Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/33OmnK8-TBWZgT6Rm2fAfH19jWc.roa
File:                     33OmnK8-TBWZgT6Rm2fAfH19jWc.roa (raw, json)
Hash identifier:          J/GnITQjQP0EK3DSFkq6moNetz2Vwm9Mo0vhsfoBjWs=
Subject key identifier:   DF:73:A6:9C:AF:3E:4C:15:99:81:3E:91:9B:67:C0:7C:7D:7D:8D:67
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019710AA71650395DE490734716638C1F0DE
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/33OmnK8-TBWZgT6Rm2fAfH19jWc.roa
Signing time:             Tue 27 May 2025 07:34:54 +0000
ROA not before:           Tue 27 May 2025 07:34:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205544
IP address blocks:        193.8.94.0/24 maxlen: 24
                          2a09:17c0:b19a::/48 maxlen: 48
                          2a0e:1a83:88::/48 maxlen: 48
                          2a0f:1206:77::/48 maxlen: 48
                          2a0f:e1c0:3::/48 maxlen: 48
                          2a0f:e1c7:100::/48 maxlen: 48
                          2a0f:e200:5::/48 maxlen: 48
                          2a0f:e202:97::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
                          2a0f:ea40:8::/48 maxlen: 48
                          2a0f:ea44:88::/48 maxlen: 48
                          2a0f:ea47:ff49::/48 maxlen: 48
                          2a12:ecc0:3::/48 maxlen: 48
Validation:               Failed, certificate revoked on Tue 27 May 2025 16:34:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:10:aa:71:65:03:95:de:49:07:34:71:66:38:c1:f0:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 27 07:34:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df73a69caf3e4c1599813e919b67c07c7d7d8d67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5f:d8:f7:8a:07:7e:93:1a:b5:0b:f6:a2:77:
                    91:61:f3:e5:d6:ef:91:b9:cd:ea:c7:74:67:4d:6d:
                    f2:ff:70:4d:9e:5a:cb:45:54:8b:ee:ec:f3:d5:ca:
                    88:8a:61:f5:a3:3d:bd:73:35:f6:1b:da:87:ae:3d:
                    91:2f:0e:0d:16:1d:ac:4d:8d:b3:f5:f9:65:63:b8:
                    b9:b3:a5:6a:98:a2:e1:7d:f3:67:df:38:15:2e:1e:
                    ca:be:10:dc:0a:68:1e:7e:b7:49:ed:a4:5a:84:8b:
                    55:ac:9b:f9:a1:13:b8:38:99:e7:86:d5:aa:bf:7e:
                    8a:8a:a2:a2:2d:7a:9c:c1:1b:3a:75:a4:97:33:4f:
                    8a:62:6f:58:83:ee:86:71:1d:48:f1:2b:c8:c1:03:
                    0d:b4:28:77:a8:11:10:b2:21:13:40:0b:14:00:2a:
                    21:00:5f:23:98:fa:0c:b3:48:a4:42:46:14:0b:cf:
                    3c:f9:1b:d8:3d:9b:9d:ea:dc:be:bc:2b:3b:bc:59:
                    c2:03:c7:b6:fe:52:f1:5a:83:32:27:c9:7a:5d:13:
                    1a:6c:38:a8:9f:14:82:6b:75:2c:21:55:42:a4:5c:
                    c5:a5:6f:c8:a6:a0:0f:dd:b3:8a:5d:b5:af:f4:9a:
                    ef:56:b2:60:28:3d:c7:91:59:ef:b7:81:d6:30:e1:
                    a5:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:73:A6:9C:AF:3E:4C:15:99:81:3E:91:9B:67:C0:7C:7D:7D:8D:67
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/33OmnK8-TBWZgT6Rm2fAfH19jWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.94.0/24
                IPv6:
                  2a09:17c0:b19a::/48
                  2a0e:1a83:88::/48
                  2a0f:1206:77::/48
                  2a0f:e1c0:3::/48
                  2a0f:e1c7:100::/48
                  2a0f:e200:5::/48
                  2a0f:e202:97::/48
                  2a0f:e440::/29
                  2a0f:ea40:8::/48
                  2a0f:ea44:88::/48
                  2a0f:ea47:ff49::/48
                  2a12:ecc0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:a7:f4:5f:e7:3f:e1:85:b6:6e:08:63:51:bf:87:23:3d:29:
         47:60:47:02:99:e3:3b:4d:05:2e:a5:13:bb:93:85:f7:e5:f7:
         b0:81:33:16:08:4b:46:1c:4a:a3:57:58:1a:48:3a:ba:7e:1e:
         fb:e0:96:6b:82:83:41:01:30:c3:98:b3:c1:3c:cc:d1:72:c2:
         5d:a8:db:a8:9a:40:da:4b:02:7f:b1:27:a2:f5:30:45:47:e0:
         57:76:9d:2f:b7:d1:2a:7b:ba:7c:b0:7c:6c:a4:59:64:04:c6:
         8f:61:9d:b5:11:bf:b1:04:f9:32:97:2f:d4:46:8c:45:07:a1:
         10:60:e7:52:dc:c1:18:c0:79:eb:46:31:81:9c:c8:c8:3a:8f:
         d8:c4:11:64:26:d5:2f:04:6e:1f:59:7d:e8:81:d2:00:ec:7f:
         2f:32:a1:4c:11:66:f1:e7:59:64:a8:36:1c:1f:99:69:bf:55:
         2b:f1:3d:83:d6:86:b0:82:51:ab:b9:47:12:7b:7b:29:b6:5a:
         aa:47:5d:9c:05:ee:29:49:07:9d:5d:c7:40:41:20:ef:03:b7:
         f4:83:8e:3f:ca:01:95:f6:16:85:a6:97:38:e3:e7:bf:07:e0:
         86:f5:20:ca:34:e1:6d:df:c1:6f:b5:11:f0:70:2e:f2:7f:26:
         40:9a:d0:84
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAZcQqnFlA5XeSQc0cWY4wfDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNTI3MDczNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjczYTY5Y2FmM2U0YzE1OTk4MTNlOTE5YjY3YzA3YzdkN2Q4ZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul/Y94oHfpMatQv2oneRYfPl1u+R
uc3qx3RnTW3y/3BNnlrLRVSL7uzz1cqIimH1oz29czX2G9qHrj2RLw4NFh2sTY2z
9fllY7i5s6VqmKLhffNn3zgVLh7KvhDcCmgefrdJ7aRahItVrJv5oRO4OJnnhtWq
v36KiqKiLXqcwRs6daSXM0+KYm9Yg+6GcR1I8SvIwQMNtCh3qBEQsiETQAsUACoh
AF8jmPoMs0ikQkYUC888+RvYPZud6ty+vCs7vFnCA8e2/lLxWoMyJ8l6XRMabDio
nxSCa3UsIVVCpFzFpW/IpqAP3bOKXbWv9JrvVrJgKD3HkVnvt4HWMOGl/wIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFN9zppyvPkwVmYE+kZtnwHx9fY1nMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMzNPbW5LOC1UQldaZ1Q2Um0yZkFmSDE5aldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDAMBAIAATAGAwQAwQhe
MHAEAgACMGoDBwAqCRfAsZoDBwAqDhqDAIgDBwAqDxIGAHcDBwAqD+HAAAMDBwAq
D+HHAQADBwAqD+IAAAUDBwAqD+ICAJcDBQMqD+RAAwcAKg/qQAAIAwcAKg/qRACI
AwcAKg/qR/9JAwcAKhLswAADMA0GCSqGSIb3DQEBCwUAA4IBAQCLp/Rf5z/hhbZu
CGNRv4cjPSlHYEcCmeM7TQUupRO7k4X35fewgTMWCEtGHEqjV1gaSDq6fh774JZr
goNBATDDmLPBPMzRcsJdqNuomkDaSwJ/sSei9TBFR+BXdp0vt9Eqe7p8sHxspFlk
BMaPYZ21Eb+xBPkyly/URoxFB6EQYOdS3MEYwHnrRjGBnMjIOo/YxBFkJtUvBG4f
WX3ogdIA7H8vMqFMEWbx51lkqDYcH5lpv1Ur8T2D1oawglGruUcSe3sptlqqR12c
Be4pSQedXcdAQSDvA7f0g44/ygGV9haFppc44+e/B+CG9SDKNOFt38FvtRHwcC7y
fyZAmtCE
-----END CERTIFICATE-----