Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/rFoBHK3qyEgRIAkhpUzGVDwYhbs.roa
File:                     rFoBHK3qyEgRIAkhpUzGVDwYhbs.roa (raw, json)
Hash identifier:          kRxRrmeefOQinGlPy1xxakwaLzxCMpAxZe4mdszXpCg=
Subject key identifier:   AC:5A:01:1C:AD:EA:C8:48:11:20:09:21:A5:4C:C6:54:3C:18:85:BB
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018D3B4CCA7C391990A3AAE81379BBB2DD5E
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/rFoBHK3qyEgRIAkhpUzGVDwYhbs.roa
Signing time:             Wed 24 Jan 2024 11:48:24 +0000
ROA not before:           Wed 24 Jan 2024 11:48:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197540
IP address blocks:        94.16.30.0/23 maxlen: 23
                          94.16.104.0/22 maxlen: 24
                          94.16.108.0/22 maxlen: 24
                          94.16.112.0/21 maxlen: 24
                          94.16.120.0/22 maxlen: 24
                          185.232.68.0/22 maxlen: 22
                          188.172.228.0/23 maxlen: 24
                          193.26.156.0/22 maxlen: 22
                          194.36.144.0/22 maxlen: 22
                          2a00:11c0:5f::/48 maxlen: 48
                          2a00:11c0:60::/48 maxlen: 48
                          2a00:11c0:81::/56 maxlen: 64

Validation:               Failed, certificate revoked on Thu 01 Feb 2024 09:34:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:4c:ca:7c:39:19:90:a3:aa:e8:13:79:bb:b2:dd:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan 24 11:48:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac5a011cadeac84811200921a54cc6543c1885bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:35:eb:e4:ac:0f:e8:f7:7a:4d:9d:78:05:0b:
                    62:e3:79:80:4d:3f:be:1c:04:58:71:9e:4f:86:77:
                    8d:d4:ea:fa:5c:0a:ee:09:10:bd:cc:6b:68:d5:ec:
                    fb:2a:4c:eb:d2:76:ec:58:c4:ed:e1:d9:d3:f4:05:
                    75:2b:f3:ee:9e:5a:16:a9:7a:9f:92:dd:e3:40:7a:
                    b7:1e:a0:9f:e1:48:73:8e:e4:ef:fe:34:ca:c6:0f:
                    92:f6:a5:d3:d5:81:c8:9a:c6:c3:b8:4a:38:65:2b:
                    1a:36:fe:b8:09:6f:bf:a5:a2:e2:cf:b0:2b:b8:f2:
                    ff:b2:b2:0b:88:c2:bb:bf:0d:8e:86:b4:7d:8f:cc:
                    9d:08:75:1c:71:a4:b0:7a:ed:46:3a:58:ca:26:f4:
                    5a:a8:2b:85:22:9e:5e:46:d0:34:09:e7:db:52:df:
                    73:98:0b:69:ca:a2:1d:f7:ad:dc:13:a5:99:ec:e8:
                    d4:f6:d3:94:85:0e:42:bc:3d:19:3a:3c:82:a1:9a:
                    f4:d2:fa:4f:5f:e8:73:66:b7:d3:e7:e2:a4:cc:48:
                    9a:50:50:19:e2:7a:7c:bf:77:00:73:9d:ba:b9:a0:
                    2f:fb:e6:fc:55:af:3c:63:0a:32:a8:a2:34:e6:40:
                    11:5f:b7:f1:ac:86:f0:37:22:cb:7d:59:fd:52:98:
                    c5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5A:01:1C:AD:EA:C8:48:11:20:09:21:A5:4C:C6:54:3C:18:85:BB
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/rFoBHK3qyEgRIAkhpUzGVDwYhbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.16.30.0/23
                  94.16.104.0-94.16.123.255
                  185.232.68.0/22
                  188.172.228.0/23
                  193.26.156.0/22
                  194.36.144.0/22
                IPv6:
                  2a00:11c0:5f::-2a00:11c0:60:ffff:ffff:ffff:ffff:ffff
                  2a00:11c0:81::/56

    Signature Algorithm: sha256WithRSAEncryption
         bd:6c:8c:85:d4:25:32:94:ea:df:3f:ad:27:a7:e5:3e:6a:55:
         9b:4e:76:68:b2:73:b5:59:ab:4b:31:2d:69:fb:42:49:5d:f8:
         68:ab:9a:c7:4a:64:f4:8c:2e:05:6f:a1:ce:41:84:14:a5:68:
         c1:9d:12:8f:20:15:0f:3e:34:40:90:55:f2:e2:fe:95:7f:ce:
         1c:f0:dd:d1:79:1c:3f:26:6f:c8:32:14:21:9f:23:41:d8:d5:
         86:5c:d7:26:38:dc:f0:1e:68:bf:3c:63:7a:9c:7a:c2:74:c6:
         39:f3:b0:ce:6b:00:9c:ee:07:6d:21:1a:89:43:87:2c:ec:8f:
         2b:0e:6d:6d:a3:d2:f0:c4:ba:f5:64:c7:4c:1b:fc:1b:d1:10:
         3f:f5:24:ee:84:08:d5:d9:64:33:c8:81:ad:34:35:7d:f6:ae:
         85:14:ac:7a:39:82:d5:38:09:0d:e2:5d:66:58:7f:0d:fc:a9:
         b9:e5:c9:66:8c:4e:b8:b0:18:a7:9b:2f:3d:0a:74:e9:cc:22:
         d2:b6:11:f6:5b:a1:32:eb:dc:cc:07:17:20:60:a3:ec:d7:6a:
         34:27:bc:1c:4c:1d:37:b1:b0:c3:fb:ea:2e:5c:ee:d8:10:ee:
         d1:d1:39:d1:24:b7:23:cc:c0:8f:a1:c5:4f:2d:3b:00:ea:53:
         e1:f2:3a:ca
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY07TMp8ORmQo6roE3m7st1eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTI0MTE0ODI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVhMDExY2FkZWFjODQ4MTEyMDA5MjFhNTRjYzY1NDNjMTg4NWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTXr5KwP6Pd6TZ14BQti43mATT++
HARYcZ5PhneN1Or6XAruCRC9zGto1ez7Kkzr0nbsWMTt4dnT9AV1K/PunloWqXqf
kt3jQHq3HqCf4UhzjuTv/jTKxg+S9qXT1YHImsbDuEo4ZSsaNv64CW+/paLiz7Ar
uPL/srILiMK7vw2OhrR9j8ydCHUccaSweu1GOljKJvRaqCuFIp5eRtA0CefbUt9z
mAtpyqId963cE6WZ7OjU9tOUhQ5CvD0ZOjyCoZr00vpPX+hzZrfT5+KkzEiaUFAZ
4np8v3cAc526uaAv++b8Va88YwoyqKI05kARX7fxrIbwNyLLfVn9UpjFCQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFKxaARyt6shIESAJIaVMxlQ8GIW7MB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvckZvQkhLM3F5RWdSSUFraHBVekdWRHdZaGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjAyBAIAATAsAwQBXhAeMAwD
BANeEGgDBAJeEHgDBAK56EQDBAG8rOQDBALBGpwDBALCJJAwJAQCAAIwHjASAwcA
KgARwABfAwcAKgARwABgAwgAKgARwACBADANBgkqhkiG9w0BAQsFAAOCAQEAvWyM
hdQlMpTq3z+tJ6flPmpVm052aLJztVmrSzEtaftCSV34aKuax0pk9IwuBW+hzkGE
FKVowZ0SjyAVDz40QJBV8uL+lX/OHPDd0XkcPyZvyDIUIZ8jQdjVhlzXJjjc8B5o
vzxjepx6wnTGOfOwzmsAnO4HbSEaiUOHLOyPKw5tbaPS8MS69WTHTBv8G9EQP/Uk
7oQI1dlkM8iBrTQ1ffauhRSsejmC1TgJDeJdZlh/DfypueXJZoxOuLAYp5svPQp0
6cwi0rYR9luhMuvczAcXIGCj7NdqNCe8HEwdN7Gww/vqLlzu2BDu0dE50SS3I8zA
j6HFTy07AOpT4fI6yg==
-----END CERTIFICATE-----