Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iUmCYGIVBUTvCqEb3rq7K4-8VhI.roa
File:                     iUmCYGIVBUTvCqEb3rq7K4-8VhI.roa (raw, json)
Hash identifier:          OOVrTwqxzalU73q2mk5DPKihDDxB3r6wzDyKmUOhfA0=
Subject key identifier:   89:49:82:60:62:15:05:44:EF:0A:A1:1B:DE:BA:BB:2B:8F:BC:56:12
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0191C1DF002E9C6E779B06F35B6FBC984537
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iUmCYGIVBUTvCqEb3rq7K4-8VhI.roa
Signing time:             Thu 05 Sep 2024 11:08:22 +0000
ROA not before:           Thu 05 Sep 2024 11:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.87.58.0/23 maxlen: 23
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 06 Sep 2024 08:59:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c1:df:00:2e:9c:6e:77:9b:06:f3:5b:6f:bc:98:45:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep  5 11:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8949826062150544ef0aa11bdebabb2b8fbc5612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:fb:89:35:b8:5b:61:64:4f:8b:2c:46:73:9e:
                    5f:76:1c:e4:22:44:ac:e7:22:1a:a8:e7:90:e2:0e:
                    ff:24:44:eb:94:7e:9b:9b:dd:e5:22:75:8f:a0:8b:
                    37:be:b1:8d:c0:00:62:db:0f:48:83:0c:95:ce:6f:
                    9b:b6:82:38:71:e6:9e:24:ae:01:8c:25:1c:9c:42:
                    a0:d2:cf:39:5f:59:e7:97:67:80:b5:bc:3d:10:27:
                    2a:84:3d:11:c1:db:b0:0e:d2:95:0f:3e:f6:c5:7a:
                    2c:b6:e4:a1:48:b5:0b:e8:8d:20:62:b2:b9:94:c9:
                    3b:46:8a:7e:c7:f5:6b:51:da:2c:cd:cd:91:64:e0:
                    56:ce:9d:95:62:f4:04:fd:c0:b6:a9:66:5a:fc:79:
                    cb:64:2a:43:e4:f2:fc:42:13:63:0d:86:0a:6f:a1:
                    ef:1c:d5:fd:78:87:83:9e:42:07:6a:86:3f:7f:57:
                    c8:7a:5b:9a:b4:f5:d0:68:b4:a3:12:1b:31:84:53:
                    ed:eb:1c:29:f4:bc:b5:28:af:ea:d4:6a:86:c6:31:
                    25:2d:95:05:3e:c5:1c:c0:2d:52:41:e7:b6:94:6e:
                    99:a9:32:25:53:21:5d:8a:1b:a7:72:6d:49:2b:c3:
                    bb:a9:a9:f7:e6:64:cc:07:9a:4e:aa:95:f4:97:fe:
                    26:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:49:82:60:62:15:05:44:EF:0A:A1:1B:DE:BA:BB:2B:8F:BC:56:12
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iUmCYGIVBUTvCqEb3rq7K4-8VhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.87.58.0/23
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:33:3e:df:f6:c1:6f:ae:7c:3c:a9:1c:72:66:a1:d0:bb:d8:
         4e:77:e1:a0:fe:df:aa:56:4d:58:e2:c5:12:fb:c2:f3:2c:fe:
         7a:cb:a6:bf:54:81:0d:29:cc:7e:0c:7d:59:9b:3e:f9:d8:22:
         c0:20:3e:ea:da:5e:f0:a6:0a:de:b6:0d:44:c9:33:4f:de:c1:
         5e:ff:c2:6b:93:75:6b:36:08:6e:fa:63:7a:0f:4f:ef:11:94:
         90:eb:3e:15:27:93:fc:09:67:e9:f9:0a:c5:ed:74:c5:73:c8:
         73:34:6d:e8:50:6b:94:d0:00:ed:db:4e:8e:d5:b5:51:94:f2:
         98:bc:74:3a:ad:44:ac:aa:cc:10:50:26:97:49:a6:00:7d:5f:
         52:eb:9a:28:db:76:f5:f1:d0:4a:c9:67:c0:de:10:9b:a4:d4:
         3a:ae:8a:41:34:57:2d:f4:56:a2:a7:68:dc:9e:27:13:da:03:
         de:fc:75:6f:d0:e2:03:a9:91:86:e2:02:19:5a:cb:04:b1:62:
         3f:b5:cc:9b:81:7f:f4:1b:c1:21:cd:4a:be:9c:59:9d:10:e3:
         51:b9:57:5e:c8:34:b3:51:e1:77:4b:64:03:59:fc:8b:c1:4c:
         ea:34:d0:3a:15:1a:fb:47:8c:4b:62:2b:db:a8:40:e4:4f:c7:
         ed:89:d5:9a
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZHB3wAunG53mwbzW2+8mEU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTA1MTEwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQ5ODI2MDYyMTUwNTQ0ZWYwYWExMWJkZWJhYmIyYjhmYmM1NjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vuJNbhbYWRPiyxGc55fdhzkIkSs
5yIaqOeQ4g7/JETrlH6bm93lInWPoIs3vrGNwABi2w9IgwyVzm+btoI4ceaeJK4B
jCUcnEKg0s85X1nnl2eAtbw9ECcqhD0RwduwDtKVDz72xXostuShSLUL6I0gYrK5
lMk7Rop+x/VrUdoszc2RZOBWzp2VYvQE/cC2qWZa/HnLZCpD5PL8QhNjDYYKb6Hv
HNX9eIeDnkIHaoY/f1fIeluatPXQaLSjEhsxhFPt6xwp9Ly1KK/q1GqGxjElLZUF
PsUcwC1SQee2lG6ZqTIlUyFdihuncm1JK8O7qan35mTMB5pOqpX0l/4mmQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFIlJgmBiFQVE7wqhG966uyuPvFYSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaVVtQ1lHSVZCVVR2Q3FFYjNycTdLNC04VmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQAwjqbAwQB
wlc6AwQAwlepAwQBw4UYAwQBw4UyAwQBw4VcAwQA1MABAwQB1MEaMBQEAgACMA4D
BQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEABjM+3/bBb658PKkccmah
0LvYTnfhoP7fqlZNWOLFEvvC8yz+esumv1SBDSnMfgx9WZs++dgiwCA+6tpe8KYK
3rYNRMkzT97BXv/Ca5N1azYIbvpjeg9P7xGUkOs+FSeT/Aln6fkKxe10xXPIczRt
6FBrlNAA7dtOjtW1UZTymLx0Oq1ErKrMEFAml0mmAH1fUuuaKNt29fHQSslnwN4Q
m6TUOq6KQTRXLfRWoqdo3J4nE9oD3vx1b9DiA6mRhuICGVrLBLFiP7XMm4F/9BvB
Ic1KvpxZnRDjUblXXsg0s1Hhd0tkA1n8i8FM6jTQOhUa+0eMS2Ir26hA5E/H7YnV
mg==
-----END CERTIFICATE-----