Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/06mPvL8jyn1mD7Iwv9Nz2JCKt20.roa
File:                     06mPvL8jyn1mD7Iwv9Nz2JCKt20.roa (raw, json)
Hash identifier:          uW2Ymu4SJmlg1mMqCDmJ+vXO7rmg2n1s9BC/tGSU3ME=
Subject key identifier:   D3:A9:8F:BC:BF:23:CA:7D:66:0F:B2:30:BF:D3:73:D8:90:8A:B7:6D
Certificate issuer:       /CN=0f0f9f044e2b929878d747c5ffbb80ad10e3d6bd
Certificate serial:       019425FDAF461BC1A48EB8EF6AE0C41D5F1E
Authority key identifier: 0F:0F:9F:04:4E:2B:92:98:78:D7:47:C5:FF:BB:80:AD:10:E3:D6:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dw-fBE4rkph410fF_7uArRDj1r0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/06mPvL8jyn1mD7Iwv9Nz2JCKt20.roa
Signing time:             Thu 02 Jan 2025 07:49:29 +0000
ROA not before:           Thu 02 Jan 2025 07:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201589
IP address blocks:        5.101.36.0/24 maxlen: 24
                          5.101.37.0/24 maxlen: 24
                          5.101.38.0/24 maxlen: 24
                          5.101.39.0/24 maxlen: 24
                          5.101.71.0/24 maxlen: 24
                          31.184.232.0/24 maxlen: 24
                          31.184.233.0/24 maxlen: 24
                          31.184.234.0/24 maxlen: 24
                          31.184.235.0/24 maxlen: 24
                          91.108.187.0/24 maxlen: 24
                          185.238.152.0/24 maxlen: 24
                          185.238.153.0/24 maxlen: 24
                          185.238.154.0/24 maxlen: 24
                          185.238.155.0/24 maxlen: 24
                          2a13:1ec0::/44 maxlen: 44
                          2a13:1ec0:100::/44 maxlen: 44
                          2a13:1ec0:200::/44 maxlen: 44
                          2a13:1ec0:1000::/44 maxlen: 44
                          2a13:1ec0:1010::/44 maxlen: 44
Validation:               Failed, certificate revoked on Thu 03 Apr 2025 13:56:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:af:46:1b:c1:a4:8e:b8:ef:6a:e0:c4:1d:5f:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f0f9f044e2b929878d747c5ffbb80ad10e3d6bd
        Validity
            Not Before: Jan  2 07:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3a98fbcbf23ca7d660fb230bfd373d8908ab76d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:46:84:39:fc:7c:92:ff:ee:c2:58:d8:9b:38:
                    ab:0e:fd:03:c9:69:c8:5a:66:7f:02:5c:5c:02:76:
                    83:8a:fe:0c:8b:6a:b3:1e:77:cd:d0:5c:4d:c8:a3:
                    dc:9b:30:32:c6:39:97:32:d0:4e:79:e0:3a:61:ac:
                    97:e4:33:7d:df:38:e2:5f:3c:3a:52:2a:33:cb:5d:
                    ee:5d:44:d1:8f:fb:65:9e:31:bf:c4:92:ef:0f:78:
                    51:2d:f6:66:29:6c:b3:b4:18:7e:69:b0:7e:6b:6e:
                    f3:ea:2c:f5:d1:68:6c:ca:ac:0f:3d:1c:cc:4d:58:
                    5f:04:0f:c4:73:08:f5:0d:a4:00:1a:fc:5d:ed:1b:
                    c1:8d:d0:ce:17:77:98:86:5b:55:b4:e5:d3:45:ac:
                    10:1d:f1:44:ba:e0:50:fb:c4:50:30:ca:90:9e:35:
                    32:04:f5:f6:8c:ed:1c:61:a5:52:a7:a9:d6:bf:63:
                    03:28:5b:5e:7e:2b:2a:f0:77:7e:ef:44:ac:da:a3:
                    68:21:cf:5e:9a:e2:af:49:17:9f:50:90:18:5a:f8:
                    2b:fa:14:91:fc:aa:65:76:b4:58:85:b2:73:f1:0d:
                    a3:32:c6:d9:78:97:d8:e0:68:3b:20:26:ce:5e:64:
                    53:cb:31:45:50:bd:cb:e0:b7:9f:82:93:ff:95:d8:
                    9f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:A9:8F:BC:BF:23:CA:7D:66:0F:B2:30:BF:D3:73:D8:90:8A:B7:6D
            X509v3 Authority Key Identifier:
                keyid:0F:0F:9F:04:4E:2B:92:98:78:D7:47:C5:FF:BB:80:AD:10:E3:D6:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dw-fBE4rkph410fF_7uArRDj1r0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/06mPvL8jyn1mD7Iwv9Nz2JCKt20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/Dw-fBE4rkph410fF_7uArRDj1r0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.36.0/22
                  5.101.71.0/24
                  31.184.232.0/22
                  91.108.187.0/24
                  185.238.152.0/22
                IPv6:
                  2a13:1ec0::/44
                  2a13:1ec0:100::/44
                  2a13:1ec0:200::/44
                  2a13:1ec0:1000::/43

    Signature Algorithm: sha256WithRSAEncryption
         1c:e7:ec:39:be:d4:f9:5a:2d:00:dd:01:e8:1a:be:38:3e:10:
         b3:36:39:d3:d2:31:6b:9d:20:7f:9b:5f:eb:2f:eb:bc:12:5b:
         f8:92:47:1a:c5:6e:b8:ee:29:be:88:1a:08:73:1f:d7:25:3a:
         f9:4e:3f:ea:ff:05:2c:d0:16:1e:8e:29:62:14:78:c2:a0:95:
         93:c7:64:22:68:88:3f:26:4a:e9:f9:73:8a:7f:32:96:7a:67:
         d4:e7:f1:eb:21:de:8f:c0:99:26:39:10:ac:31:d9:51:4d:74:
         b3:4c:cd:d0:e8:2a:3b:ba:06:d5:83:a3:01:44:ce:6d:96:73:
         a8:c7:3e:4f:fd:24:02:28:c9:f4:a6:f1:83:a5:d4:b9:88:29:
         45:e0:d7:fd:a6:91:5e:7e:e8:a4:54:78:fb:b0:2f:68:b4:e9:
         3a:d8:1d:f1:ad:53:3e:6a:43:6a:f5:26:19:b9:60:f2:d2:58:
         e2:b0:b7:c5:5d:c0:dd:b0:54:e8:0e:31:fb:f1:0c:9f:3f:ff:
         4f:0c:9a:3d:68:60:10:9f:80:2f:75:e8:e3:ae:ce:0b:d8:2e:
         54:dd:ff:2d:87:7a:15:22:da:8c:2a:2e:78:b3:2b:9c:49:cd:
         06:c5:c8:5a:6b:82:a7:f8:10:44:ec:b1:b4:96:35:53:74:33:
         3c:35:30:ad
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZQl/a9GG8GkjrjvauDEHV8eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMGY5ZjA0NGUyYjkyOTg3OGQ3NDdjNWZmYmI4MGFkMTBl
M2Q2YmQwHhcNMjUwMTAyMDc0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2E5OGZiY2JmMjNjYTdkNjYwZmIyMzBiZmQzNzNkODkwOGFiNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kaEOfx8kv/uwljYmzirDv0DyWnI
WmZ/AlxcAnaDiv4Mi2qzHnfN0FxNyKPcmzAyxjmXMtBOeeA6YayX5DN93zjiXzw6
Uiozy13uXUTRj/tlnjG/xJLvD3hRLfZmKWyztBh+abB+a27z6iz10WhsyqwPPRzM
TVhfBA/Ecwj1DaQAGvxd7RvBjdDOF3eYhltVtOXTRawQHfFEuuBQ+8RQMMqQnjUy
BPX2jO0cYaVSp6nWv2MDKFtefisq8Hd+70Ss2qNoIc9emuKvSRefUJAYWvgr+hSR
/KpldrRYhbJz8Q2jMsbZeJfY4Gg7ICbOXmRTyzFFUL3L4LefgpP/ldif7QIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFNOpj7y/I8p9Zg+yML/Tc9iQirdtMB8GA1UdIwQY
MBaAFA8PnwROK5KYeNdHxf+7gK0Q49a9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHctZkJFNHJrcGg0MTBmRl83dUFyUkRqMXIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85M2Q0NjAtMzY4Yy00NmQ3LThlN2Et
Y2RiZDNiNmNlNzc3LzEvMDZtUHZMOGp5bjFtRDdJd3Y5TnoySkNLdDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85M2Q0NjAtMzY4Yy00NmQ3LThlN2EtY2RiZDNiNmNlNzc3
LzEvRHctZkJFNHJrcGg0MTBmRl83dUFyUkRqMXIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjAkBAIAATAeAwQCBWUkAwQA
BWVHAwQCH7joAwQAW2y7AwQCue6YMCoEAgACMCQDBwQqEx7AAAADBwQqEx7AAQAD
BwQqEx7AAgADBwUqEx7AEAAwDQYJKoZIhvcNAQELBQADggEBABzn7Dm+1PlaLQDd
Aegavjg+ELM2OdPSMWudIH+bX+sv67wSW/iSRxrFbrjuKb6IGghzH9clOvlOP+r/
BSzQFh6OKWIUeMKglZPHZCJoiD8mSun5c4p/MpZ6Z9Tn8esh3o/AmSY5EKwx2VFN
dLNMzdDoKju6BtWDowFEzm2Wc6jHPk/9JAIoyfSm8YOl1LmIKUXg1/2mkV5+6KRU
ePuwL2i06TrYHfGtUz5qQ2r1Jhm5YPLSWOKwt8VdwN2wVOgOMfvxDJ8//08Mmj1o
YBCfgC916OOuzgvYLlTd/y2HehUi2owqLnizK5xJzQbFyFprgqf4EETssbSWNVN0
Mzw1MK0=
-----END CERTIFICATE-----