f3:1a:5c:74:6b:8a:
                    d6:ac:95:90:47:81:81:97:07:33:8f:46:f3:91:54:
                    3c:0b:8b:da:36:31:7e:f2:16:e8:a6:29:bc:46:96:
                    8b:20:50:02:8f:3b:41:e5:35:4d:ea:d7:a2:c4:ea:
                    dd:55:d1:ad:a1:aa:3a:fa:d7:ad:00:bc:34:e6:96:
                    4b:a6:04:a6:5f:0c:85:0d:f3:d0:97:ef:a0:53:34:
                    b7:10:9d:56:47:9a:67:19:ee:e3:a1:78:a5:d6:38:
                    37:28:49:31:45:d6:fe:9c:73:c3:a9:f1:68:a4:0a:
                    2a:a5:cf:ae:41:ef:6f:ff:43:69:40:1f:44:07:e4:
                    f9:55:2e:23:56:fe:d1:d2:b8:bc:30:07:9e:2e:cb:
                    d3:7c:42:2b:cf:8e:32:3f:6c:3e:eb:5e:e1:84:19:
                    c8:62:69:37:c4:fb:c5:56:ed:63:61:b1:b4:2c:89:
                    f8:1a:a6:dc:10:3b:2c:7f:1d:fe:50:67:53:71:f9:
                    23:3f:12:46:d3:79:65:a7:c3:cf:9b:32:67:64:c9:
                    fe:01:47:8b:f1:28:05:2d:97:9b:e7:67:4d:f9:dd:
                    21:d3:ba:65:cf:d6:43:b1:d2:37:59:5e:0e:2b:16:
                    5f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:DE:00:DB:FF:38:9E:91:F9:CC:5F:CD:4B:12:DD:E7:D3:10:09:51
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/b94A2_84npH5zF_NSxLd59MQCVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.56.0/23
                  194.87.141.0/24
                  194.87.169.0/24
                  194.87.198.0/24
                  194.87.201.0/24
                  195.133.25.0/24
                  195.133.38.0/24
                  195.133.54.0/24
                  212.192.1.0/24
                  212.192.212.0/24
                  212.193.4.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:c5:e0:c6:2d:ca:2e:68:08:af:27:71:76:47:74:73:59:1a:
         ab:b9:f6:cc:05:04:b9:88:5e:6b:ae:87:5b:48:0e:0d:a4:c1:
         7f:34:3a:ea:e1:b2:83:2e:91:3e:84:6c:61:94:5a:b8:c3:87:
         97:42:aa:a8:ce:f3:e6:f4:4a:b8:2d:a0:d9:f4:69:81:bd:34:
         10:6f:dd:96:6e:5b:c9:92:44:89:5f:0e:cd:98:8e:d9:45:45:
         08:b9:a7:7f:f6:0f:31:c5:85:e4:52:4a:55:50:cb:db:99:25:
         d1:09:30:9d:5c:47:dc:ab:ee:c6:58:9d:e7:e4:b2:ce:5c:41:
         ca:31:f1:c2:6e:a6:fe:ec:e0:01:d6:f0:33:e4:68:2d:d1:af:
         3f:8c:3c:d3:a8:bb:49:95:a1:c5:46:8b:3f:19:ef:13:b2:86:
         64:4b:a4:49:4a:18:ba:28:8b:1a:03:c0:00:2f:f4:e6:7b:e4:
         3f:89:b5:ab:f1:a0:8d:af:54:21:6a:af:3b:da:39:94:fc:59:
         b5:f5:e4:5f:0b:b7:fa:b1:d1:a9:f3:5a:a7:3e:ae:50:a8:e2:
         3a:8a:76:6e:66:c0:c2:44:76:36:fd:c5:68:47:e2:6a:c7:b9:
         a6:81:72:a3:12:0f:01:9d:73:d7:11:0e:b7:b6:50:09:f8:e2:
         d2:6c:46:da
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAY9nAWnPLT85XV4z4AR4Ov0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTExMDkzNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmRlMDBkYmZmMzg5ZTkxZjljYzVmY2Q0YjEyZGRlN2QzMTAwOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9RXuHuY+ylJaY6mdpOq57210jDuw
9qHzGlx0a4rWrJWQR4GBlwczj0bzkVQ8C4vaNjF+8hbopim8RpaLIFACjztB5TVN
6teixOrdVdGtoao6+tetALw05pZLpgSmXwyFDfPQl++gUzS3EJ1WR5pnGe7joXil
1jg3KEkxRdb+nHPDqfFopAoqpc+uQe9v/0NpQB9EB+T5VS4jVv7R0ri8MAeeLsvT
fEIrz44yP2w+617hhBnIYmk3xPvFVu1jYbG0LIn4GqbcEDssfx3+UGdTcfkjPxJG
03llp8PPmzJnZMn+AUeL8SgFLZeb52dN+d0h07plz9ZDsdI3WV4OKxZftQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFG/eANv/OJ6R+cxfzUsS3efTEAlRMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYjk0QTJfODRucEg1ekZfTlN4TGQ1OU1RQ1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQBwjo4AwQA
wleNAwQAwlepAwQAwlfGAwQAwlfJAwQAw4UZAwQAw4UmAwQAw4U2AwQA1MABAwQA
1MDUAwQA1MEEMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOC
AQEAj8Xgxi3KLmgIrydxdkd0c1kaq7n2zAUEuYhea66HW0gODaTBfzQ66uGygy6R
PoRsYZRauMOHl0KqqM7z5vRKuC2g2fRpgb00EG/dlm5byZJEiV8OzZiO2UVFCLmn
f/YPMcWF5FJKVVDL25kl0QkwnVxH3Kvuxlid5+SyzlxByjHxwm6m/uzgAdbwM+Ro
LdGvP4w806i7SZWhxUaLPxnvE7KGZEukSUoYuiiLGgPAAC/05nvkP4m1q/Ggja9U
IWqvO9o5lPxZtfXkXwu3+rHRqfNapz6uUKjiOop2bmbAwkR2Nv3FaEfiase5poFy
oxIPAZ1z1xEOt7ZQCfji0mxG2g==
-----END CERTIFICATE-----