Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/vssokdQOl368YLwf6W6fb0z-3uQ.roa
File:                     vssokdQOl368YLwf6W6fb0z-3uQ.roa (raw, json)
Hash identifier:          Xx0wGPSdDxeYNfOw22MLRliD2lUWI3ElG85yh1yQZtM=
Subject key identifier:   BE:CB:28:91:D4:0E:97:7E:BC:60:BC:1F:E9:6E:9F:6F:4C:FE:DE:E4
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       0196A60DE46053F4E57473183D2644886DFB
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/vssokdQOl368YLwf6W6fb0z-3uQ.roa
Signing time:             Tue 06 May 2025 14:44:10 +0000
ROA not before:           Tue 06 May 2025 14:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.117.52.0/24 maxlen: 24
                          45.117.54.0/24 maxlen: 24
                          45.123.144.0/24 maxlen: 24
                          103.4.248.0/24 maxlen: 24
                          103.4.249.0/24 maxlen: 24
                          103.4.250.0/24 maxlen: 24
                          103.4.251.0/24 maxlen: 24
                          103.49.152.0/23 maxlen: 23
                          103.49.155.0/24 maxlen: 24
                          103.196.8.0/24 maxlen: 24
                          103.196.9.0/24 maxlen: 24
                          103.216.0.0/24 maxlen: 24
                          103.216.1.0/24 maxlen: 24
                          103.216.2.0/24 maxlen: 24
                          103.216.3.0/24 maxlen: 24
                          139.5.22.0/24 maxlen: 24
                          139.5.23.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 07 May 2025 11:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:0d:e4:60:53:f4:e5:74:73:18:3d:26:44:88:6d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: May  6 14:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=becb2891d40e977ebc60bc1fe96e9f6f4cfedee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7b:cd:11:1a:3b:8b:df:86:5f:56:33:5f:37:
                    80:9e:a6:67:44:96:cb:c9:f3:6e:6c:ac:f2:ae:5a:
                    37:74:ee:eb:53:6a:30:7d:f0:19:93:b5:6a:9d:80:
                    2d:77:00:92:32:64:d5:29:77:b3:e1:17:55:82:48:
                    7a:bd:2c:5f:c9:78:59:6e:1c:a9:bb:a4:5e:ea:fe:
                    45:97:ba:11:fb:46:ed:e3:2a:d9:fe:2d:d1:b3:9f:
                    9b:1f:78:aa:1d:c9:ff:bd:a2:be:76:81:d7:5c:5e:
                    13:04:17:62:20:8f:7e:ca:8a:48:69:29:01:0c:7a:
                    21:09:3b:10:b3:c8:fa:16:6e:b0:3f:4e:aa:7c:45:
                    27:8e:f2:af:7b:67:35:cd:18:b5:0c:6d:26:b4:fe:
                    f9:24:98:6f:44:0b:7e:df:e0:69:0d:e0:63:23:01:
                    03:4b:b4:4a:b4:23:91:c2:fc:a8:71:48:eb:d9:72:
                    e7:1c:84:4f:f6:dc:c1:d6:4d:a0:92:c6:ec:c5:81:
                    b8:28:bd:5c:6b:3f:46:73:d1:ef:52:1c:d9:ec:48:
                    04:45:1e:9a:e7:24:47:46:c2:7e:31:a2:74:e8:f8:
                    ea:19:77:fe:6a:3d:8e:cb:44:67:f7:56:fe:5f:c6:
                    fd:3b:78:9a:8c:7a:bf:45:ab:fd:fd:9e:07:86:03:
                    06:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:CB:28:91:D4:0E:97:7E:BC:60:BC:1F:E9:6E:9F:6F:4C:FE:DE:E4
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/vssokdQOl368YLwf6W6fb0z-3uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.52.0/24
                  45.117.54.0/24
                  45.123.144.0/24
                  103.4.248.0/22
                  103.49.152.0/23
                  103.49.155.0/24
                  103.196.8.0/23
                  103.216.0.0/22
                  139.5.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:da:b4:68:99:96:9c:59:7f:67:1d:b4:65:e7:48:64:69:67:
         f0:6d:0f:07:6e:6a:0e:67:3a:ff:ce:bd:9e:e3:30:71:23:9b:
         43:46:bd:8a:0a:51:54:8f:03:e8:54:93:00:59:b7:3a:64:e1:
         d9:a1:b3:4c:97:d7:90:0e:ff:11:6a:cc:12:b4:85:29:fc:60:
         86:8c:66:7a:71:86:54:1d:70:70:69:da:1e:a0:5f:bf:69:fb:
         14:9c:70:0a:79:fa:4c:f1:46:b8:96:24:c1:ae:2e:df:59:19:
         a7:e2:96:be:85:8b:2f:85:98:cd:03:c0:36:2e:82:50:4f:c2:
         de:45:90:f1:23:27:f3:97:c7:56:c6:79:21:02:70:50:e6:e1:
         5e:1d:96:c4:c1:31:37:7f:01:8d:77:b2:ef:30:7a:0b:b6:bc:
         44:2d:bf:ff:2a:c6:45:fb:7f:c7:76:61:28:f3:d9:77:60:74:
         86:39:15:d3:eb:87:72:89:d8:ef:b0:ca:8c:e6:95:ad:d1:f4:
         1b:a8:89:e9:b4:17:45:5e:8a:74:49:cf:25:b7:3f:52:fb:dd:
         45:cb:92:1e:10:ec:23:3f:1a:0e:a4:9c:50:0b:30:c3:26:74:
         ce:19:30:e2:71:e6:6b:c5:5a:67:43:b2:ce:16:1c:b0:6b:47:
         4c:2b:ea:7b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZamDeRgU/TldHMYPSZEiG37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwNTA2MTQ0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWNiMjg5MWQ0MGU5NzdlYmM2MGJjMWZlOTZlOWY2ZjRjZmVkZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnvNERo7i9+GX1YzXzeAnqZnRJbL
yfNubKzyrlo3dO7rU2owffAZk7VqnYAtdwCSMmTVKXez4RdVgkh6vSxfyXhZbhyp
u6Re6v5Fl7oR+0bt4yrZ/i3Rs5+bH3iqHcn/vaK+doHXXF4TBBdiII9+yopIaSkB
DHohCTsQs8j6Fm6wP06qfEUnjvKve2c1zRi1DG0mtP75JJhvRAt+3+BpDeBjIwED
S7RKtCORwvyocUjr2XLnHIRP9tzB1k2gksbsxYG4KL1caz9Gc9HvUhzZ7EgERR6a
5yRHRsJ+MaJ06PjqGXf+aj2Oy0Rn91b+X8b9O3iajHq/Rav9/Z4HhgMGLwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFL7LKJHUDpd+vGC8H+lun29M/t7kMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvdnNzb2tkUU9sMzY4WUx3ZjZXNmZiMHotM3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALXU0AwQA
LXU2AwQALXuQAwQCZwT4AwQBZzGYAwQAZzGbAwQBZ8QIAwQCZ9gAAwQBiwUWMA0G
CSqGSIb3DQEBCwUAA4IBAQAv2rRomZacWX9nHbRl50hkaWfwbQ8HbmoOZzr/zr2e
4zBxI5tDRr2KClFUjwPoVJMAWbc6ZOHZobNMl9eQDv8RaswStIUp/GCGjGZ6cYZU
HXBwadoeoF+/afsUnHAKefpM8Ua4liTBri7fWRmn4pa+hYsvhZjNA8A2LoJQT8Le
RZDxIyfzl8dWxnkhAnBQ5uFeHZbEwTE3fwGNd7LvMHoLtrxELb//KsZF+3/HdmEo
89l3YHSGORXT64dyidjvsMqM5pWt0fQbqInptBdFXop0Sc8ltz9S+91Fy5IeEOwj
PxoOpJxQCzDDJnTOGTDiceZrxVpnQ7LOFhywa0dMK+p7
-----END CERTIFICATE-----