Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ztsKyUfsKh_LjKYk_VL8Y0hB3OM.roa
File:                     ztsKyUfsKh_LjKYk_VL8Y0hB3OM.roa (raw, json)
Hash identifier:          GkZriaGYluRVC4bNaKHzcDEcJpMEOKqrMJdWb/HdM0U=
Subject key identifier:   CE:DB:0A:C9:47:EC:2A:1F:CB:8C:A6:24:FD:52:FC:63:48:41:DC:E3
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019117CF919D020DC07369E96FB0C34C4808
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ztsKyUfsKh_LjKYk_VL8Y0hB3OM.roa
Signing time:             Sat 03 Aug 2024 10:36:04 +0000
ROA not before:           Sat 03 Aug 2024 10:36:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        193.124.17.0/24 maxlen: 24
                          193.124.204.0/24 maxlen: 24
                          194.58.56.0/24 maxlen: 24
                          194.58.154.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.58.223.0/24 maxlen: 24
                          194.87.1.0/24 maxlen: 24
                          194.87.51.0/24 maxlen: 24
                          194.87.122.0/24 maxlen: 24
                          194.87.128.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          194.87.233.0/24 maxlen: 24
                          194.87.255.0/24 maxlen: 24
                          195.133.9.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 06 Aug 2024 11:57:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:17:cf:91:9d:02:0d:c0:73:69:e9:6f:b0:c3:4c:48:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug  3 10:36:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cedb0ac947ec2a1fcb8ca624fd52fc634841dce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e8:e9:23:02:43:a1:53:dc:ac:1e:92:66:b7:
                    0a:8e:f2:dd:9a:f1:89:1a:b8:5d:d4:1b:c9:f6:dd:
                    11:b5:b0:06:bd:0b:9b:e5:1a:de:8f:5a:22:94:b4:
                    c4:51:f7:46:f0:59:0b:04:ca:8f:06:2c:0c:5f:2c:
                    75:16:21:e7:da:eb:a8:0a:3c:6e:e0:a1:1a:c2:e9:
                    68:46:c6:0a:db:1b:fb:80:1e:4a:94:ec:26:3e:3f:
                    46:5b:2e:68:43:04:31:a7:3d:36:8f:7c:c6:c9:48:
                    95:b0:6e:10:07:83:2b:a9:41:47:ed:75:fa:48:b1:
                    95:6c:7d:7e:3c:90:ca:7a:b2:8b:04:9d:3f:e3:21:
                    9b:b7:ab:f8:24:53:71:a6:6b:50:06:44:cc:97:c3:
                    25:d2:ef:3e:74:01:24:88:e6:94:84:e8:9f:bb:d3:
                    cd:cf:fc:1d:09:82:0f:da:85:95:2d:80:18:a3:9d:
                    df:f5:bf:a1:82:3f:c7:c9:93:77:d1:af:85:98:3a:
                    dc:2c:4d:c6:e7:6d:94:7b:ca:17:d7:f1:d0:d3:98:
                    1b:0a:96:69:0e:82:c8:71:bb:7d:43:8d:a8:b6:77:
                    bc:2e:da:38:29:99:86:f9:07:52:2b:75:c6:d5:a8:
                    00:5b:96:db:97:04:06:37:56:c2:38:ef:2f:33:3f:
                    6f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DB:0A:C9:47:EC:2A:1F:CB:8C:A6:24:FD:52:FC:63:48:41:DC:E3
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ztsKyUfsKh_LjKYk_VL8Y0hB3OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.17.0/24
                  193.124.204.0/24
                  194.58.56.0/24
                  194.58.154.0/23
                  194.58.223.0/24
                  194.87.1.0/24
                  194.87.51.0/24
                  194.87.122.0/24
                  194.87.128.0/24
                  194.87.179.0/24
                  194.87.233.0/24
                  194.87.255.0/24
                  195.133.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:0c:1c:bb:62:dd:65:24:60:cf:4b:32:5e:64:96:92:5c:82:
         a4:ab:59:96:ca:3e:f9:71:88:46:52:67:36:de:a9:7f:8e:82:
         0d:33:d7:f5:8b:33:4b:f2:13:c5:37:6b:5b:ef:ee:51:30:d6:
         e6:36:17:55:c4:f1:f2:12:f0:a0:b0:8b:c0:1e:f6:25:77:e5:
         ba:f1:05:57:35:61:3a:75:f7:4c:17:66:c7:c3:02:d7:49:f6:
         8d:0f:2a:f9:75:39:ae:a3:ac:2e:9f:47:59:1e:30:62:60:c5:
         70:07:53:8f:3a:35:c5:b2:e4:18:3d:ad:7e:af:79:70:29:79:
         c8:20:9a:15:9b:4e:4b:81:c0:24:a6:d4:aa:52:34:cb:d2:eb:
         59:09:e5:9f:71:9d:c2:39:29:a2:76:71:a6:6d:6e:dd:15:14:
         97:3f:98:19:af:ac:15:ce:df:44:2c:0b:89:e2:62:67:4c:48:
         d4:c3:5c:d9:49:24:58:05:e3:5c:6f:c4:8d:47:c1:b7:92:43:
         de:72:31:06:67:93:3a:dc:f5:f9:c9:26:90:9e:a9:23:42:85:
         7f:db:17:cd:5f:b6:ab:a1:47:d2:c8:b1:23:cf:c0:8b:cc:28:
         21:86:6e:da:dd:96:71:2e:a8:39:66:ff:2b:bb:80:a8:98:89:
         e7:f7:5a:29
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZEXz5GdAg3Ac2npb7DDTEgIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwODAzMTAzNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWRiMGFjOTQ3ZWMyYTFmY2I4Y2E2MjRmZDUyZmM2MzQ4NDFkY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ujpIwJDoVPcrB6SZrcKjvLdmvGJ
Grhd1BvJ9t0RtbAGvQub5Rrej1oilLTEUfdG8FkLBMqPBiwMXyx1FiHn2uuoCjxu
4KEawuloRsYK2xv7gB5KlOwmPj9GWy5oQwQxpz02j3zGyUiVsG4QB4MrqUFH7XX6
SLGVbH1+PJDKerKLBJ0/4yGbt6v4JFNxpmtQBkTMl8Ml0u8+dAEkiOaUhOifu9PN
z/wdCYIP2oWVLYAYo53f9b+hgj/HyZN30a+FmDrcLE3G522Ue8oX1/HQ05gbCpZp
DoLIcbt9Q42otne8Lto4KZmG+QdSK3XG1agAW5bblwQGN1bCOO8vMz9vhwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFM7bCslH7Cofy4ymJP1S/GNIQdzjMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvenRzS3lVZnNLaF9MaktZa19WTDhZMGhCM09NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAwXwRAwQA
wXzMAwQAwjo4AwQBwjqaAwQAwjrfAwQAwlcBAwQAwlczAwQAwld6AwQAwleAAwQA
wlezAwQAwlfpAwQAwlf/AwQAw4UJMA0GCSqGSIb3DQEBCwUAA4IBAQCQDBy7Yt1l
JGDPSzJeZJaSXIKkq1mWyj75cYhGUmc23ql/joINM9f1izNL8hPFN2tb7+5RMNbm
NhdVxPHyEvCgsIvAHvYld+W68QVXNWE6dfdMF2bHwwLXSfaNDyr5dTmuo6wun0dZ
HjBiYMVwB1OPOjXFsuQYPa1+r3lwKXnIIJoVm05LgcAkptSqUjTL0utZCeWfcZ3C
OSmidnGmbW7dFRSXP5gZr6wVzt9ELAuJ4mJnTEjUw1zZSSRYBeNcb8SNR8G3kkPe
cjEGZ5M63PX5ySaQnqkjQoV/2xfNX7aroUfSyLEjz8CLzCghhm7a3ZZxLqg5Zv8r
u4ComInn91op
-----END CERTIFICATE-----