Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fQoqIYjCKcUpZ7cWTL0QhWTUzGE.roa
File:                     fQoqIYjCKcUpZ7cWTL0QhWTUzGE.roa (raw, json)
Hash identifier:          SJrBBTTqoaBDq3nzMbtX9DhqqMFgg3jHnDDiJ353DP0=
Subject key identifier:   7D:0A:2A:21:88:C2:29:C5:29:67:B7:16:4C:BD:10:85:64:D4:CC:61
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018DC2D567A1EF9B76543AB12EF037FEEB3E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fQoqIYjCKcUpZ7cWTL0QhWTUzGE.roa
Signing time:             Mon 19 Feb 2024 19:26:22 +0000
ROA not before:           Mon 19 Feb 2024 19:26:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        193.124.5.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          194.87.22.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          194.87.142.0/24 maxlen: 24
                          194.87.201.0/24 maxlen: 24
                          195.133.6.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.72.0/24 maxlen: 24
                          195.133.78.0/24 maxlen: 24
                          195.133.85.0/24 maxlen: 24
                          195.133.192.0/24 maxlen: 24
                          212.192.1.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 20 Feb 2024 15:10:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c2:d5:67:a1:ef:9b:76:54:3a:b1:2e:f0:37:fe:eb:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb 19 19:26:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d0a2a2188c229c52967b7164cbd108564d4cc61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2b:60:97:a1:08:ab:24:85:a2:b7:61:02:c7:
                    19:2e:5a:66:87:1e:06:58:4d:a6:3b:30:5e:8f:2c:
                    fa:09:49:d0:9d:97:df:33:ef:1f:ce:c3:19:97:a1:
                    c8:36:d4:2b:fe:2b:a8:91:9f:03:00:fc:f3:e8:c4:
                    b5:43:5a:94:04:8c:f9:a6:2e:03:55:06:20:4c:69:
                    89:0e:99:ec:08:65:4c:01:ed:76:cb:62:d7:37:85:
                    3b:2d:07:94:9b:ad:83:90:a4:18:52:8b:e5:5e:66:
                    19:01:da:9d:16:e0:b6:5e:8d:93:9d:11:fe:c2:ad:
                    65:08:19:90:27:47:e3:89:60:bd:6d:25:a7:a1:27:
                    f5:d9:38:77:ad:1e:52:44:fe:6b:aa:10:bb:4a:a3:
                    e4:a4:47:17:ee:bd:5e:9f:06:92:1c:66:65:bd:94:
                    f8:7f:76:52:e0:64:d4:e0:14:04:82:b3:49:e4:e5:
                    40:77:46:35:b1:1b:04:d7:11:b3:8e:26:f4:d7:a5:
                    8e:e2:6f:54:fa:ef:e4:11:51:bf:19:4b:6e:7c:2c:
                    35:8c:c4:70:94:3f:90:aa:bf:e5:92:ac:13:ff:ff:
                    7e:44:b8:31:9b:a8:24:21:be:ee:86:79:09:f6:1c:
                    9f:6d:00:f5:39:fc:49:56:c0:6b:cd:38:3f:23:1e:
                    45:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:0A:2A:21:88:C2:29:C5:29:67:B7:16:4C:BD:10:85:64:D4:CC:61
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fQoqIYjCKcUpZ7cWTL0QhWTUzGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.5.0/24
                  193.124.7.0/24
                  194.87.22.0/24
                  194.87.32.0/24
                  194.87.142.0/24
                  194.87.201.0/24
                  195.133.6.0/24
                  195.133.25.0/24
                  195.133.72.0/24
                  195.133.78.0/24
                  195.133.85.0/24
                  195.133.192.0/24
                  212.192.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:1b:b0:d9:81:a4:9b:48:b6:54:e3:28:8e:62:67:5f:b5:96:
         7e:c7:2f:31:dc:f4:f0:be:4e:1d:af:f0:09:41:dc:d1:de:b6:
         cf:d5:36:13:01:7c:1e:c4:b6:bb:30:96:09:87:3f:a5:3f:09:
         f7:e7:fd:b7:0e:61:c2:9f:0b:69:96:36:f5:ca:96:eb:c7:36:
         81:ba:04:2c:1b:42:bd:e9:63:81:7c:e0:88:8d:b7:c7:1c:35:
         bf:d8:60:f1:d3:3b:03:49:89:9d:cd:2c:b8:21:46:9a:b4:78:
         ee:6b:4e:ac:d5:d1:2d:d2:71:4a:a1:a8:cc:e9:f7:45:74:9a:
         1a:9e:78:e9:b9:26:37:5b:e7:ce:25:b2:ea:fb:6f:3d:9d:5e:
         3e:95:1d:0d:f7:ff:22:f1:83:2c:34:43:0f:48:b8:fe:3e:e1:
         f5:ff:4d:77:a1:a5:79:e3:b5:62:9e:c2:6c:22:32:85:3d:32:
         0c:20:39:ee:9b:53:15:9a:34:c8:48:1a:d3:84:bd:60:e2:52:
         8f:91:b7:d2:b5:23:6c:e9:e7:68:b3:40:ab:21:48:81:79:4e:
         ca:f3:2f:8a:e4:96:41:3a:ae:c4:e1:53:aa:de:f1:c8:4d:0f:
         5d:b4:bb:85:12:76:29:88:d6:9a:14:67:97:87:31:7b:e9:00:
         99:c2:7c:4e
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY3C1Weh75t2VDqxLvA3/us+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjE5MTkyNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDBhMmEyMTg4YzIyOWM1Mjk2N2I3MTY0Y2JkMTA4NTY0ZDRjYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlitgl6EIqySFordhAscZLlpmhx4G
WE2mOzBejyz6CUnQnZffM+8fzsMZl6HINtQr/iuokZ8DAPzz6MS1Q1qUBIz5pi4D
VQYgTGmJDpnsCGVMAe12y2LXN4U7LQeUm62DkKQYUovlXmYZAdqdFuC2Xo2TnRH+
wq1lCBmQJ0fjiWC9bSWnoSf12Th3rR5SRP5rqhC7SqPkpEcX7r1enwaSHGZlvZT4
f3ZS4GTU4BQEgrNJ5OVAd0Y1sRsE1xGzjib016WO4m9U+u/kEVG/GUtufCw1jMRw
lD+Qqr/lkqwT//9+RLgxm6gkIb7uhnkJ9hyfbQD1OfxJVsBrzTg/Ix5FeQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFH0KKiGIwinFKWe3Fky9EIVk1MxhMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZlFvcUlZakNLY1VwWjdjV1RMMFFoV1RVekdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAwXwFAwQA
wXwHAwQAwlcWAwQAwlcgAwQAwleOAwQAwlfJAwQAw4UGAwQAw4UZAwQAw4VIAwQA
w4VOAwQAw4VVAwQAw4XAAwQA1MABMA0GCSqGSIb3DQEBCwUAA4IBAQBjG7DZgaSb
SLZU4yiOYmdftZZ+xy8x3PTwvk4dr/AJQdzR3rbP1TYTAXwexLa7MJYJhz+lPwn3
5/23DmHCnwtpljb1ypbrxzaBugQsG0K96WOBfOCIjbfHHDW/2GDx0zsDSYmdzSy4
IUaatHjua06s1dEt0nFKoajM6fdFdJoannjpuSY3W+fOJbLq+289nV4+lR0N9/8i
8YMsNEMPSLj+PuH1/013oaV547VinsJsIjKFPTIMIDnum1MVmjTISBrThL1g4lKP
kbfStSNs6edos0CrIUiBeU7K8y+K5JZBOq7E4VOq3vHITQ9dtLuFEnYpiNaaFGeX
hzF76QCZwnxO
-----END CERTIFICATE-----