Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/OM4t4OW9a4XttmaFZY8Bn-w6jbg.roa
File:                     OM4t4OW9a4XttmaFZY8Bn-w6jbg.roa (raw, json)
Hash identifier:          DmkHGMMM4hGlOMn88DTYYZs4Yt8OwadtPJdq+/2U9PM=
Subject key identifier:   38:CE:2D:E0:E5:BD:6B:85:ED:B6:66:85:65:8F:01:9F:EC:3A:8D:B8
Certificate issuer:       /CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Certificate serial:       019423698C7DE90B2CFC614108D273A69D3E
Authority key identifier: B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/OM4t4OW9a4XttmaFZY8Bn-w6jbg.roa
Signing time:             Wed 01 Jan 2025 19:48:27 +0000
ROA not before:           Wed 01 Jan 2025 19:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28785
IP address blocks:        213.222.192.0/21 maxlen: 21
                          213.222.192.0/22 maxlen: 22
                          213.222.196.0/23 maxlen: 23
                          213.222.196.0/24 maxlen: 24
                          213.222.200.0/21 maxlen: 21
                          213.222.201.0/24 maxlen: 24
                          213.222.204.0/24 maxlen: 24
                          213.222.205.0/24 maxlen: 24
                          213.222.206.0/24 maxlen: 24
                          213.222.207.0/24 maxlen: 24
                          213.222.208.0/21 maxlen: 24
                          213.222.208.0/24 maxlen: 24
                          213.222.210.0/24 maxlen: 24
                          213.222.211.0/24 maxlen: 24
                          213.222.212.0/24 maxlen: 24
                          213.222.216.0/24 maxlen: 24
                          213.222.217.0/24 maxlen: 24
                          2a03:7580::/32 maxlen: 32
                          2a03:7580::/40 maxlen: 40
Validation:               Failed, certificate revoked on Mon 17 Feb 2025 10:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:8c:7d:e9:0b:2c:fc:61:41:08:d2:73:a6:9d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
        Validity
            Not Before: Jan  1 19:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38ce2de0e5bd6b85edb66685658f019fec3a8db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:68:31:8b:40:f8:f3:db:96:26:3f:2b:8d:35:
                    b9:fd:6a:5a:7b:d5:ab:9a:20:2c:df:57:91:f2:f7:
                    64:26:0c:ab:2c:eb:40:75:2a:a1:59:59:83:07:12:
                    c6:0e:d7:91:8c:da:18:9b:a3:8f:37:95:81:08:f9:
                    73:10:2c:96:33:e7:a4:95:44:9d:66:be:72:2f:d4:
                    b4:cc:05:d4:a6:87:bc:38:f1:ae:35:58:c2:d3:eb:
                    b1:1c:bb:0a:db:0d:c9:38:18:8f:21:d0:00:46:ad:
                    a3:11:b9:41:7a:cf:6b:12:be:6e:91:5f:6c:d2:e5:
                    b5:84:34:58:d9:91:7b:dd:ba:12:5a:ae:fb:0d:2f:
                    7f:9e:0a:48:63:5f:7c:78:0b:5c:79:60:22:e7:f8:
                    67:fe:23:22:68:c7:cf:6e:6b:ac:3b:48:20:02:05:
                    ba:1a:fc:7a:17:24:f4:ed:20:9d:f0:b6:b0:df:26:
                    e3:ba:17:ee:05:13:82:f3:fe:7f:f2:be:c2:0d:c6:
                    18:63:0e:ca:22:5b:34:c0:a7:28:f6:b1:7f:3d:09:
                    0a:ce:a6:a6:f6:ab:7a:bc:b7:86:60:c0:d3:f4:b7:
                    6a:30:99:69:6c:63:89:f8:74:c2:81:4f:f5:77:07:
                    76:5e:a2:b0:d2:c5:f4:28:44:c3:6a:e9:fe:c2:4a:
                    24:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:CE:2D:E0:E5:BD:6B:85:ED:B6:66:85:65:8F:01:9F:EC:3A:8D:B8
            X509v3 Authority Key Identifier:
                keyid:B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/OM4t4OW9a4XttmaFZY8Bn-w6jbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.222.192.0-213.222.217.255
                IPv6:
                  2a03:7580::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:d1:a9:dc:85:91:2c:9f:77:aa:12:5c:b2:46:fb:e7:5c:34:
         b1:e0:29:3c:f6:0d:c0:90:8c:f0:d3:b4:01:25:d3:8b:38:d5:
         30:05:e5:65:18:33:bd:cb:3b:21:13:bb:5e:6d:37:eb:70:33:
         6c:36:58:2d:e4:e4:2e:bd:0c:c5:7c:9b:ea:c8:c8:28:a0:39:
         6e:7c:9b:63:92:e0:aa:aa:09:4d:bf:95:18:c7:3f:e3:f4:86:
         87:dd:ae:a5:f8:45:02:ab:8c:7a:7a:e4:71:81:1a:75:85:6d:
         8d:57:94:d5:2f:cd:3a:7e:6b:dc:91:0f:4e:72:1e:5a:00:59:
         ac:a7:0e:cd:e6:d9:17:e3:8a:4d:b5:c5:37:1d:87:5d:f5:29:
         f1:bd:b0:cc:c5:dd:af:47:26:cc:4f:6c:54:45:7f:97:d6:ea:
         29:2a:5e:cb:4c:0c:e6:97:9e:ca:9a:b7:26:34:94:db:96:eb:
         54:da:6e:d6:56:50:aa:5c:1d:38:8d:51:8e:4b:94:1a:63:2a:
         95:8f:c9:0a:d9:7f:2f:37:66:ae:00:77:e2:9e:d4:8e:11:04:
         ef:45:ae:2b:f7:1d:31:1d:f3:59:23:55:c5:cf:fb:b7:a5:b2:
         c2:1f:85:d2:3d:f8:10:e4:86:45:e9:1c:63:d2:c3:0a:c3:63:
         b3:58:2e:66
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQjaYx96Qss/GFBCNJzpp0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDdlZDE0YjhkNTFhMjBiYWVjN2I2NjBmMDhhODBjZGNm
ODE3YmYwHhcNMjUwMTAxMTk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNlMmRlMGU1YmQ2Yjg1ZWRiNjY2ODU2NThmMDE5ZmVjM2E4ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Ggxi0D489uWJj8rjTW5/Wpae9Wr
miAs31eR8vdkJgyrLOtAdSqhWVmDBxLGDteRjNoYm6OPN5WBCPlzECyWM+eklUSd
Zr5yL9S0zAXUpoe8OPGuNVjC0+uxHLsK2w3JOBiPIdAARq2jEblBes9rEr5ukV9s
0uW1hDRY2ZF73boSWq77DS9/ngpIY198eAtceWAi5/hn/iMiaMfPbmusO0ggAgW6
Gvx6FyT07SCd8Law3ybjuhfuBROC8/5/8r7CDcYYYw7KIls0wKco9rF/PQkKzqam
9qt6vLeGYMDT9LdqMJlpbGOJ+HTCgU/1dwd2XqKw0sX0KETDaun+wkokiQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDjOLeDlvWuF7bZmhWWPAZ/sOo24MB8GA1UdIwQY
MBaAFLTX7RS41Roguux7Zg8IqAzc+Be/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2Mt
N2QwNDIzYmRhNzRjLzEvT000dDRPVzlhNFh0dG1hRlpZOEJuLXc2amJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2MtN2QwNDIzYmRhNzRj
LzEvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAbV3sAD
BAHV3tgwDQQCAAIwBwMFACoDdYAwDQYJKoZIhvcNAQELBQADggEBAILRqdyFkSyf
d6oSXLJG++dcNLHgKTz2DcCQjPDTtAEl04s41TAF5WUYM73LOyETu15tN+twM2w2
WC3k5C69DMV8m+rIyCigOW58m2OS4KqqCU2/lRjHP+P0hofdrqX4RQKrjHp65HGB
GnWFbY1XlNUvzTp+a9yRD05yHloAWaynDs3m2Rfjik21xTcdh131KfG9sMzF3a9H
JsxPbFRFf5fW6ikqXstMDOaXnsqatyY0lNuW61TabtZWUKpcHTiNUY5LlBpjKpWP
yQrZfy83Zq4Ad+Ke1I4RBO9Friv3HTEd81kjVcXP+7elssIfhdI9+BDkhkXpHGPS
wwrDY7NYLmY=
-----END CERTIFICATE-----