Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/nzLFZ4UcYV0IhxWl0uNoYqFrEJU.roa
File:                     nzLFZ4UcYV0IhxWl0uNoYqFrEJU.roa (raw, json)
Hash identifier:          c9ApwVjbUfPQTtL1qhwiHaTqciRoiGgkaasxlz0VBEc=
Subject key identifier:   9F:32:C5:67:85:1C:61:5D:08:87:15:A5:D2:E3:68:62:A1:6B:10:95
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       0196AA705535C29904FF4255A2C0CD3BE6B2
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/nzLFZ4UcYV0IhxWl0uNoYqFrEJU.roa
Signing time:             Wed 07 May 2025 11:10:10 +0000
ROA not before:           Wed 07 May 2025 11:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.117.52.0/24 maxlen: 24
                          45.117.54.0/24 maxlen: 24
                          45.123.144.0/24 maxlen: 24
                          103.4.248.0/24 maxlen: 24
                          103.4.249.0/24 maxlen: 24
                          103.4.250.0/24 maxlen: 24
                          103.4.251.0/24 maxlen: 24
                          103.49.152.0/23 maxlen: 23
                          103.49.154.0/24 maxlen: 24
                          103.49.155.0/24 maxlen: 24
                          103.196.8.0/24 maxlen: 24
                          103.196.9.0/24 maxlen: 24
                          103.216.0.0/24 maxlen: 24
                          103.216.1.0/24 maxlen: 24
                          103.216.2.0/24 maxlen: 24
                          103.216.3.0/24 maxlen: 24
                          139.5.22.0/24 maxlen: 24
                          139.5.23.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 19 May 2025 13:30:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:70:55:35:c2:99:04:ff:42:55:a2:c0:cd:3b:e6:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: May  7 11:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f32c567851c615d088715a5d2e36862a16b1095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:53:c0:29:9e:a6:59:11:6a:8d:dc:27:2b:6d:
                    c2:bc:de:0a:92:97:d5:74:31:12:6e:b7:3c:13:8e:
                    48:e5:28:32:81:c0:fc:3b:ba:c9:bb:89:e0:8c:5f:
                    f1:69:21:07:57:24:e6:81:9b:59:70:8a:1c:5b:b7:
                    cc:2f:35:e4:17:da:23:77:6e:3f:66:70:df:64:23:
                    8c:f3:89:1c:9d:8e:65:90:c7:76:de:f3:3e:cd:a8:
                    ee:4d:1e:82:e6:39:d8:85:ed:0e:68:66:64:24:b8:
                    02:fb:1e:64:b9:b2:36:ee:25:02:af:a0:23:67:5e:
                    74:cd:74:56:7e:52:3f:12:5b:6b:dc:47:81:26:7f:
                    cf:ef:09:e3:cd:0b:6e:f7:75:a4:29:f5:7b:bc:f5:
                    aa:49:08:84:0b:27:ea:be:08:61:7e:ae:d1:15:01:
                    4c:81:22:55:88:4e:c7:c9:e3:6a:9d:48:a7:17:ac:
                    22:22:22:10:c4:9c:d4:f3:87:11:8c:18:3d:93:32:
                    ab:e7:99:9c:fb:1e:88:57:85:55:94:a1:8c:49:24:
                    be:c8:4a:8c:f8:d9:78:0f:02:d1:f0:85:14:4d:e2:
                    db:64:05:3e:c1:07:12:86:c3:45:19:d3:e3:85:b5:
                    c0:71:cb:84:74:d5:e8:b0:fa:12:bb:42:8a:08:2c:
                    10:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:32:C5:67:85:1C:61:5D:08:87:15:A5:D2:E3:68:62:A1:6B:10:95
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/nzLFZ4UcYV0IhxWl0uNoYqFrEJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.52.0/24
                  45.117.54.0/24
                  45.123.144.0/24
                  103.4.248.0/22
                  103.49.152.0/22
                  103.196.8.0/23
                  103.216.0.0/22
                  139.5.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:38:ec:e0:7e:da:79:55:20:91:38:fa:01:ee:31:29:c6:93:
         bc:8b:54:d3:26:93:01:62:fa:e3:52:fa:3a:fe:77:c1:99:f0:
         29:1c:92:97:89:57:d0:6a:ac:4b:5a:c0:ed:a1:b5:72:88:a8:
         1b:0b:6e:0f:a7:88:95:45:e5:82:d7:70:c8:b2:36:c6:c3:f3:
         d2:ca:12:b0:b6:e5:b4:5b:34:88:8d:cf:c9:0f:75:cb:7e:d9:
         16:95:f5:52:81:08:e2:cf:7c:d7:bb:39:28:f3:d6:fd:45:58:
         78:95:16:ca:df:51:ef:3b:c5:f5:9f:a1:7f:7e:ae:39:9d:25:
         e3:71:86:70:93:c7:11:df:96:3e:f9:5a:d0:c9:6d:ba:bf:20:
         b4:b4:4d:6f:58:1e:d6:bb:a9:be:a4:e3:b0:bd:f6:db:27:49:
         4e:a1:b2:89:4a:a9:f7:5f:2b:38:38:68:dd:4f:47:82:db:4c:
         c7:5a:55:4b:75:be:cc:ab:8e:65:24:b7:eb:4c:dd:b0:5c:54:
         d9:7f:12:d9:5c:0d:d0:ac:bc:d9:6c:b3:39:5d:23:4e:3d:de:
         25:24:a9:a2:00:da:3c:52:bf:a8:51:f9:42:16:ce:e2:47:a9:
         59:00:bb:aa:e3:a7:8b:4e:db:d2:67:98:b4:cb:e3:14:15:91:
         6b:c6:32:56
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZaqcFU1wpkE/0JVosDNO+ayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwNTA3MTExMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjMyYzU2Nzg1MWM2MTVkMDg4NzE1YTVkMmUzNjg2MmExNmIxMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1PAKZ6mWRFqjdwnK23CvN4KkpfV
dDESbrc8E45I5SgygcD8O7rJu4ngjF/xaSEHVyTmgZtZcIocW7fMLzXkF9ojd24/
ZnDfZCOM84kcnY5lkMd23vM+zajuTR6C5jnYhe0OaGZkJLgC+x5kubI27iUCr6Aj
Z150zXRWflI/Eltr3EeBJn/P7wnjzQtu93WkKfV7vPWqSQiECyfqvghhfq7RFQFM
gSJViE7HyeNqnUinF6wiIiIQxJzU84cRjBg9kzKr55mc+x6IV4VVlKGMSSS+yEqM
+Nl4DwLR8IUUTeLbZAU+wQcShsNFGdPjhbXAccuEdNXosPoSu0KKCCwQdQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJ8yxWeFHGFdCIcVpdLjaGKhaxCVMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvbnpMRlo0VWNZVjBJaHhXbDB1Tm9ZcUZyRUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALXU0AwQA
LXU2AwQALXuQAwQCZwT4AwQCZzGYAwQBZ8QIAwQCZ9gAAwQBiwUWMA0GCSqGSIb3
DQEBCwUAA4IBAQAhOOzgftp5VSCROPoB7jEpxpO8i1TTJpMBYvrjUvo6/nfBmfAp
HJKXiVfQaqxLWsDtobVyiKgbC24Pp4iVReWC13DIsjbGw/PSyhKwtuW0WzSIjc/J
D3XLftkWlfVSgQjiz3zXuzko89b9RVh4lRbK31HvO8X1n6F/fq45nSXjcYZwk8cR
35Y++VrQyW26vyC0tE1vWB7Wu6m+pOOwvfbbJ0lOobKJSqn3Xys4OGjdT0eC20zH
WlVLdb7Mq45lJLfrTN2wXFTZfxLZXA3QrLzZbLM5XSNOPd4lJKmiANo8Ur+oUflC
Fs7iR6lZALuq46eLTtvSZ5i0y+MUFZFrxjJW
-----END CERTIFICATE-----