Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/mpZIcrNtwhYu9MkHcOIuGJAAyzQ.roa
File:                     mpZIcrNtwhYu9MkHcOIuGJAAyzQ.roa (raw, json)
Hash identifier:          n+9j3ePOep3u0U3DM5Y7wImo9AQvQheb2ktuq2D6o+k=
Subject key identifier:   9A:96:48:72:B3:6D:C2:16:2E:F4:C9:07:70:E2:2E:18:90:00:CB:34
Certificate issuer:       /CN=a74c6706e3fbebdff146a8a14ec2a3284a92ba62
Certificate serial:       01958E92082D9A015E45271B8A01C11351A5
Authority key identifier: A7:4C:67:06:E3:FB:EB:DF:F1:46:A8:A1:4E:C2:A3:28:4A:92:BA:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p0xnBuP769_xRqihTsKjKEqSumI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/mpZIcrNtwhYu9MkHcOIuGJAAyzQ.roa
Signing time:             Thu 13 Mar 2025 08:14:49 +0000
ROA not before:           Thu 13 Mar 2025 08:14:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34309
IP address blocks:        80.86.192.0/24 maxlen: 24
                          80.86.193.0/24 maxlen: 24
                          81.221.250.0/24 maxlen: 24
                          81.221.252.0/24 maxlen: 24
                          81.221.254.0/24 maxlen: 24
                          194.191.16.0/24 maxlen: 24
                          194.191.17.0/24 maxlen: 24
                          194.191.18.0/24 maxlen: 24
                          194.191.19.0/24 maxlen: 24
                          194.191.20.0/24 maxlen: 24
                          194.191.24.0/24 maxlen: 24
                          194.191.25.0/24 maxlen: 24
                          194.191.26.0/24 maxlen: 24
                          194.191.28.0/24 maxlen: 24
                          194.191.29.0/24 maxlen: 24
                          194.191.30.0/24 maxlen: 24
                          195.48.221.0/24 maxlen: 24
                          195.49.16.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 28 Mar 2025 16:08:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8e:92:08:2d:9a:01:5e:45:27:1b:8a:01:c1:13:51:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a74c6706e3fbebdff146a8a14ec2a3284a92ba62
        Validity
            Not Before: Mar 13 08:14:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a964872b36dc2162ef4c90770e22e189000cb34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:11:2f:ab:63:85:7f:d2:a4:75:13:51:2e:e7:
                    2d:08:d6:c0:04:c9:19:62:00:86:47:67:f9:e6:f2:
                    2d:ef:94:82:8a:1a:9a:87:50:85:b9:fd:6f:17:8a:
                    bf:84:a0:77:aa:f8:05:b1:16:71:31:29:11:0a:62:
                    74:5f:1a:6c:55:8c:33:4c:3e:6c:f9:b0:20:ce:44:
                    3b:e4:e4:0c:7d:0c:b9:b7:43:fc:2f:7e:d6:b4:25:
                    78:0c:b7:e9:70:ee:b7:40:ed:6e:61:8a:2f:43:08:
                    a1:25:14:0d:7d:79:da:7b:65:a5:de:c4:ca:ca:57:
                    e5:95:4a:d7:9b:fb:1a:95:c0:36:82:0d:e4:b7:c2:
                    94:09:99:85:57:42:28:a7:89:ee:11:20:8d:ed:0a:
                    4e:94:49:de:1a:31:1e:fb:82:c1:26:63:a7:89:8f:
                    25:9e:33:d1:20:53:5d:17:92:ee:e1:8f:30:d6:0f:
                    e0:04:d0:7a:dc:87:56:72:c6:b6:7d:ad:40:44:52:
                    bd:de:fd:ca:49:14:2f:95:cd:28:eb:45:b1:97:cf:
                    1f:87:be:2f:d5:88:de:7a:ca:70:1e:db:be:c0:e6:
                    a7:80:96:ed:2d:c1:63:26:52:0a:ef:33:c9:5a:c6:
                    13:e6:e3:7f:dc:90:ee:de:6a:3f:8a:d3:0f:cf:ed:
                    e9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:96:48:72:B3:6D:C2:16:2E:F4:C9:07:70:E2:2E:18:90:00:CB:34
            X509v3 Authority Key Identifier:
                keyid:A7:4C:67:06:E3:FB:EB:DF:F1:46:A8:A1:4E:C2:A3:28:4A:92:BA:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p0xnBuP769_xRqihTsKjKEqSumI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/mpZIcrNtwhYu9MkHcOIuGJAAyzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/p0xnBuP769_xRqihTsKjKEqSumI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.86.192.0/23
                  81.221.250.0/24
                  81.221.252.0/24
                  81.221.254.0/24
                  194.191.16.0-194.191.20.255
                  194.191.24.0-194.191.26.255
                  194.191.28.0-194.191.30.255
                  195.48.221.0/24
                  195.49.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:87:04:7e:15:9d:3b:a1:ec:f3:e1:d8:8a:31:84:a8:64:fa:
         7a:a0:b0:67:7d:61:ca:80:e4:d9:31:1e:e7:f9:30:9e:f1:68:
         a8:1d:c7:94:ab:51:e7:f6:72:fa:9a:18:2a:95:ec:7b:f4:7e:
         e9:83:2c:77:59:f5:8b:49:4c:d2:7c:03:d6:cf:e3:5b:2b:cf:
         70:db:14:9c:fc:75:f4:e7:6f:92:cf:a7:ac:c1:a5:6e:b2:64:
         31:aa:71:b8:c3:55:96:ea:97:64:c7:76:2b:d1:2c:58:98:99:
         f0:c7:1d:74:e5:6e:38:19:b0:03:bb:9c:23:46:68:b6:0a:ac:
         69:16:fc:a4:03:cb:00:41:9c:84:e5:cb:68:32:cb:3c:76:b2:
         dc:a6:0d:fb:6f:06:0d:ca:a5:45:0c:62:4a:63:21:43:aa:00:
         3c:4e:2f:6e:ca:1e:1d:f0:a9:e0:86:3c:b2:91:b4:23:8f:21:
         52:4c:e8:d2:4a:65:e7:5f:b3:77:38:c8:33:8e:bb:9e:08:6a:
         c1:1d:c3:55:0f:c5:2a:20:58:40:80:94:23:c0:af:26:6b:80:
         d4:7f:b4:c6:fe:c7:b2:34:27:17:bc:99:54:1a:8b:0a:44:ff:
         7b:42:d5:ad:df:00:92:94:da:52:05:38:a0:53:d6:b6:c1:1f:
         ef:d7:d2:4f
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZWOkggtmgFeRScbigHBE1GlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NGM2NzA2ZTNmYmViZGZmMTQ2YThhMTRlYzJhMzI4NGE5
MmJhNjIwHhcNMjUwMzEzMDgxNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTk2NDg3MmIzNmRjMjE2MmVmNGM5MDc3MGUyMmUxODkwMDBjYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxEvq2OFf9KkdRNRLuctCNbABMkZ
YgCGR2f55vIt75SCihqah1CFuf1vF4q/hKB3qvgFsRZxMSkRCmJ0XxpsVYwzTD5s
+bAgzkQ75OQMfQy5t0P8L37WtCV4DLfpcO63QO1uYYovQwihJRQNfXnae2Wl3sTK
ylfllUrXm/salcA2gg3kt8KUCZmFV0Iop4nuESCN7QpOlEneGjEe+4LBJmOniY8l
njPRIFNdF5Lu4Y8w1g/gBNB63IdWcsa2fa1ARFK93v3KSRQvlc0o60Wxl88fh74v
1YjeespwHtu+wOangJbtLcFjJlIK7zPJWsYT5uN/3JDu3mo/itMPz+3pxQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFJqWSHKzbcIWLvTJB3DiLhiQAMs0MB8GA1UdIwQY
MBaAFKdMZwbj++vf8UaooU7CoyhKkrpiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDB4bkJ1UDc2OV94UnFpaFRzS2pLRXFTdW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hMGM0NDQtOTc5Ni00ZjA2LTgzZjIt
YWE3ODhhNDIwYWVjLzEvbXBaSWNyTnR3aFl1OU1rSGNPSXVHSkFBeXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hMGM0NDQtOTc5Ni00ZjA2LTgzZjItYWE3ODhhNDIwYWVj
LzEvcDB4bkJ1UDc2OV94UnFpaFRzS2pLRXFTdW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBUFbAAwQA
Ud36AwQAUd38AwQAUd3+MAwDBATCvxADBADCvxQwDAMEA8K/GAMEAMK/GjAMAwQC
wr8cAwQAwr8eAwQAwzDdAwQAwzEQMA0GCSqGSIb3DQEBCwUAA4IBAQDZhwR+FZ07
oezz4diKMYSoZPp6oLBnfWHKgOTZMR7n+TCe8WioHceUq1Hn9nL6mhgqlex79H7p
gyx3WfWLSUzSfAPWz+NbK89w2xSc/HX052+Sz6eswaVusmQxqnG4w1WW6pdkx3Yr
0SxYmJnwxx105W44GbADu5wjRmi2CqxpFvykA8sAQZyE5ctoMss8drLcpg37bwYN
yqVFDGJKYyFDqgA8Ti9uyh4d8KnghjyykbQjjyFSTOjSSmXnX7N3OMgzjrueCGrB
HcNVD8UqIFhAgJQjwK8ma4DUf7TG/seyNCcXvJlUGosKRP97QtWt3wCSlNpSBTig
U9a2wR/v19JP
-----END CERTIFICATE-----