Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/JrohWilUKA0oPf-ENhMDcY5XJNs.roa
File:                     JrohWilUKA0oPf-ENhMDcY5XJNs.roa (raw, json)
Hash identifier:          k16KBR0njo905Wb7H/hFqXNXlISBxUGYMVkYiSeP058=
Subject key identifier:   26:BA:21:5A:29:54:28:0D:28:3D:FF:84:36:13:03:71:8E:57:24:DB
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       0194B23727A5952EFCF821254A145C9778D2
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/JrohWilUKA0oPf-ENhMDcY5XJNs.roa
Signing time:             Wed 29 Jan 2025 13:19:06 +0000
ROA not before:           Wed 29 Jan 2025 13:19:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39150
IP address blocks:        91.196.136.0/24 maxlen: 24
                          91.196.137.0/24 maxlen: 24
                          91.196.138.0/24 maxlen: 24
                          91.196.139.0/24 maxlen: 24
                          93.179.68.0/23 maxlen: 23
                          93.179.69.0/24 maxlen: 24
                          93.179.94.0/24 maxlen: 24
                          93.179.120.0/24 maxlen: 24
                          95.85.83.0/24 maxlen: 24
                          95.85.83.0/25 maxlen: 25
                          95.85.83.128/25 maxlen: 25
                          95.181.212.0/23 maxlen: 23
                          95.181.213.0/24 maxlen: 24
                          109.196.133.0/24 maxlen: 24
                          195.182.8.0/24 maxlen: 24
                          2a04:8680::/32 maxlen: 32
                          2a04:8681::/32 maxlen: 32
                          2a09:d5c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Fri 31 Jan 2025 12:55:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b2:37:27:a5:95:2e:fc:f8:21:25:4a:14:5c:97:78:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan 29 13:19:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26ba215a2954280d283dff84361303718e5724db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:14:53:88:a2:e3:7d:fb:da:22:73:06:ee:83:
                    dc:80:4a:56:d5:54:a0:64:b0:c3:ef:35:c7:c7:0d:
                    79:4b:20:d3:dd:69:c5:26:01:9b:3a:95:a8:b3:69:
                    ee:eb:cc:a7:22:58:a8:38:14:56:32:cb:fd:2e:5b:
                    3b:48:38:81:20:03:5e:d3:ff:db:89:56:e7:cb:a1:
                    83:e5:7a:58:00:d4:87:29:96:00:8c:0f:87:7d:20:
                    ed:f3:e1:93:08:2c:70:5d:62:e5:73:29:f7:94:0d:
                    3d:fa:19:86:c6:b9:9f:ce:39:4b:3c:24:7e:b5:57:
                    43:43:b2:98:70:e4:74:09:33:27:e1:d7:7e:c8:e3:
                    f8:92:13:db:2e:76:8b:5d:b8:c8:4d:96:25:b8:bc:
                    96:20:7a:ff:0f:c1:cc:a3:22:a8:36:50:85:41:fc:
                    1c:18:5d:f7:f0:13:7f:41:c8:a4:1a:68:e4:7c:c6:
                    72:bc:52:41:a9:71:b0:aa:7c:c0:98:ee:b1:1f:b8:
                    50:88:73:bb:2c:8c:a8:60:c8:2c:67:0c:bb:9c:80:
                    c5:75:26:17:fd:96:6d:69:16:ef:39:aa:d1:0e:cf:
                    5b:88:56:46:2b:81:bc:73:80:1f:e9:3f:19:54:93:
                    08:bd:10:c0:70:74:3a:98:45:13:5b:3a:86:23:38:
                    aa:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BA:21:5A:29:54:28:0D:28:3D:FF:84:36:13:03:71:8E:57:24:DB
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/JrohWilUKA0oPf-ENhMDcY5XJNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.136.0/22
                  93.179.68.0/23
                  93.179.94.0/24
                  93.179.120.0/24
                  95.85.83.0/24
                  95.181.212.0/23
                  109.196.133.0/24
                  195.182.8.0/24
                IPv6:
                  2a04:8680::/31
                  2a09:d5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:6c:92:27:0c:87:19:5d:95:b8:21:dd:73:45:ae:d3:6f:34:
         ab:6e:59:45:dc:a8:13:6d:29:ce:de:52:6a:f9:43:79:0c:d0:
         75:c2:ce:9c:c8:d0:23:9f:fc:e3:55:32:3a:1a:ce:ef:79:00:
         28:91:84:64:f8:e4:82:72:25:47:73:f2:7f:09:01:33:fb:17:
         b7:c9:0c:b4:b5:6d:66:07:a5:13:ee:3e:a7:ec:f2:de:28:6d:
         cc:93:d8:3f:f6:89:84:f2:74:3e:33:2e:4a:d8:a1:b3:50:b0:
         03:a0:87:32:25:af:da:ae:85:2c:7c:d9:7a:f7:0c:5d:1b:b4:
         af:45:34:0b:72:01:15:57:c4:9e:f8:09:09:4b:eb:93:ca:c3:
         ca:86:00:db:7a:9b:7b:b5:56:1f:55:c0:f0:4f:cd:75:b0:c7:
         7c:0c:d8:00:dc:e9:61:fa:bd:d8:e5:0f:c2:af:9c:13:01:57:
         d9:60:53:77:b3:26:08:08:97:e1:91:9b:b4:ce:e2:d2:3e:eb:
         f9:51:5d:a9:d4:79:9f:91:b5:f8:b1:cb:84:e1:c6:13:f6:ed:
         be:5d:e3:40:74:54:ae:0c:da:a9:78:7e:3e:72:87:93:5c:55:
         71:ee:3f:0e:73:0f:3e:08:cc:c3:9f:9c:6c:ed:42:eb:27:6a:
         7e:f9:8f:c5
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZSyNyellS78+CElShRcl3jSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTI5MTMxOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmJhMjE1YTI5NTQyODBkMjgzZGZmODQzNjEzMDM3MThlNTcyNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5RRTiKLjffvaInMG7oPcgEpW1VSg
ZLDD7zXHxw15SyDT3WnFJgGbOpWos2nu68ynIlioOBRWMsv9Lls7SDiBIANe0//b
iVbny6GD5XpYANSHKZYAjA+HfSDt8+GTCCxwXWLlcyn3lA09+hmGxrmfzjlLPCR+
tVdDQ7KYcOR0CTMn4dd+yOP4khPbLnaLXbjITZYluLyWIHr/D8HMoyKoNlCFQfwc
GF338BN/QcikGmjkfMZyvFJBqXGwqnzAmO6xH7hQiHO7LIyoYMgsZwy7nIDFdSYX
/ZZtaRbvOarRDs9biFZGK4G8c4Af6T8ZVJMIvRDAcHQ6mEUTWzqGIziqfQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFCa6IVopVCgNKD3/hDYTA3GOVyTbMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvSnJvaFdpbFVLQTBvUGYtRU5oTURjWTVYSk5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCW8SIAwQB
XbNEAwQAXbNeAwQAXbN4AwQAX1VTAwQBX7XUAwQAbcSFAwQAw7YIMBQEAgACMA4D
BQEqBIaAAwUAKgnVwDANBgkqhkiG9w0BAQsFAAOCAQEAeGySJwyHGV2VuCHdc0Wu
0280q25ZRdyoE20pzt5SavlDeQzQdcLOnMjQI5/841UyOhrO73kAKJGEZPjkgnIl
R3PyfwkBM/sXt8kMtLVtZgelE+4+p+zy3ihtzJPYP/aJhPJ0PjMuStihs1CwA6CH
MiWv2q6FLHzZevcMXRu0r0U0C3IBFVfEnvgJCUvrk8rDyoYA23qbe7VWH1XA8E/N
dbDHfAzYANzpYfq92OUPwq+cEwFX2WBTd7MmCAiX4ZGbtM7i0j7r+VFdqdR5n5G1
+LHLhOHGE/btvl3jQHRUrgzaqXh+PnKHk1xVce4/DnMPPgjMw5+cbO1C6ydqfvmP
xQ==
-----END CERTIFICATE-----