Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/fPgcBxd-BF9Ec4N6KfrtknXjcFw.roa
File:                     fPgcBxd-BF9Ec4N6KfrtknXjcFw.roa (raw, json)
Hash identifier:          DoOm8MrMoG/DzOj7Z8veduL1wWv6ViKfqjqvFSJFrtY=
Subject key identifier:   7C:F8:1C:07:17:7E:04:5F:44:73:83:7A:29:FA:ED:92:75:E3:70:5C
Certificate issuer:       /CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
Certificate serial:       019392249089EB5A5CBE63FC3ABA1CB694D2
Authority key identifier: F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/fPgcBxd-BF9Ec4N6KfrtknXjcFw.roa
Signing time:             Wed 04 Dec 2024 14:48:10 +0000
ROA not before:           Wed 04 Dec 2024 14:48:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50436
IP address blocks:        5.28.64.0/18 maxlen: 19
                          5.28.64.0/19 maxlen: 19
                          5.28.96.0/19 maxlen: 19
                          37.120.0.0/17 maxlen: 17
                          92.206.8.0/21 maxlen: 24
                          92.206.32.0/20 maxlen: 24
                          92.206.48.0/20 maxlen: 24
                          92.206.209.0/24 maxlen: 24
                          92.206.254.0/23 maxlen: 24
                          94.139.0.0/19 maxlen: 20
                          217.68.167.0/24 maxlen: 24
                          2a02:2455:8000::/36 maxlen: 36
                          2a02:2455:9000::/36 maxlen: 40
Validation:               Failed, certificate revoked on Thu 05 Dec 2024 10:04:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:92:24:90:89:eb:5a:5c:be:63:fc:3a:ba:1c:b6:94:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
        Validity
            Not Before: Dec  4 14:48:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cf81c07177e045f4473837a29faed9275e3705c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:97:e5:38:f2:9f:12:86:6b:f0:7c:46:f3:10:
                    70:2f:80:da:22:b9:a0:f0:b3:ed:b2:4b:3b:ab:c8:
                    ab:19:89:4e:8f:11:01:69:81:d2:89:38:ed:e4:27:
                    19:ce:86:1f:18:47:c2:71:bc:91:8d:36:6a:b6:08:
                    9e:32:b4:22:75:c2:89:e3:e9:05:13:e9:22:a7:f1:
                    20:f3:4f:4e:68:88:c7:a3:fd:f4:b2:b0:48:c5:18:
                    c1:f2:8a:a7:e8:d1:06:13:d3:3d:ca:e6:99:62:73:
                    d5:16:28:ea:64:23:41:0d:86:e5:58:99:23:0c:ec:
                    34:73:9e:27:43:36:7f:4a:5d:af:6a:09:a1:8d:30:
                    d0:d1:d2:64:c8:39:f5:1c:b4:f8:7e:b3:0b:67:f9:
                    1f:76:ea:77:58:c6:a5:48:69:3f:2f:8a:a8:07:c4:
                    20:e6:99:53:a9:35:de:5a:19:0a:d5:7b:d1:f3:0b:
                    4c:9d:23:d3:b9:50:db:92:40:4e:53:34:15:ed:33:
                    e7:2b:23:5a:d8:34:63:cb:45:02:a8:6f:28:97:c5:
                    6d:54:6e:64:06:b9:4b:1c:5b:88:95:1a:89:43:36:
                    3a:c7:74:d4:6f:66:03:c4:fd:d7:57:ea:8d:46:70:
                    ac:7d:9f:31:21:e5:e6:c4:87:e6:ab:f8:f9:92:7b:
                    fa:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F8:1C:07:17:7E:04:5F:44:73:83:7A:29:FA:ED:92:75:E3:70:5C
            X509v3 Authority Key Identifier:
                keyid:F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/fPgcBxd-BF9Ec4N6KfrtknXjcFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.28.64.0/18
                  37.120.0.0/17
                  92.206.8.0/21
                  92.206.32.0/19
                  92.206.209.0/24
                  92.206.254.0/23
                  94.139.0.0/19
                  217.68.167.0/24
                IPv6:
                  2a02:2455:8000::/35

    Signature Algorithm: sha256WithRSAEncryption
         aa:de:c6:1c:70:85:85:18:94:a8:dc:72:65:b3:70:be:75:32:
         f1:29:af:cb:8f:b7:d2:07:8c:2b:8c:08:47:40:80:21:66:0e:
         75:fe:73:75:a2:f0:a4:85:9a:5a:c9:9a:60:f6:29:18:82:91:
         19:93:1e:46:52:f2:49:d2:81:45:28:1c:7d:c3:35:86:c6:8a:
         02:82:1c:40:aa:98:7b:18:88:bc:6f:42:c1:11:60:c4:f3:f1:
         b5:75:7f:3e:35:3d:dd:3a:43:38:23:a4:ee:a3:d5:8f:df:91:
         bc:32:ed:aa:fd:5c:aa:48:22:c5:18:80:b9:74:fe:ee:ff:b0:
         77:b3:95:a0:76:50:49:13:32:53:64:60:2d:b5:c2:24:8e:bf:
         0b:c4:c9:d1:50:1a:6a:d1:51:ac:6f:83:e8:5c:3e:f4:f3:ff:
         28:bd:05:64:76:50:65:93:54:ba:06:23:25:36:af:5f:2e:b6:
         24:ae:95:46:a5:20:7a:6f:63:d1:51:de:70:68:1a:e2:5a:f1:
         91:44:97:65:c5:b2:a3:3a:38:b8:03:32:9b:00:cb:9f:2b:7d:
         d7:6f:94:1f:38:34:90:11:35:d7:23:aa:39:3e:65:1e:d4:41:
         e0:16:83:0d:3f:8f:97:9d:cc:78:f1:ce:9c:11:f7:9a:68:a3:
         9d:fc:6a:13
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZOSJJCJ61pcvmP8OroctpTSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2OWE1M2RkODYzNTJkMzQ0MGYyMjJiZGY5MDdjZjA5
YzJkYmEwHhcNMjQxMjA0MTQ0ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y4MWMwNzE3N2UwNDVmNDQ3MzgzN2EyOWZhZWQ5Mjc1ZTM3MDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pflOPKfEoZr8HxG8xBwL4DaIrmg
8LPtsks7q8irGYlOjxEBaYHSiTjt5CcZzoYfGEfCcbyRjTZqtgieMrQidcKJ4+kF
E+kip/Eg809OaIjHo/30srBIxRjB8oqn6NEGE9M9yuaZYnPVFijqZCNBDYblWJkj
DOw0c54nQzZ/Sl2vagmhjTDQ0dJkyDn1HLT4frMLZ/kfdup3WMalSGk/L4qoB8Qg
5plTqTXeWhkK1XvR8wtMnSPTuVDbkkBOUzQV7TPnKyNa2DRjy0UCqG8ol8VtVG5k
BrlLHFuIlRqJQzY6x3TUb2YDxP3XV+qNRnCsfZ8xIeXmxIfmq/j5knv6qwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFHz4HAcXfgRfRHODein67ZJ143BcMB8GA1UdIwQY
MBaAFPS3aaU92GNS00QPIivfkHzwnC26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMt
ZDdjMzZjMjdjMDg3LzEvZlBnY0J4ZC1CRjlFYzRONktmcnRrblhqY0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMtZDdjMzZjMjdjMDg3
LzEvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA2BAIAATAwAwQGBRxAAwQH
JXgAAwQDXM4IAwQFXM4gAwQAXM7RAwQBXM7+AwQFXosAAwQA2USnMA4EAgACMAgD
BgUqAiRVgDANBgkqhkiG9w0BAQsFAAOCAQEAqt7GHHCFhRiUqNxyZbNwvnUy8Smv
y4+30geMK4wIR0CAIWYOdf5zdaLwpIWaWsmaYPYpGIKRGZMeRlLySdKBRSgcfcM1
hsaKAoIcQKqYexiIvG9CwRFgxPPxtXV/PjU93TpDOCOk7qPVj9+RvDLtqv1cqkgi
xRiAuXT+7v+wd7OVoHZQSRMyU2RgLbXCJI6/C8TJ0VAaatFRrG+D6Fw+9PP/KL0F
ZHZQZZNUugYjJTavXy62JK6VRqUgem9j0VHecGga4lrxkUSXZcWyozo4uAMymwDL
nyt912+UHzg0kBE11yOqOT5lHtRB4BaDDT+Pl53MePHOnBH3mmijnfxqEw==
-----END CERTIFICATE-----