Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uQIgEK2x-0PpeGEb1lLjeowHcN4.roa
File:                     uQIgEK2x-0PpeGEb1lLjeowHcN4.roa (raw, json)
Hash identifier:          GvdGKd3nJdb/BB1BMmQ0/Cki6o0pSh7y4lOe2JCnAVo=
Subject key identifier:   B9:02:20:10:AD:B1:FB:43:E9:78:61:1B:D6:52:E3:7A:8C:07:70:DE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0194ACDA4C42F9956890FFB6801652790228
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uQIgEK2x-0PpeGEb1lLjeowHcN4.roa
Signing time:             Tue 28 Jan 2025 12:19:34 +0000
ROA not before:           Tue 28 Jan 2025 12:19:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.124.89.0/24 maxlen: 24
                          193.124.207.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.224.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 29 Jan 2025 15:18:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:da:4c:42:f9:95:68:90:ff:b6:80:16:52:79:02:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 28 12:19:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9022010adb1fb43e978611bd652e37a8c0770de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8c:5b:67:e7:34:82:0c:b1:34:32:83:6a:12:
                    d9:c4:30:d4:3c:72:6a:9f:73:c8:6e:ab:93:48:61:
                    48:9f:44:4d:35:a6:60:ac:84:6f:cd:e9:5c:f9:06:
                    e2:54:cf:c2:f1:21:ab:2a:cf:2c:8d:a1:11:7c:21:
                    37:13:2d:2e:75:d3:bf:43:5e:d4:2f:8d:07:d6:0e:
                    13:48:4e:79:43:27:4b:4b:52:c2:43:c2:4d:78:93:
                    21:80:ed:e9:e1:f2:bb:b6:c4:bf:7b:ca:d4:19:7e:
                    47:92:97:b8:e3:b1:a2:07:5b:79:c5:5f:47:25:d9:
                    61:ad:f0:d1:82:ff:d0:ab:3f:a3:63:36:25:05:95:
                    5f:81:20:aa:14:5e:39:5e:bb:ee:c0:e4:85:b1:2b:
                    75:e3:3f:2a:43:02:3d:20:85:ea:b9:06:75:db:53:
                    97:7d:5b:fa:55:d7:d1:da:65:df:6c:cd:8e:0b:a0:
                    08:94:f0:cf:00:19:02:bd:85:10:1e:b1:a3:f4:46:
                    93:ab:99:89:4d:5d:10:ac:a4:29:f8:f1:5d:e5:83:
                    8c:56:95:b8:a7:68:46:ef:74:5e:dc:31:fd:ba:67:
                    af:92:4c:44:cc:69:bd:de:2a:71:18:c7:ab:41:75:
                    19:2a:32:0a:53:da:ed:fd:5f:b4:c0:5d:b3:8d:e1:
                    60:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:02:20:10:AD:B1:FB:43:E9:78:61:1B:D6:52:E3:7A:8C:07:70:DE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uQIgEK2x-0PpeGEb1lLjeowHcN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.89.0/24
                  193.124.207.0/24
                  194.58.155.0/24
                  194.87.169.0/24
                  194.87.224.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:4a:eb:18:35:e0:4f:61:f9:40:26:25:35:e7:f7:c1:ad:95:
         27:66:3a:d7:66:3d:81:d6:3b:92:1c:b8:ea:f1:6a:3c:13:82:
         79:7a:ec:8d:7b:80:d1:31:e9:b1:84:c0:7a:06:2d:8c:89:52:
         b8:6e:dd:16:28:f4:75:64:91:7d:c2:a3:5b:08:99:9d:2a:c3:
         ce:95:73:8d:63:b8:74:18:3b:66:f4:fb:21:e4:16:ac:90:4a:
         03:d4:47:85:1b:44:6e:88:83:f5:cf:0b:71:cc:fa:be:32:0c:
         02:a5:05:73:a3:46:94:fa:18:72:d8:1d:30:b6:6b:7a:3d:d1:
         3f:a4:9e:60:d4:aa:c2:3f:0c:d8:98:ea:03:36:fc:6c:89:5a:
         39:ab:81:e5:78:7b:a8:48:73:90:b4:3d:32:83:06:68:36:94:
         20:4d:45:fe:28:eb:41:c3:54:47:38:cb:7a:2b:84:ae:93:77:
         8f:a6:58:23:93:1e:ab:32:e6:1d:fd:a7:15:2d:1a:28:ae:27:
         b4:fa:b8:15:69:83:48:b2:51:2f:fa:75:06:76:ad:70:93:75:
         4d:29:fa:3a:0b:7e:fa:7f:2a:2c:45:55:5c:5d:61:e3:8e:81:
         4c:00:b7:6e:b8:12:d2:c2:ed:d7:55:cb:f8:75:42:53:74:6c:
         b9:ba:90:c7
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZSs2kxC+ZVokP+2gBZSeQIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTI4MTIxOTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTAyMjAxMGFkYjFmYjQzZTk3ODYxMWJkNjUyZTM3YThjMDc3MGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYxbZ+c0ggyxNDKDahLZxDDUPHJq
n3PIbquTSGFIn0RNNaZgrIRvzelc+QbiVM/C8SGrKs8sjaERfCE3Ey0uddO/Q17U
L40H1g4TSE55QydLS1LCQ8JNeJMhgO3p4fK7tsS/e8rUGX5Hkpe447GiB1t5xV9H
JdlhrfDRgv/Qqz+jYzYlBZVfgSCqFF45XrvuwOSFsSt14z8qQwI9IIXquQZ121OX
fVv6VdfR2mXfbM2OC6AIlPDPABkCvYUQHrGj9EaTq5mJTV0QrKQp+PFd5YOMVpW4
p2hG73Re3DH9umevkkxEzGm93ipxGMerQXUZKjIKU9rt/V+0wF2zjeFgkwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFLkCIBCtsftD6XhhG9ZS43qMB3DeMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdVFJZ0VLMngtMFBwZUdFYjFsTGplb3dIY040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQAwXxZAwQA
wXzPAwQAwjqbAwQAwlepAwQAwlfgAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQB
1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAfUrr
GDXgT2H5QCYlNef3wa2VJ2Y612Y9gdY7khy46vFqPBOCeXrsjXuA0THpsYTAegYt
jIlSuG7dFij0dWSRfcKjWwiZnSrDzpVzjWO4dBg7ZvT7IeQWrJBKA9RHhRtEboiD
9c8Lccz6vjIMAqUFc6NGlPoYctgdMLZrej3RP6SeYNSqwj8M2JjqAzb8bIlaOauB
5Xh7qEhzkLQ9MoMGaDaUIE1F/ijrQcNURzjLeiuErpN3j6ZYI5MeqzLmHf2nFS0a
KK4ntPq4FWmDSLJRL/p1BnatcJN1TSn6Ogt++n8qLEVVXF1h446BTAC3brgS0sLt
11XL+HVCU3RsubqQxw==
-----END CERTIFICATE-----