Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/5G7W_DBPm2sWeavonUOm0NHQfXI.roa
File:                     5G7W_DBPm2sWeavonUOm0NHQfXI.roa (raw, json)
Hash identifier:          TZRfjm32mXUReNcEt9HltEhyllMs/OxvQYtjuVQqOMU=
Subject key identifier:   E4:6E:D6:FC:30:4F:9B:6B:16:79:AB:E8:9D:43:A6:D0:D1:D0:7D:72
Certificate issuer:       /CN=568ae803b9ba38855401827b3eece14505a9c0f6
Certificate serial:       01939B5A8B4356E5059775F301B962E39A91
Authority key identifier: 56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/5G7W_DBPm2sWeavonUOm0NHQfXI.roa
Signing time:             Fri 06 Dec 2024 09:43:42 +0000
ROA not before:           Fri 06 Dec 2024 09:43:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20764
IP address blocks:        79.141.208.0/20 maxlen: 20
                          80.64.96.0/20 maxlen: 20
                          80.64.97.0/24 maxlen: 24
                          80.64.98.28/32 maxlen: 32
                          80.64.99.0/24 maxlen: 24
                          80.64.102.0/24 maxlen: 24
                          80.64.103.0/24 maxlen: 24
                          80.64.104.0/24 maxlen: 24
                          80.64.105.0/24 maxlen: 24
                          80.64.108.0/24 maxlen: 24
                          80.64.109.0/24 maxlen: 24
                          81.27.240.0/20 maxlen: 20
                          81.27.241.0/24 maxlen: 24
                          81.27.248.0/24 maxlen: 24
                          81.27.252.0/24 maxlen: 24
                          81.27.253.0/24 maxlen: 24
                          185.5.160.0/22 maxlen: 22
                          2a00:1c28::/29 maxlen: 29
                          2a00:1c28::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 18 Dec 2024 13:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:9b:5a:8b:43:56:e5:05:97:75:f3:01:b9:62:e3:9a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568ae803b9ba38855401827b3eece14505a9c0f6
        Validity
            Not Before: Dec  6 09:43:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e46ed6fc304f9b6b1679abe89d43a6d0d1d07d72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5c:ce:41:bb:58:05:7b:d1:19:c2:51:8b:00:
                    ad:e1:26:27:e9:12:0b:41:35:bb:f9:a7:38:18:fd:
                    46:af:51:20:b4:26:f9:d4:a0:96:41:ed:21:be:65:
                    ea:57:63:a5:ab:68:8c:a1:2f:12:13:b5:54:a1:8c:
                    39:7c:18:4b:53:e9:d5:0c:41:47:14:05:da:b6:f6:
                    8b:f7:be:65:8e:b1:e5:cf:ca:73:60:bf:b1:45:18:
                    84:16:3b:fd:76:58:1a:0e:c5:4a:22:7e:ac:d8:ac:
                    24:3c:bf:c3:3b:82:7c:cc:64:f0:da:64:2b:0d:0f:
                    ca:37:34:bd:16:bc:c2:76:4b:cc:69:4d:c1:05:e8:
                    df:53:bb:ee:84:13:29:f2:9c:1f:31:e3:19:5c:5a:
                    16:82:c0:95:c2:49:b8:9f:6e:7f:09:52:62:04:05:
                    42:0f:d5:6c:57:c8:02:eb:50:a8:2e:9a:e6:f5:e2:
                    b4:49:1f:60:93:ee:a1:b8:ed:b6:30:61:b6:c7:fd:
                    f0:2c:81:4f:08:2f:96:48:48:ea:4b:c6:d4:9c:35:
                    e2:44:cf:22:73:25:f9:24:53:33:6a:01:26:fe:1b:
                    18:b3:be:0f:7f:9b:59:b6:b7:80:24:bc:45:4f:7c:
                    40:5c:12:d1:9b:87:b1:97:50:71:e0:73:9a:6c:d4:
                    64:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:6E:D6:FC:30:4F:9B:6B:16:79:AB:E8:9D:43:A6:D0:D1:D0:7D:72
            X509v3 Authority Key Identifier:
                keyid:56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/5G7W_DBPm2sWeavonUOm0NHQfXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.141.208.0/20
                  80.64.96.0/20
                  81.27.240.0/20
                  185.5.160.0/22
                IPv6:
                  2a00:1c28::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:63:44:98:11:e2:3e:8b:ef:f2:2b:ab:0a:77:de:dc:17:62:
         d9:38:a9:74:b4:ef:0b:4f:d3:41:a2:27:2a:2a:69:4b:1f:3b:
         1a:cd:70:41:a5:e2:28:be:51:36:5a:12:eb:51:0f:17:3d:f7:
         eb:51:88:94:8c:76:0f:ea:9b:32:d0:44:c2:6f:7b:27:54:bf:
         13:4e:1c:4d:88:b4:64:b3:e7:9d:96:42:b9:57:7d:aa:4e:20:
         59:59:cd:f3:41:08:16:9b:1b:30:f1:8b:a7:8b:2f:07:30:74:
         38:0c:90:84:39:6e:c6:23:59:b0:ba:6b:cf:fb:a6:5f:f9:6a:
         f1:ca:40:17:73:b2:cb:be:29:92:25:2f:e8:c8:d1:67:8b:9d:
         a3:eb:af:5f:f7:52:3a:88:e9:bd:d7:46:60:f2:6e:d5:f7:80:
         0f:37:99:dc:83:18:d8:38:b2:4d:8d:76:52:32:5a:5e:d3:5c:
         ff:17:c1:b4:a4:5e:e1:10:08:bc:db:98:45:20:d1:dc:3e:9f:
         74:f3:70:57:78:29:e6:83:df:ad:8b:65:29:64:46:79:4a:19:
         02:04:76:d9:21:d6:c2:c7:38:89:73:23:bb:5f:8a:14:b6:67:
         9b:b1:e9:44:0e:5f:04:94:a1:a4:68:b2:f8:86:26:fe:10:df:
         ec:21:67:41
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZObWotDVuUFl3XzAbli45qRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGFlODAzYjliYTM4ODU1NDAxODI3YjNlZWNlMTQ1MDVh
OWMwZjYwHhcNMjQxMjA2MDk0MzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDZlZDZmYzMwNGY5YjZiMTY3OWFiZTg5ZDQzYTZkMGQxZDA3ZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1zOQbtYBXvRGcJRiwCt4SYn6RIL
QTW7+ac4GP1Gr1EgtCb51KCWQe0hvmXqV2Olq2iMoS8SE7VUoYw5fBhLU+nVDEFH
FAXatvaL975ljrHlz8pzYL+xRRiEFjv9dlgaDsVKIn6s2KwkPL/DO4J8zGTw2mQr
DQ/KNzS9FrzCdkvMaU3BBejfU7vuhBMp8pwfMeMZXFoWgsCVwkm4n25/CVJiBAVC
D9VsV8gC61CoLprm9eK0SR9gk+6huO22MGG2x/3wLIFPCC+WSEjqS8bUnDXiRM8i
cyX5JFMzagEm/hsYs74Pf5tZtreAJLxFT3xAXBLRm4exl1Bx4HOabNRkAQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFORu1vwwT5trFnmr6J1DptDR0H1yMB8GA1UdIwQY
MBaAFFaK6AO5ujiFVAGCez7s4UUFqcD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAt
OGVhZThiNzVlOWNhLzEvNUc3V19EQlBtMnNXZWF2b25VT20wTkhRZlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAtOGVhZThiNzVlOWNh
LzEvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQET43QAwQE
UEBgAwQEURvwAwQCuQWgMA0EAgACMAcDBQMqABwoMA0GCSqGSIb3DQEBCwUAA4IB
AQBmY0SYEeI+i+/yK6sKd97cF2LZOKl0tO8LT9NBoicqKmlLHzsazXBBpeIovlE2
WhLrUQ8XPffrUYiUjHYP6psy0ETCb3snVL8TThxNiLRks+edlkK5V32qTiBZWc3z
QQgWmxsw8Yuniy8HMHQ4DJCEOW7GI1mwumvP+6Zf+WrxykAXc7LLvimSJS/oyNFn
i52j669f91I6iOm910Zg8m7V94APN5ncgxjYOLJNjXZSMlpe01z/F8G0pF7hEAi8
25hFINHcPp9083BXeCnmg9+ti2UpZEZ5ShkCBHbZIdbCxziJcyO7X4oUtmebselE
Dl8ElKGkaLL4hib+EN/sIWdB
-----END CERTIFICATE-----