Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pOgBz3R2mGbmsr94HX7dF9Dy8co.roa
File:                     pOgBz3R2mGbmsr94HX7dF9Dy8co.roa (raw, json)
Hash identifier:          zxAziiG7kuQbn4qfXiPsYjdPFp0ynucM0A/IMXN9a/s=
Subject key identifier:   A4:E8:01:CF:74:76:98:66:E6:B2:BF:78:1D:7E:DD:17:D0:F2:F1:CA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0192800916CCBE1D1F17CC135A69A04C8992
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pOgBz3R2mGbmsr94HX7dF9Dy8co.roa
Signing time:             Sat 12 Oct 2024 09:22:12 +0000
ROA not before:           Sat 12 Oct 2024 09:22:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.25.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 14 Oct 2024 07:36:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:80:09:16:cc:be:1d:1f:17:cc:13:5a:69:a0:4c:89:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 12 09:22:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4e801cf74769866e6b2bf781d7edd17d0f2f1ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ce:ef:38:6b:46:e1:4f:69:1a:30:a0:1c:7f:
                    65:39:6d:1f:bc:80:f3:90:f2:5a:8f:71:54:62:28:
                    30:41:3b:7c:15:fa:c5:ef:b6:91:7e:ef:43:9e:f4:
                    98:3f:02:fa:07:83:0e:67:ce:6e:80:cd:15:0f:4f:
                    92:2f:ea:3f:c0:96:95:40:ac:24:7c:07:81:d4:8e:
                    3f:bc:e6:7f:56:d2:68:f8:73:1f:48:6d:34:b2:40:
                    9a:1a:12:96:fc:15:ef:e8:44:79:0d:de:9b:cd:d2:
                    57:68:69:4d:65:60:f6:60:9c:71:04:a4:72:c3:21:
                    20:e6:bc:07:0f:10:b6:ef:b1:b2:e0:a8:2d:f1:9f:
                    91:e5:56:fa:ca:e5:13:f9:aa:80:20:fe:53:71:3c:
                    9e:6f:b0:4b:8d:52:66:89:f9:87:e5:06:97:31:28:
                    96:e0:8d:ee:fe:7d:2e:7d:dc:01:5c:94:e7:a7:da:
                    af:0d:af:b0:68:f8:3b:d0:41:3e:d3:88:a4:75:d8:
                    c8:ca:10:06:28:b3:b3:d1:d7:34:fc:99:90:d3:9d:
                    11:cd:f4:03:5b:f7:be:51:80:66:bc:52:b2:a0:2c:
                    44:d5:7c:4a:e6:d1:cf:92:bc:c3:fc:92:55:61:6c:
                    58:8e:82:6a:d4:ed:ff:01:5a:20:53:17:2a:c2:42:
                    bd:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E8:01:CF:74:76:98:66:E6:B2:BF:78:1D:7E:DD:17:D0:F2:F1:CA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pOgBz3R2mGbmsr94HX7dF9Dy8co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.25.0-212.193.27.255
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:10:a2:ef:f5:4b:0e:9d:a7:82:d6:3d:a8:04:88:e3:a1:02:
         07:5d:fa:eb:b2:84:60:50:96:3b:4e:7b:a4:5a:7c:73:77:17:
         13:4a:ec:2c:a3:49:fe:37:ac:21:68:23:0f:f9:ae:f6:96:aa:
         23:be:5c:22:6d:5c:ad:82:e6:86:87:ba:fb:d4:25:48:1c:72:
         25:2c:fe:4e:54:9a:bf:c9:6f:c9:01:9c:74:c9:21:18:ea:a2:
         e4:a2:ed:e2:d6:03:52:c1:63:87:bb:5d:c9:54:93:83:e9:00:
         4b:66:1a:18:8d:4b:58:4a:26:1f:4b:95:33:3d:59:6a:51:d4:
         17:11:83:c8:d0:ea:f9:88:ac:8f:52:56:6c:06:94:e6:7c:45:
         7e:6b:f9:46:29:97:dc:09:c3:e9:03:02:65:ea:33:5b:a6:68:
         f2:ba:94:9d:33:2a:a5:2c:22:9c:42:20:67:2d:b6:36:50:b0:
         4d:5c:d0:1d:e7:87:a2:13:bc:e3:d4:22:e2:e9:8c:d1:38:b0:
         89:da:71:dd:bf:bf:6b:ff:83:ca:69:72:51:c2:8b:07:dd:49:
         2e:15:bb:2f:bf:b6:01:f9:65:21:94:17:9b:46:88:69:ce:4b:
         bf:61:0a:50:35:d5:dc:cc:15:bd:79:2a:f1:a5:1a:01:83:17:
         17:c0:58:51
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZKACRbMvh0fF8wTWmmgTImSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMDEyMDkyMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGU4MDFjZjc0NzY5ODY2ZTZiMmJmNzgxZDdlZGQxN2QwZjJmMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjs7vOGtG4U9pGjCgHH9lOW0fvIDz
kPJaj3FUYigwQTt8FfrF77aRfu9DnvSYPwL6B4MOZ85ugM0VD0+SL+o/wJaVQKwk
fAeB1I4/vOZ/VtJo+HMfSG00skCaGhKW/BXv6ER5Dd6bzdJXaGlNZWD2YJxxBKRy
wyEg5rwHDxC277Gy4Kgt8Z+R5Vb6yuUT+aqAIP5TcTyeb7BLjVJmifmH5QaXMSiW
4I3u/n0ufdwBXJTnp9qvDa+waPg70EE+04ikddjIyhAGKLOz0dc0/JmQ050RzfQD
W/e+UYBmvFKyoCxE1XxK5tHPkrzD/JJVYWxYjoJq1O3/AVogUxcqwkK9EQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFKToAc90dphm5rK/eB1+3RfQ8vHKMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcE9nQnozUjJtR2Jtc3I5NEhYN2RGOUR5OGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQAwjqbAwQA
wlepAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MABMAwDBADUwRkDBALUwRgw
FAQCAAIwDgMFAyoBV8ADBQMqDP9AMA0GCSqGSIb3DQEBCwUAA4IBAQCHEKLv9UsO
naeC1j2oBIjjoQIHXfrrsoRgUJY7TnukWnxzdxcTSuwso0n+N6whaCMP+a72lqoj
vlwibVytguaGh7r71CVIHHIlLP5OVJq/yW/JAZx0ySEY6qLkou3i1gNSwWOHu13J
VJOD6QBLZhoYjUtYSiYfS5UzPVlqUdQXEYPI0Or5iKyPUlZsBpTmfEV+a/lGKZfc
CcPpAwJl6jNbpmjyupSdMyqlLCKcQiBnLbY2ULBNXNAd54eiE7zj1CLi6YzROLCJ
2nHdv79r/4PKaXJRwosH3UkuFbsvv7YB+WUhlBebRohpzku/YQpQNdXczBW9eSrx
pRoBgxcXwFhR
-----END CERTIFICATE-----