Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/woAk3TmavaZA1tiFJMyIquONg_o.roa
File:                     woAk3TmavaZA1tiFJMyIquONg_o.roa (raw, json)
Hash identifier:          WmOKlpOWc7y/aFruO8jWu6daOrsLusMJmft2Ym3VfHQ=
Subject key identifier:   C2:80:24:DD:39:9A:BD:A6:40:D6:D8:85:24:CC:88:AA:E3:8D:83:FA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0192244AB72F895E459D78459DE543DD340F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/woAk3TmavaZA1tiFJMyIquONg_o.roa
Signing time:             Tue 24 Sep 2024 13:48:49 +0000
ROA not before:           Tue 24 Sep 2024 13:48:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.77.0/24 maxlen: 24
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.192.220.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 26 Sep 2024 11:59:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:4a:b7:2f:89:5e:45:9d:78:45:9d:e5:43:dd:34:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 24 13:48:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c28024dd399abda640d6d88524cc88aae38d83fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e9:10:25:07:0f:ad:e7:de:37:c1:6a:b6:5b:
                    85:12:07:52:25:af:a3:a5:c5:e0:dd:a6:b7:ee:80:
                    27:54:d2:38:73:34:ba:ac:3c:81:14:b8:c1:23:9c:
                    26:0b:bb:62:c5:6b:28:dd:47:bb:2a:b7:a7:28:06:
                    b9:03:27:e7:0b:76:56:29:d6:66:58:04:ff:da:af:
                    9e:81:52:1c:06:3a:0a:6a:35:c6:e0:4a:67:ec:48:
                    20:45:12:11:41:1b:58:fb:e6:c7:37:63:de:25:c0:
                    20:63:a6:c4:89:59:de:69:48:74:42:e5:60:84:f3:
                    82:ec:a9:8c:b7:c1:6e:cf:fb:a1:11:76:f6:92:f1:
                    cf:d3:1f:60:59:9d:d2:ad:c4:fb:63:5b:bb:fe:e9:
                    23:b6:d6:7a:e9:c1:f2:10:fd:2c:fa:74:26:54:87:
                    d7:ef:da:91:8d:e0:03:0c:bf:0d:5d:77:2d:e9:2f:
                    e7:de:6a:aa:72:6a:26:5d:4f:42:28:12:f6:40:15:
                    3a:86:bb:64:96:05:8b:31:37:36:38:93:bb:34:44:
                    37:84:39:b2:56:13:71:31:58:eb:b7:18:f5:e7:24:
                    13:6f:15:9d:38:63:e2:d8:91:35:23:be:6c:a3:60:
                    13:cc:e0:1c:04:ec:5f:fd:b6:b8:50:12:55:78:fd:
                    76:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:80:24:DD:39:9A:BD:A6:40:D6:D8:85:24:CC:88:AA:E3:8D:83:FA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/woAk3TmavaZA1tiFJMyIquONg_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.87.82.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.77.0/24
                  195.133.92.0/23
                  212.192.1.0/24
                  212.192.220.0/24
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:8b:91:7a:6a:71:7b:5e:ea:96:d3:5a:56:eb:f6:3b:52:3e:
         6f:d4:b1:d0:b4:36:82:51:af:8d:44:d5:2c:ff:de:3f:56:19:
         65:b0:51:d6:c9:d6:01:89:90:23:44:83:bb:08:c4:59:18:a6:
         0b:32:fd:6a:58:77:4c:77:c7:e1:07:14:01:ba:88:9e:15:f6:
         b9:a0:79:29:6b:1b:66:70:12:ef:e6:1e:31:40:56:26:9d:a1:
         8e:ae:b1:9a:23:3d:ec:9b:6d:1a:86:99:bb:2e:24:e0:bf:78:
         5d:75:cc:02:41:4b:92:5c:1e:de:f0:d8:56:fe:4d:8b:9a:f7:
         d0:fe:db:af:da:1c:ce:b9:45:24:ea:a6:4a:aa:53:ef:50:f8:
         0c:72:d2:79:40:5b:c5:14:f0:01:b7:1e:f2:50:f3:8a:4e:96:
         30:f8:fa:87:c0:53:d2:af:86:59:26:73:0e:20:59:3c:d2:5a:
         b6:54:bd:f6:56:b5:ad:1a:b5:2c:df:11:c6:61:22:5f:09:f9:
         84:9e:75:a4:8c:e7:9a:83:1f:31:7d:b1:48:61:77:e5:4e:c1:
         75:47:e6:8b:ac:89:10:1a:f5:b7:de:6e:8c:40:60:dd:5b:ec:
         83:fa:d8:a2:5c:2a:c9:f6:20:2a:60:d2:d1:97:1f:99:34:3f:
         0b:28:77:cc
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZIkSrcviV5FnXhFneVD3TQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTI0MTM0ODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjgwMjRkZDM5OWFiZGE2NDBkNmQ4ODUyNGNjODhhYWUzOGQ4M2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+kQJQcPrefeN8FqtluFEgdSJa+j
pcXg3aa37oAnVNI4czS6rDyBFLjBI5wmC7tixWso3Ue7KrenKAa5AyfnC3ZWKdZm
WAT/2q+egVIcBjoKajXG4Epn7EggRRIRQRtY++bHN2PeJcAgY6bEiVneaUh0QuVg
hPOC7KmMt8Fuz/uhEXb2kvHP0x9gWZ3SrcT7Y1u7/ukjttZ66cHyEP0s+nQmVIfX
79qRjeADDL8NXXct6S/n3mqqcmomXU9CKBL2QBU6hrtklgWLMTc2OJO7NEQ3hDmy
VhNxMVjrtxj15yQTbxWdOGPi2JE1I75so2ATzOAcBOxf/ba4UBJVeP12HQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFMKAJN05mr2mQNbYhSTMiKrjjYP6MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvd29BazNUbWF2YVpBMXRpRkpNeUlxdU9OZ19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQAwjqbAwQA
wldSAwQAwlepAwQBw4UYAwQBw4UoAwQBw4UyAwQAw4VNAwQBw4VcAwQA1MABAwQA
1MDcAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOC
AQEAI4uRempxe17qltNaVuv2O1I+b9Sx0LQ2glGvjUTVLP/eP1YZZbBR1snWAYmQ
I0SDuwjEWRimCzL9alh3THfH4QcUAbqInhX2uaB5KWsbZnAS7+YeMUBWJp2hjq6x
miM97JttGoaZuy4k4L94XXXMAkFLklwe3vDYVv5Ni5r30P7br9oczrlFJOqmSqpT
71D4DHLSeUBbxRTwAbce8lDzik6WMPj6h8BT0q+GWSZzDiBZPNJatlS99la1rRq1
LN8RxmEiXwn5hJ51pIznmoMfMX2xSGF35U7BdUfmi6yJEBr1t95ujEBg3Vvsg/rY
olwqyfYgKmDS0ZcfmTQ/Cyh3zA==
-----END CERTIFICATE-----