Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/aIx7tuQcBsuNhbood2skxFPMxFY.roa
File:                     aIx7tuQcBsuNhbood2skxFPMxFY.roa (raw, json)
Hash identifier:          cF2ND4uABbOTAQ/nJWcdgxzb0ZIatpFzF3O/87fKzzw=
Subject key identifier:   68:8C:7B:B6:E4:1C:06:CB:8D:85:BA:28:77:6B:24:C4:53:CC:C4:56
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0195F4AF16554F7639E32BEFFF0969B41807
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/aIx7tuQcBsuNhbood2skxFPMxFY.roa
Signing time:             Wed 02 Apr 2025 04:07:50 +0000
ROA not before:           Wed 02 Apr 2025 04:07:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        5.83.150.0/24 maxlen: 24
                          5.231.70.0/24 maxlen: 24
                          5.231.82.0/24 maxlen: 24
                          77.90.22.0/24 maxlen: 24
                          77.90.39.0/24 maxlen: 24
                          77.90.41.0/24 maxlen: 24
                          77.90.58.0/24 maxlen: 24
                          89.106.70.0/24 maxlen: 24
                          89.144.7.0/24 maxlen: 24
                          89.144.8.0/24 maxlen: 24
                          89.144.16.0/24 maxlen: 24
                          89.144.25.0/24 maxlen: 24
                          89.144.35.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 02 Apr 2025 05:54:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f4:af:16:55:4f:76:39:e3:2b:ef:ff:09:69:b4:18:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  2 04:07:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=688c7bb6e41c06cb8d85ba28776b24c453ccc456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1d:c5:11:da:05:bb:b4:1c:a8:e5:e9:8b:86:
                    37:1c:4f:9f:5b:5f:86:a9:c2:1d:06:2e:4d:1a:6e:
                    b2:6c:3d:ce:8c:3a:e1:5c:eb:db:17:79:99:89:0c:
                    de:60:bc:6c:1b:ec:04:76:4f:d2:3c:63:eb:3a:d6:
                    2a:41:bc:dc:79:e6:1c:ed:e6:48:5b:f8:a1:19:c8:
                    af:10:0d:5a:e8:5a:ec:5b:92:fd:f5:5f:22:8d:e5:
                    2f:67:67:87:b9:8f:5b:2a:02:e9:d3:d5:68:09:9c:
                    9f:cb:77:d2:f0:3d:5b:fc:f8:85:4b:6a:ac:47:13:
                    a4:15:5b:d4:4b:7a:7a:32:bc:fe:0e:24:bd:98:b5:
                    51:9b:4d:d5:e6:2b:c7:57:1a:2a:6d:0e:f8:a9:e5:
                    85:40:ad:42:81:e5:89:6e:38:65:19:94:31:48:61:
                    3c:f2:b5:8b:a1:88:58:e0:74:41:6f:92:6f:d6:8c:
                    b2:52:08:21:ca:98:e3:83:a6:1f:13:9c:fe:df:b1:
                    a1:76:fe:69:d3:14:c2:6c:4a:3e:6a:35:ff:91:c7:
                    1d:43:9a:e8:74:45:80:1a:08:8b:f9:9e:29:3c:ba:
                    2b:9d:c9:51:26:55:5e:9a:45:a3:30:8e:0c:72:ec:
                    d1:ae:28:77:cd:f4:e9:4a:38:06:3b:a4:48:0f:f8:
                    bc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:8C:7B:B6:E4:1C:06:CB:8D:85:BA:28:77:6B:24:C4:53:CC:C4:56
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/aIx7tuQcBsuNhbood2skxFPMxFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.150.0/24
                  5.231.70.0/24
                  5.231.82.0/24
                  77.90.22.0/24
                  77.90.39.0/24
                  77.90.41.0/24
                  77.90.58.0/24
                  89.106.70.0/24
                  89.144.7.0-89.144.8.255
                  89.144.16.0/24
                  89.144.25.0/24
                  89.144.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:fd:81:a9:28:68:19:13:75:a8:66:5d:56:53:61:54:4e:d5:
         b6:70:dd:09:3f:8b:ec:3f:c1:9f:17:26:fc:c8:7d:87:61:bc:
         4e:19:0d:20:07:f5:c3:c5:a0:7c:98:a4:aa:c6:0a:00:e4:61:
         cd:d7:e7:a1:f6:01:d2:a4:b2:1c:33:55:44:f8:96:34:16:90:
         2e:bb:24:4a:54:14:c1:50:a2:f5:95:11:15:f5:59:c7:bb:b1:
         14:dd:97:7e:98:53:df:61:b3:53:31:94:e8:53:6b:01:2b:f2:
         6a:ba:75:e0:e6:d5:5a:9d:67:73:81:31:30:37:98:b6:3d:09:
         f1:ab:95:31:cb:c2:c1:0f:89:19:9b:83:59:80:83:00:6c:84:
         23:d7:80:00:e6:7b:3b:a1:b0:e4:df:8d:a4:b5:ce:74:93:5c:
         5e:48:a3:03:f3:28:c6:30:10:15:8b:58:90:57:20:c8:d3:51:
         94:2e:1f:52:f0:77:28:38:60:92:7a:5e:69:7d:ad:ea:2f:54:
         38:45:7b:1d:12:55:60:ab:f9:17:0e:36:a4:b9:51:91:bf:a5:
         2e:b0:82:8d:e9:34:62:b0:98:e2:da:ca:1e:29:ed:12:72:b0:
         23:6c:58:63:a9:32:67:0f:41:c8:97:a3:95:3e:2f:b2:19:eb:
         18:03:49:03
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZX0rxZVT3Y54yvv/wlptBgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDAyMDQwNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhjN2JiNmU0MWMwNmNiOGQ4NWJhMjg3NzZiMjRjNDUzY2NjNDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx3FEdoFu7QcqOXpi4Y3HE+fW1+G
qcIdBi5NGm6ybD3OjDrhXOvbF3mZiQzeYLxsG+wEdk/SPGPrOtYqQbzceeYc7eZI
W/ihGcivEA1a6FrsW5L99V8ijeUvZ2eHuY9bKgLp09VoCZyfy3fS8D1b/PiFS2qs
RxOkFVvUS3p6Mrz+DiS9mLVRm03V5ivHVxoqbQ74qeWFQK1CgeWJbjhlGZQxSGE8
8rWLoYhY4HRBb5Jv1oyyUgghypjjg6YfE5z+37Ghdv5p0xTCbEo+ajX/kccdQ5ro
dEWAGgiL+Z4pPLornclRJlVemkWjMI4McuzRrih3zfTpSjgGO6RID/i8RwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFGiMe7bkHAbLjYW6KHdrJMRTzMRWMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvYUl4N3R1UWNCc3VOaGJvb2Qyc2t4RlBNeEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQABVOWAwQA
BedGAwQABedSAwQATVoWAwQATVonAwQATVopAwQATVo6AwQAWWpGMAwDBABZkAcD
BABZkAgDBABZkBADBABZkBkDBABZkCMwDQYJKoZIhvcNAQELBQADggEBABT9gako
aBkTdahmXVZTYVRO1bZw3Qk/i+w/wZ8XJvzIfYdhvE4ZDSAH9cPFoHyYpKrGCgDk
Yc3X56H2AdKkshwzVUT4ljQWkC67JEpUFMFQovWVERX1Wce7sRTdl36YU99hs1Mx
lOhTawEr8mq6deDm1VqdZ3OBMTA3mLY9CfGrlTHLwsEPiRmbg1mAgwBshCPXgADm
ezuhsOTfjaS1znSTXF5IowPzKMYwEBWLWJBXIMjTUZQuH1Lwdyg4YJJ6Xml9reov
VDhFex0SVWCr+RcONqS5UZG/pS6wgo3pNGKwmOLayh4p7RJysCNsWGOpMmcPQciX
o5U+L7IZ6xgDSQM=
-----END CERTIFICATE-----