Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/t9xPI5Jdz9LRtsorib2Nvs1RZZ4.roa
File:                     t9xPI5Jdz9LRtsorib2Nvs1RZZ4.roa (raw, json)
Hash identifier:          sxSj1HnjNx3x6koKmNEiOV9CKeoAcsKjx9yscxrNOro=
Subject key identifier:   B7:DC:4F:23:92:5D:CF:D2:D1:B6:CA:2B:89:BD:8D:BE:CD:51:65:9E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018FDE24DA606D49964D3B483AAECC8671CC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/t9xPI5Jdz9LRtsorib2Nvs1RZZ4.roa
Signing time:             Mon 03 Jun 2024 12:48:27 +0000
ROA not before:           Mon 03 Jun 2024 12:48:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.56.0/23 maxlen: 23
                          194.87.134.0/24 maxlen: 24
                          194.87.141.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.4.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 06 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:de:24:da:60:6d:49:96:4d:3b:48:3a:ae:cc:86:71:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  3 12:48:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7dc4f23925dcfd2d1b6ca2b89bd8dbecd51659e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3e:d8:0e:19:d2:be:0a:aa:a2:2e:b7:da:27:
                    9d:9b:04:b8:57:d0:f3:49:1e:a6:2d:fd:4b:ca:1f:
                    62:2b:6b:fc:35:56:39:22:b2:cf:16:42:c5:c2:0e:
                    88:e2:bf:04:9e:a0:50:10:45:97:f5:6b:aa:bc:42:
                    13:cd:e8:62:10:77:a3:a3:7d:06:0e:46:19:93:1b:
                    4d:8f:d9:0b:76:d4:45:42:3f:c7:88:f4:0e:c2:3d:
                    af:1d:b4:d0:4b:b8:08:97:41:1b:e8:7b:6c:ed:b6:
                    15:05:c6:25:c0:eb:fb:b0:76:17:5a:19:80:bb:b4:
                    1f:36:9d:e9:60:ae:bd:47:21:4b:a0:ff:c6:ba:d6:
                    41:d3:35:0d:40:8f:65:7c:e8:9a:6c:5d:6c:7c:64:
                    5b:00:ba:98:cb:1d:84:e5:31:0e:d0:bc:76:d9:7f:
                    c8:33:85:63:36:8f:2d:ea:6a:56:17:c5:0e:7a:ad:
                    b2:23:03:3b:51:fa:e5:b9:f8:84:8f:f2:0b:d0:99:
                    b5:75:22:79:22:80:21:51:c8:ce:b7:5f:33:d9:5d:
                    8f:9b:7a:48:f2:b4:73:6b:60:7f:5e:a9:cc:8d:0e:
                    3d:be:48:d9:8b:d3:a6:3e:ed:c1:82:ed:7a:8d:63:
                    01:71:d2:29:aa:b0:db:5b:8e:8f:4f:55:71:b7:b5:
                    bf:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:DC:4F:23:92:5D:CF:D2:D1:B6:CA:2B:89:BD:8D:BE:CD:51:65:9E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/t9xPI5Jdz9LRtsorib2Nvs1RZZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.56.0/23
                  194.87.134.0/24
                  194.87.141.0/24
                  194.87.169.0/24
                  195.133.25.0/24
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.4.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:3d:7b:a4:64:c1:33:47:33:ac:88:23:ac:91:ed:8c:a7:cf:
         33:c2:0a:3c:70:ab:bb:b7:ad:43:b2:ba:ac:69:cd:2d:1c:e5:
         76:1b:d1:62:2e:e8:4a:8f:ab:a6:56:8d:24:db:90:60:e2:b9:
         cb:0d:b3:19:97:76:f8:31:79:e1:b6:18:9a:cb:e8:85:5e:81:
         de:32:fb:5a:9f:e2:e4:3f:fb:6c:51:40:6c:c0:e4:6e:33:95:
         f2:43:d6:d7:a1:de:5f:f8:7d:ea:78:17:23:fc:bf:ef:31:d4:
         33:b0:fc:7f:7b:8f:b1:c5:98:ce:c2:6b:1c:c1:e8:5e:98:9b:
         7e:a6:64:39:27:3c:23:e3:40:59:cf:6c:8d:b5:9e:aa:cc:87:
         40:37:a1:94:5a:89:57:11:55:29:cf:02:81:9c:b7:ec:d5:69:
         d5:6d:92:b5:7f:09:f4:30:c8:b7:c8:fd:1e:4e:d6:7a:37:0f:
         bf:85:1d:3f:fd:17:46:56:03:3a:fb:60:ae:79:37:10:99:62:
         97:5e:17:dd:e3:27:c7:7b:d0:37:46:84:a6:53:2f:3b:b3:6f:
         5d:86:41:14:6c:1b:f8:64:fc:a1:94:d3:58:7b:80:e6:2e:ae:
         92:92:cf:fa:87:7c:ee:5d:fc:d8:a9:3f:e6:08:b5:62:31:dd:
         04:f9:8c:a3
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY/eJNpgbUmWTTtIOq7MhnHMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNjAzMTI0ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2RjNGYyMzkyNWRjZmQyZDFiNmNhMmI4OWJkOGRiZWNkNTE2NTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0D7YDhnSvgqqoi632iedmwS4V9Dz
SR6mLf1Lyh9iK2v8NVY5IrLPFkLFwg6I4r8EnqBQEEWX9WuqvEITzehiEHejo30G
DkYZkxtNj9kLdtRFQj/HiPQOwj2vHbTQS7gIl0Eb6Hts7bYVBcYlwOv7sHYXWhmA
u7QfNp3pYK69RyFLoP/GutZB0zUNQI9lfOiabF1sfGRbALqYyx2E5TEO0Lx22X/I
M4VjNo8t6mpWF8UOeq2yIwM7UfrlufiEj/IL0Jm1dSJ5IoAhUcjOt18z2V2Pm3pI
8rRza2B/XqnMjQ49vkjZi9OmPu3Bgu16jWMBcdIpqrDbW46PT1Vxt7W/tQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFLfcTyOSXc/S0bbKK4m9jb7NUWWeMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdDl4UEk1SmR6OUxSdHNvcmliMk52czFSWlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQBwjo4AwQA
wleGAwQAwleNAwQAwlepAwQAw4UZAwQBw4VcAwQA1MABAwQA1MEEMBQEAgACMA4D
BQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEASD17pGTBM0czrIgjrJHt
jKfPM8IKPHCru7etQ7K6rGnNLRzldhvRYi7oSo+rplaNJNuQYOK5yw2zGZd2+DF5
4bYYmsvohV6B3jL7Wp/i5D/7bFFAbMDkbjOV8kPW16HeX/h96ngXI/y/7zHUM7D8
f3uPscWYzsJrHMHoXpibfqZkOSc8I+NAWc9sjbWeqsyHQDehlFqJVxFVKc8CgZy3
7NVp1W2StX8J9DDIt8j9Hk7WejcPv4UdP/0XRlYDOvtgrnk3EJlil14X3eMnx3vQ
N0aEplMvO7NvXYZBFGwb+GT8oZTTWHuA5i6ukpLP+od87l382Kk/5gi1YjHdBPmM
ow==
-----END CERTIFICATE-----