Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/JuWJ25XR2-7b3cyk3ldEkjNegOk.roa
File:                     JuWJ25XR2-7b3cyk3ldEkjNegOk.roa (raw, json)
Hash identifier:          VQwH3RzmlrhDYwoasCj6yMDbqUXYGAaWEr80yjvQoj4=
Subject key identifier:   26:E5:89:DB:95:D1:DB:EE:DB:DD:CC:A4:DE:57:44:92:33:5E:80:E9
Certificate issuer:       /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial:       01948818FD306B3102BC81FC0D7E3FA6A3B4
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/JuWJ25XR2-7b3cyk3ldEkjNegOk.roa
Signing time:             Tue 21 Jan 2025 09:02:06 +0000
ROA not before:           Tue 21 Jan 2025 09:02:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196755
IP address blocks:        80.251.108.0/22 maxlen: 22
                          80.251.108.0/23 maxlen: 23
                          80.251.110.0/23 maxlen: 23
                          157.143.248.0/21 maxlen: 21
                          178.157.18.0/23 maxlen: 23
                          178.157.20.0/22 maxlen: 22
                          178.157.24.0/23 maxlen: 23
                          178.157.26.0/23 maxlen: 23
                          178.157.28.0/22 maxlen: 22
                          178.157.40.0/22 maxlen: 22
                          178.157.44.0/22 maxlen: 22
                          178.174.106.0/23 maxlen: 23
                          178.174.108.0/23 maxlen: 24
                          217.181.251.0/24 maxlen: 24
                          217.181.252.0/23 maxlen: 23
Validation:               Failed, certificate revoked on Thu 23 Jan 2025 17:49:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:18:fd:30:6b:31:02:bc:81:fc:0d:7e:3f:a6:a3:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
        Validity
            Not Before: Jan 21 09:02:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26e589db95d1dbeedbddcca4de574492335e80e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:73:ae:81:95:f0:36:50:16:d2:a2:a8:a4:74:
                    c1:99:1e:b3:25:c7:e5:00:da:99:23:2f:3f:51:ac:
                    23:8f:fd:58:92:65:9c:98:0e:94:52:02:40:50:57:
                    cc:7a:3b:01:8e:9a:fc:f9:ff:99:6a:3d:bb:23:98:
                    a5:56:87:85:7a:47:03:27:12:3e:8e:ef:7d:ae:cf:
                    66:62:64:2a:ee:6e:67:0a:ba:ea:c6:f8:d7:fe:5c:
                    f1:93:02:a9:64:e3:22:1a:57:0b:78:09:13:f8:e7:
                    a9:5a:fb:de:fa:4e:57:23:a8:ca:91:4f:45:8f:cb:
                    a7:c0:7f:76:1a:43:2c:a1:01:1f:ac:c6:b9:0b:24:
                    ec:9b:9a:4c:be:33:ce:30:8d:ae:2d:71:99:5d:56:
                    fe:64:c6:d1:ee:29:8a:ab:50:1e:10:9a:32:68:e9:
                    a0:08:c1:28:8d:e2:06:33:0b:8f:7e:3e:32:e7:4b:
                    2e:66:60:96:74:cb:df:df:19:0f:34:31:cd:be:a8:
                    60:4e:fc:b6:cf:aa:60:c5:2a:70:33:32:1a:e6:aa:
                    16:4b:e0:2e:0a:eb:07:58:c7:c6:55:53:b3:4b:72:
                    6b:1e:e9:78:7d:79:96:ba:d5:2c:9d:8d:46:db:12:
                    42:6a:5a:83:ca:28:2d:07:2a:dd:b7:63:e4:4d:0a:
                    02:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E5:89:DB:95:D1:DB:EE:DB:DD:CC:A4:DE:57:44:92:33:5E:80:E9
            X509v3 Authority Key Identifier:
                keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/JuWJ25XR2-7b3cyk3ldEkjNegOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.108.0/22
                  157.143.248.0/21
                  178.157.18.0-178.157.31.255
                  178.157.40.0/21
                  178.174.106.0-178.174.109.255
                  217.181.251.0-217.181.253.255

    Signature Algorithm: sha256WithRSAEncryption
         a4:07:98:4b:83:b6:9f:91:cf:3c:4b:ee:ee:85:40:7d:4f:e1:
         1d:5e:da:82:68:7f:cb:1e:eb:3a:cd:5f:1e:2d:3e:55:de:f4:
         d6:5a:82:48:37:03:b0:b8:b8:77:bd:a5:9c:ad:67:44:b1:e8:
         be:32:2b:8f:64:5e:f3:f8:86:fb:63:d4:83:4d:36:29:ae:ca:
         5e:4e:01:eb:96:c8:62:38:ac:59:b6:25:2e:e1:f1:bc:81:9b:
         4a:c9:e6:64:35:8e:22:ef:2e:f4:c3:20:75:f0:d3:41:5a:ab:
         4f:65:54:cb:71:a8:72:9d:f9:fd:1e:4d:77:4d:60:26:9a:06:
         04:80:2b:49:ef:c2:bc:73:90:3c:22:a4:7e:d4:3f:7f:aa:0e:
         db:bb:b0:4f:74:65:5c:43:ce:fc:9a:45:de:c3:f0:d5:0e:2d:
         2b:f7:1d:d8:c9:a6:8d:db:98:89:30:fb:27:55:94:d3:60:e9:
         63:25:bd:bf:b8:f6:e7:81:e2:b4:5c:84:34:58:a2:a3:f3:ce:
         ec:e4:1e:2e:f2:60:bd:11:c3:6c:e1:cd:7c:4b:2a:cb:a7:5d:
         ef:2e:5f:09:15:13:4e:ce:10:87:48:a2:7e:a1:eb:3e:55:44:
         bf:2c:c7:f9:40:91:c7:8d:83:71:bc:96:0b:6e:e4:c3:56:59:
         a0:26:30:ce
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZSIGP0wazECvIH8DX4/pqO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMTIxMDkwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmU1ODlkYjk1ZDFkYmVlZGJkZGNjYTRkZTU3NDQ5MjMzNWU4MGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nOugZXwNlAW0qKopHTBmR6zJcfl
ANqZIy8/Uawjj/1YkmWcmA6UUgJAUFfMejsBjpr8+f+Zaj27I5ilVoeFekcDJxI+
ju99rs9mYmQq7m5nCrrqxvjX/lzxkwKpZOMiGlcLeAkT+OepWvve+k5XI6jKkU9F
j8unwH92GkMsoQEfrMa5CyTsm5pMvjPOMI2uLXGZXVb+ZMbR7imKq1AeEJoyaOmg
CMEojeIGMwuPfj4y50suZmCWdMvf3xkPNDHNvqhgTvy2z6pgxSpwMzIa5qoWS+Au
CusHWMfGVVOzS3JrHul4fXmWutUsnY1G2xJCalqDyigtByrdt2PkTQoCRQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCbliduV0dvu293MpN5XRJIzXoDpMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvSnVXSjI1WFIyLTdiM2N5azNsZEVrak5lZ09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCUPtsAwQD
nY/4MAwDBAGynRIDBAWynQADBAOynSgwDAMEAbKuagMEAbKubDAMAwQA2bX7AwQB
2bX8MA0GCSqGSIb3DQEBCwUAA4IBAQCkB5hLg7afkc88S+7uhUB9T+EdXtqCaH/L
Hus6zV8eLT5V3vTWWoJINwOwuLh3vaWcrWdEsei+MiuPZF7z+Ib7Y9SDTTYprspe
TgHrlshiOKxZtiUu4fG8gZtKyeZkNY4i7y70wyB18NNBWqtPZVTLcahynfn9Hk13
TWAmmgYEgCtJ78K8c5A8IqR+1D9/qg7bu7BPdGVcQ878mkXew/DVDi0r9x3YyaaN
25iJMPsnVZTTYOljJb2/uPbngeK0XIQ0WKKj887s5B4u8mC9EcNs4c18SyrLp13v
Ll8JFRNOzhCHSKJ+oes+VUS/LMf5QJHHjYNxvJYLbuTDVlmgJjDO
-----END CERTIFICATE-----