Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/s6oAeBS50nl5ljTj3s_Ov5bptrE.roa
File:                     s6oAeBS50nl5ljTj3s_Ov5bptrE.roa (raw, json)
Hash identifier:          XgiquuFoWJtA+7Xzw+tCdLli5chVnhfvTvNw1jtqSEQ=
Subject key identifier:   B3:AA:00:78:14:B9:D2:79:79:96:34:E3:DE:CF:CE:BF:96:E9:B6:B1
Certificate issuer:       /CN=ab30921d28c78ede81842f712e6cf72bde5a6080
Certificate serial:       018CC6B928622E6687BF080491C742499138
Authority key identifier: AB:30:92:1D:28:C7:8E:DE:81:84:2F:71:2E:6C:F7:2B:DE:5A:60:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qzCSHSjHjt6BhC9xLmz3K95aYIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/s6oAeBS50nl5ljTj3s_Ov5bptrE.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34960
IP address blocks:        194.126.145.0/24 maxlen: 24
                          194.126.144.0/23 maxlen: 23
                          194.126.144.0/24 maxlen: 24
                          185.122.48.0/22 maxlen: 22
                          185.122.48.0/24 maxlen: 24
                          5.149.4.0/24 maxlen: 24
                          5.149.3.0/24 maxlen: 24
                          5.149.2.0/24 maxlen: 24
                          5.149.1.0/24 maxlen: 24
                          5.149.0.0/24 maxlen: 24
                          5.149.0.0/21 maxlen: 21
                          185.120.92.0/24 maxlen: 24
                          5.149.7.0/24 maxlen: 24
                          5.149.6.0/24 maxlen: 24
                          5.149.5.0/24 maxlen: 24
                          2a01:48c0::/32 maxlen: 32
                          2a01:48c0:200::/40 maxlen: 40
                          2a01:48c0:100::/40 maxlen: 40
                          2a01:48c0::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 03:48:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:28:62:2e:66:87:bf:08:04:91:c7:42:49:91:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab30921d28c78ede81842f712e6cf72bde5a6080
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3aa007814b9d279799634e3decfcebf96e9b6b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:85:b6:fc:0d:45:50:d4:65:33:bc:7f:d4:da:
                    37:e5:f7:ff:e8:70:c5:13:e1:bb:0e:ae:47:73:1a:
                    2d:85:db:b3:62:47:09:1e:1b:77:37:f7:fa:e8:6a:
                    ad:13:57:6b:97:fe:18:f5:eb:13:f1:36:ae:4a:2f:
                    f7:d6:ef:16:5a:c0:bc:14:08:ca:df:af:73:f3:fd:
                    9f:6e:c8:4c:a5:c2:03:49:c6:6e:1a:0d:e0:e2:e3:
                    8a:a8:6a:90:5f:f5:7b:41:a8:03:26:7d:e7:e2:59:
                    27:10:eb:3c:c4:5d:47:49:88:e5:b3:c3:ea:cf:5e:
                    ae:e3:8d:f5:c8:56:27:58:5f:50:8f:f1:4a:09:0a:
                    2a:70:7a:06:9f:02:0c:ea:05:f3:69:9d:18:53:e2:
                    cc:92:85:94:16:ec:6f:e1:58:67:4e:15:09:4f:a8:
                    dd:72:6a:2e:bb:ec:ca:4c:d9:49:d1:a1:a3:64:5f:
                    6a:fb:28:a1:ff:b7:47:11:3c:1b:2e:2f:8d:94:f6:
                    a6:db:95:c5:81:77:57:5f:cb:3a:92:66:a8:1d:0b:
                    ef:a6:05:7a:6d:5a:20:37:d1:ed:0f:8a:07:a4:0b:
                    41:0f:64:d8:47:b5:13:33:44:32:15:c9:17:7d:dd:
                    45:82:b1:90:43:5a:50:9f:87:cd:86:14:f9:0e:53:
                    45:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:AA:00:78:14:B9:D2:79:79:96:34:E3:DE:CF:CE:BF:96:E9:B6:B1
            X509v3 Authority Key Identifier:
                keyid:AB:30:92:1D:28:C7:8E:DE:81:84:2F:71:2E:6C:F7:2B:DE:5A:60:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qzCSHSjHjt6BhC9xLmz3K95aYIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/s6oAeBS50nl5ljTj3s_Ov5bptrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/qzCSHSjHjt6BhC9xLmz3K95aYIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.0.0/21
                  185.120.92.0/24
                  185.122.48.0/22
                  194.126.144.0/23
                IPv6:
                  2a01:48c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:72:4c:6b:ac:37:60:5e:75:47:57:e6:69:11:7d:ad:7e:bd:
         d2:4a:ba:2e:19:31:00:e8:6e:d5:ab:33:6b:8b:c5:c6:f2:0d:
         6f:65:43:41:25:47:d1:cf:e6:8d:03:b6:89:fa:0d:5d:f2:bd:
         8c:e0:77:a0:b2:ba:21:27:5f:23:f2:2e:3a:e1:38:81:b9:81:
         85:8e:9d:96:8b:17:91:b9:79:44:b3:89:dc:06:37:1f:51:fd:
         1a:ca:bb:f7:53:e3:24:32:82:85:43:80:d5:db:b9:20:6c:25:
         03:8e:d7:de:20:1f:e1:06:ef:d6:a5:2d:9b:cc:b6:7d:b0:14:
         c7:02:29:91:06:77:94:60:ba:d3:b1:57:97:05:f0:bb:72:64:
         8e:a1:93:1f:cf:9f:e2:97:bf:73:c1:a5:26:3f:59:34:92:ab:
         15:a4:1f:15:05:91:1e:fc:0f:c3:04:43:22:00:98:76:df:8c:
         14:bd:b9:5e:d7:21:69:3a:af:dc:c1:22:c3:11:be:08:8b:06:
         41:89:4a:40:c8:6c:ea:13:fc:ee:a0:02:dc:d0:ad:e2:71:68:
         a2:a8:4d:47:ea:2f:14:66:3c:f3:76:f2:e6:87:be:b2:b1:02:
         a0:aa:3c:e8:b7:da:be:ce:1d:91:84:8f:02:b8:d4:fc:62:5b:
         23:da:c3:c4
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzGuShiLmaHvwgEkcdCSZE4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMzA5MjFkMjhjNzhlZGU4MTg0MmY3MTJlNmNmNzJiZGU1
YTYwODAwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2FhMDA3ODE0YjlkMjc5Nzk5NjM0ZTNkZWNmY2ViZjk2ZTliNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIW2/A1FUNRlM7x/1No35ff/6HDF
E+G7Dq5HcxothduzYkcJHht3N/f66GqtE1drl/4Y9esT8TauSi/31u8WWsC8FAjK
369z8/2fbshMpcIDScZuGg3g4uOKqGqQX/V7QagDJn3n4lknEOs8xF1HSYjls8Pq
z16u4431yFYnWF9Qj/FKCQoqcHoGnwIM6gXzaZ0YU+LMkoWUFuxv4VhnThUJT6jd
cmouu+zKTNlJ0aGjZF9q+yih/7dHETwbLi+NlPam25XFgXdXX8s6kmaoHQvvpgV6
bVogN9HtD4oHpAtBD2TYR7UTM0QyFckXfd1FgrGQQ1pQn4fNhhT5DlNFdQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLOqAHgUudJ5eZY0497Pzr+W6baxMB8GA1UdIwQY
MBaAFKswkh0ox47egYQvcS5s9yveWmCAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXpDU0hTakhqdDZCaEM5eExtejNLOTVhWUlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zY2Q3ZmYtMjBkMi00Y2VjLWFlY2Et
MzU0Mzk5NzI0YjFlLzEvczZvQWVCUzUwbmw1bGpUajNzX092NWJwdHJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zY2Q3ZmYtMjBkMi00Y2VjLWFlY2EtMzU0Mzk5NzI0YjFl
LzEvcXpDU0hTakhqdDZCaEM5eExtejNLOTVhWUlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDBZUAAwQA
uXhcAwQCuXowAwQBwn6QMA0EAgACMAcDBQAqAUjAMA0GCSqGSIb3DQEBCwUAA4IB
AQCDckxrrDdgXnVHV+ZpEX2tfr3SSrouGTEA6G7VqzNri8XG8g1vZUNBJUfRz+aN
A7aJ+g1d8r2M4HegsrohJ18j8i464TiBuYGFjp2WixeRuXlEs4ncBjcfUf0ayrv3
U+MkMoKFQ4DV27kgbCUDjtfeIB/hBu/WpS2bzLZ9sBTHAimRBneUYLrTsVeXBfC7
cmSOoZMfz5/il79zwaUmP1k0kqsVpB8VBZEe/A/DBEMiAJh234wUvble1yFpOq/c
wSLDEb4IiwZBiUpAyGzqE/zuoALc0K3icWiiqE1H6i8UZjzzdvLmh76ysQKgqjzo
t9q+zh2RhI8CuNT8Ylsj2sPE
-----END CERTIFICATE-----