Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/JgxWQenXCqcy-Ef8NiCDnL1PKXY.roa
File:                     JgxWQenXCqcy-Ef8NiCDnL1PKXY.roa (raw, json)
Hash identifier:          Guq1Aq7Rst6gFyrqdX1I8r/eFsnW94Nvlw9RINysTFc=
Subject key identifier:   26:0C:56:41:E9:D7:0A:A7:32:F8:47:FC:36:20:83:9C:BD:4F:29:76
Certificate issuer:       /CN=66ed3ba68c78bff2c4724400ade6348482fb4364
Certificate serial:       018E36F5D7D27588AC3F5AB490237A30EAE7
Authority key identifier: 66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/JgxWQenXCqcy-Ef8NiCDnL1PKXY.roa
Signing time:             Wed 13 Mar 2024 08:37:45 +0000
ROA not before:           Wed 13 Mar 2024 08:37:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64289
IP address blocks:        185.225.24.0/24 maxlen: 24
                          185.225.26.0/24 maxlen: 24
                          192.189.157.0/24 maxlen: 24
                          2a14:3f80:8::/45 maxlen: 45
                          2a14:3f80:10::/45 maxlen: 45
                          2a14:3f80:18::/45 maxlen: 45
                          2a14:3f80:20::/45 maxlen: 45
                          2a14:3f80:28::/45 maxlen: 45
                          2a14:3f80:80::/45 maxlen: 45
                          2a14:3f80:800::/38 maxlen: 38
                          2a14:3f80:c00::/38 maxlen: 38
                          2a14:3f80:1000::/38 maxlen: 38
                          2a14:3f80:1400::/38 maxlen: 38
                          2a14:3f80:1800::/38 maxlen: 38
                          2a14:3f80:2000::/38 maxlen: 38

Validation:               Failed, certificate revoked on Thu 14 Mar 2024 09:27:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:36:f5:d7:d2:75:88:ac:3f:5a:b4:90:23:7a:30:ea:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ed3ba68c78bff2c4724400ade6348482fb4364
        Validity
            Not Before: Mar 13 08:37:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=260c5641e9d70aa732f847fc3620839cbd4f2976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f4:93:57:7b:92:a3:cf:aa:2b:36:23:67:f7:
                    fd:20:98:6a:32:e0:5e:36:40:49:85:3e:36:80:03:
                    be:d0:09:d0:56:dc:07:ab:84:fe:ac:0f:81:9a:c4:
                    de:a7:12:e7:ab:79:2b:31:87:3d:54:2e:6f:85:79:
                    83:75:67:2b:7d:07:99:96:1f:e4:82:d5:fa:52:6a:
                    af:fb:b9:9b:e7:f2:69:26:3a:cb:b6:78:3f:9b:a1:
                    15:79:af:41:c2:b7:7f:63:00:85:88:d8:34:c5:bc:
                    b1:8f:e8:44:2d:09:84:4d:f8:37:5e:73:0f:db:eb:
                    ad:11:13:59:b9:3c:d6:a0:10:30:a9:dd:e8:df:96:
                    cb:f5:97:5f:60:19:23:b1:84:fc:8e:05:05:14:80:
                    26:9d:68:d4:fb:00:b1:05:7e:9e:ca:a4:2c:d5:c5:
                    78:82:e7:21:29:03:32:a8:0f:c3:48:f9:a3:6b:e9:
                    df:c4:78:64:80:9e:aa:c8:c3:3b:7b:6a:42:cf:db:
                    1c:5f:7e:6c:37:dd:aa:b9:3d:15:a0:dd:e2:11:fd:
                    87:6f:9e:b5:b0:09:80:c3:d8:e7:7c:74:d5:4a:bf:
                    13:0b:79:09:80:99:ac:b9:8e:93:96:f7:f9:d9:06:
                    d1:6f:96:fe:8b:35:ef:06:0d:45:24:0a:81:f1:f7:
                    14:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:0C:56:41:E9:D7:0A:A7:32:F8:47:FC:36:20:83:9C:BD:4F:29:76
            X509v3 Authority Key Identifier:
                keyid:66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/JgxWQenXCqcy-Ef8NiCDnL1PKXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/Zu07pox4v_LEckQAreY0hIL7Q2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.24.0/24
                  185.225.26.0/24
                  192.189.157.0/24
                IPv6:
                  2a14:3f80:8::-2a14:3f80:2f:ffff:ffff:ffff:ffff:ffff
                  2a14:3f80:80::/45
                  2a14:3f80:800::-2a14:3f80:1bff:ffff:ffff:ffff:ffff:ffff
                  2a14:3f80:2000::/38

    Signature Algorithm: sha256WithRSAEncryption
         2e:a2:2f:21:02:c1:fc:18:7f:7d:2e:0d:83:f8:5f:a3:53:96:
         84:77:0f:58:4a:57:41:7b:4f:ea:7a:31:ef:1b:e1:ab:7a:c1:
         72:e1:44:17:98:5b:99:55:88:61:da:ef:60:b4:c5:94:b3:1e:
         5b:e4:76:a8:d8:cb:bd:b0:13:9a:5b:de:9b:05:82:f3:03:22:
         2c:3c:e6:a2:0e:ae:8b:25:eb:d8:e4:34:02:2a:ee:f8:45:a0:
         3d:dd:2d:b2:11:99:9c:27:c9:a2:73:54:3b:2c:ed:5e:6c:44:
         4d:ae:e1:32:a9:79:17:eb:4a:07:66:79:66:3b:f4:bf:0c:bf:
         c1:f0:df:95:c9:b0:e3:28:98:de:0c:34:45:5a:b8:a6:df:5b:
         4e:e4:7e:a3:75:29:3d:96:a4:49:58:38:2b:46:7e:7a:44:55:
         da:ff:ea:80:3c:be:e7:3a:08:16:58:cb:fd:4f:ba:f4:1c:22:
         b7:05:65:56:c5:07:dc:b8:a9:ff:5f:4a:f0:93:39:21:41:20:
         f5:45:a1:bc:0e:4e:b5:aa:bc:bf:f7:26:e0:cf:98:43:e8:f5:
         a6:42:f5:7d:30:4a:23:fb:59:a0:7d:7f:f7:f8:0f:a3:bf:f2:
         96:33:dc:8d:2c:24:33:2b:a3:af:52:14:b5:4a:c3:23:6d:2a:
         c1:cf:1e:73
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAY429dfSdYisP1q0kCN6MOrnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWQzYmE2OGM3OGJmZjJjNDcyNDQwMGFkZTYzNDg0ODJm
YjQzNjQwHhcNMjQwMzEzMDgzNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjBjNTY0MWU5ZDcwYWE3MzJmODQ3ZmMzNjIwODM5Y2JkNGYyOTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvSTV3uSo8+qKzYjZ/f9IJhqMuBe
NkBJhT42gAO+0AnQVtwHq4T+rA+BmsTepxLnq3krMYc9VC5vhXmDdWcrfQeZlh/k
gtX6Umqv+7mb5/JpJjrLtng/m6EVea9Bwrd/YwCFiNg0xbyxj+hELQmETfg3XnMP
2+utERNZuTzWoBAwqd3o35bL9ZdfYBkjsYT8jgUFFIAmnWjU+wCxBX6eyqQs1cV4
guchKQMyqA/DSPmja+nfxHhkgJ6qyMM7e2pCz9scX35sN92quT0VoN3iEf2Hb561
sAmAw9jnfHTVSr8TC3kJgJmsuY6Tlvf52QbRb5b+izXvBg1FJAqB8fcUPwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFCYMVkHp1wqnMvhH/DYgg5y9Tyl2MB8GA1UdIwQY
MBaAFGbtO6aMeL/yxHJEAK3mNISC+0NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMt
MGE0M2I3YTNlYjU0LzEvSmd4V1FlblhDcWN5LUVmOE5pQ0RuTDFQS1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMtMGE0M2I3YTNlYjU0
LzEvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTAYBAIAATASAwQAueEYAwQA
ueEaAwQAwL2dMD0EAgACMDcwEgMHAyoUP4AACAMHBCoUP4AAIAMHAyoUP4AAgDAQ
AwYDKhQ/gAgDBgIqFD+AGAMGAioUP4AgMA0GCSqGSIb3DQEBCwUAA4IBAQAuoi8h
AsH8GH99Lg2D+F+jU5aEdw9YSldBe0/qejHvG+GresFy4UQXmFuZVYhh2u9gtMWU
sx5b5Hao2Mu9sBOaW96bBYLzAyIsPOaiDq6LJevY5DQCKu74RaA93S2yEZmcJ8mi
c1Q7LO1ebERNruEyqXkX60oHZnlmO/S/DL/B8N+VybDjKJjeDDRFWrim31tO5H6j
dSk9lqRJWDgrRn56RFXa/+qAPL7nOggWWMv9T7r0HCK3BWVWxQfcuKn/X0rwkzkh
QSD1RaG8Dk61qry/9ybgz5hD6PWmQvV9MEoj+1mgfX/3+A+jv/KWM9yNLCQzK6Ov
UhS1SsMjbSrBzx5z
-----END CERTIFICATE-----