Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/97vfEYYRgfs89mwWrUfZdqMmJd8.roa
File:                     97vfEYYRgfs89mwWrUfZdqMmJd8.roa (raw, json)
Hash identifier:          SENvyF/dlwwdFKIaUhslwl/IWgPuuTqWCdkl2roSwWA=
Subject key identifier:   F7:BB:DF:11:86:11:81:FB:3C:F6:6C:16:AD:47:D9:76:A3:26:25:DF
Certificate issuer:       /CN=49dd8f1a62a5d7f80212de0f3efe75b2fa338ffe
Certificate serial:       01945A6DC76AB8F052FE6C5BAD5A43C4F2E6
Authority key identifier: 49:DD:8F:1A:62:A5:D7:F8:02:12:DE:0F:3E:FE:75:B2:FA:33:8F:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sd2PGmKl1_gCEt4PPv51svozj_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/97vfEYYRgfs89mwWrUfZdqMmJd8.roa
Signing time:             Sun 12 Jan 2025 12:12:11 +0000
ROA not before:           Sun 12 Jan 2025 12:12:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215597
IP address blocks:        5.181.196.0/24 maxlen: 24
                          5.181.197.0/24 maxlen: 24
                          82.199.222.0/23 maxlen: 23
                          82.199.222.0/24 maxlen: 24
                          82.199.223.0/24 maxlen: 24
                          91.213.191.0/24 maxlen: 24
                          91.217.185.0/24 maxlen: 24
                          185.95.206.0/23 maxlen: 23
                          185.95.206.0/24 maxlen: 24
                          185.95.207.0/24 maxlen: 24
                          212.95.142.0/24 maxlen: 24
                          212.95.148.0/24 maxlen: 24
                          2a12:f680:200::/48 maxlen: 48
                          2a12:f680:201::/48 maxlen: 48
                          2a12:f680:204::/48 maxlen: 48
                          2a12:f680:205::/48 maxlen: 48
                          2a12:f680:600::/48 maxlen: 48
                          2a12:f680:601::/48 maxlen: 48
Validation:               Failed, certificate revoked on Mon 13 Jan 2025 11:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5a:6d:c7:6a:b8:f0:52:fe:6c:5b:ad:5a:43:c4:f2:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49dd8f1a62a5d7f80212de0f3efe75b2fa338ffe
        Validity
            Not Before: Jan 12 12:12:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7bbdf11861181fb3cf66c16ad47d976a32625df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:61:c9:65:7e:64:75:99:69:44:92:6f:f8:76:
                    7a:0a:8a:35:82:62:43:02:f7:75:46:3e:6d:07:d1:
                    b1:2f:d6:ee:55:43:8c:cb:6a:a2:fd:5b:40:98:e9:
                    b1:2e:45:1b:cc:4e:db:43:56:9b:06:5c:cc:8e:6e:
                    71:81:c5:51:ef:51:5f:73:3b:67:74:2b:63:2b:c2:
                    fc:6f:91:7d:59:e7:ff:54:bf:84:55:5c:ac:73:05:
                    ef:e5:0d:bb:56:e0:d6:b9:3c:66:b1:72:12:67:82:
                    c8:c5:c9:9f:58:23:c4:a8:8b:c2:1e:2e:95:ba:bd:
                    09:da:fd:97:d6:96:34:3b:2e:74:9b:55:30:f5:74:
                    68:e6:96:8b:fb:cd:d3:62:1c:40:d6:d3:eb:d0:0d:
                    ae:99:b6:28:13:b3:29:ce:07:93:3a:d3:d9:f9:58:
                    67:00:7d:c8:65:fe:93:e9:54:a3:87:a5:e1:d6:99:
                    85:82:47:e3:17:b8:65:c5:4f:db:b8:e3:76:8c:71:
                    9c:e4:38:64:c3:33:57:90:50:02:40:25:85:f8:d2:
                    b4:38:bc:46:b2:ec:6b:ad:87:0f:4a:07:b2:a3:02:
                    2f:8b:a1:90:34:da:e8:56:37:7a:98:ae:95:ef:ab:
                    18:bd:6e:b7:50:f8:a2:fe:59:bb:57:83:d5:cd:34:
                    1f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:BB:DF:11:86:11:81:FB:3C:F6:6C:16:AD:47:D9:76:A3:26:25:DF
            X509v3 Authority Key Identifier:
                keyid:49:DD:8F:1A:62:A5:D7:F8:02:12:DE:0F:3E:FE:75:B2:FA:33:8F:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sd2PGmKl1_gCEt4PPv51svozj_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/97vfEYYRgfs89mwWrUfZdqMmJd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/Sd2PGmKl1_gCEt4PPv51svozj_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.196.0/23
                  82.199.222.0/23
                  91.213.191.0/24
                  91.217.185.0/24
                  185.95.206.0/23
                  212.95.142.0/24
                  212.95.148.0/24
                IPv6:
                  2a12:f680:200::/47
                  2a12:f680:204::/47
                  2a12:f680:600::/47

    Signature Algorithm: sha256WithRSAEncryption
         93:eb:9a:72:92:9e:0b:c8:4a:0e:94:cc:92:89:fe:c3:3b:56:
         80:a6:2d:9f:25:90:d3:6f:81:25:3d:5a:41:f3:c9:9d:c4:0a:
         32:6c:fc:c1:5d:b2:68:ac:1a:73:8c:bb:aa:9d:0b:05:b1:29:
         be:55:f6:9b:5d:5e:3e:21:50:32:5e:e1:4f:53:99:8c:21:7a:
         e0:fe:a3:2f:9e:66:35:9a:d1:76:1d:f9:28:28:eb:c4:24:88:
         47:0b:58:a3:9e:84:68:9b:8b:bf:84:55:6e:39:1a:01:14:ed:
         5a:32:14:18:f7:e2:2e:7c:2a:7c:5e:c2:5e:13:17:37:fd:b1:
         2d:59:0b:10:a9:97:a1:ae:2d:a1:f1:14:3a:92:ba:cb:3a:57:
         c5:b8:3a:c8:4f:b8:2e:0c:45:4f:fa:17:a1:73:44:3f:52:6d:
         98:e8:37:90:f9:2c:22:1a:3a:f7:b3:41:d7:9a:65:08:da:ea:
         30:2e:a0:7d:7d:bf:75:a3:e0:62:bc:83:58:83:c3:48:03:78:
         95:b0:f5:46:62:7e:12:60:f5:c6:68:a5:9c:7a:f5:d4:d5:05:
         8e:d0:4c:0d:eb:17:98:a7:c2:12:ac:ae:b9:f6:63:87:54:16:
         af:d7:dc:86:74:e2:ab:66:56:e1:df:5a:83:d0:50:ee:4f:51:
         1b:a7:30:f7
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZRabcdquPBS/mxbrVpDxPLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZGQ4ZjFhNjJhNWQ3ZjgwMjEyZGUwZjNlZmU3NWIyZmEz
MzhmZmUwHhcNMjUwMTEyMTIxMjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2JiZGYxMTg2MTE4MWZiM2NmNjZjMTZhZDQ3ZDk3NmEzMjYyNWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WHJZX5kdZlpRJJv+HZ6Coo1gmJD
Avd1Rj5tB9GxL9buVUOMy2qi/VtAmOmxLkUbzE7bQ1abBlzMjm5xgcVR71Ffcztn
dCtjK8L8b5F9Wef/VL+EVVyscwXv5Q27VuDWuTxmsXISZ4LIxcmfWCPEqIvCHi6V
ur0J2v2X1pY0Oy50m1Uw9XRo5paL+83TYhxA1tPr0A2umbYoE7MpzgeTOtPZ+Vhn
AH3IZf6T6VSjh6Xh1pmFgkfjF7hlxU/buON2jHGc5DhkwzNXkFACQCWF+NK0OLxG
suxrrYcPSgeyowIvi6GQNNroVjd6mK6V76sYvW63UPii/lm7V4PVzTQfowIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFPe73xGGEYH7PPZsFq1H2XajJiXfMB8GA1UdIwQY
MBaAFEndjxpipdf4AhLeDz7+dbL6M4/+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2QyUEdtS2wxX2dDRXQ0UFB2NTFzdm96al80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8wMWIxZWYtMjMzYi00ZDZmLThkY2Yt
Y2VlYzQ5MTI0YzBmLzEvOTd2ZkVZWVJnZnM4OW13V3JVZlpkcU1tSmQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8wMWIxZWYtMjMzYi00ZDZmLThkY2YtY2VlYzQ5MTI0YzBm
LzEvU2QyUEdtS2wxX2dDRXQ0UFB2NTFzdm96al80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAwBAIAATAqAwQBBbXEAwQB
UsfeAwQAW9W/AwQAW9m5AwQBuV/OAwQA1F+OAwQA1F+UMCEEAgACMBsDBwEqEvaA
AgADBwEqEvaAAgQDBwEqEvaABgAwDQYJKoZIhvcNAQELBQADggEBAJPrmnKSngvI
Sg6UzJKJ/sM7VoCmLZ8lkNNvgSU9WkHzyZ3ECjJs/MFdsmisGnOMu6qdCwWxKb5V
9ptdXj4hUDJe4U9TmYwheuD+oy+eZjWa0XYd+Sgo68QkiEcLWKOehGibi7+EVW45
GgEU7VoyFBj34i58Knxewl4TFzf9sS1ZCxCpl6GuLaHxFDqSuss6V8W4OshPuC4M
RU/6F6FzRD9SbZjoN5D5LCIaOvezQdeaZQja6jAuoH19v3Wj4GK8g1iDw0gDeJWw
9UZifhJg9cZopZx69dTVBY7QTA3rF5inwhKsrrn2Y4dUFq/X3IZ04qtmVuHfWoPQ
UO5PURunMPc=
-----END CERTIFICATE-----