Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/obf1npbiwjON9kQSEhFTSjVRWrI.roa
File:                     obf1npbiwjON9kQSEhFTSjVRWrI.roa (raw, json)
Hash identifier:          qCSOTQSCNuAXYJHHpUqUC+/9J2QBX5LLxOCPMX0lco8=
Subject key identifier:   A1:B7:F5:9E:96:E2:C2:33:8D:F6:44:12:12:11:53:4A:35:51:5A:B2
Certificate issuer:       /CN=24147c8b3f37850e9f9074993845c4e069f8efe2
Certificate serial:       0194737BE39D8C9F3B8E951029A662D31340
Authority key identifier: 24:14:7C:8B:3F:37:85:0E:9F:90:74:99:38:45:C4:E0:69:F8:EF:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBR8iz83hQ6fkHSZOEXE4Gn47-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/obf1npbiwjON9kQSEhFTSjVRWrI.roa
Signing time:             Fri 17 Jan 2025 08:58:06 +0000
ROA not before:           Fri 17 Jan 2025 08:58:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9141
IP address blocks:        85.222.52.0/22 maxlen: 22
                          89.70.108.0/22 maxlen: 22
                          89.72.228.0/22 maxlen: 22
                          89.77.216.0/22 maxlen: 22
                          195.34.210.0/23 maxlen: 23
                          217.119.64.0/20 maxlen: 20
                          2a02:a315:e500::/40 maxlen: 40
                          2a02:a316:e100::/40 maxlen: 40
                          2a02:a319:6000::/40 maxlen: 40
                          2a02:a31b:c400::/40 maxlen: 40
Validation:               Failed, certificate revoked on Thu 23 Jan 2025 09:30:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:7b:e3:9d:8c:9f:3b:8e:95:10:29:a6:62:d3:13:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24147c8b3f37850e9f9074993845c4e069f8efe2
        Validity
            Not Before: Jan 17 08:58:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1b7f59e96e2c2338df644121211534a35515ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:bd:19:d4:c2:e3:60:1f:08:a9:6a:77:71:5e:
                    16:2d:8b:ee:54:07:c9:8c:86:a1:26:f6:b6:32:e2:
                    a5:c3:b9:21:28:c8:17:93:7b:99:54:33:8f:1b:72:
                    88:19:47:4f:d1:e5:73:f9:81:51:36:03:e2:b9:e0:
                    c5:4e:58:12:d7:ed:f3:be:9c:9c:e6:e3:0c:44:8e:
                    4e:e1:af:eb:e8:40:06:20:f5:ab:4d:88:db:1a:1a:
                    9e:21:2f:79:07:81:31:ea:42:fa:db:33:d5:28:87:
                    9d:87:7b:70:4e:0d:8f:39:cd:3f:d9:6a:2f:b6:76:
                    ec:52:56:b9:b8:04:b1:09:81:7b:a6:b0:f1:cf:b0:
                    78:06:a0:24:89:bc:b1:41:05:d9:26:09:22:d1:dd:
                    22:03:ec:a8:1a:22:77:83:5e:dd:6a:d3:66:26:96:
                    d8:ee:0c:7b:54:66:a1:91:0b:4e:3b:c2:31:f4:35:
                    9b:57:09:57:13:22:bb:54:83:70:72:03:2b:96:3b:
                    28:76:34:b8:7d:1c:13:7e:4f:df:de:c1:f3:ce:47:
                    95:29:6f:f0:47:a4:d9:50:54:64:d4:54:2e:96:cc:
                    27:47:49:97:66:3a:38:13:7e:e9:c2:38:ea:20:ae:
                    bf:54:2a:b8:2e:1c:a5:75:9e:c6:a8:42:2e:6f:2f:
                    81:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:B7:F5:9E:96:E2:C2:33:8D:F6:44:12:12:11:53:4A:35:51:5A:B2
            X509v3 Authority Key Identifier:
                keyid:24:14:7C:8B:3F:37:85:0E:9F:90:74:99:38:45:C4:E0:69:F8:EF:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBR8iz83hQ6fkHSZOEXE4Gn47-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/obf1npbiwjON9kQSEhFTSjVRWrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/8da5fe-f405-4ce0-b2d1-b3535b4ca50f/1/JBR8iz83hQ6fkHSZOEXE4Gn47-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.52.0/22
                  89.70.108.0/22
                  89.72.228.0/22
                  89.77.216.0/22
                  195.34.210.0/23
                  217.119.64.0/20
                IPv6:
                  2a02:a315:e500::/40
                  2a02:a316:e100::/40
                  2a02:a319:6000::/40
                  2a02:a31b:c400::/40

    Signature Algorithm: sha256WithRSAEncryption
         58:7a:2f:47:a1:ef:23:56:fa:0f:6c:b1:97:26:ce:83:a1:f9:
         c1:0a:8c:5e:5f:11:a0:89:fd:5e:02:ff:95:18:38:fe:62:db:
         5f:01:c6:6e:f3:b1:a2:9c:7a:e4:e0:62:b9:ad:0a:49:f5:de:
         64:04:54:d5:dc:7f:c1:75:da:45:83:17:f8:9a:7c:7f:1e:19:
         bf:87:ef:60:0d:1d:2f:3d:04:2f:c6:87:72:43:bd:a1:dc:8c:
         d7:ba:3b:21:8c:a0:44:0b:b6:b7:49:c1:26:af:d6:ed:47:07:
         47:ce:bf:0f:0b:49:58:0e:d0:90:1d:e9:3f:bc:6d:de:e5:0c:
         50:9d:99:db:71:cf:20:ef:6a:5e:9d:36:28:5a:b4:a5:22:aa:
         d0:7a:aa:15:e8:86:16:68:e2:42:42:e9:fb:84:7f:b8:af:42:
         06:1b:7e:5e:20:9f:9e:24:0f:a5:a5:6d:77:ff:2b:2f:1c:9c:
         91:f8:9a:74:e9:6a:3d:84:f8:ea:be:5d:aa:7e:b9:7a:5d:90:
         73:71:12:ef:a0:2c:62:3b:ce:8b:86:ef:05:38:4d:e1:ba:bb:
         dc:df:b2:12:6a:4d:95:24:67:52:64:44:60:4d:b7:35:0a:db:
         3d:00:4c:58:79:4c:b7:15:f5:af:41:e2:5e:6b:71:e8:7a:97:
         84:bf:dc:b7
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZRze+OdjJ87jpUQKaZi0xNAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTQ3YzhiM2YzNzg1MGU5ZjkwNzQ5OTM4NDVjNGUwNjlm
OGVmZTIwHhcNMjUwMTE3MDg1ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWI3ZjU5ZTk2ZTJjMjMzOGRmNjQ0MTIxMjExNTM0YTM1NTE1YWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAub0Z1MLjYB8IqWp3cV4WLYvuVAfJ
jIahJva2MuKlw7khKMgXk3uZVDOPG3KIGUdP0eVz+YFRNgPiueDFTlgS1+3zvpyc
5uMMRI5O4a/r6EAGIPWrTYjbGhqeIS95B4Ex6kL62zPVKIedh3twTg2POc0/2Wov
tnbsUla5uASxCYF7prDxz7B4BqAkibyxQQXZJgki0d0iA+yoGiJ3g17datNmJpbY
7gx7VGahkQtOO8Ix9DWbVwlXEyK7VINwcgMrljsodjS4fRwTfk/f3sHzzkeVKW/w
R6TZUFRk1FQulswnR0mXZjo4E37pwjjqIK6/VCq4LhyldZ7GqEIuby+BswIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKG39Z6W4sIzjfZEEhIRU0o1UVqyMB8GA1UdIwQY
MBaAFCQUfIs/N4UOn5B0mThFxOBp+O/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJSOGl6ODNoUTZma0hTWk9FWEU0R240Ny1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS84ZGE1ZmUtZjQwNS00Y2UwLWIyZDEt
YjM1MzViNGNhNTBmLzEvb2JmMW5wYml3ak9OOWtRU0VoRlRTalZSV3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS84ZGE1ZmUtZjQwNS00Y2UwLWIyZDEtYjM1MzViNGNhNTBm
LzEvSkJSOGl6ODNoUTZma0hTWk9FWEU0R240Ny1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDAqBAIAATAkAwQCVd40AwQC
WUZsAwQCWUjkAwQCWU3YAwQBwyLSAwQE2XdAMCYEAgACMCADBgAqAqMV5QMGACoC
oxbhAwYAKgKjGWADBgAqAqMbxDANBgkqhkiG9w0BAQsFAAOCAQEAWHovR6HvI1b6
D2yxlybOg6H5wQqMXl8RoIn9XgL/lRg4/mLbXwHGbvOxopx65OBiua0KSfXeZARU
1dx/wXXaRYMX+Jp8fx4Zv4fvYA0dLz0EL8aHckO9odyM17o7IYygRAu2t0nBJq/W
7UcHR86/DwtJWA7QkB3pP7xt3uUMUJ2Z23HPIO9qXp02KFq0pSKq0HqqFeiGFmji
QkLp+4R/uK9CBht+XiCfniQPpaVtd/8rLxyckfiadOlqPYT46r5dqn65el2Qc3ES
76AsYjvOi4bvBThN4bq73N+yEmpNlSRnUmREYE23NQrbPQBMWHlMtxX1r0HiXmtx
6HqXhL/ctw==
-----END CERTIFICATE-----