Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/qa5eNTB53Fz2mF9itQJ6Zu_H9N8.roa
File:                     qa5eNTB53Fz2mF9itQJ6Zu_H9N8.roa (raw, json)
Hash identifier:          BSiUOXadfYyxPqpuNMUNALX6q6U+4d+EzLG72eV06s4=
Subject key identifier:   A9:AE:5E:35:30:79:DC:5C:F6:98:5F:62:B5:02:7A:66:EF:C7:F4:DF
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       01910A5148C46AAA7417630015EE2713CC0A
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/qa5eNTB53Fz2mF9itQJ6Zu_H9N8.roa
Signing time:             Wed 31 Jul 2024 19:43:04 +0000
ROA not before:           Wed 31 Jul 2024 19:43:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209372
IP address blocks:        85.28.32.0/23 maxlen: 23
                          85.28.34.0/24 maxlen: 24
                          85.28.36.0/22 maxlen: 22
                          85.28.40.0/23 maxlen: 23
                          85.28.43.0/24 maxlen: 24
                          85.28.48.0/22 maxlen: 22
                          85.28.52.0/23 maxlen: 23
                          85.28.54.0/23 maxlen: 23
                          85.28.56.0/24 maxlen: 24
                          85.28.57.0/24 maxlen: 24
                          85.28.58.0/24 maxlen: 24
                          85.28.59.0/24 maxlen: 24
                          85.28.60.0/22 maxlen: 22
                          85.28.60.0/24 maxlen: 24
                          109.238.200.0/24 maxlen: 24
                          109.238.203.0/24 maxlen: 24
                          109.238.205.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 07 Aug 2024 09:30:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0a:51:48:c4:6a:aa:74:17:63:00:15:ee:27:13:cc:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jul 31 19:43:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9ae5e353079dc5cf6985f62b5027a66efc7f4df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:b1:3e:cf:c0:96:62:f6:ce:78:07:c1:44:a0:
                    13:59:0e:b2:c2:ad:db:41:e1:a6:79:11:d3:25:46:
                    74:53:25:d5:0b:ff:1e:46:f0:df:3e:85:0f:82:87:
                    0e:35:e7:78:14:1e:f9:62:67:09:4c:f0:e3:b0:65:
                    16:fb:4a:b2:b6:72:cd:6f:b0:97:7f:43:17:ea:24:
                    06:a5:c7:a5:5f:2e:7e:97:89:2e:6a:28:2c:80:60:
                    c1:32:df:88:a6:53:58:18:22:2e:ba:ca:86:a0:00:
                    e5:0d:da:8b:8f:30:bc:3e:3e:5f:4c:6f:93:4f:51:
                    82:dc:e2:c8:9c:83:90:8c:e7:71:74:26:7d:e2:60:
                    64:83:2f:92:13:74:4b:0b:0d:57:b9:3b:db:e2:d0:
                    8b:59:18:12:92:71:43:a9:2f:c5:30:6d:b2:bc:d0:
                    03:bf:0f:16:de:0c:30:92:43:d7:fb:e0:a7:b2:d2:
                    84:9e:a1:16:6f:8c:9a:d8:32:08:7d:52:19:1c:a4:
                    c2:84:30:c8:bc:88:d1:f9:a1:19:88:da:32:d6:b0:
                    76:b6:1b:99:d7:ea:bf:e7:50:c8:5c:15:ce:7a:6a:
                    37:83:fc:73:76:9d:c1:96:9f:87:bb:d9:9d:22:6f:
                    be:3b:7a:3f:55:9b:13:c4:26:7c:56:45:ca:9a:a6:
                    de:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:AE:5E:35:30:79:DC:5C:F6:98:5F:62:B5:02:7A:66:EF:C7:F4:DF
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/qa5eNTB53Fz2mF9itQJ6Zu_H9N8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.32.0-85.28.34.255
                  85.28.36.0-85.28.41.255
                  85.28.43.0/24
                  85.28.48.0/20
                  109.238.200.0/24
                  109.238.203.0/24
                  109.238.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:0f:f1:da:62:a4:c9:38:be:9e:bb:9b:c8:9a:4d:6c:aa:29:
         9b:11:d6:df:ca:9c:1a:8a:5d:ad:dd:a8:b4:0f:cf:b4:01:ee:
         05:1c:1e:c2:d0:e2:9b:fa:c3:4c:c5:85:63:cd:77:89:7a:38:
         58:9f:26:ad:8a:86:36:0a:0a:93:36:93:77:df:38:f9:93:1a:
         7e:d8:09:93:c5:d1:54:37:65:9e:b9:ee:d0:a9:1f:8e:b0:c8:
         79:5f:f9:b2:af:7f:ea:29:fa:7a:63:de:5e:7c:81:e5:4f:ae:
         38:47:c2:ec:1d:12:8f:94:79:38:63:f2:e8:5e:03:88:e4:dd:
         32:75:14:f2:8e:b5:0d:db:cb:fb:ba:73:9e:d2:e3:5f:61:4d:
         5c:a5:31:a3:4e:45:32:41:1f:e3:f5:8e:70:f6:23:80:72:28:
         64:48:6e:bc:fb:6c:f5:51:e8:76:26:34:d5:75:ad:22:23:b9:
         08:68:93:c3:7d:12:90:fc:24:29:c0:d4:e3:68:91:e0:28:fe:
         2a:03:42:3b:74:c5:41:bb:dc:ca:07:f2:7e:0d:20:d9:5f:02:
         72:5e:fd:ae:2e:6d:bd:4e:01:f9:fd:6e:21:e0:b2:cc:7e:5f:
         38:f4:88:c5:74:6f:55:a7:0e:61:ac:ce:c5:a0:f0:ed:ca:70:
         a6:21:54:b0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZEKUUjEaqp0F2MAFe4nE8wKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQwNzMxMTk0MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWFlNWUzNTMwNzlkYzVjZjY5ODVmNjJiNTAyN2E2NmVmYzdmNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47E+z8CWYvbOeAfBRKATWQ6ywq3b
QeGmeRHTJUZ0UyXVC/8eRvDfPoUPgocONed4FB75YmcJTPDjsGUW+0qytnLNb7CX
f0MX6iQGpcelXy5+l4kuaigsgGDBMt+IplNYGCIuusqGoADlDdqLjzC8Pj5fTG+T
T1GC3OLInIOQjOdxdCZ94mBkgy+SE3RLCw1XuTvb4tCLWRgSknFDqS/FMG2yvNAD
vw8W3gwwkkPX++CnstKEnqEWb4ya2DIIfVIZHKTChDDIvIjR+aEZiNoy1rB2thuZ
1+q/51DIXBXOemo3g/xzdp3Blp+Hu9mdIm++O3o/VZsTxCZ8VkXKmqbeKwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFKmuXjUwedxc9phfYrUCembvx/TfMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvcWE1ZU5UQjUzRnoybUY5aXRRSjZadV9IOU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBAVVHCAD
BABVHCIwDAMEAlUcJAMEAVUcKAMEAFUcKwMEBFUcMAMEAG3uyAMEAG3uywMEAG3u
zTANBgkqhkiG9w0BAQsFAAOCAQEAvg/x2mKkyTi+nrubyJpNbKopmxHW38qcGopd
rd2otA/PtAHuBRwewtDim/rDTMWFY813iXo4WJ8mrYqGNgoKkzaTd984+ZMaftgJ
k8XRVDdlnrnu0KkfjrDIeV/5sq9/6in6emPeXnyB5U+uOEfC7B0Sj5R5OGPy6F4D
iOTdMnUU8o61DdvL+7pzntLjX2FNXKUxo05FMkEf4/WOcPYjgHIoZEhuvPts9VHo
diY01XWtIiO5CGiTw30SkPwkKcDU42iR4Cj+KgNCO3TFQbvcygfyfg0g2V8Ccl79
ri5tvU4B+f1uIeCyzH5fOPSIxXRvVacOYazOxaDw7cpwpiFUsA==
-----END CERTIFICATE-----