Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/tvoUNGKypaQKLFqFdVnNr1WU8IY.roa
File:                     tvoUNGKypaQKLFqFdVnNr1WU8IY.roa (raw, json)
Hash identifier:          Srpzg2WX7ci7aKzXUN6OlrkIY+IBFlTs3+7ykaq9yTs=
Subject key identifier:   B6:FA:14:34:62:B2:A5:A4:0A:2C:5A:85:75:59:CD:AF:55:94:F0:86
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019498A08E81A49DABA11F68DC7A21D0300F
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/tvoUNGKypaQKLFqFdVnNr1WU8IY.roa
Signing time:             Fri 24 Jan 2025 14:04:06 +0000
ROA not before:           Fri 24 Jan 2025 14:04:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39150
IP address blocks:        91.196.136.0/24 maxlen: 24
                          91.196.137.0/24 maxlen: 24
                          91.196.138.0/24 maxlen: 24
                          91.196.139.0/24 maxlen: 24
                          93.179.68.0/23 maxlen: 23
                          93.179.69.0/24 maxlen: 24
                          93.179.93.0/24 maxlen: 24
                          93.179.94.0/24 maxlen: 24
                          93.179.120.0/24 maxlen: 24
                          95.85.83.0/24 maxlen: 24
                          95.85.83.0/25 maxlen: 25
                          95.85.83.128/25 maxlen: 25
                          95.181.212.0/23 maxlen: 23
                          95.181.213.0/24 maxlen: 24
                          109.196.133.0/24 maxlen: 24
                          195.182.8.0/24 maxlen: 24
                          2a04:8680::/32 maxlen: 32
                          2a04:8681::/32 maxlen: 32
                          2a09:d5c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 29 Jan 2025 13:19:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:98:a0:8e:81:a4:9d:ab:a1:1f:68:dc:7a:21:d0:30:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan 24 14:04:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6fa143462b2a5a40a2c5a857559cdaf5594f086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7a:03:b6:d6:5f:b8:69:7c:c3:d8:2a:3c:c5:
                    f8:f4:3b:25:dc:8b:02:2e:73:09:eb:12:a1:03:93:
                    bf:5e:20:fa:8f:88:fb:dd:e7:84:28:9d:87:a6:68:
                    a6:38:2d:da:12:10:17:da:8a:6b:30:4c:f2:cd:4d:
                    bf:12:83:99:ce:bc:76:e9:d9:5f:f2:76:83:95:6e:
                    9d:fa:38:ff:7c:f1:fc:e2:c7:d7:a6:fb:6c:4e:11:
                    b4:f8:c3:0a:50:d8:ad:22:8f:8a:09:48:1a:3e:f4:
                    cd:bc:0f:42:95:6d:ed:ae:c0:0f:72:3a:f2:9d:2f:
                    36:a9:b4:da:c8:83:20:8a:50:d6:00:e4:45:91:dd:
                    7a:ac:ae:92:5b:f2:f4:44:15:ca:d5:12:34:ae:f5:
                    11:e8:cf:a6:38:d5:b6:86:a8:5a:7a:d3:64:3f:45:
                    1c:96:08:d3:6e:03:24:d4:2b:3e:ec:e8:e9:39:83:
                    5c:1c:e4:ab:a4:68:fc:b8:98:94:10:14:18:ce:d1:
                    ce:40:b1:bd:d1:81:cc:99:6b:5c:97:c5:72:01:c7:
                    15:f7:89:0c:74:0b:dd:87:2d:c9:04:07:94:bb:d2:
                    33:a2:f1:32:6f:e9:3e:f8:79:3b:51:db:ca:35:05:
                    cb:c4:34:a2:eb:fc:0f:f2:4d:38:10:fc:50:93:b7:
                    7b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FA:14:34:62:B2:A5:A4:0A:2C:5A:85:75:59:CD:AF:55:94:F0:86
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/tvoUNGKypaQKLFqFdVnNr1WU8IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.136.0/22
                  93.179.68.0/23
                  93.179.93.0-93.179.94.255
                  93.179.120.0/24
                  95.85.83.0/24
                  95.181.212.0/23
                  109.196.133.0/24
                  195.182.8.0/24
                IPv6:
                  2a04:8680::/31
                  2a09:d5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:98:36:53:c3:97:07:d1:d0:f0:df:9a:0b:a5:6b:92:18:e3:
         b0:7d:86:24:0a:91:92:2a:6c:e1:09:b0:ef:69:03:fa:04:25:
         8c:c3:fc:9a:23:a8:d9:72:a6:85:c1:4f:e9:a9:00:9d:3e:76:
         46:bd:5c:3a:c0:8b:ab:a6:45:78:c1:97:be:da:44:4e:d8:f9:
         e2:f4:d4:61:61:14:54:38:ea:2f:52:a2:c9:df:b9:a9:58:7e:
         20:08:f7:59:d3:18:29:f6:77:b8:ff:8f:00:d3:b3:4f:e0:64:
         f1:c4:9f:43:d3:35:4d:41:28:fd:68:e8:7a:6c:74:35:5c:f1:
         c5:eb:fa:0b:af:24:32:0c:e6:f0:2a:5e:0c:60:a6:24:7d:5b:
         fc:e2:1f:5c:b0:9c:89:a6:95:32:b4:52:62:a4:6e:01:8c:90:
         62:81:e6:5c:d9:c4:32:0d:8a:4b:f4:26:a5:e9:a7:cd:03:24:
         96:ce:5c:51:7b:7e:b5:2e:a7:af:9b:d7:ce:91:cc:13:0e:bd:
         8d:ac:4b:fe:fe:02:96:ec:e9:30:1a:02:7a:da:a4:56:a5:83:
         c1:d9:12:36:06:db:1e:11:7e:9b:1b:f4:56:a9:97:ea:93:1f:
         83:cf:c6:60:88:af:ea:c9:f4:81:db:aa:19:e6:f1:59:fa:b5:
         72:17:68:e1
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZSYoI6BpJ2roR9o3Hoh0DAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTI0MTQwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmZhMTQzNDYyYjJhNWE0MGEyYzVhODU3NTU5Y2RhZjU1OTRmMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXoDttZfuGl8w9gqPMX49Dsl3IsC
LnMJ6xKhA5O/XiD6j4j73eeEKJ2HpmimOC3aEhAX2oprMEzyzU2/EoOZzrx26dlf
8naDlW6d+jj/fPH84sfXpvtsThG0+MMKUNitIo+KCUgaPvTNvA9ClW3trsAPcjry
nS82qbTayIMgilDWAORFkd16rK6SW/L0RBXK1RI0rvUR6M+mONW2hqhaetNkP0Uc
lgjTbgMk1Cs+7OjpOYNcHOSrpGj8uJiUEBQYztHOQLG90YHMmWtcl8VyAccV94kM
dAvdhy3JBAeUu9IzovEyb+k++Hk7UdvKNQXLxDSi6/wP8k04EPxQk7d7JwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFLb6FDRisqWkCixahXVZza9VlPCGMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvdHZvVU5HS3lwYVFLTEZxRmRWbk5yMVdVOElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQCW8SIAwQB
XbNEMAwDBABds10DBABds14DBABds3gDBABfVVMDBAFftdQDBABtxIUDBADDtggw
FAQCAAIwDgMFASoEhoADBQAqCdXAMA0GCSqGSIb3DQEBCwUAA4IBAQCYmDZTw5cH
0dDw35oLpWuSGOOwfYYkCpGSKmzhCbDvaQP6BCWMw/yaI6jZcqaFwU/pqQCdPnZG
vVw6wIurpkV4wZe+2kRO2Pni9NRhYRRUOOovUqLJ37mpWH4gCPdZ0xgp9ne4/48A
07NP4GTxxJ9D0zVNQSj9aOh6bHQ1XPHF6/oLryQyDObwKl4MYKYkfVv84h9csJyJ
ppUytFJipG4BjJBigeZc2cQyDYpL9Cal6afNAySWzlxRe361Lqevm9fOkcwTDr2N
rEv+/gKW7OkwGgJ62qRWpYPB2RI2BtseEX6bG/RWqZfqkx+Dz8ZgiK/qyfSB26oZ
5vFZ+rVyF2jh
-----END CERTIFICATE-----