Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gnKdpcqIkfN7gCLKFGc8O0x29TE.roa
File:                     gnKdpcqIkfN7gCLKFGc8O0x29TE.roa (raw, json)
Hash identifier:          oNmQ3H8C+6W1d9madYPf/E7rDAaewFsLmVUUUsUKk4U=
Subject key identifier:   82:72:9D:A5:CA:88:91:F3:7B:80:22:CA:14:67:3C:3B:4C:76:F5:31
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0196E76DBB51E1B266FBA5BF797DB29AAFFA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gnKdpcqIkfN7gCLKFGc8O0x29TE.roa
Signing time:             Mon 19 May 2025 07:24:10 +0000
ROA not before:           Mon 19 May 2025 07:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.124.7.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.53.0/24 maxlen: 24
                          194.87.119.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.29.0/24 maxlen: 24
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.241.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 21 May 2025 10:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:6d:bb:51:e1:b2:66:fb:a5:bf:79:7d:b2:9a:af:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 19 07:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82729da5ca8891f37b8022ca14673c3b4c76f531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:85:d3:4c:3b:12:d3:83:43:b8:88:5a:37:e3:
                    48:8b:09:8d:94:75:98:85:02:ac:61:b4:cc:10:34:
                    ae:65:90:ba:57:8a:dc:40:3d:81:62:8f:ae:0e:39:
                    f9:ac:ce:1b:21:82:81:c0:86:b1:51:25:cf:b3:ce:
                    19:a9:11:1b:17:bb:bc:0d:66:4a:21:07:85:c4:b0:
                    c0:7b:5f:68:5f:8d:fa:bd:9a:86:af:72:25:11:c2:
                    76:02:09:86:5f:4f:56:ce:ab:5c:4e:7b:5e:a2:83:
                    f1:e0:bc:8a:c2:f1:8f:8d:65:fa:04:86:f5:fc:0d:
                    1e:6e:3a:ad:e8:00:6f:0d:93:75:07:d7:e2:9a:45:
                    07:04:77:6f:02:a4:9a:95:ac:4d:3f:1f:63:c2:96:
                    36:c8:97:41:51:b0:f2:fd:c9:b6:d8:ea:e0:3c:db:
                    f9:91:b5:88:3e:89:37:04:42:eb:da:c2:d1:cd:6a:
                    ac:1d:07:d4:18:1b:11:46:9f:e7:22:b9:a1:b7:f1:
                    47:c9:75:c1:a0:70:5d:04:14:21:50:8e:fd:2a:2f:
                    a2:53:55:6c:6a:ae:40:a1:46:91:14:dc:19:c2:82:
                    4a:9b:31:36:ef:b7:ce:69:9c:b2:24:40:34:47:e4:
                    dd:24:7a:14:ed:dd:4f:0b:17:e3:7a:86:84:07:06:
                    fd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:72:9D:A5:CA:88:91:F3:7B:80:22:CA:14:67:3C:3B:4C:76:F5:31
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gnKdpcqIkfN7gCLKFGc8O0x29TE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  194.58.155.0/24
                  194.87.53.0/24
                  194.87.119.0/24
                  194.87.169.0/24
                  194.87.179.0/24
                  195.133.24.0/23
                  195.133.29.0/24
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.241.0/24
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:98:26:b2:68:a8:36:6c:ce:0c:53:f6:3b:76:51:e4:0b:5e:
         ed:22:b8:07:9f:ac:d9:65:25:57:8c:ce:71:50:f3:e7:c8:b1:
         35:ad:a0:82:a1:b1:5d:93:a5:1c:fa:e7:f1:7e:72:9f:e7:0c:
         5a:44:ba:9f:55:13:ea:be:73:4e:92:d2:70:74:eb:9d:d5:90:
         5a:b0:ee:d9:35:9a:8a:8e:97:17:e4:b8:3d:fe:40:ea:da:82:
         e4:61:f7:d5:84:18:48:a0:6b:4a:68:e8:da:87:e6:f2:3d:ea:
         d9:35:9f:7f:80:0e:1b:d2:1d:3a:7b:c9:45:18:83:ac:19:0d:
         36:6c:d7:1c:b4:dd:21:e4:fc:b0:78:9e:c0:68:91:c9:72:29:
         8c:5d:d8:6c:1f:77:7b:23:f8:dc:97:71:67:24:7b:17:00:1e:
         a5:95:f0:7b:26:5c:20:43:9d:bf:b3:b8:49:11:4d:1f:ff:8e:
         8a:a7:09:bb:5d:2f:10:6b:3f:3d:d4:ec:25:80:d4:48:66:5c:
         7b:26:5c:94:b2:f9:c5:13:65:e3:d8:fe:89:30:cc:7b:15:bf:
         f2:d7:98:72:81:76:26:e0:97:95:24:0a:2f:10:24:40:2e:ed:
         50:a7:80:e4:bc:69:b3:d1:fe:41:17:d0:a5:db:d5:4d:4d:6b:
         73:c0:ae:a6
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZbnbbtR4bJm+6W/eX2ymq/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNTE5MDcyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjcyOWRhNWNhODg5MWYzN2I4MDIyY2ExNDY3M2MzYjRjNzZmNTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIXTTDsS04NDuIhaN+NIiwmNlHWY
hQKsYbTMEDSuZZC6V4rcQD2BYo+uDjn5rM4bIYKBwIaxUSXPs84ZqREbF7u8DWZK
IQeFxLDAe19oX436vZqGr3IlEcJ2AgmGX09WzqtcTnteooPx4LyKwvGPjWX6BIb1
/A0ebjqt6ABvDZN1B9fimkUHBHdvAqSalaxNPx9jwpY2yJdBUbDy/cm22OrgPNv5
kbWIPok3BELr2sLRzWqsHQfUGBsRRp/nIrmht/FHyXXBoHBdBBQhUI79Ki+iU1Vs
aq5AoUaRFNwZwoJKmzE277fOaZyyJEA0R+TdJHoU7d1PCxfjeoaEBwb9+QIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFIJynaXKiJHze4AiyhRnPDtMdvUxMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZ25LZHBjcUlrZk43Z0NMS0ZHYzhPMHgyOVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQAwXwHAwQA
wjqbAwQAwlc1AwQAwld3AwQAwlepAwQAwlezAwQBw4UYAwQAw4UdAwQBw4UoAwQB
w4UyAwQBw4VcAwQA1MDxAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkq
hkiG9w0BAQsFAAOCAQEAQZgmsmioNmzODFP2O3ZR5Ate7SK4B5+s2WUlV4zOcVDz
58ixNa2ggqGxXZOlHPrn8X5yn+cMWkS6n1UT6r5zTpLScHTrndWQWrDu2TWaio6X
F+S4Pf5A6tqC5GH31YQYSKBrSmjo2ofm8j3q2TWff4AOG9IdOnvJRRiDrBkNNmzX
HLTdIeT8sHiewGiRyXIpjF3YbB93eyP43JdxZyR7FwAepZXweyZcIEOdv7O4SRFN
H/+OiqcJu10vEGs/PdTsJYDUSGZceyZclLL5xRNl49j+iTDMexW/8teYcoF2JuCX
lSQKLxAkQC7tUKeA5Lxps9H+QRfQpdvVTU1rc8Cupg==
-----END CERTIFICATE-----