Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wQh8ALptC2RCC2nO8MOX2E-3Vaw.roa
File:                     wQh8ALptC2RCC2nO8MOX2E-3Vaw.roa (raw, json)
Hash identifier:          H0cAe+iwCFdqxjzSjblymYZ97U8DbuInXqLCpvnasnI=
Subject key identifier:   C1:08:7C:00:BA:6D:0B:64:42:0B:69:CE:F0:C3:97:D8:4F:B7:55:AC
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F77EFF73F10F1153876A50E4A603EF3A0
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wQh8ALptC2RCC2nO8MOX2E-3Vaw.roa
Signing time:             Tue 14 May 2024 16:29:25 +0000
ROA not before:           Tue 14 May 2024 16:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.56.0/23 maxlen: 23
                          194.87.134.0/24 maxlen: 24
                          194.87.141.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          194.87.201.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.38.0/24 maxlen: 24
                          195.133.54.0/24 maxlen: 24
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.192.212.0/24 maxlen: 24
                          212.193.4.0/24 maxlen: 24
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 15 May 2024 14:29:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:ef:f7:3f:10:f1:15:38:76:a5:0e:4a:60:3e:f3:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 14 16:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1087c00ba6d0b64420b69cef0c397d84fb755ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:71:02:4c:99:f8:69:65:c5:f0:63:9b:a1:db:
                    f5:f8:d0:04:35:f6:17:e1:15:e0:d3:f4:ff:02:f6:
                    75:76:38:14:01:b9:cd:02:01:21:9c:9d:47:9f:d8:
                    80:fb:6b:a6:e9:06:34:1c:5a:a5:2c:91:a6:c5:c5:
                    fc:a4:79:d6:3b:6c:54:4f:5a:d0:23:ef:87:30:f9:
                    08:03:9e:b7:4a:30:4d:81:45:6a:76:3c:2d:bc:22:
                    66:d7:72:1a:ab:ad:61:af:28:42:af:53:c4:eb:c8:
                    a0:29:de:e1:d5:e0:cd:3c:b0:78:af:1c:29:76:de:
                    f3:f4:7b:c3:55:af:84:77:61:e0:83:c2:70:9a:d3:
                    c3:69:e9:af:e1:8a:bc:f9:32:c7:1f:54:36:38:ae:
                    d4:74:02:ff:32:97:3e:5b:44:4b:43:f7:6c:25:9e:
                    10:89:63:e6:2a:b8:4f:e0:46:b9:57:4e:d5:31:07:
                    75:be:e7:0b:33:44:94:ef:c9:36:29:ad:59:83:cf:
                    04:00:9d:d3:7c:79:da:b0:44:39:3f:a2:2c:97:24:
                    74:31:3d:15:93:f0:5f:af:c7:62:4d:92:60:58:44:
                    48:38:ca:ac:6e:f4:3d:a2:a5:f1:cb:c3:ae:4f:39:
                    f0:c6:28:9a:42:f6:e2:13:06:07:79:01:76:3d:27:
                    80:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:08:7C:00:BA:6D:0B:64:42:0B:69:CE:F0:C3:97:D8:4F:B7:55:AC
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wQh8ALptC2RCC2nO8MOX2E-3Vaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.56.0/23
                  194.87.134.0/24
                  194.87.141.0/24
                  194.87.169.0/24
                  194.87.198.0/24
                  194.87.201.0/24
                  195.133.25.0/24
                  195.133.38.0/24
                  195.133.54.0/24
                  195.133.92.0/23
                  212.192.1.0/24
                  212.192.212.0/24
                  212.193.4.0/24
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:64:c2:f6:d3:4f:e8:1f:28:e9:9c:75:ed:74:7f:2f:f2:67:
         52:4e:6e:ef:b1:26:2b:c3:44:ee:26:51:ff:78:9a:7c:db:38:
         1a:d3:3f:e1:f6:3e:c3:e8:86:cc:9e:7d:ab:d5:8c:d3:68:7f:
         7d:07:bd:fa:c7:f5:7d:e7:db:d0:01:1a:75:b3:cb:01:81:77:
         7a:39:12:6f:09:48:ec:08:12:f4:34:54:2e:ab:2c:99:db:a9:
         06:64:3c:a2:c7:64:4c:0a:f1:c7:6a:23:3c:5e:82:70:45:d5:
         a6:00:dd:25:7a:7f:73:2d:61:b6:df:1b:ef:ca:f5:00:51:cf:
         ef:68:e7:83:16:9a:d5:ee:d9:97:8c:1e:cd:a2:ba:f2:6f:ca:
         b6:92:45:7e:15:a8:85:d6:0f:60:a2:6d:5a:6a:8a:d1:7f:91:
         cf:da:69:98:a3:6c:f1:f0:43:63:e1:d3:a5:b9:43:63:43:95:
         55:62:98:c3:be:e6:96:bd:d6:9d:cb:08:fd:bb:42:55:89:ba:
         60:1e:3f:48:db:cf:ad:e4:f4:c7:6b:28:43:e0:5c:1d:d2:2e:
         bd:13:e0:5e:f1:24:cd:47:0f:ef:2a:ff:20:fd:f7:40:ea:74:
         a4:ea:5f:f5:3e:c3:2d:73:9a:cb:44:a7:65:8f:d4:11:86:bf:
         53:55:5a:dc
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAY937/c/EPEVOHalDkpgPvOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTE0MTYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTA4N2MwMGJhNmQwYjY0NDIwYjY5Y2VmMGMzOTdkODRmYjc1NWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3ECTJn4aWXF8GObodv1+NAENfYX
4RXg0/T/AvZ1djgUAbnNAgEhnJ1Hn9iA+2um6QY0HFqlLJGmxcX8pHnWO2xUT1rQ
I++HMPkIA563SjBNgUVqdjwtvCJm13Iaq61hryhCr1PE68igKd7h1eDNPLB4rxwp
dt7z9HvDVa+Ed2Hgg8JwmtPDaemv4Yq8+TLHH1Q2OK7UdAL/Mpc+W0RLQ/dsJZ4Q
iWPmKrhP4Ea5V07VMQd1vucLM0SU78k2Ka1Zg88EAJ3TfHnasEQ5P6IslyR0MT0V
k/Bfr8diTZJgWERIOMqsbvQ9oqXxy8OuTznwxiiaQvbiEwYHeQF2PSeACQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFMEIfAC6bQtkQgtpzvDDl9hPt1WsMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvd1FoOEFMcHRDMlJDQzJuTzhNT1gyRS0zVmF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQBwjo4AwQA
wleGAwQAwleNAwQAwlepAwQAwlfGAwQAwlfJAwQAw4UZAwQAw4UmAwQAw4U2AwQB
w4VcAwQA1MABAwQA1MDUAwQA1MEEMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkq
hkiG9w0BAQsFAAOCAQEAgWTC9tNP6B8o6Zx17XR/L/JnUk5u77EmK8NE7iZR/3ia
fNs4GtM/4fY+w+iGzJ59q9WM02h/fQe9+sf1fefb0AEadbPLAYF3ejkSbwlI7AgS
9DRULqssmdupBmQ8osdkTArxx2ojPF6CcEXVpgDdJXp/cy1htt8b78r1AFHP72jn
gxaa1e7Zl4wezaK68m/KtpJFfhWohdYPYKJtWmqK0X+Rz9ppmKNs8fBDY+HTpblD
Y0OVVWKYw77mlr3WncsI/btCVYm6YB4/SNvPreT0x2soQ+BcHdIuvRPgXvEkzUcP
7yr/IP33QOp0pOpf9T7DLXOay0SnZY/UEYa/U1Va3A==
-----END CERTIFICATE-----