Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/FFw_5Dlhm9jjfyxy1g_vXoShNRE.roa
File:                     FFw_5Dlhm9jjfyxy1g_vXoShNRE.roa (raw, json)
Hash identifier:          mtIeTmRlOUdPExIGmeOufw90bYGUuIazXwq569QNFe0=
Subject key identifier:   14:5C:3F:E4:39:61:9B:D8:E3:7F:2C:72:D6:0F:EF:5E:84:A1:35:11
Certificate issuer:       /CN=93b2981978885696ce1c2bbf4af99dadc2c618eb
Certificate serial:       018CC9BC03052F6461DE171E89121579B9B2
Authority key identifier: 93:B2:98:19:78:88:56:96:CE:1C:2B:BF:4A:F9:9D:AD:C2:C6:18:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k7KYGXiIVpbOHCu_SvmdrcLGGOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/FFw_5Dlhm9jjfyxy1g_vXoShNRE.roa
Signing time:             Tue 02 Jan 2024 10:33:11 +0000
ROA not before:           Tue 02 Jan 2024 10:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199256
IP address blocks:        93.119.24.0/22 maxlen: 24
                          159.253.224.0/22 maxlen: 24
                          185.122.132.0/22 maxlen: 24
                          185.57.100.0/22 maxlen: 24
                          185.156.196.0/22 maxlen: 24
                          81.173.12.0/22 maxlen: 24
                          144.2.240.0/21 maxlen: 24
                          45.137.184.0/22 maxlen: 22
                          91.216.236.0/24 maxlen: 24
                          91.216.241.0/24 maxlen: 24
                          185.32.152.0/22 maxlen: 24
                          5.149.168.0/21 maxlen: 24
                          2a04:b00::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:48:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:03:05:2f:64:61:de:17:1e:89:12:15:79:b9:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93b2981978885696ce1c2bbf4af99dadc2c618eb
        Validity
            Not Before: Jan  2 10:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=145c3fe439619bd8e37f2c72d60fef5e84a13511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cc:06:eb:dc:3e:4b:04:0a:48:2c:eb:95:cd:
                    05:33:e1:63:ba:81:5c:69:16:ab:df:19:68:89:15:
                    6a:4b:45:7c:8f:79:2e:98:23:97:ba:6c:b0:49:d3:
                    b6:ba:23:66:51:0d:6a:a0:75:1d:fb:28:77:ac:7a:
                    ac:54:a6:9c:a7:29:39:b8:e1:7e:0a:af:c1:4b:a0:
                    67:14:f1:f2:b8:82:4a:15:20:2e:d9:bc:99:26:88:
                    7b:1a:b2:97:df:e7:7a:16:af:ae:80:87:0e:bb:46:
                    a9:60:68:64:16:18:55:9c:51:bd:fb:c0:2f:99:0d:
                    9f:88:9a:1b:e3:5c:6e:8f:a4:40:23:4c:75:a2:f6:
                    f5:ca:3b:02:2b:e2:1a:fa:b6:ee:16:c3:f6:f3:69:
                    40:f4:8c:e0:ac:59:ec:71:e1:06:95:cf:c5:f5:c7:
                    68:c1:b7:9c:a4:ed:c1:8a:c6:6b:11:bd:e3:87:8a:
                    b8:b1:e4:da:dd:82:55:c2:3b:41:d7:c0:fd:a5:ff:
                    78:ce:2f:c3:bc:f2:54:1e:db:f2:ab:b8:b1:54:c9:
                    8e:77:a2:dd:cb:9c:7a:5d:b4:63:6d:c2:d1:fb:d3:
                    ab:74:6b:b3:1a:bf:fb:c0:04:1b:1d:aa:4d:2c:e1:
                    3f:98:03:74:16:68:58:13:b3:83:a8:46:6d:97:10:
                    56:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:5C:3F:E4:39:61:9B:D8:E3:7F:2C:72:D6:0F:EF:5E:84:A1:35:11
            X509v3 Authority Key Identifier:
                keyid:93:B2:98:19:78:88:56:96:CE:1C:2B:BF:4A:F9:9D:AD:C2:C6:18:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k7KYGXiIVpbOHCu_SvmdrcLGGOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/FFw_5Dlhm9jjfyxy1g_vXoShNRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/k7KYGXiIVpbOHCu_SvmdrcLGGOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.168.0/21
                  45.137.184.0/22
                  81.173.12.0/22
                  91.216.236.0/24
                  91.216.241.0/24
                  93.119.24.0/22
                  144.2.240.0/21
                  159.253.224.0/22
                  185.32.152.0/22
                  185.57.100.0/22
                  185.122.132.0/22
                  185.156.196.0/22
                IPv6:
                  2a04:b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:bf:7f:33:cd:82:eb:04:74:a3:12:91:a8:e2:e0:a9:fa:4f:
         4e:91:ce:e3:76:29:24:89:a6:c3:84:8d:4a:67:c4:bb:b7:88:
         ba:10:fd:69:06:e0:89:a1:57:88:4f:7f:ae:a3:5f:66:49:53:
         d4:8f:45:4b:c8:d1:73:88:ff:1a:87:0d:85:c4:e6:b2:9f:51:
         58:ba:e9:7f:36:d4:8f:f9:6f:d5:b5:d0:65:3c:25:37:c3:79:
         0b:ba:13:16:de:66:87:62:9e:2c:1c:ff:ab:ed:82:95:3f:31:
         a8:3c:4b:8b:0b:ae:fb:6e:f2:0e:9a:15:20:24:e8:4b:f0:4e:
         93:7f:ec:c5:95:38:2e:cb:96:bc:29:06:21:38:2a:47:f4:59:
         0e:9a:23:7e:b2:85:e1:36:06:7c:6d:46:9b:72:a0:cc:54:c2:
         38:10:7e:42:22:cc:20:f7:38:57:f3:97:ad:c0:5e:5f:82:69:
         87:82:c2:33:b2:1e:ed:26:5d:31:3b:41:98:ab:11:29:8b:b1:
         1a:00:57:53:c4:02:05:c8:99:e9:e5:5b:84:38:99:23:48:e6:
         bc:a8:48:96:38:6b:e5:03:db:74:f0:dd:94:59:44:96:57:7e:
         b8:f3:dc:6a:0a:3e:0c:05:a8:29:bb:47:3e:01:5e:03:7b:88:
         27:42:25:88
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYzJvAMFL2Rh3hceiRIVebmyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYjI5ODE5Nzg4ODU2OTZjZTFjMmJiZjRhZjk5ZGFkYzJj
NjE4ZWIwHhcNMjQwMTAyMTAzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDVjM2ZlNDM5NjE5YmQ4ZTM3ZjJjNzJkNjBmZWY1ZTg0YTEzNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8wG69w+SwQKSCzrlc0FM+FjuoFc
aRar3xloiRVqS0V8j3kumCOXumywSdO2uiNmUQ1qoHUd+yh3rHqsVKacpyk5uOF+
Cq/BS6BnFPHyuIJKFSAu2byZJoh7GrKX3+d6Fq+ugIcOu0apYGhkFhhVnFG9+8Av
mQ2fiJob41xuj6RAI0x1ovb1yjsCK+Ia+rbuFsP282lA9IzgrFnsceEGlc/F9cdo
wbecpO3BisZrEb3jh4q4seTa3YJVwjtB18D9pf94zi/DvPJUHtvyq7ixVMmOd6Ld
y5x6XbRjbcLR+9OrdGuzGr/7wAQbHapNLOE/mAN0FmhYE7ODqEZtlxBWrQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFBRcP+Q5YZvY438sctYP716EoTURMB8GA1UdIwQY
MBaAFJOymBl4iFaWzhwrv0r5na3CxhjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazdLWUdYaUlWcGJPSEN1X1N2bWRyY0xHR09zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83OTg2YTktNGU0Ni00YzMzLTkyYzkt
MzFjOTVlMmExZDZmLzEvRkZ3XzVEbGhtOWpqZnl4eTFnX3ZYb1NoTlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83OTg2YTktNGU0Ni00YzMzLTkyYzktMzFjOTVlMmExZDZm
LzEvazdLWUdYaUlWcGJPSEN1X1N2bWRyY0xHR09zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDBZWoAwQC
LYm4AwQCUa0MAwQAW9jsAwQAW9jxAwQCXXcYAwQDkALwAwQCn/3gAwQCuSCYAwQC
uTlkAwQCuXqEAwQCuZzEMA0EAgACMAcDBQMqBAsAMA0GCSqGSIb3DQEBCwUAA4IB
AQCAv38zzYLrBHSjEpGo4uCp+k9Okc7jdikkiabDhI1KZ8S7t4i6EP1pBuCJoVeI
T3+uo19mSVPUj0VLyNFziP8ahw2FxOayn1FYuul/NtSP+W/VtdBlPCU3w3kLuhMW
3maHYp4sHP+r7YKVPzGoPEuLC677bvIOmhUgJOhL8E6Tf+zFlTguy5a8KQYhOCpH
9FkOmiN+soXhNgZ8bUabcqDMVMI4EH5CIswg9zhX85etwF5fgmmHgsIzsh7tJl0x
O0GYqxEpi7EaAFdTxAIFyJnp5VuEOJkjSOa8qEiWOGvlA9t08N2UWUSWV36489xq
Cj4MBagpu0c+AV4De4gnQiWI
-----END CERTIFICATE-----