Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/cSW3QR0Rl7iDE6me39YzDOfIJzc.roa
File:                     cSW3QR0Rl7iDE6me39YzDOfIJzc.roa (raw, json)
Hash identifier:          4lJLmwXV/zfEv47QomIy0S4+sV8waLbjgauB1DNOdQc=
Subject key identifier:   71:25:B7:41:1D:11:97:B8:83:13:A9:9E:DF:D6:33:0C:E7:C8:27:37
Certificate issuer:       /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial:       01934DBD08B7B380AC821946AF95AF8B4502
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/cSW3QR0Rl7iDE6me39YzDOfIJzc.roa
Signing time:             Thu 21 Nov 2024 08:00:54 +0000
ROA not before:           Thu 21 Nov 2024 08:00:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54994
IP address blocks:        140.150.0.0/24 maxlen: 24
                          140.150.1.0/24 maxlen: 24
                          140.150.2.0/24 maxlen: 24
                          140.150.3.0/24 maxlen: 24
                          140.150.4.0/24 maxlen: 24
                          140.150.5.0/24 maxlen: 24
                          140.150.6.0/24 maxlen: 24
                          140.150.7.0/24 maxlen: 24
                          140.150.8.0/23 maxlen: 24
                          140.150.12.0/24 maxlen: 24
                          140.150.18.0/24 maxlen: 24
                          140.150.19.0/24 maxlen: 24
                          140.150.21.0/24 maxlen: 24
                          140.150.24.0/24 maxlen: 24
                          140.150.25.0/24 maxlen: 24
                          140.150.28.0/24 maxlen: 24
                          140.150.29.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 21 Nov 2024 16:26:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4d:bd:08:b7:b3:80:ac:82:19:46:af:95:af:8b:45:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
        Validity
            Not Before: Nov 21 08:00:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7125b7411d1197b88313a99edfd6330ce7c82737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:23:c8:e4:2a:9b:cb:3d:c6:6b:c4:aa:bd:78:
                    a4:4c:fb:34:07:97:09:14:b0:83:b7:35:39:ec:70:
                    a9:26:81:86:0d:91:23:b2:ae:1e:78:f3:1a:24:19:
                    42:45:04:56:7e:00:59:80:c0:2d:ad:c6:73:8f:03:
                    29:6f:7c:a3:f5:e8:6a:40:8f:22:43:c7:a1:56:1b:
                    8d:06:0c:6d:4c:58:ae:28:dd:e9:0d:b0:dd:9b:3c:
                    e3:65:31:9c:ea:a8:45:7a:b6:2e:22:4a:f3:f8:b6:
                    d3:0b:d2:5b:07:c1:a7:82:0a:09:c3:f6:5b:f7:1b:
                    06:52:38:73:d6:92:b9:a9:fc:bd:3b:88:84:37:6a:
                    6f:40:8d:19:13:32:8e:37:a4:4e:cb:23:6d:55:62:
                    0b:6f:0f:36:f4:96:95:f6:f0:75:84:a2:33:9c:52:
                    c6:e1:f5:06:24:f0:de:27:9f:6e:28:77:0f:0a:b1:
                    8f:30:c3:da:7e:9b:90:17:34:9a:e8:cd:11:4a:0e:
                    c4:22:ae:31:5e:99:77:32:e8:5b:27:6a:8a:4c:2c:
                    81:34:27:46:c8:1d:19:73:a7:ca:08:cb:3f:c1:52:
                    b7:c2:a6:03:75:a7:66:1d:00:d6:59:99:5e:7e:d1:
                    d5:e7:a1:67:48:dc:94:3a:f0:cc:1e:82:af:bb:76:
                    42:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:25:B7:41:1D:11:97:B8:83:13:A9:9E:DF:D6:33:0C:E7:C8:27:37
            X509v3 Authority Key Identifier:
                keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/cSW3QR0Rl7iDE6me39YzDOfIJzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.0.0-140.150.9.255
                  140.150.12.0/24
                  140.150.18.0/23
                  140.150.21.0/24
                  140.150.24.0/23
                  140.150.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:fa:02:62:e7:da:26:d7:1c:c3:85:d6:a7:a6:d2:80:9b:39:
         22:5f:82:7e:92:5d:4c:a3:73:00:1a:d3:0f:16:7c:7e:1e:d4:
         0a:65:cf:c6:42:25:f2:f1:e4:28:34:dc:02:2f:ec:a3:0a:22:
         bc:95:b5:aa:0a:e5:e3:ca:f0:aa:4a:f8:9b:5c:f9:a8:11:3a:
         55:b9:c8:17:c9:73:71:6c:13:ec:8a:85:30:d8:04:7b:f4:94:
         cd:ea:e0:3e:72:71:62:28:6f:47:ac:de:4f:99:72:ed:69:a7:
         af:1b:53:8e:e6:46:4e:a3:fa:29:aa:bf:b8:76:e9:a7:28:d2:
         9e:5b:1b:49:3b:1f:b1:0a:77:a7:ac:eb:ea:f6:03:68:e1:1b:
         d0:eb:d1:33:23:32:ac:3a:df:34:78:3b:88:58:03:ba:f7:9f:
         74:8c:13:c4:23:1c:a1:2f:56:4a:89:8b:1d:14:3f:ff:51:3f:
         cf:cd:f9:27:b0:d9:52:6a:6a:31:90:dc:a5:1d:d2:b0:22:4a:
         7a:90:77:50:cc:9d:8d:36:5c:1e:d7:c3:79:73:25:bd:43:42:
         c0:48:48:d3:82:f3:12:c3:36:96:e2:58:bc:ed:38:a5:74:a9:
         0f:c6:cc:0f:10:89:04:47:6f:c2:50:2e:b4:fd:d9:e9:cb:a3:
         c9:66:33:dd
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZNNvQi3s4CsghlGr5Wvi0UCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjQxMTIxMDgwMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI1Yjc0MTFkMTE5N2I4ODMxM2E5OWVkZmQ2MzMwY2U3YzgyNzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCPI5Cqbyz3Ga8SqvXikTPs0B5cJ
FLCDtzU57HCpJoGGDZEjsq4eePMaJBlCRQRWfgBZgMAtrcZzjwMpb3yj9ehqQI8i
Q8ehVhuNBgxtTFiuKN3pDbDdmzzjZTGc6qhFerYuIkrz+LbTC9JbB8GnggoJw/Zb
9xsGUjhz1pK5qfy9O4iEN2pvQI0ZEzKON6ROyyNtVWILbw829JaV9vB1hKIznFLG
4fUGJPDeJ59uKHcPCrGPMMPafpuQFzSa6M0RSg7EIq4xXpl3MuhbJ2qKTCyBNCdG
yB0Zc6fKCMs/wVK3wqYDdadmHQDWWZleftHV56FnSNyUOvDMHoKvu3ZC4QIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFHElt0EdEZe4gxOpnt/WMwznyCc3MB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvY1NXM1FSMFJsN2lERTZtZTM5WXpET2ZJSnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAxBAIAATArMAsDAwGMlgME
AYyWCAMEAIyWDAMEAYyWEgMEAIyWFQMEAYyWGAMEAYyWHDANBgkqhkiG9w0BAQsF
AAOCAQEAofoCYufaJtccw4XWp6bSgJs5Il+CfpJdTKNzABrTDxZ8fh7UCmXPxkIl
8vHkKDTcAi/sowoivJW1qgrl48rwqkr4m1z5qBE6VbnIF8lzcWwT7IqFMNgEe/SU
zergPnJxYihvR6zeT5ly7WmnrxtTjuZGTqP6Kaq/uHbppyjSnlsbSTsfsQp3p6zr
6vYDaOEb0OvRMyMyrDrfNHg7iFgDuvefdIwTxCMcoS9WSomLHRQ//1E/z835J7DZ
UmpqMZDcpR3SsCJKepB3UMydjTZcHtfDeXMlvUNCwEhI04LzEsM2luJYvO04pXSp
D8bMDxCJBEdvwlAutP3Z6cujyWYz3Q==
-----END CERTIFICATE-----