Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/tmKVSeLIlBiICPh0ZdgSXNnaDnw.roa
File:                     tmKVSeLIlBiICPh0ZdgSXNnaDnw.roa (raw, json)
Hash identifier:          rJ8s3eyThaBXA8MBTDkjrmZhWUw9oWraGZ9h1ARZyA8=
Subject key identifier:   B6:62:95:49:E2:C8:94:18:88:08:F8:74:65:D8:12:5C:D9:DA:0E:7C
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01941FFA6B65DA0C1614E81B1A55CE6004B2
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/tmKVSeLIlBiICPh0ZdgSXNnaDnw.roa
Signing time:             Wed 01 Jan 2025 03:48:12 +0000
ROA not before:           Wed 01 Jan 2025 03:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204650
IP address blocks:        5.57.35.0/24 maxlen: 24
                          5.57.36.0/24 maxlen: 24
                          37.32.42.0/24 maxlen: 24
                          37.32.44.0/24 maxlen: 24
                          37.32.45.0/24 maxlen: 24
                          178.239.156.0/24 maxlen: 24
                          178.239.159.0/24 maxlen: 24
                          185.26.34.0/23 maxlen: 24
                          185.124.172.0/22 maxlen: 24
                          185.124.175.0/24 maxlen: 24
                          185.212.48.0/24 maxlen: 24
                          185.243.49.0/24 maxlen: 24
                          185.243.50.0/24 maxlen: 24
                          2a00:7040::/32 maxlen: 32
Validation:               Failed, certificate revoked on Sat 04 Jan 2025 04:49:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6b:65:da:0c:16:14:e8:1b:1a:55:ce:60:04:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6629549e2c894188808f87465d8125cd9da0e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ad:ef:c0:51:df:ec:74:eb:8e:14:66:85:c8:
                    21:d1:4e:7e:5c:f2:07:66:24:e7:3e:4b:fd:66:e3:
                    c9:70:04:6f:59:4c:7c:4e:7b:85:fa:6a:6a:6b:29:
                    25:39:dd:28:b6:20:c7:3e:18:3b:3d:18:ac:b0:78:
                    d3:1d:a4:f6:a8:7b:45:6a:b0:99:6d:a3:ab:5b:5f:
                    f2:46:11:73:4a:41:03:e4:0f:c5:ad:1c:62:c0:b7:
                    51:e3:50:62:70:58:c4:8e:33:2f:5d:09:5e:fb:e6:
                    6b:9b:b5:d7:0c:e0:48:73:5b:61:53:94:3e:07:4f:
                    47:aa:5b:e0:30:2c:69:ce:a2:a8:67:cb:e0:d2:ff:
                    81:c2:75:ef:b1:4a:57:2f:d1:0f:78:0b:26:f8:29:
                    32:6a:f2:f1:da:25:b3:db:79:f9:5a:38:2c:bc:09:
                    63:53:aa:21:45:6e:fb:a4:e3:ae:52:69:71:96:c7:
                    38:86:9f:1c:79:ec:0e:65:1d:92:63:94:05:91:09:
                    e9:9a:d7:24:6b:da:c3:43:1b:f8:15:25:9f:98:3e:
                    e4:95:59:6d:16:fb:5e:51:82:07:79:f0:be:80:1f:
                    e9:d2:f9:cf:3f:65:33:f1:48:30:05:9a:d7:93:cd:
                    ac:ab:e7:2c:bd:97:7a:e4:3e:f0:54:d0:85:49:f8:
                    2d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:62:95:49:E2:C8:94:18:88:08:F8:74:65:D8:12:5C:D9:DA:0E:7C
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/tmKVSeLIlBiICPh0ZdgSXNnaDnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.35.0-5.57.36.255
                  37.32.42.0/24
                  37.32.44.0/23
                  178.239.156.0/24
                  178.239.159.0/24
                  185.26.34.0/23
                  185.124.172.0/22
                  185.212.48.0/24
                  185.243.49.0-185.243.50.255
                IPv6:
                  2a00:7040::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:b0:c1:da:7a:d9:0c:c3:b6:7d:27:ea:85:69:ee:ec:c4:40:
         ec:30:86:e3:58:a2:76:8a:70:16:92:5f:33:2f:53:d8:d7:b0:
         61:72:ec:7f:52:d7:b1:77:fb:0d:8a:31:7c:e2:87:23:e6:c1:
         1f:1a:c7:1a:51:72:5a:6e:9a:60:f2:33:67:59:9f:09:f6:9d:
         1c:92:85:ff:47:71:e2:40:95:6d:f5:d1:c3:77:3a:38:0f:d7:
         73:b7:7e:80:05:05:b3:4e:67:88:a0:ff:4f:f3:52:69:de:ad:
         65:d7:f4:f0:24:fb:b5:23:cc:72:de:cf:08:c6:83:ed:c2:45:
         76:ec:d5:63:07:82:77:d9:b5:26:27:98:52:49:c4:48:e7:e0:
         0e:e5:29:53:05:ff:49:ca:a7:ea:4a:c1:77:39:df:a5:61:6c:
         56:01:2f:af:b6:36:0f:11:03:0a:ed:d4:c1:30:4e:22:5b:72:
         0b:9f:6e:7d:f0:20:2e:17:3e:d1:c4:ad:2e:30:b3:f2:73:85:
         ea:a7:18:5e:41:71:fa:d5:7a:c1:31:1a:6b:9d:22:40:9b:5b:
         11:34:54:4a:c8:91:cb:90:35:83:b0:ce:f2:20:cb:9c:82:62:
         f3:d2:b6:8f:2b:a6:94:e0:a7:11:fc:4c:b8:d7:17:02:78:1c:
         92:47:0b:8e
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZQf+mtl2gwWFOgbGlXOYASyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjYyOTU0OWUyYzg5NDE4ODgwOGY4NzQ2NWQ4MTI1Y2Q5ZGEwZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq3vwFHf7HTrjhRmhcgh0U5+XPIH
ZiTnPkv9ZuPJcARvWUx8TnuF+mpqayklOd0otiDHPhg7PRissHjTHaT2qHtFarCZ
baOrW1/yRhFzSkED5A/FrRxiwLdR41BicFjEjjMvXQle++Zrm7XXDOBIc1thU5Q+
B09HqlvgMCxpzqKoZ8vg0v+BwnXvsUpXL9EPeAsm+CkyavLx2iWz23n5WjgsvAlj
U6ohRW77pOOuUmlxlsc4hp8ceewOZR2SY5QFkQnpmtcka9rDQxv4FSWfmD7klVlt
FvteUYIHefC+gB/p0vnPP2Uz8UgwBZrXk82sq+csvZd65D7wVNCFSfgtlQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFLZilUniyJQYiAj4dGXYElzZ2g58MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvdG1LVlNlTElsQmlJQ1BoMFpkZ1NYTm5hRG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGMAwDBAAFOSMD
BAAFOSQDBAAlICoDBAElICwDBACy75wDBACy758DBAG5GiIDBAK5fKwDBAC51DAw
DAMEALnzMQMEALnzMjANBAIAAjAHAwUAKgBwQDANBgkqhkiG9w0BAQsFAAOCAQEA
C7DB2nrZDMO2fSfqhWnu7MRA7DCG41iidopwFpJfMy9T2NewYXLsf1LXsXf7DYox
fOKHI+bBHxrHGlFyWm6aYPIzZ1mfCfadHJKF/0dx4kCVbfXRw3c6OA/Xc7d+gAUF
s05niKD/T/NSad6tZdf08CT7tSPMct7PCMaD7cJFduzVYweCd9m1JieYUknESOfg
DuUpUwX/Scqn6krBdznfpWFsVgEvr7Y2DxEDCu3UwTBOIltyC59uffAgLhc+0cSt
LjCz8nOF6qcYXkFx+tV6wTEaa50iQJtbETRUSsiRy5A1g7DO8iDLnIJi89K2jyum
lOCnEfxMuNcXAngckkcLjg==
-----END CERTIFICATE-----