Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/29qKtXwWkC9IXz3gMh0MzY7VJzM.roa
File:                     29qKtXwWkC9IXz3gMh0MzY7VJzM.roa (raw, json)
Hash identifier:          aN4hDLc8Xg1kww2UTfQ8jZ0l3U2T7JL0k3TSLCBijzU=
Subject key identifier:   DB:DA:8A:B5:7C:16:90:2F:48:5F:3D:E0:32:1D:0C:CD:8E:D5:27:33
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       01959651FA9E98158651D5BE2E7A59EC7331
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/29qKtXwWkC9IXz3gMh0MzY7VJzM.roa
Signing time:             Fri 14 Mar 2025 20:21:49 +0000
ROA not before:           Fri 14 Mar 2025 20:21:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39150
IP address blocks:        91.196.136.0/24 maxlen: 24
                          91.196.137.0/24 maxlen: 24
                          91.196.138.0/24 maxlen: 24
                          91.196.139.0/24 maxlen: 24
                          93.179.69.0/24 maxlen: 24
                          93.179.120.0/24 maxlen: 24
                          95.85.83.128/25 maxlen: 25
                          95.181.213.0/24 maxlen: 24
                          109.196.133.0/24 maxlen: 24
                          195.182.8.0/24 maxlen: 24
                          2a04:8680::/32 maxlen: 32
                          2a04:8681::/32 maxlen: 32
                          2a09:d5c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 20 Mar 2025 06:48:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:96:51:fa:9e:98:15:86:51:d5:be:2e:7a:59:ec:73:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Mar 14 20:21:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbda8ab57c16902f485f3de0321d0ccd8ed52733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:60:df:85:74:c8:d9:eb:d2:29:17:49:7e:2f:
                    d3:e3:99:49:3c:29:90:30:75:00:31:47:7f:f9:6f:
                    ae:f8:14:cb:92:66:db:5a:93:eb:ae:7a:a7:7d:57:
                    27:5b:09:0c:b0:4f:bc:77:4b:22:49:60:4a:d5:be:
                    e2:86:39:bf:33:45:f7:e6:1d:30:75:29:71:25:c2:
                    44:66:c8:0c:79:8d:bb:89:0e:5d:99:57:66:47:fb:
                    6f:fc:0c:00:20:31:f5:bb:05:25:6b:3d:37:c6:4b:
                    71:cb:9e:da:aa:19:b7:db:24:3c:df:fd:ac:59:9f:
                    0f:68:93:75:3d:80:3f:7f:4f:5e:94:be:b4:e2:57:
                    f9:fb:39:9f:98:0a:22:f0:b3:42:46:9d:49:f5:43:
                    a9:16:f6:34:cc:66:c2:9d:9d:ea:69:7d:8a:d6:89:
                    58:e3:14:b2:ed:5b:86:2c:cb:5c:77:76:8b:92:6b:
                    0b:63:6d:e2:53:de:ee:88:ba:81:23:fa:df:79:a3:
                    9c:6a:14:53:56:0a:f0:4a:75:80:98:76:82:60:25:
                    1e:17:cd:59:ed:5e:5e:ad:81:b6:1f:33:b4:5e:61:
                    2f:c8:7a:1d:17:87:6f:45:5e:3e:0f:f8:65:9b:5b:
                    99:7c:8c:4f:38:aa:4f:99:96:1d:5a:ad:15:37:ad:
                    8c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:DA:8A:B5:7C:16:90:2F:48:5F:3D:E0:32:1D:0C:CD:8E:D5:27:33
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/29qKtXwWkC9IXz3gMh0MzY7VJzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.136.0/22
                  93.179.69.0/24
                  93.179.120.0/24
                  95.85.83.128/25
                  95.181.213.0/24
                  109.196.133.0/24
                  195.182.8.0/24
                IPv6:
                  2a04:8680::/31
                  2a09:d5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:cd:bb:83:08:a2:86:f2:11:39:5f:1e:7b:c6:8a:16:ac:26:
         6e:6b:58:60:1c:97:d2:82:8a:ec:a2:4d:15:f0:25:32:34:85:
         c7:48:40:54:ae:e9:5b:d7:2d:c6:f2:71:75:af:fe:08:e5:03:
         40:7a:16:21:4d:f3:57:90:08:6a:bf:0d:bd:1b:05:49:24:d7:
         af:90:da:7a:13:bf:b5:c5:33:93:e2:20:ad:e8:ce:34:f1:93:
         c6:bb:57:af:20:dc:f5:97:4c:2b:dc:b8:37:59:0d:be:fb:75:
         f0:59:1a:79:61:68:06:0b:c9:f4:74:cc:cd:bd:18:6c:5f:0f:
         81:d5:21:50:75:55:5c:4f:2c:33:47:72:7b:06:a2:58:09:e2:
         dc:6a:0a:8c:10:f7:1e:cc:d8:b4:55:d4:b8:52:04:ba:45:57:
         86:2c:eb:c3:04:e5:6b:99:01:ca:ac:35:3c:e6:0b:9f:12:7c:
         77:9f:aa:82:7f:d2:ee:5d:89:89:be:1c:87:7a:d5:3b:72:89:
         d6:7d:1b:74:b1:9e:4a:a3:d2:4f:ac:50:2e:2b:1d:70:4f:ee:
         c2:30:d8:c1:93:df:12:88:79:47:88:5a:df:4b:f7:c4:33:1d:
         14:1a:20:3a:96:2e:71:c9:06:2e:a2:7f:85:93:81:be:a7:a2:
         b1:ea:0c:16
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZWWUfqemBWGUdW+LnpZ7HMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMzE0MjAyMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmRhOGFiNTdjMTY5MDJmNDg1ZjNkZTAzMjFkMGNjZDhlZDUyNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWDfhXTI2evSKRdJfi/T45lJPCmQ
MHUAMUd/+W+u+BTLkmbbWpPrrnqnfVcnWwkMsE+8d0siSWBK1b7ihjm/M0X35h0w
dSlxJcJEZsgMeY27iQ5dmVdmR/tv/AwAIDH1uwUlaz03xktxy57aqhm32yQ83/2s
WZ8PaJN1PYA/f09elL604lf5+zmfmAoi8LNCRp1J9UOpFvY0zGbCnZ3qaX2K1olY
4xSy7VuGLMtcd3aLkmsLY23iU97uiLqBI/rfeaOcahRTVgrwSnWAmHaCYCUeF81Z
7V5erYG2HzO0XmEvyHodF4dvRV4+D/hlm1uZfIxPOKpPmZYdWq0VN62McwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFNvairV8FpAvSF894DIdDM2O1SczMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvMjlxS3RYd1drQzlJWHozZ01oME16WTdWSnpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAxBAIAATArAwQCW8SIAwQA
XbNFAwQAXbN4AwUHX1VTgAMEAF+11QMEAG3EhQMEAMO2CDAUBAIAAjAOAwUBKgSG
gAMFACoJ1cAwDQYJKoZIhvcNAQELBQADggEBAEvNu4MIoobyETlfHnvGihasJm5r
WGAcl9KCiuyiTRXwJTI0hcdIQFSu6VvXLcbycXWv/gjlA0B6FiFN81eQCGq/Db0b
BUkk16+Q2noTv7XFM5PiIK3ozjTxk8a7V68g3PWXTCvcuDdZDb77dfBZGnlhaAYL
yfR0zM29GGxfD4HVIVB1VVxPLDNHcnsGolgJ4txqCowQ9x7M2LRV1LhSBLpFV4Ys
68ME5WuZAcqsNTzmC58SfHefqoJ/0u5diYm+HId61TtyidZ9G3Sxnkqj0k+sUC4r
HXBP7sIw2MGT3xKIeUeIWt9L98QzHRQaIDqWLnHJBi6if4WTgb6norHqDBY=
-----END CERTIFICATE-----