Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/pfpG_DfQawRxscXraT72qg85o70.roa
File:                     pfpG_DfQawRxscXraT72qg85o70.roa (raw, json)
Hash identifier:          rDk7CHSseLkdNmtOLBLWdII9vlngiHoIMacW+spPL68=
Subject key identifier:   A5:FA:46:FC:37:D0:6B:04:71:B1:C5:EB:69:3E:F6:AA:0F:39:A3:BD
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       0196D37FBADD72EDFAB0A593DC2C9A1A0A3D
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/pfpG_DfQawRxscXraT72qg85o70.roa
Signing time:             Thu 15 May 2025 10:31:25 +0000
ROA not before:           Thu 15 May 2025 10:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39150
IP address blocks:        91.196.136.0/24 maxlen: 24
                          91.196.137.0/24 maxlen: 24
                          91.196.138.0/24 maxlen: 24
                          91.196.139.0/24 maxlen: 24
                          93.179.69.0/24 maxlen: 24
                          93.179.120.0/24 maxlen: 24
                          95.85.83.128/25 maxlen: 25
                          95.181.213.0/24 maxlen: 24
                          109.196.133.0/24 maxlen: 24
                          195.182.8.0/24 maxlen: 24
                          2a04:8680::/32 maxlen: 32
                          2a04:8681::/32 maxlen: 32
                          2a09:d5c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 28 May 2025 14:03:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:7f:ba:dd:72:ed:fa:b0:a5:93:dc:2c:9a:1a:0a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: May 15 10:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5fa46fc37d06b0471b1c5eb693ef6aa0f39a3bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b3:0f:82:d5:6d:c3:27:cb:c9:21:77:d0:c8:
                    05:8e:f8:d7:5d:b8:e4:c1:f7:19:1d:d8:c1:ec:aa:
                    11:e8:7e:c2:da:f9:d8:68:e3:b6:18:4c:06:b1:c4:
                    a0:fe:a5:62:18:27:92:43:bf:99:ad:35:6f:33:ba:
                    a3:29:b8:bd:72:d5:bf:26:8a:00:9c:57:7e:5d:26:
                    94:ce:4d:ef:97:fa:7f:12:27:36:10:19:cc:59:90:
                    c1:64:f6:e4:fa:5f:e9:b5:16:2b:47:69:8b:61:10:
                    fb:05:f3:48:64:ce:17:4d:1f:5a:58:f4:64:ff:d4:
                    47:86:8a:c3:4b:5a:d8:1e:d6:50:28:ed:71:f0:72:
                    cc:b1:bc:40:16:35:f2:8d:db:21:4d:24:f3:32:ce:
                    3f:e1:7d:91:76:f6:72:b6:41:fc:3d:d4:93:06:fd:
                    30:32:70:62:6b:d6:5b:8a:85:00:13:89:71:b0:bb:
                    e7:45:c5:3b:a0:8b:0c:3f:b1:fb:fe:8d:8e:09:92:
                    e2:b1:bf:15:86:12:e8:f7:56:90:c1:68:3e:6c:86:
                    eb:fc:83:3a:0d:68:f1:d9:40:c0:fc:cc:76:a8:c8:
                    c4:1e:c9:11:02:6e:44:db:dc:cf:6b:36:3a:68:c8:
                    95:c6:f1:3b:2c:be:12:ff:4b:c5:ea:7b:97:b8:99:
                    cd:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:FA:46:FC:37:D0:6B:04:71:B1:C5:EB:69:3E:F6:AA:0F:39:A3:BD
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/pfpG_DfQawRxscXraT72qg85o70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.136.0/22
                  93.179.69.0/24
                  93.179.120.0/24
                  95.85.83.128/25
                  95.181.213.0/24
                  109.196.133.0/24
                  195.182.8.0/24
                IPv6:
                  2a04:8680::/31
                  2a09:d5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:9b:c5:f9:f5:78:36:90:51:65:da:0b:99:7e:63:ab:a1:99:
         20:b7:3d:30:c9:d4:88:f5:83:6e:38:ab:80:d7:ce:33:ea:8c:
         1a:16:21:ec:69:dd:fb:2a:fa:9c:e9:d2:77:bf:0d:93:72:7d:
         5a:2d:77:09:7a:f6:39:d2:12:77:6b:6e:2d:d6:af:26:9c:dc:
         4e:16:ce:0d:7b:75:cf:1a:ec:9a:3e:ca:33:2e:34:01:d0:ff:
         5e:61:9f:c4:c3:0d:ba:f8:0f:52:78:bf:84:2b:ac:fb:a4:93:
         66:84:10:d2:b6:23:81:4f:46:67:0f:30:7e:96:86:b1:f2:0c:
         64:61:02:06:74:fd:ec:87:19:f1:c0:34:d8:b8:c1:73:57:6f:
         4b:22:a1:ca:97:bd:0a:2c:fd:9e:5b:b1:a2:9e:67:1e:1b:20:
         c4:1a:bf:a1:11:a7:6f:b9:67:ee:a4:48:3c:1c:84:af:9c:5d:
         97:f4:67:02:9c:84:97:e6:37:eb:a3:57:76:ee:c4:f2:6e:fa:
         24:2f:80:24:fc:d4:10:09:b4:4b:a3:2f:0b:d4:c0:4d:d1:8c:
         7c:c7:d4:43:13:c6:3d:3b:4d:65:99:94:ba:4d:37:d3:23:28:
         92:c1:be:81:d4:0d:78:0e:f3:6f:c8:f9:26:aa:7b:25:34:2a:
         8e:e9:dd:62
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZbTf7rdcu36sKWT3CyaGgo9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwNTE1MTAzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWZhNDZmYzM3ZDA2YjA0NzFiMWM1ZWI2OTNlZjZhYTBmMzlhM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbMPgtVtwyfLySF30MgFjvjXXbjk
wfcZHdjB7KoR6H7C2vnYaOO2GEwGscSg/qViGCeSQ7+ZrTVvM7qjKbi9ctW/JooA
nFd+XSaUzk3vl/p/Eic2EBnMWZDBZPbk+l/ptRYrR2mLYRD7BfNIZM4XTR9aWPRk
/9RHhorDS1rYHtZQKO1x8HLMsbxAFjXyjdshTSTzMs4/4X2RdvZytkH8PdSTBv0w
MnBia9ZbioUAE4lxsLvnRcU7oIsMP7H7/o2OCZLisb8VhhLo91aQwWg+bIbr/IM6
DWjx2UDA/Mx2qMjEHskRAm5E29zPazY6aMiVxvE7LL4S/0vF6nuXuJnNAQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFKX6Rvw30GsEcbHF62k+9qoPOaO9MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvcGZwR19EZlFhd1J4c2NYcmFUNzJxZzg1bzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAxBAIAATArAwQCW8SIAwQA
XbNFAwQAXbN4AwUHX1VTgAMEAF+11QMEAG3EhQMEAMO2CDAUBAIAAjAOAwUBKgSG
gAMFACoJ1cAwDQYJKoZIhvcNAQELBQADggEBAGGbxfn1eDaQUWXaC5l+Y6uhmSC3
PTDJ1Ij1g244q4DXzjPqjBoWIexp3fsq+pzp0ne/DZNyfVotdwl69jnSEndrbi3W
ryac3E4Wzg17dc8a7Jo+yjMuNAHQ/15hn8TDDbr4D1J4v4QrrPukk2aEENK2I4FP
RmcPMH6WhrHyDGRhAgZ0/eyHGfHANNi4wXNXb0siocqXvQos/Z5bsaKeZx4bIMQa
v6ERp2+5Z+6kSDwchK+cXZf0ZwKchJfmN+ujV3buxPJu+iQvgCT81BAJtEujLwvU
wE3RjHzH1EMTxj07TWWZlLpNN9MjKJLBvoHUDXgO82/I+SaqeyU0Ko7p3WI=
-----END CERTIFICATE-----