Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/zpeXljQfqMcRsnYaU5x1mzzHbIQ.roa
File:                     zpeXljQfqMcRsnYaU5x1mzzHbIQ.roa (raw, json)
Hash identifier:          SRV7S+8IG4ahL6GOh9E4IxVm33ioBCwNAs08+fK201Y=
Subject key identifier:   CE:97:97:96:34:1F:A8:C7:11:B2:76:1A:53:9C:75:9B:3C:C7:6C:84
Certificate issuer:       /CN=bfe3971a32c0692c4e342e911790662470cf31b2
Certificate serial:       01904EC027E012D10F43FED6210BE374CB29
Authority key identifier: BF:E3:97:1A:32:C0:69:2C:4E:34:2E:91:17:90:66:24:70:CF:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/zpeXljQfqMcRsnYaU5x1mzzHbIQ.roa
Signing time:             Tue 25 Jun 2024 09:35:34 +0000
ROA not before:           Tue 25 Jun 2024 09:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201814
IP address blocks:        5.181.188.0/22 maxlen: 22
                          5.181.189.0/24 maxlen: 24
                          91.223.3.0/24 maxlen: 24
                          95.214.52.0/22 maxlen: 23
                          146.19.24.0/24 maxlen: 24
                          178.211.139.0/24 maxlen: 24
                          185.16.36.0/22 maxlen: 24
                          185.225.191.0/24 maxlen: 24
                          185.248.24.0/24 maxlen: 24
                          193.34.212.0/22 maxlen: 22
                          195.3.220.0/22 maxlen: 22
                          195.3.222.0/24 maxlen: 24
                          212.23.222.0/24 maxlen: 24
                          2a03:cfc0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 05 Jul 2024 09:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:c0:27:e0:12:d1:0f:43:fe:d6:21:0b:e3:74:cb:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfe3971a32c0692c4e342e911790662470cf31b2
        Validity
            Not Before: Jun 25 09:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce979796341fa8c711b2761a539c759b3cc76c84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5d:02:ca:0d:77:0e:4e:2e:0e:5a:7f:91:41:
                    68:ec:c8:f1:46:21:3f:b2:0e:cb:9b:b3:7b:25:82:
                    ba:33:48:db:58:7c:75:a1:f2:bd:32:97:e5:2e:52:
                    fb:02:a6:dd:20:8d:71:2f:01:44:bf:45:56:dc:d2:
                    94:f4:39:7f:ea:3b:ee:aa:5f:a7:b6:0a:b6:a5:ae:
                    09:08:5f:84:d8:aa:a7:f0:1d:8a:8c:f2:0d:62:ef:
                    78:fb:c1:49:c2:7f:f4:ee:f4:68:67:72:b8:62:11:
                    c9:85:f2:3e:e8:0e:69:5f:54:26:dd:fb:68:14:c3:
                    11:99:24:b8:c7:fa:b3:c1:e7:ba:96:da:e9:94:b2:
                    03:dc:ea:a6:0f:f3:f9:e7:40:6a:f1:03:5e:35:2b:
                    58:e7:c4:7a:f1:a8:d5:e0:24:b5:97:12:5a:46:21:
                    3b:88:7b:44:1b:75:22:b3:8b:64:fb:92:3c:63:bf:
                    36:2d:31:60:83:e7:47:07:ed:67:38:b4:cd:8a:44:
                    57:d1:95:fd:e4:4e:3b:18:7f:23:8a:d4:d7:4a:53:
                    56:8b:bd:2d:16:b6:87:cc:c6:08:ed:31:29:7c:7d:
                    9e:9c:e5:38:e3:0f:47:79:3e:2b:99:9e:b3:cd:42:
                    05:5c:32:53:cd:4c:c7:3c:ca:44:45:62:d0:96:0f:
                    21:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:97:97:96:34:1F:A8:C7:11:B2:76:1A:53:9C:75:9B:3C:C7:6C:84
            X509v3 Authority Key Identifier:
                keyid:BF:E3:97:1A:32:C0:69:2C:4E:34:2E:91:17:90:66:24:70:CF:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/zpeXljQfqMcRsnYaU5x1mzzHbIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.188.0/22
                  91.223.3.0/24
                  95.214.52.0/22
                  146.19.24.0/24
                  178.211.139.0/24
                  185.16.36.0/22
                  185.225.191.0/24
                  185.248.24.0/24
                  193.34.212.0/22
                  195.3.220.0/22
                  212.23.222.0/24
                IPv6:
                  2a03:cfc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:8b:da:8b:23:63:e6:fc:3a:7a:45:38:fc:7b:f3:8c:8f:95:
         74:af:ac:80:ab:83:31:b3:d1:ea:50:00:8d:53:66:ee:ff:cc:
         92:5c:4d:fe:74:e9:64:3c:f6:86:3a:21:bc:de:f1:df:21:42:
         41:d4:65:c1:02:db:09:cf:da:aa:2e:8e:85:af:d4:55:03:de:
         ac:05:03:ca:8b:b6:a8:ae:21:e3:06:95:90:98:71:ca:bb:bb:
         7d:68:4b:b6:7e:0e:ca:2b:18:42:4a:0d:ee:26:75:65:62:34:
         c1:db:dc:8a:7d:e7:df:99:67:ff:94:fd:a7:40:31:c9:fb:b5:
         de:01:f6:1a:e0:f8:7e:aa:4d:24:8c:7e:4b:2a:97:f4:be:2a:
         d1:f8:5c:6b:81:ca:af:2a:5b:1c:b7:1f:44:2e:41:9f:b3:35:
         b1:d9:b9:ab:87:1a:f6:ad:f3:7a:68:79:86:be:7a:78:e0:22:
         34:07:79:ac:c1:11:49:2d:d8:a2:66:35:d8:a1:22:8b:07:0f:
         02:03:b9:31:39:f3:65:ec:ac:60:e5:c4:62:d0:b0:f6:5f:6f:
         be:e5:dc:95:4d:7c:40:68:18:70:6d:19:2d:57:4b:7d:4f:c1:
         6e:fd:83:63:98:f4:da:c0:d7:0e:da:76:40:ec:61:cc:16:7c:
         4f:5a:d9:ac
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZBOwCfgEtEPQ/7WIQvjdMspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTM5NzFhMzJjMDY5MmM0ZTM0MmU5MTE3OTA2NjI0NzBj
ZjMxYjIwHhcNMjQwNjI1MDkzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTk3OTc5NjM0MWZhOGM3MTFiMjc2MWE1MzljNzU5YjNjYzc2Yzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy10Cyg13Dk4uDlp/kUFo7MjxRiE/
sg7Lm7N7JYK6M0jbWHx1ofK9MpflLlL7AqbdII1xLwFEv0VW3NKU9Dl/6jvuql+n
tgq2pa4JCF+E2Kqn8B2KjPINYu94+8FJwn/07vRoZ3K4YhHJhfI+6A5pX1Qm3fto
FMMRmSS4x/qzwee6ltrplLID3OqmD/P550Bq8QNeNStY58R68ajV4CS1lxJaRiE7
iHtEG3Uis4tk+5I8Y782LTFgg+dHB+1nOLTNikRX0ZX95E47GH8jitTXSlNWi70t
FraHzMYI7TEpfH2enOU44w9HeT4rmZ6zzUIFXDJTzUzHPMpERWLQlg8h0wIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFM6Xl5Y0H6jHEbJ2GlOcdZs8x2yEMB8GA1UdIwQY
MBaAFL/jlxoywGksTjQukReQZiRwzzGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1PWEdqTEFhU3hPTkM2UkY1Qm1KSERQTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kNzZiZjgtNTQxZi00ZWZjLTk4YzUt
YzRkY2M3ZjZiN2RmLzEvenBlWGxqUWZxTWNSc25ZYVU1eDFtenpIYklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kNzZiZjgtNTQxZi00ZWZjLTk4YzUtYzRkY2M3ZjZiN2Rm
LzEvdi1PWEdqTEFhU3hPTkM2UkY1Qm1KSERQTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQCBbW8AwQA
W98DAwQCX9Y0AwQAkhMYAwQAstOLAwQCuRAkAwQAueG/AwQAufgYAwQCwSLUAwQC
wwPcAwQA1BfeMA0EAgACMAcDBQAqA8/AMA0GCSqGSIb3DQEBCwUAA4IBAQC7i9qL
I2Pm/Dp6RTj8e/OMj5V0r6yAq4Mxs9HqUACNU2bu/8ySXE3+dOlkPPaGOiG83vHf
IUJB1GXBAtsJz9qqLo6Fr9RVA96sBQPKi7aoriHjBpWQmHHKu7t9aEu2fg7KKxhC
Sg3uJnVlYjTB29yKfeffmWf/lP2nQDHJ+7XeAfYa4Ph+qk0kjH5LKpf0virR+Fxr
gcqvKlsctx9ELkGfszWx2bmrhxr2rfN6aHmGvnp44CI0B3mswRFJLdiiZjXYoSKL
Bw8CA7kxOfNl7Kxg5cRi0LD2X2++5dyVTXxAaBhwbRktV0t9T8Fu/YNjmPTawNcO
2nZA7GHMFnxPWtms
-----END CERTIFICATE-----