Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UjLwaePfDDIsUWL8hib132TxbGY.roa
File:                     UjLwaePfDDIsUWL8hib132TxbGY.roa (raw, json)
Hash identifier:          nWiu2m3LecYQbknoxs+uQetuItPbvPBkED+1mI9PhBk=
Subject key identifier:   52:32:F0:69:E3:DF:0C:32:2C:51:62:FC:86:26:F5:DF:64:F1:6C:66
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019459DB4CC26587F0F2D76C8BD3688D1C58
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UjLwaePfDDIsUWL8hib132TxbGY.roa
Signing time:             Sun 12 Jan 2025 09:32:11 +0000
ROA not before:           Sun 12 Jan 2025 09:32:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34872
IP address blocks:        45.154.97.0/24 maxlen: 24
                          45.154.99.0/24 maxlen: 24
                          62.3.50.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0c:b641:50::/44 maxlen: 48
                          2a0c:b641:60::/44 maxlen: 48
                          2a0c:b641:530::/44 maxlen: 48
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48
                          2a0c:b641:820::/44 maxlen: 48
                          2a0d:ef07::/32 maxlen: 48
                          2a0f:8400::/32 maxlen: 48
Validation:               Failed, certificate revoked on Sat 01 Feb 2025 19:53:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:59:db:4c:c2:65:87:f0:f2:d7:6c:8b:d3:68:8d:1c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 12 09:32:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5232f069e3df0c322c5162fc8626f5df64f16c66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0f:e9:2e:af:fe:b7:f4:56:e5:b7:53:c0:40:
                    9f:cd:09:21:ba:fc:35:0a:eb:54:5d:31:36:78:ee:
                    76:7e:65:5e:7b:31:0a:85:c7:ae:65:54:40:39:23:
                    e1:23:9d:c3:db:c5:3b:63:b8:0a:f6:bc:79:87:42:
                    60:3b:0d:14:0d:35:ec:2d:f9:30:aa:84:ea:22:fb:
                    f8:d4:8a:2b:b5:9d:6b:22:95:7e:5c:7a:35:8a:3b:
                    b1:8f:62:37:0a:87:3b:08:56:65:7b:d1:ff:68:40:
                    3f:99:34:c8:96:b4:51:da:d2:72:39:6e:8a:65:3a:
                    52:63:f6:2b:d2:36:f4:eb:59:4b:db:5f:3c:4a:78:
                    7f:05:66:24:92:3b:17:db:0c:03:0e:b5:f7:e4:b4:
                    41:bf:5f:06:f7:48:db:9c:41:54:f7:41:50:f4:f1:
                    11:77:11:1a:e2:c8:f0:51:d4:89:ee:6e:c7:c9:49:
                    17:d4:f8:06:97:bc:44:87:8a:57:32:fa:66:e6:ad:
                    10:d0:e4:14:8d:8e:4f:64:91:df:da:63:9b:97:52:
                    ef:f7:5b:8a:17:31:bc:72:53:9e:ed:cd:6d:cd:7d:
                    50:5b:81:68:78:e4:65:04:5c:b0:ac:ce:32:28:7b:
                    ca:20:cf:d5:6a:4d:79:f9:af:b8:83:d8:d2:81:39:
                    fc:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:32:F0:69:E3:DF:0C:32:2C:51:62:FC:86:26:F5:DF:64:F1:6C:66
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UjLwaePfDDIsUWL8hib132TxbGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  45.154.99.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:50::-2a0c:b641:6f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:530::-2a0c:b641:54f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:70f::/48
                  2a0c:b641:820::/44
                  2a0d:ef07::/32
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:d3:41:81:02:aa:8c:bb:1f:4b:54:c4:b5:28:2e:4b:45:f8:
         87:01:0f:37:6f:3c:5e:f7:90:e4:93:47:57:88:a8:9e:b6:90:
         a7:f8:2c:1a:63:5d:a1:7f:13:81:ba:c6:d5:e4:b2:de:ad:bf:
         c8:23:b1:d6:15:54:a0:af:ce:88:3c:6c:dc:76:b9:6f:33:19:
         fe:a0:2b:84:d2:0b:46:ca:7e:cb:89:df:d8:b6:5d:6d:df:56:
         68:01:ff:1b:a7:ae:d9:77:45:26:03:9b:06:90:40:1a:45:f6:
         4e:20:aa:1d:e6:9a:73:0d:ee:ab:10:ad:7e:c0:7e:a2:88:d9:
         05:1f:5c:91:75:71:54:51:55:90:e8:ce:60:88:91:d0:8f:3c:
         f4:6f:09:3c:8a:da:5c:12:1b:bd:11:d6:4c:aa:17:c4:f1:e3:
         01:33:4f:4a:c4:77:0a:a0:43:10:e0:e2:ec:f6:96:9f:29:76:
         1b:54:fe:9c:13:8b:18:40:34:07:f8:1b:e2:28:21:2f:a0:9b:
         51:15:a7:eb:97:32:2c:53:36:d9:04:4e:44:22:ae:03:b8:96:
         2d:3c:9a:d3:a4:6a:85:dd:4e:83:8e:e8:2a:db:32:62:a7:be:
         3b:a0:c3:2e:cb:ed:e9:b7:9e:1a:63:bc:74:69:25:55:64:c4:
         50:bf:19:7d
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAZRZ20zCZYfw8tdsi9NojRxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTEyMDkzMjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjMyZjA2OWUzZGYwYzMyMmM1MTYyZmM4NjI2ZjVkZjY0ZjE2YzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQ/pLq/+t/RW5bdTwECfzQkhuvw1
CutUXTE2eO52fmVeezEKhceuZVRAOSPhI53D28U7Y7gK9rx5h0JgOw0UDTXsLfkw
qoTqIvv41IortZ1rIpV+XHo1ijuxj2I3Coc7CFZle9H/aEA/mTTIlrRR2tJyOW6K
ZTpSY/Yr0jb061lL2188Snh/BWYkkjsX2wwDDrX35LRBv18G90jbnEFU90FQ9PER
dxEa4sjwUdSJ7m7HyUkX1PgGl7xEh4pXMvpm5q0Q0OQUjY5PZJHf2mObl1Lv91uK
FzG8clOe7c1tzX1QW4FoeORlBFywrM4yKHvKIM/Vak15+a+4g9jSgTn8iwIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFFIy8Gnj3wwyLFFi/IYm9d9k8WxmMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVWpMd2FlUGZERElzVVdMOGhpYjEzMlR4YkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGVBggrBgEFBQcBBwEB/wSBhTCBgjAeBAIAATAYAwQALZph
AwQALZpjAwQAPgMyAwQBwhxiMGAEAgACMFowEAMFBioMtkADBwUqDLZBAAAwEgMH
BCoMtkEAUAMHBCoMtkEAYDASAwcEKgy2QQUwAwcEKgy2QQVAAwcAKgy2QQcPAwcE
Kgy2QQggAwUAKg3vBwMFACoPhAAwDQYJKoZIhvcNAQELBQADggEBAEjTQYECqoy7
H0tUxLUoLktF+IcBDzdvPF73kOSTR1eIqJ62kKf4LBpjXaF/E4G6xtXkst6tv8gj
sdYVVKCvzog8bNx2uW8zGf6gK4TSC0bKfsuJ39i2XW3fVmgB/xunrtl3RSYDmwaQ
QBpF9k4gqh3mmnMN7qsQrX7AfqKI2QUfXJF1cVRRVZDozmCIkdCPPPRvCTyK2lwS
G70R1kyqF8Tx4wEzT0rEdwqgQxDg4uz2lp8pdhtU/pwTixhANAf4G+IoIS+gm1EV
p+uXMixTNtkETkQirgO4li08mtOkaoXdToOO6CrbMmKnvjugwy7L7em3nhpjvHRp
JVVkxFC/GX0=
-----END CERTIFICATE-----