Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kmYPxAZIbB54b3DNi_LV1N9PtZo.roa
File:                     kmYPxAZIbB54b3DNi_LV1N9PtZo.roa (raw, json)
Hash identifier:          DdkvJ1Z5F9d8WpaWu1a+fmecYKrtwOjbx3IZylNWDRg=
Subject key identifier:   92:66:0F:C4:06:48:6C:1E:78:6F:70:CD:8B:F2:D5:D4:DF:4F:B5:9A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0192D29473705121E05C4A169912F19EEC21
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kmYPxAZIbB54b3DNi_LV1N9PtZo.roa
Signing time:             Mon 28 Oct 2024 10:03:17 +0000
ROA not before:           Mon 28 Oct 2024 10:03:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        192.124.180.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.178.0/24 maxlen: 24
                          194.87.224.0/24 maxlen: 24
                          194.135.33.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.25.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 29 Oct 2024 15:07:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:94:73:70:51:21:e0:5c:4a:16:99:12:f1:9e:ec:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 28 10:03:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92660fc406486c1e786f70cd8bf2d5d4df4fb59a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f2:13:2d:80:ec:5d:92:11:20:87:bf:2b:94:
                    87:14:58:a7:22:61:da:f0:ed:c8:1e:0e:03:49:78:
                    d6:c4:21:ed:37:be:62:49:9a:50:85:a0:93:f1:0f:
                    aa:81:c5:ad:8f:b7:9c:a4:3b:39:f7:6c:72:5b:2d:
                    aa:f0:d1:b7:35:8f:42:08:0e:99:07:0a:18:e8:e3:
                    09:d6:3f:3a:8d:7b:e2:c8:7c:9d:38:6a:37:7c:7f:
                    8a:ee:74:5b:3e:d9:ec:18:d4:10:41:5f:24:e7:6e:
                    b7:40:45:30:69:de:2b:f9:34:24:a2:7c:6e:95:63:
                    6b:4b:23:5f:f0:7b:ca:d0:51:05:3d:ad:e4:f6:f3:
                    42:16:b0:09:e0:70:f0:25:41:fe:2a:6d:e4:9c:39:
                    c2:77:a8:aa:1f:5b:04:f1:24:a0:50:6c:ea:e6:0e:
                    c4:f4:5c:51:8b:27:65:70:87:0b:a6:e2:49:45:da:
                    5d:49:af:8b:0b:15:3e:39:9d:51:3e:29:5a:64:80:
                    15:fc:f9:db:cb:29:61:f1:9f:ba:d6:0f:30:d4:95:
                    d6:27:06:f9:14:00:6d:03:c0:c0:9b:c6:9b:5d:81:
                    c3:4e:32:d2:04:96:45:d8:ee:05:96:4b:0c:20:0c:
                    28:db:94:22:9a:b2:21:57:c8:9f:67:0a:84:03:82:
                    30:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:66:0F:C4:06:48:6C:1E:78:6F:70:CD:8B:F2:D5:D4:DF:4F:B5:9A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kmYPxAZIbB54b3DNi_LV1N9PtZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.180.0/24
                  194.58.155.0/24
                  194.87.169.0/24
                  194.87.178.0/24
                  194.87.224.0/24
                  194.135.33.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.25.0-212.193.27.255
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:b2:a9:cc:9b:a4:b8:b7:64:7f:fc:40:a9:01:2f:65:79:47:
         7d:99:3c:87:80:b5:fc:7e:df:2f:92:76:ed:0f:a8:25:4c:9f:
         32:6a:24:f6:f8:92:58:3d:74:75:7b:ca:5f:a7:b6:10:85:bf:
         ae:40:24:43:35:15:b8:2e:f3:7e:70:d9:f6:51:12:99:98:e8:
         19:a7:cd:9a:69:33:d1:e0:6a:2f:ae:f3:22:ff:bd:22:bd:de:
         3e:00:cf:05:ff:f1:e5:cf:56:70:d7:66:35:3a:16:70:5c:43:
         1c:25:34:5a:29:42:44:2e:d1:a4:72:1e:e1:20:f6:05:84:43:
         bb:a8:fe:2e:a0:73:4a:7b:df:00:fe:3e:34:34:78:a9:ad:fc:
         97:c6:fd:e9:45:77:86:7d:aa:ac:88:a9:d0:c0:86:3e:32:85:
         35:b2:92:1c:2f:1e:5d:bc:c5:79:bc:9c:6c:01:8b:37:6b:71:
         88:aa:de:3a:84:80:1e:d9:ff:b4:e8:51:c8:d9:ab:4f:42:2d:
         56:b1:64:fa:2b:de:76:6a:ff:f8:f2:46:f5:7d:37:4b:a1:3b:
         5d:3d:33:83:2d:d2:c2:ce:be:eb:3d:40:df:47:d7:6a:e4:cd:
         8d:9b:07:55:79:07:2b:7e:fb:13:59:b4:d5:b2:89:f7:5a:21:
         d0:dd:50:02
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZLSlHNwUSHgXEoWmRLxnuwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMDI4MTAwMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjY2MGZjNDA2NDg2YzFlNzg2ZjcwY2Q4YmYyZDVkNGRmNGZiNTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/ITLYDsXZIRIIe/K5SHFFinImHa
8O3IHg4DSXjWxCHtN75iSZpQhaCT8Q+qgcWtj7ecpDs592xyWy2q8NG3NY9CCA6Z
BwoY6OMJ1j86jXviyHydOGo3fH+K7nRbPtnsGNQQQV8k5263QEUwad4r+TQkonxu
lWNrSyNf8HvK0FEFPa3k9vNCFrAJ4HDwJUH+Km3knDnCd6iqH1sE8SSgUGzq5g7E
9FxRiydlcIcLpuJJRdpdSa+LCxU+OZ1RPilaZIAV/Pnbyylh8Z+61g8w1JXWJwb5
FABtA8DAm8abXYHDTjLSBJZF2O4FlksMIAwo25QimrIhV8ifZwqEA4Iw9QIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFJJmD8QGSGweeG9wzYvy1dTfT7WaMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEva21ZUHhBWkliQjU0YjNETmlfTFYxTjlQdFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQAwQAwHy0AwQA
wjqbAwQAwlepAwQAwleyAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQBw4UyAwQB
w4VcAwQA1MABMAwDBADUwRkDBALUwRgwFAQCAAIwDgMFAyoBV8ADBQMqDP9AMA0G
CSqGSIb3DQEBCwUAA4IBAQBrsqnMm6S4t2R//ECpAS9leUd9mTyHgLX8ft8vknbt
D6glTJ8yaiT2+JJYPXR1e8pfp7YQhb+uQCRDNRW4LvN+cNn2URKZmOgZp82aaTPR
4GovrvMi/70ivd4+AM8F//Hlz1Zw12Y1OhZwXEMcJTRaKUJELtGkch7hIPYFhEO7
qP4uoHNKe98A/j40NHiprfyXxv3pRXeGfaqsiKnQwIY+MoU1spIcLx5dvMV5vJxs
AYs3a3GIqt46hIAe2f+06FHI2atPQi1WsWT6K952av/48kb1fTdLoTtdPTODLdLC
zr7rPUDfR9dq5M2NmwdVeQcrfvsTWbTVson3WiHQ3VAC
-----END CERTIFICATE-----