Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/m4BF3PCtem_fook8qNvJ3KGJScY.roa
File:                     m4BF3PCtem_fook8qNvJ3KGJScY.roa (raw, json)
Hash identifier:          fGBotgB4MohRLHfhnMqPi797fs0fKrg1G3WIZSwx/o8=
Subject key identifier:   9B:80:45:DC:F0:AD:7A:6F:DF:A2:89:3C:A8:DB:C9:DC:A1:89:49:C6
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01942FA571BF91BBE53AC8B4DA014847F7BB
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/m4BF3PCtem_fook8qNvJ3KGJScY.roa
Signing time:             Sat 04 Jan 2025 04:49:19 +0000
ROA not before:           Sat 04 Jan 2025 04:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204650
IP address blocks:        5.57.35.0/24 maxlen: 24
                          5.57.36.0/24 maxlen: 24
                          37.32.42.0/24 maxlen: 24
                          37.32.44.0/24 maxlen: 24
                          37.32.45.0/24 maxlen: 24
                          178.239.156.0/24 maxlen: 24
                          178.239.159.0/24 maxlen: 24
                          185.26.34.0/23 maxlen: 24
                          185.124.175.0/24 maxlen: 24
                          185.212.48.0/24 maxlen: 24
                          185.243.49.0/24 maxlen: 24
                          185.243.50.0/24 maxlen: 24
                          2a00:7040::/32 maxlen: 32
Validation:               Failed, certificate revoked on Sat 18 Jan 2025 10:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2f:a5:71:bf:91:bb:e5:3a:c8:b4:da:01:48:47:f7:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  4 04:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b8045dcf0ad7a6fdfa2893ca8dbc9dca18949c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:87:7d:c2:58:80:3b:5d:dc:23:cc:4b:46:00:
                    ea:fe:41:30:b9:34:29:07:4d:25:ab:6b:90:04:0a:
                    d5:66:e5:96:25:b8:23:33:28:b0:e1:a5:6c:62:03:
                    fd:da:91:02:98:3d:a4:1c:d3:8e:75:9d:80:24:b4:
                    6d:16:ab:c8:85:03:a0:27:98:3f:ec:40:6d:2f:8d:
                    d9:0d:46:1e:1f:72:a9:f0:b9:d9:e7:57:ad:1a:41:
                    be:77:c9:d4:4b:b5:7e:09:62:4c:9c:71:3c:98:b2:
                    e4:a8:95:24:e7:12:02:4d:cd:a4:db:39:9d:02:d9:
                    2f:47:c1:3f:53:d1:f8:a3:ee:d2:14:f9:e0:68:24:
                    14:b8:bc:74:10:f6:14:2d:1f:82:6a:6a:47:60:1e:
                    d9:a9:61:6f:b9:61:be:9d:a4:32:51:97:a8:e4:1d:
                    0c:8f:90:74:29:d8:ec:57:58:64:cf:6b:0b:7c:94:
                    27:9d:b9:40:00:bd:05:f0:66:34:8c:e4:87:63:62:
                    3e:8d:b3:cb:6f:57:35:55:0e:59:c8:6e:f0:83:4e:
                    5d:dd:23:77:f6:ed:79:bb:81:bd:cd:12:24:0c:b5:
                    c8:f2:b6:fe:2b:fc:3c:43:37:e6:06:08:48:9b:7c:
                    4b:66:d0:69:9c:eb:15:fc:7e:ff:91:ef:5e:2a:f2:
                    2e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:80:45:DC:F0:AD:7A:6F:DF:A2:89:3C:A8:DB:C9:DC:A1:89:49:C6
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/m4BF3PCtem_fook8qNvJ3KGJScY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.35.0-5.57.36.255
                  37.32.42.0/24
                  37.32.44.0/23
                  178.239.156.0/24
                  178.239.159.0/24
                  185.26.34.0/23
                  185.124.175.0/24
                  185.212.48.0/24
                  185.243.49.0-185.243.50.255
                IPv6:
                  2a00:7040::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:38:4c:27:85:aa:54:0a:ec:0b:e8:f5:ca:aa:b3:c1:ca:ed:
         47:c4:9f:be:66:2e:20:9d:a3:25:02:68:46:2f:30:91:5e:29:
         de:c0:66:c0:3c:2a:c0:f2:c3:66:a6:65:c9:02:05:68:01:8f:
         99:48:47:a2:ff:0f:e8:96:9c:4f:9f:40:b1:07:a1:14:7b:b7:
         77:8f:ba:a1:5b:19:8f:e1:40:3f:5f:8a:e7:a6:65:f6:61:c6:
         be:1a:28:8f:cf:82:b7:a6:e4:b9:a9:54:4e:ba:e8:e7:85:e2:
         c2:30:3f:c9:9a:ab:12:d8:78:34:37:51:ab:9f:f8:a2:31:d0:
         c2:15:bc:c7:cc:e4:88:af:59:3a:a0:13:45:56:18:e5:a4:05:
         de:4b:e8:fb:14:9e:3f:8e:7c:37:e0:bf:9b:1a:69:84:9e:18:
         a6:22:40:b9:15:47:51:69:2f:aa:f5:93:20:70:94:4b:53:7b:
         09:d2:36:d7:31:1f:03:a7:48:51:f9:7d:65:23:83:a5:33:25:
         fc:b4:9a:fd:83:42:95:89:86:29:84:1d:fb:1f:32:b8:e6:c9:
         19:7e:5e:55:39:9a:8f:c1:f9:70:df:2a:dc:d4:6b:26:8b:b6:
         4f:38:9a:6e:1f:31:f2:20:86:16:e7:a8:60:b2:7a:1a:57:db:
         a2:ce:d4:66
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZQvpXG/kbvlOsi02gFIR/e7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwMTA0MDQ0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjgwNDVkY2YwYWQ3YTZmZGZhMjg5M2NhOGRiYzlkY2ExODk0OWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54d9wliAO13cI8xLRgDq/kEwuTQp
B00lq2uQBArVZuWWJbgjMyiw4aVsYgP92pECmD2kHNOOdZ2AJLRtFqvIhQOgJ5g/
7EBtL43ZDUYeH3Kp8LnZ51etGkG+d8nUS7V+CWJMnHE8mLLkqJUk5xICTc2k2zmd
AtkvR8E/U9H4o+7SFPngaCQUuLx0EPYULR+CampHYB7ZqWFvuWG+naQyUZeo5B0M
j5B0KdjsV1hkz2sLfJQnnblAAL0F8GY0jOSHY2I+jbPLb1c1VQ5ZyG7wg05d3SN3
9u15u4G9zRIkDLXI8rb+K/w8QzfmBghIm3xLZtBpnOsV/H7/ke9eKvIu9QIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFJuARdzwrXpv36KJPKjbydyhiUnGMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvbTRCRjNQQ3RlbV9mb29rOHFOdkozS0dKU2NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGMAwDBAAFOSMD
BAAFOSQDBAAlICoDBAElICwDBACy75wDBACy758DBAG5GiIDBAC5fK8DBAC51DAw
DAMEALnzMQMEALnzMjANBAIAAjAHAwUAKgBwQDANBgkqhkiG9w0BAQsFAAOCAQEA
OThMJ4WqVArsC+j1yqqzwcrtR8SfvmYuIJ2jJQJoRi8wkV4p3sBmwDwqwPLDZqZl
yQIFaAGPmUhHov8P6JacT59AsQehFHu3d4+6oVsZj+FAP1+K56Zl9mHGvhooj8+C
t6bkualUTrro54XiwjA/yZqrEth4NDdRq5/4ojHQwhW8x8zkiK9ZOqATRVYY5aQF
3kvo+xSeP458N+C/mxpphJ4YpiJAuRVHUWkvqvWTIHCUS1N7CdI21zEfA6dIUfl9
ZSODpTMl/LSa/YNClYmGKYQd+x8yuObJGX5eVTmaj8H5cN8q3NRrJou2Tziabh8x
8iCGFueoYLJ6Glfbos7UZg==
-----END CERTIFICATE-----