Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/0zQYWnX6ol0QC-0cIQDEyo9JMAA.roa
File:                     0zQYWnX6ol0QC-0cIQDEyo9JMAA.roa (raw, json)
Hash identifier:          9iBlispDM6DHAy0zgqmucArwWG+SqZnAMU/4y1f5K2w=
Subject key identifier:   D3:34:18:5A:75:FA:A2:5D:10:0B:ED:1C:21:00:C4:CA:8F:49:30:00
Certificate issuer:       /CN=f48b3f0c6a87c045bdcffabd900db8892be702e1
Certificate serial:       0193B5098DAE8B0041D6275622895699B56C
Authority key identifier: F4:8B:3F:0C:6A:87:C0:45:BD:CF:FA:BD:90:0D:B8:89:2B:E7:02:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Is_DGqHwEW9z_q9kA24iSvnAuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/0zQYWnX6ol0QC-0cIQDEyo9JMAA.roa
Signing time:             Wed 11 Dec 2024 09:25:22 +0000
ROA not before:           Wed 11 Dec 2024 09:25:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5539
IP address blocks:        82.118.32.0/19 maxlen: 19
                          185.54.120.0/22 maxlen: 22
                          185.54.188.0/22 maxlen: 22
                          193.149.32.0/19 maxlen: 19
                          194.97.64.0/19 maxlen: 19
                          194.97.128.0/19 maxlen: 19
                          195.24.96.0/19 maxlen: 19
                          195.30.0.0/16 maxlen: 16
                          2001:608::/32 maxlen: 32
                          2001:67c:158c::/48 maxlen: 48
                          2001:4150::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 13:48:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b5:09:8d:ae:8b:00:41:d6:27:56:22:89:56:99:b5:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f48b3f0c6a87c045bdcffabd900db8892be702e1
        Validity
            Not Before: Dec 11 09:25:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d334185a75faa25d100bed1c2100c4ca8f493000
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:c2:1e:61:60:25:0b:19:15:7e:f2:da:62:a9:
                    bf:7d:c3:a1:b6:95:85:11:c9:45:c6:c8:e4:d1:80:
                    94:c8:d4:75:69:b8:7d:8b:bd:22:0c:2e:76:45:a9:
                    c0:f6:ca:d2:85:a3:61:3b:75:a5:3d:a3:11:dd:9b:
                    35:e4:83:bf:b6:d3:d0:62:2b:dd:ec:26:df:64:ea:
                    5b:0b:bc:5f:f0:1f:97:82:82:c5:26:f9:e2:ee:b0:
                    2b:6b:4b:4b:e0:5d:06:d8:8d:4d:e4:5a:ab:47:7a:
                    26:e7:92:21:76:79:97:ee:28:2f:fd:1e:a3:da:98:
                    c5:d0:4e:eb:91:0b:76:69:18:d6:5d:0b:f4:1a:85:
                    5d:1a:bb:e2:93:82:75:a8:a8:85:c7:b8:81:c4:da:
                    5f:11:9b:9c:b4:3a:c3:96:05:60:47:eb:b0:d7:3c:
                    12:55:4b:4d:fd:0b:cd:f3:e1:fa:1c:8a:3e:e2:1a:
                    a6:c1:45:a2:b2:e5:95:48:c1:e0:4b:73:db:6f:16:
                    b2:65:7e:35:26:53:0f:23:77:28:e2:a8:c3:ef:e0:
                    e9:4f:5e:56:aa:9c:b0:08:60:fd:c4:c2:57:6e:0a:
                    db:51:b3:c9:ee:0a:f8:f0:17:fd:26:ee:d5:73:43:
                    2f:40:87:5f:c4:cc:4a:52:37:0f:94:d9:a6:8c:a2:
                    30:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:34:18:5A:75:FA:A2:5D:10:0B:ED:1C:21:00:C4:CA:8F:49:30:00
            X509v3 Authority Key Identifier:
                keyid:F4:8B:3F:0C:6A:87:C0:45:BD:CF:FA:BD:90:0D:B8:89:2B:E7:02:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Is_DGqHwEW9z_q9kA24iSvnAuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/0zQYWnX6ol0QC-0cIQDEyo9JMAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/2e2747-ad74-4d31-9256-d35edb9fdd21/1/9Is_DGqHwEW9z_q9kA24iSvnAuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.32.0/19
                  185.54.120.0/22
                  185.54.188.0/22
                  193.149.32.0/19
                  194.97.64.0/19
                  194.97.128.0/19
                  195.24.96.0/19
                  195.30.0.0/16
                IPv6:
                  2001:608::/32
                  2001:67c:158c::/48
                  2001:4150::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:68:59:96:9f:75:3c:77:64:0c:0a:08:f8:f0:59:a7:b2:a0:
         17:2a:65:f6:b0:38:8d:a0:74:a5:d4:07:70:44:c3:b6:fc:f3:
         ac:7c:d4:ba:c0:ba:c4:72:b1:13:5b:24:47:ec:6d:7a:85:2b:
         56:42:37:6a:48:69:d0:65:5f:e4:6b:c7:81:93:67:ee:3c:fd:
         6a:64:b1:60:09:7c:ea:13:a7:bf:ef:fe:cc:7e:9d:06:46:1b:
         b6:f9:81:f2:a9:20:32:72:65:e7:ee:ab:97:43:c2:58:44:c5:
         e3:d2:ad:76:21:d9:36:c9:58:02:91:21:ff:98:77:82:9f:73:
         2d:9a:db:28:29:96:01:ff:a9:e3:43:fc:f3:ad:87:fe:1b:0a:
         3e:1a:78:17:e4:02:26:1e:4a:97:66:20:83:36:79:4b:f3:2b:
         16:01:db:3b:15:09:d2:c5:cd:25:c5:c1:15:1c:af:62:e9:a1:
         26:ac:20:13:94:de:db:d8:e1:7c:0d:eb:b4:fb:97:9b:5a:21:
         13:c9:29:73:c1:3d:9c:30:01:e7:be:90:dc:58:e0:58:58:fa:
         29:d3:cd:21:85:d9:52:71:1a:bb:d3:d9:b7:95:53:f1:67:30:
         5e:78:8c:e8:ea:d4:fc:8d:1b:59:8c:48:c5:44:ca:e4:7d:02:
         0f:73:ee:9a
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZO1CY2uiwBB1idWIolWmbVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OGIzZjBjNmE4N2MwNDViZGNmZmFiZDkwMGRiODg5MmJl
NzAyZTEwHhcNMjQxMjExMDkyNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzM0MTg1YTc1ZmFhMjVkMTAwYmVkMWMyMTAwYzRjYThmNDkzMDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cIeYWAlCxkVfvLaYqm/fcOhtpWF
EclFxsjk0YCUyNR1abh9i70iDC52RanA9srShaNhO3WlPaMR3Zs15IO/ttPQYivd
7CbfZOpbC7xf8B+XgoLFJvni7rAra0tL4F0G2I1N5FqrR3om55IhdnmX7igv/R6j
2pjF0E7rkQt2aRjWXQv0GoVdGrvik4J1qKiFx7iBxNpfEZuctDrDlgVgR+uw1zwS
VUtN/QvN8+H6HIo+4hqmwUWisuWVSMHgS3PbbxayZX41JlMPI3co4qjD7+DpT15W
qpywCGD9xMJXbgrbUbPJ7gr48Bf9Ju7Vc0MvQIdfxMxKUjcPlNmmjKIw4QIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFNM0GFp1+qJdEAvtHCEAxMqPSTAAMB8GA1UdIwQY
MBaAFPSLPwxqh8BFvc/6vZANuIkr5wLhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUlzX0RHcUh3RVc5el9xOWtBMjRpU3ZuQXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8yZTI3NDctYWQ3NC00ZDMxLTkyNTYt
ZDM1ZWRiOWZkZDIxLzEvMHpRWVduWDZvbDBRQy0wY0lRREV5bzlKTUFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8yZTI3NDctYWQ3NC00ZDMxLTkyNTYtZDM1ZWRiOWZkZDIx
LzEvOUlzX0RHcUh3RVc5el9xOWtBMjRpU3ZuQXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA1BAIAATAvAwQFUnYgAwQC
uTZ4AwQCuTa8AwQFwZUgAwQFwmFAAwQFwmGAAwQFwxhgAwMAwx4wHQQCAAIwFwMF
ACABBggDBwAgAQZ8FYwDBQAgAUFQMA0GCSqGSIb3DQEBCwUAA4IBAQBVaFmWn3U8
d2QMCgj48FmnsqAXKmX2sDiNoHSl1AdwRMO2/POsfNS6wLrEcrETWyRH7G16hStW
QjdqSGnQZV/ka8eBk2fuPP1qZLFgCXzqE6e/7/7Mfp0GRhu2+YHyqSAycmXn7quX
Q8JYRMXj0q12Idk2yVgCkSH/mHeCn3MtmtsoKZYB/6njQ/zzrYf+Gwo+GngX5AIm
HkqXZiCDNnlL8ysWAds7FQnSxc0lxcEVHK9i6aEmrCATlN7b2OF8Deu0+5ebWiET
ySlzwT2cMAHnvpDcWOBYWPop080hhdlScRq709m3lVPxZzBeeIzo6tT8jRtZjEjF
RMrkfQIPc+6a
-----END CERTIFICATE-----