Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/VPjUaIdJ906HERqQwMLCS5vR-9c.roa
File:                     VPjUaIdJ906HERqQwMLCS5vR-9c.roa (raw, json)
Hash identifier:          5oGt8gg3btC6ulR2ltsrUhF9xVffEL1MYjx+NBiXEmc=
Subject key identifier:   54:F8:D4:68:87:49:F7:4E:87:11:1A:90:C0:C2:C2:4B:9B:D1:FB:D7
Certificate issuer:       /CN=2347aaab2206c08128f543730064a145a3effa14
Certificate serial:       0196CE699F79F41B1249D9867B953D8A903C
Authority key identifier: 23:47:AA:AB:22:06:C0:81:28:F5:43:73:00:64:A1:45:A3:EF:FA:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0eqqyIGwIEo9UNzAGShRaPv-hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/VPjUaIdJ906HERqQwMLCS5vR-9c.roa
Signing time:             Wed 14 May 2025 10:49:10 +0000
ROA not before:           Wed 14 May 2025 10:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8434
IP address blocks:        46.194.0.0/15 maxlen: 15
                          62.13.0.0/17 maxlen: 17
                          62.65.64.0/18 maxlen: 18
                          62.119.0.0/16 maxlen: 16
                          62.127.0.0/16 maxlen: 16
                          78.82.0.0/16 maxlen: 16
                          79.102.0.0/16 maxlen: 16
                          80.68.96.0/20 maxlen: 20
                          81.26.224.0/19 maxlen: 19
                          82.182.0.0/15 maxlen: 15
                          83.226.0.0/15 maxlen: 15
                          94.234.0.0/16 maxlen: 16
                          195.66.32.0/19 maxlen: 19
                          213.112.0.0/14 maxlen: 14
                          213.163.128.0/19 maxlen: 19
                          2a02:1400::/26 maxlen: 26
Validation:               Failed, certificate revoked on Wed 14 May 2025 13:02:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:69:9f:79:f4:1b:12:49:d9:86:7b:95:3d:8a:90:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2347aaab2206c08128f543730064a145a3effa14
        Validity
            Not Before: May 14 10:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54f8d4688749f74e87111a90c0c2c24b9bd1fbd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:cb:0d:6f:e2:45:68:72:51:7d:c5:9b:57:5d:
                    f8:46:c0:dd:b0:07:47:49:86:00:83:f5:75:e4:38:
                    9a:6a:98:f6:00:2d:ce:76:5b:3e:ca:9a:58:16:33:
                    fc:ef:40:b3:6a:a5:c6:fd:34:c8:fe:d6:43:b1:a2:
                    4e:bb:26:17:1f:69:ea:f4:a2:21:ed:12:68:b5:64:
                    e5:d1:10:dc:c2:ef:cc:fd:25:a6:55:2a:c5:95:ea:
                    e4:13:c2:91:c8:ae:65:d8:12:fe:90:9d:1f:0c:4b:
                    ec:b3:43:52:a0:c7:1b:f1:dd:8f:4b:6e:71:b9:b7:
                    52:3b:c2:2b:51:35:7f:ca:a3:f0:88:44:d6:4d:21:
                    7e:5b:8c:02:05:70:ef:d5:63:42:6c:a8:9c:0f:8a:
                    ab:b7:8b:ac:fe:3f:a4:b1:4d:c2:b9:0d:61:f3:04:
                    8e:ea:f7:e0:65:08:75:04:83:cd:30:1d:43:0a:69:
                    92:d4:e1:63:a8:41:94:6c:72:6d:6f:62:e2:eb:d4:
                    d3:48:69:ba:10:72:e0:c0:84:d2:3b:7c:f6:f9:22:
                    f0:85:a8:ac:fa:10:53:3b:77:90:c7:fa:89:8f:b8:
                    4b:b2:2e:59:32:ff:2c:55:3e:2e:ef:fc:a3:9a:0b:
                    2f:41:34:e2:7e:d2:24:1f:dd:2a:af:e6:ff:f1:39:
                    1e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:F8:D4:68:87:49:F7:4E:87:11:1A:90:C0:C2:C2:4B:9B:D1:FB:D7
            X509v3 Authority Key Identifier:
                keyid:23:47:AA:AB:22:06:C0:81:28:F5:43:73:00:64:A1:45:A3:EF:FA:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0eqqyIGwIEo9UNzAGShRaPv-hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/VPjUaIdJ906HERqQwMLCS5vR-9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/I0eqqyIGwIEo9UNzAGShRaPv-hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.194.0.0/15
                  62.13.0.0/17
                  62.65.64.0/18
                  62.119.0.0/16
                  62.127.0.0/16
                  78.82.0.0/16
                  79.102.0.0/16
                  80.68.96.0/20
                  81.26.224.0/19
                  82.182.0.0/15
                  83.226.0.0/15
                  94.234.0.0/16
                  195.66.32.0/19
                  213.112.0.0/14
                  213.163.128.0/19
                IPv6:
                  2a02:1400::/26

    Signature Algorithm: sha256WithRSAEncryption
         9f:91:e9:c4:05:11:51:50:eb:c7:9f:71:61:b0:d3:8a:2d:16:
         39:5a:99:05:23:38:fb:6c:b2:60:ea:c5:93:97:67:4b:05:8c:
         3b:f7:7c:5a:a9:58:3c:ef:2a:f9:51:d3:74:72:5a:28:3f:a1:
         cf:e9:a6:9e:5c:56:71:39:ae:5a:11:dc:92:7a:e3:37:d9:d4:
         95:0b:30:72:2c:3f:00:7a:e3:37:1f:c9:ad:10:36:8e:8c:18:
         75:6a:ee:06:b7:e3:cb:85:0e:8a:e8:f3:8f:ab:38:3b:48:22:
         e4:a9:fe:d5:0f:b0:6c:df:39:31:eb:5d:a3:96:88:62:57:0d:
         05:1b:69:88:8c:4c:a2:0b:65:21:ce:ab:04:06:f2:24:3a:6c:
         ab:f6:d5:a0:49:8d:bb:9c:70:af:04:a1:40:98:8c:9d:c7:6b:
         81:55:0e:61:c6:01:b3:58:97:32:d5:3b:e2:75:36:a0:21:3a:
         8f:bd:71:ee:ee:5b:c1:9c:4f:ec:53:d5:a2:0b:c6:73:5f:c6:
         0e:67:79:4c:97:0c:f9:0d:30:20:99:56:c2:c8:eb:cb:01:9d:
         0b:ae:65:c9:7d:17:c8:6f:b7:ac:a9:c8:2a:da:57:46:d2:25:
         be:38:72:03:3a:e4:2f:50:58:a6:55:ff:9c:b5:c4:cb:9b:c1:
         15:a2:c6:32
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZbOaZ959BsSSdmGe5U9ipA8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDdhYWFiMjIwNmMwODEyOGY1NDM3MzAwNjRhMTQ1YTNl
ZmZhMTQwHhcNMjUwNTE0MTA0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGY4ZDQ2ODg3NDlmNzRlODcxMTFhOTBjMGMyYzI0YjliZDFmYmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArssNb+JFaHJRfcWbV134RsDdsAdH
SYYAg/V15Diaapj2AC3Odls+yppYFjP870CzaqXG/TTI/tZDsaJOuyYXH2nq9KIh
7RJotWTl0RDcwu/M/SWmVSrFlerkE8KRyK5l2BL+kJ0fDEvss0NSoMcb8d2PS25x
ubdSO8IrUTV/yqPwiETWTSF+W4wCBXDv1WNCbKicD4qrt4us/j+ksU3CuQ1h8wSO
6vfgZQh1BIPNMB1DCmmS1OFjqEGUbHJtb2Li69TTSGm6EHLgwITSO3z2+SLwhais
+hBTO3eQx/qJj7hLsi5ZMv8sVT4u7/yjmgsvQTTiftIkH90qr+b/8Tke8QIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFFT41GiHSfdOhxEakMDCwkub0fvXMB8GA1UdIwQY
MBaAFCNHqqsiBsCBKPVDcwBkoUWj7/oUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBlcXF5SUd3SUVvOVVOekFHU2hSYVB2LWhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9lZjlmMGQtZDg0MC00MzcxLWFkYzQt
NzU4NDA2NjFlYWY1LzEvVlBqVWFJZEo5MDZIRVJxUXdNTENTNXZSLTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9lZjlmMGQtZDg0MC00MzcxLWFkYzQtNzU4NDA2NjFlYWY1
LzEvSTBlcXF5SUd3SUVvOVVOekFHU2hSYVB2LWhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBXBAIAATBRAwMBLsIDBAc+
DQADBAY+QUADAwA+dwMDAD5/AwMATlIDAwBPZgMEBFBEYAMEBVEa4AMDAVK2AwMB
U+IDAwBe6gMEBcNCIAMDAtVwAwQF1aOAMA0EAgACMAcDBQYqAhQAMA0GCSqGSIb3
DQEBCwUAA4IBAQCfkenEBRFRUOvHn3FhsNOKLRY5WpkFIzj7bLJg6sWTl2dLBYw7
93xaqVg87yr5UdN0clooP6HP6aaeXFZxOa5aEdySeuM32dSVCzByLD8AeuM3H8mt
EDaOjBh1au4Gt+PLhQ6K6POPqzg7SCLkqf7VD7Bs3zkx612jlohiVw0FG2mIjEyi
C2UhzqsEBvIkOmyr9tWgSY27nHCvBKFAmIydx2uBVQ5hxgGzWJcy1TvidTagITqP
vXHu7lvBnE/sU9WiC8ZzX8YOZ3lMlwz5DTAgmVbCyOvLAZ0LrmXJfRfIb7esqcgq
2ldG0iW+OHIDOuQvUFimVf+ctcTLm8EVosYy
-----END CERTIFICATE-----