Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wdgkY0LFdTkURq29jFBu9cwLVU0.roa
File:                     wdgkY0LFdTkURq29jFBu9cwLVU0.roa (raw, json)
Hash identifier:          c8MYZg1yJhfGZ9jZ0IptVf7tUJn6YCb6THGwz+InGLc=
Subject key identifier:   C1:D8:24:63:42:C5:75:39:14:46:AD:BD:8C:50:6E:F5:CC:0B:55:4D
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0195471FD355771EE8A83A377456B91DDD5C
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wdgkY0LFdTkURq29jFBu9cwLVU0.roa
Signing time:             Thu 27 Feb 2025 11:17:02 +0000
ROA not before:           Thu 27 Feb 2025 11:17:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        5.231.232.0/24 maxlen: 24
                          5.231.233.0/24 maxlen: 24
                          77.90.3.0/24 maxlen: 24
                          77.90.28.0/24 maxlen: 24
                          89.106.92.0/24 maxlen: 24
                          89.106.93.0/24 maxlen: 24
                          89.106.94.0/24 maxlen: 24
                          89.106.95.0/24 maxlen: 24
                          89.144.33.0/24 maxlen: 24
                          89.144.46.0/24 maxlen: 24
                          89.144.47.0/24 maxlen: 24
                          89.144.48.0/24 maxlen: 24
                          89.144.49.0/24 maxlen: 24
                          89.144.50.0/24 maxlen: 24
                          89.144.51.0/24 maxlen: 24
                          89.144.52.0/24 maxlen: 24
                          89.144.53.0/24 maxlen: 24
                          89.144.54.0/24 maxlen: 24
                          89.144.55.0/24 maxlen: 24
                          89.144.58.0/24 maxlen: 24
                          89.144.59.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 27 Feb 2025 16:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:47:1f:d3:55:77:1e:e8:a8:3a:37:74:56:b9:1d:dd:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 27 11:17:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1d8246342c575391446adbd8c506ef5cc0b554d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b9:01:68:b0:27:3a:fd:8e:a2:08:2b:27:a8:
                    bc:58:87:16:a0:c1:95:b4:f1:b6:29:ac:58:bb:bb:
                    10:41:f9:a1:15:77:0a:e9:c6:e7:40:1a:b5:ea:24:
                    fa:35:b6:03:4d:9f:a9:77:fa:31:31:95:a2:ab:cc:
                    f6:cc:62:d7:05:a2:69:e2:34:2a:29:bb:9c:3c:b3:
                    03:8e:55:6f:16:fc:3b:85:fb:0f:16:cf:41:88:c8:
                    6f:5a:fd:a5:96:df:87:e2:81:36:22:a1:da:e8:55:
                    fa:54:d0:8d:49:40:a4:b7:20:fd:ec:82:72:74:ad:
                    b5:75:4c:c8:fa:b2:dc:b8:86:90:72:ea:c5:ad:d9:
                    7e:96:c9:6d:34:68:62:e8:5e:fe:d5:a9:87:b7:15:
                    59:41:ed:52:aa:44:48:b0:80:6c:b6:26:85:60:a8:
                    6b:3d:1d:00:26:6d:c0:4e:b0:6f:06:5f:14:ea:6f:
                    d5:64:42:ec:02:9e:fe:15:b3:dc:af:6f:dd:92:39:
                    3f:32:7b:77:f7:8e:1d:c4:3a:06:e7:95:5a:b2:77:
                    ed:fd:15:7a:41:a8:af:30:31:08:2f:57:8f:3f:55:
                    12:09:7b:38:1f:51:57:b0:b7:00:ae:15:86:f4:bf:
                    13:8f:d2:70:64:4a:3a:2e:66:ca:12:8b:95:4f:9a:
                    47:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D8:24:63:42:C5:75:39:14:46:AD:BD:8C:50:6E:F5:CC:0B:55:4D
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wdgkY0LFdTkURq29jFBu9cwLVU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.232.0/23
                  77.90.3.0/24
                  77.90.28.0/24
                  89.106.92.0/22
                  89.144.33.0/24
                  89.144.46.0-89.144.55.255
                  89.144.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:b8:c8:30:66:39:15:1f:83:1f:91:40:8c:ee:30:ad:0a:84:
         d0:76:e3:71:60:29:4e:d3:d9:17:fa:d8:24:16:ab:dc:8e:2e:
         61:a7:07:89:d1:d8:f9:f6:22:84:e7:01:fb:dc:26:9e:b0:a8:
         70:f1:ca:50:a1:f2:e3:c2:9b:68:98:f8:bf:a5:14:6b:62:da:
         49:07:c3:2b:99:2b:d5:ce:ec:a7:4a:d1:1b:12:0e:7d:1b:53:
         24:e7:b6:d3:26:e3:2a:16:d1:d1:7a:b5:91:97:2c:5b:02:5e:
         af:93:a3:22:be:8a:5e:2f:a6:6c:b8:0a:18:62:cb:6e:9d:e5:
         46:22:05:98:79:24:7a:fc:a2:85:de:79:2f:b1:88:fb:2a:25:
         f2:c7:c5:4c:83:39:c4:70:f2:81:c2:a7:a1:5d:50:28:b7:51:
         ec:a1:e2:c6:7d:8d:78:00:4c:fc:db:a2:01:27:5c:46:d7:c0:
         93:fb:b7:f0:1c:f3:5a:44:af:b6:d8:d1:93:61:07:5c:cc:92:
         5d:e4:c1:bb:98:66:18:f2:4f:13:14:00:85:00:0a:7c:aa:04:
         66:6d:86:64:bf:6d:22:5b:92:f3:4b:e4:44:a3:12:7d:9b:81:
         6f:22:e0:47:a2:d9:54:4f:76:92:70:a7:91:a3:8a:cd:c2:a9:
         32:f9:6c:0c
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZVHH9NVdx7oqDo3dFa5Hd1cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMjI3MTExNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQ4MjQ2MzQyYzU3NTM5MTQ0NmFkYmQ4YzUwNmVmNWNjMGI1NTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7kBaLAnOv2OoggrJ6i8WIcWoMGV
tPG2KaxYu7sQQfmhFXcK6cbnQBq16iT6NbYDTZ+pd/oxMZWiq8z2zGLXBaJp4jQq
KbucPLMDjlVvFvw7hfsPFs9BiMhvWv2llt+H4oE2IqHa6FX6VNCNSUCktyD97IJy
dK21dUzI+rLcuIaQcurFrdl+lsltNGhi6F7+1amHtxVZQe1SqkRIsIBstiaFYKhr
PR0AJm3ATrBvBl8U6m/VZELsAp7+FbPcr2/dkjk/Mnt3944dxDoG55Vasnft/RV6
QaivMDEIL1ePP1USCXs4H1FXsLcArhWG9L8Tj9JwZEo6LmbKEouVT5pHwwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFMHYJGNCxXU5FEatvYxQbvXMC1VNMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvd2Rna1kwTEZkVGtVUnEyOWpGQnU5Y3dMVlUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBBefoAwQA
TVoDAwQATVocAwQCWWpcAwQAWZAhMAwDBAFZkC4DBANZkDADBAFZkDowDQYJKoZI
hvcNAQELBQADggEBACW4yDBmORUfgx+RQIzuMK0KhNB243FgKU7T2Rf62CQWq9yO
LmGnB4nR2Pn2IoTnAfvcJp6wqHDxylCh8uPCm2iY+L+lFGti2kkHwyuZK9XO7KdK
0RsSDn0bUyTnttMm4yoW0dF6tZGXLFsCXq+ToyK+il4vpmy4Chhiy26d5UYiBZh5
JHr8ooXeeS+xiPsqJfLHxUyDOcRw8oHCp6FdUCi3Ueyh4sZ9jXgATPzbogEnXEbX
wJP7t/Ac81pEr7bY0ZNhB1zMkl3kwbuYZhjyTxMUAIUACnyqBGZthmS/bSJbkvNL
5ESjEn2bgW8i4Eei2VRPdpJwp5Gjis3CqTL5bAw=
-----END CERTIFICATE-----