Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/sK0kAF4PfJ6EOhTOg-mgYEXgcsw.roa
File:                     sK0kAF4PfJ6EOhTOg-mgYEXgcsw.roa (raw, json)
Hash identifier:          I/xocr52jYdYDRH4B2fr7a2fTSPDoR9Zr309znC4wIc=
Subject key identifier:   B0:AD:24:00:5E:0F:7C:9E:84:3A:14:CE:83:E9:A0:60:45:E0:72:CC
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       01946F514D7092784E38147EBEE6E6B15CB2
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/sK0kAF4PfJ6EOhTOg-mgYEXgcsw.roa
Signing time:             Thu 16 Jan 2025 13:33:06 +0000
ROA not before:           Thu 16 Jan 2025 13:33:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        86.104.215.0/24 maxlen: 24
                          89.32.200.0/24 maxlen: 24
                          89.32.204.0/24 maxlen: 24
                          89.33.83.0/24 maxlen: 24
                          103.47.52.0/22 maxlen: 22
                          162.218.158.0/24 maxlen: 24
                          188.215.5.0/24 maxlen: 24
                          194.26.149.0/24 maxlen: 24
                          212.102.116.0/24 maxlen: 24
                          2a07:4a80::/29 maxlen: 29
                          2a0a:eb00::/29 maxlen: 29
                          2a0a:eb00::/30 maxlen: 30
                          2a11:3bc0::/29 maxlen: 29
                          2a11:3bc0::/30 maxlen: 30
Validation:               Failed, certificate revoked on Fri 17 Jan 2025 07:55:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6f:51:4d:70:92:78:4e:38:14:7e:be:e6:e6:b1:5c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jan 16 13:33:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0ad24005e0f7c9e843a14ce83e9a06045e072cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:19:73:1e:cd:85:26:00:fb:ae:b6:73:f5:e6:
                    0f:c4:d6:13:bb:10:22:0e:73:77:c8:6e:51:ce:15:
                    18:8d:67:b7:44:1e:0e:76:5d:f6:9e:57:ab:82:58:
                    ca:09:18:20:62:24:30:41:25:b7:f4:e7:da:74:fd:
                    d7:8c:ac:38:3c:cc:20:b0:37:76:5b:72:b1:7e:73:
                    8b:7a:7b:6a:da:82:b5:7b:d4:72:0c:e9:08:71:9a:
                    7d:f9:13:22:4d:6d:ec:05:72:5e:dd:00:22:de:44:
                    51:a8:e2:a2:af:9c:07:c2:7c:65:b0:dd:35:78:cd:
                    ce:e7:b9:34:74:4a:a0:4d:1e:7a:2f:71:75:0d:37:
                    b7:e9:32:63:bc:27:e5:0d:fa:01:c2:ae:66:87:e0:
                    f7:55:da:22:72:0a:09:6d:bb:a1:6a:00:5a:a9:e9:
                    73:14:0d:eb:77:ff:53:4e:d5:d5:4f:2d:1d:f4:ba:
                    e1:06:25:bb:0e:04:fd:48:a0:14:7d:47:18:91:e9:
                    9d:14:92:22:0e:07:97:cd:57:69:a7:ad:99:f1:92:
                    df:57:bd:c8:f2:3b:f9:ed:2a:c9:f9:2e:0a:47:50:
                    d0:0c:04:a4:08:8f:92:f4:7b:80:64:4a:29:19:a6:
                    df:d2:49:91:a5:97:e1:c8:56:df:d5:09:ac:9c:e4:
                    e2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:AD:24:00:5E:0F:7C:9E:84:3A:14:CE:83:E9:A0:60:45:E0:72:CC
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/sK0kAF4PfJ6EOhTOg-mgYEXgcsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.215.0/24
                  89.32.200.0/24
                  89.32.204.0/24
                  89.33.83.0/24
                  103.47.52.0/22
                  162.218.158.0/24
                  188.215.5.0/24
                  194.26.149.0/24
                  212.102.116.0/24
                IPv6:
                  2a07:4a80::/29
                  2a0a:eb00::/29
                  2a11:3bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:80:5e:08:df:2a:2b:7d:05:23:3c:65:31:c2:6b:0e:98:85:
         e4:0a:8a:a7:45:b9:1e:fd:ac:4c:bf:4f:ae:65:0b:f4:1e:9f:
         46:dc:da:d2:a2:42:fd:e5:8d:3d:f0:5f:ee:1f:39:e4:db:b7:
         85:d6:a6:eb:40:19:7f:de:36:42:1e:cd:f7:ff:92:1d:d7:b3:
         7c:1e:d3:ea:7d:7a:20:3e:01:1f:49:27:58:9f:fc:c3:2b:11:
         1c:f4:f7:18:6a:ad:89:a2:87:71:fb:77:6b:68:fb:8c:3e:b4:
         4d:5a:3e:82:80:b1:01:b9:91:ff:73:17:db:97:df:ad:3c:11:
         7f:73:6c:1f:26:a5:0a:79:32:96:27:a2:45:24:97:9a:e5:00:
         e9:c1:7a:1f:8c:34:5a:12:d3:88:74:10:dc:fb:cb:ba:62:70:
         2b:42:f7:8e:fe:99:e3:f3:69:99:ed:d9:fb:90:66:b2:68:70:
         74:76:42:d3:3b:01:51:8d:70:71:fc:13:b0:b2:6b:b8:a0:ea:
         ba:e2:40:e1:34:44:25:f6:50:57:ed:f3:77:3b:f1:3a:1a:9e:
         e5:39:5e:8e:44:b1:ba:3b:69:fe:39:20:b6:7c:7b:b9:e5:bc:
         38:3b:1a:db:58:23:65:66:6f:56:fa:e2:cf:57:ab:36:92:59:
         4e:81:8f:c2
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAZRvUU1wknhOOBR+vubmsVyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjUwMTE2MTMzMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGFkMjQwMDVlMGY3YzllODQzYTE0Y2U4M2U5YTA2MDQ1ZTA3MmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRlzHs2FJgD7rrZz9eYPxNYTuxAi
DnN3yG5RzhUYjWe3RB4Odl32nlergljKCRggYiQwQSW39OfadP3XjKw4PMwgsDd2
W3KxfnOLentq2oK1e9RyDOkIcZp9+RMiTW3sBXJe3QAi3kRRqOKir5wHwnxlsN01
eM3O57k0dEqgTR56L3F1DTe36TJjvCflDfoBwq5mh+D3VdoicgoJbbuhagBaqelz
FA3rd/9TTtXVTy0d9LrhBiW7DgT9SKAUfUcYkemdFJIiDgeXzVdpp62Z8ZLfV73I
8jv57SrJ+S4KR1DQDASkCI+S9HuAZEopGabf0kmRpZfhyFbf1QmsnOTiawIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFLCtJABeD3yehDoUzoPpoGBF4HLMMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvc0swa0FGNFBmSjZFT2hUT2ctbWdZRVhnY3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzA8BAIAATA2AwQAVmjXAwQA
WSDIAwQAWSDMAwQAWSFTAwQCZy80AwQAotqeAwQAvNcFAwQAwhqVAwQA1GZ0MBsE
AgACMBUDBQMqB0qAAwUDKgrrAAMFAyoRO8AwDQYJKoZIhvcNAQELBQADggEBAA2A
XgjfKit9BSM8ZTHCaw6YheQKiqdFuR79rEy/T65lC/Qen0bc2tKiQv3ljT3wX+4f
OeTbt4XWputAGX/eNkIezff/kh3Xs3we0+p9eiA+AR9JJ1if/MMrERz09xhqrYmi
h3H7d2to+4w+tE1aPoKAsQG5kf9zF9uX3608EX9zbB8mpQp5MpYnokUkl5rlAOnB
eh+MNFoS04h0ENz7y7picCtC947+mePzaZnt2fuQZrJocHR2QtM7AVGNcHH8E7Cy
a7ig6rriQOE0RCX2UFft83c78ToanuU5Xo5Esbo7af45ILZ8e7nlvDg7GttYI2Vm
b1b64s9XqzaSWU6Bj8I=
-----END CERTIFICATE-----