Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sVnAqj-Qok0AULeG3ns_sa21AQo.roa
File:                     sVnAqj-Qok0AULeG3ns_sa21AQo.roa (raw, json)
Hash identifier:          ttBwTYQZAa9IEH0tOTgJVYCAq+K82QkdzYDX0PFJglY=
Subject key identifier:   B1:59:C0:AA:3F:90:A2:4D:00:50:B7:86:DE:7B:3F:B1:AD:B5:01:0A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0195661C36B9DA326214964A6C8B5416A4BD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sVnAqj-Qok0AULeG3ns_sa21AQo.roa
Signing time:             Wed 05 Mar 2025 11:41:19 +0000
ROA not before:           Wed 05 Mar 2025 11:41:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.124.7.0/24 maxlen: 24
                          194.58.36.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Fri 07 Mar 2025 11:35:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:1c:36:b9:da:32:62:14:96:4a:6c:8b:54:16:a4:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar  5 11:41:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b159c0aa3f90a24d0050b786de7b3fb1adb5010a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5e:c1:4b:45:a7:52:08:8d:72:57:35:95:cf:
                    57:af:0b:24:d3:5a:a3:ba:7e:86:32:a3:5d:88:ec:
                    ab:3f:12:09:2f:4a:7f:80:64:77:7c:66:c8:79:9d:
                    11:6d:26:30:34:ba:a2:26:22:20:19:85:6d:49:6e:
                    0c:b1:79:1b:69:27:12:e0:98:81:cc:f9:3c:48:e5:
                    bc:b6:a0:98:ef:1e:cb:c2:aa:52:21:1c:1b:65:d4:
                    a1:70:95:d8:88:1b:60:c8:a8:8a:6f:c2:d8:df:62:
                    ca:6d:7d:db:cb:4b:ef:12:c1:d2:36:81:d2:00:3c:
                    d3:ce:be:f1:19:f6:5a:35:c0:39:7d:3d:70:22:40:
                    49:10:19:2a:a1:d3:8f:c3:0b:e5:a1:db:a9:e6:3e:
                    61:b6:20:d7:32:03:7c:3c:18:a1:50:1a:24:d9:c1:
                    1e:a7:4c:23:f3:3f:36:8e:e1:7c:84:ef:6c:f8:7d:
                    6f:9b:d5:6a:cf:b9:9c:0e:c7:02:52:f2:43:7f:75:
                    b7:1d:8e:65:56:9d:ae:5a:5d:d0:62:6a:0f:eb:a6:
                    56:f0:11:e4:19:ad:4f:6a:36:80:06:3a:c8:a8:b1:
                    5b:fa:ff:31:95:06:14:74:05:24:ef:8b:31:c9:3e:
                    ef:78:f4:d2:c9:20:76:35:f1:54:ca:fe:7f:af:03:
                    2a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:59:C0:AA:3F:90:A2:4D:00:50:B7:86:DE:7B:3F:B1:AD:B5:01:0A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sVnAqj-Qok0AULeG3ns_sa21AQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  194.58.36.0/24
                  194.58.155.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:b5:17:2b:4e:61:07:70:4a:dd:dd:f4:75:26:a5:be:54:1a:
         bd:eb:f7:75:4c:f3:fa:bc:51:20:2c:1b:6c:14:1b:92:db:84:
         3b:d8:b7:4c:40:70:64:10:f9:2b:be:8c:64:77:66:fc:b9:a3:
         74:b6:d2:80:ae:c1:eb:d4:4a:30:19:89:10:3f:5a:44:5b:17:
         c4:ab:9d:98:3e:20:15:c7:be:8f:73:d4:80:07:67:db:3a:94:
         d6:c1:dc:7c:22:e2:33:d5:1c:c9:7d:8b:8f:6f:76:13:72:b9:
         83:2a:55:34:3e:25:51:63:14:38:3e:84:87:d1:11:aa:98:e6:
         22:fd:cc:56:c5:14:17:b8:4e:e1:a9:1e:c9:91:f3:6d:4b:ad:
         f4:0b:43:d3:3c:39:15:92:a9:e0:db:49:36:ae:5a:43:3f:2d:
         d2:b2:35:4b:24:52:c8:9a:3b:cf:ab:68:8d:45:1c:08:09:1d:
         15:18:13:c9:04:98:fb:98:2f:da:42:a0:da:d4:ee:f9:7d:d2:
         81:fb:8f:84:47:aa:0f:03:af:8d:b6:ac:99:40:27:14:f2:5c:
         69:ae:b9:ed:cb:aa:27:54:3f:d7:e1:8e:26:3d:08:28:cd:cd:
         5a:15:a8:a7:d9:51:8e:9f:3a:86:45:da:94:27:1b:8e:4f:d7:
         c7:12:db:c6
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZVmHDa52jJiFJZKbItUFqS9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMzA1MTE0MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTU5YzBhYTNmOTBhMjRkMDA1MGI3ODZkZTdiM2ZiMWFkYjUwMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul7BS0WnUgiNclc1lc9Xrwsk01qj
un6GMqNdiOyrPxIJL0p/gGR3fGbIeZ0RbSYwNLqiJiIgGYVtSW4MsXkbaScS4JiB
zPk8SOW8tqCY7x7LwqpSIRwbZdShcJXYiBtgyKiKb8LY32LKbX3by0vvEsHSNoHS
ADzTzr7xGfZaNcA5fT1wIkBJEBkqodOPwwvlodup5j5htiDXMgN8PBihUBok2cEe
p0wj8z82juF8hO9s+H1vm9Vqz7mcDscCUvJDf3W3HY5lVp2uWl3QYmoP66ZW8BHk
Ga1PajaABjrIqLFb+v8xlQYUdAUk74sxyT7vePTSySB2NfFUyv5/rwMqdQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFLFZwKo/kKJNAFC3ht57P7GttQEKMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvc1ZuQXFqLVFvazBBVUxlRzNuc19zYTIxQVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQAwXwHAwQA
wjokAwQAwjqbAwQAwlepAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQB1MEaMBQE
AgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAQbUXK05hB3BK
3d30dSalvlQavev3dUzz+rxRICwbbBQbktuEO9i3TEBwZBD5K76MZHdm/LmjdLbS
gK7B69RKMBmJED9aRFsXxKudmD4gFce+j3PUgAdn2zqU1sHcfCLiM9UcyX2Lj292
E3K5gypVND4lUWMUOD6Eh9ERqpjmIv3MVsUUF7hO4akeyZHzbUut9AtD0zw5FZKp
4NtJNq5aQz8t0rI1SyRSyJo7z6tojUUcCAkdFRgTyQSY+5gv2kKg2tTu+X3SgfuP
hEeqDwOvjbasmUAnFPJcaa657cuqJ1Q/1+GOJj0IKM3NWhWop9lRjp86hkXalCcb
jk/XxxLbxg==
-----END CERTIFICATE-----