Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/guBibikHyH8eP_Kf-BrRKSWDoIo.roa
File:                     guBibikHyH8eP_Kf-BrRKSWDoIo.roa (raw, json)
Hash identifier:          RvnvmpAVAncH22Lw/XOQyYD+PdS0Xeb7vh553ORJT5c=
Subject key identifier:   82:E0:62:6E:29:07:C8:7F:1E:3F:F2:9F:F8:1A:D1:29:25:83:A0:8A
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0196CFBC5DFF6B2C1590310DCB7298A6BD01
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/guBibikHyH8eP_Kf-BrRKSWDoIo.roa
Signing time:             Wed 14 May 2025 16:59:10 +0000
ROA not before:           Wed 14 May 2025 16:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205544
IP address blocks:        193.8.94.0/24 maxlen: 24
                          193.8.231.0/24 maxlen: 24
                          2a09:17c0:b19a::/48 maxlen: 48
                          2a0e:1a83:88::/48 maxlen: 48
                          2a0f:1206:77::/48 maxlen: 48
                          2a0f:e1c0:3::/48 maxlen: 48
                          2a0f:e1c7:100::/48 maxlen: 48
                          2a0f:e200:5::/48 maxlen: 48
                          2a0f:e202:97::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
                          2a0f:ea40:8::/48 maxlen: 48
                          2a0f:ea44:88::/48 maxlen: 48
                          2a0f:ea47:ff49::/48 maxlen: 48
                          2a12:ecc0:3::/48 maxlen: 48
Validation:               Failed, certificate revoked on Tue 27 May 2025 07:34:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:bc:5d:ff:6b:2c:15:90:31:0d:cb:72:98:a6:bd:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 14 16:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82e0626e2907c87f1e3ff29ff81ad1292583a08a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:99:83:22:3f:9e:55:54:3d:75:37:02:bf:b6:
                    e1:27:61:04:48:0f:67:6e:76:61:a1:ae:9b:78:6d:
                    14:e5:b2:9c:0d:26:96:d7:33:71:f3:6f:b8:b5:2f:
                    16:9a:1e:82:a9:11:92:b2:de:b4:fe:56:1e:3d:74:
                    ee:07:4f:79:bd:a3:ce:80:e7:33:af:78:ba:fd:cc:
                    f7:02:bf:7a:5d:ff:36:52:c6:0e:aa:c1:3b:63:d3:
                    54:f0:6a:b4:7a:92:9d:6c:aa:11:13:d7:10:88:c7:
                    e4:f4:ee:19:92:5f:90:a4:2c:e7:9e:92:74:c8:4e:
                    49:10:1c:3c:bd:ff:60:5a:6a:95:49:c4:7a:e6:43:
                    59:f1:22:1c:1f:b0:fe:eb:c6:74:49:dd:85:db:04:
                    28:38:66:fc:7c:db:c0:89:0c:a2:d6:e5:11:94:ab:
                    ee:43:89:fb:c0:e9:84:39:89:2e:97:f2:f5:9f:02:
                    e3:b7:5f:b0:02:40:bb:c9:21:60:aa:5c:c0:aa:13:
                    3e:45:65:95:00:12:fb:55:6f:39:9d:bb:14:2b:d1:
                    73:12:28:f1:85:5f:35:e3:7c:d6:71:e5:f7:e2:fb:
                    62:cd:76:36:e8:c6:f2:76:bd:eb:51:bd:39:56:1d:
                    dd:f6:a5:10:5a:95:f5:64:98:db:13:94:2c:b2:50:
                    ba:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E0:62:6E:29:07:C8:7F:1E:3F:F2:9F:F8:1A:D1:29:25:83:A0:8A
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/guBibikHyH8eP_Kf-BrRKSWDoIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.94.0/24
                  193.8.231.0/24
                IPv6:
                  2a09:17c0:b19a::/48
                  2a0e:1a83:88::/48
                  2a0f:1206:77::/48
                  2a0f:e1c0:3::/48
                  2a0f:e1c7:100::/48
                  2a0f:e200:5::/48
                  2a0f:e202:97::/48
                  2a0f:e440::/29
                  2a0f:ea40:8::/48
                  2a0f:ea44:88::/48
                  2a0f:ea47:ff49::/48
                  2a12:ecc0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:7c:48:a2:79:3c:e7:1b:08:89:ee:cb:01:2d:f4:1f:4d:9e:
         a1:8a:fa:0f:79:37:32:d5:09:2a:ea:f8:5f:e8:9f:38:fa:e2:
         a8:c9:b9:a3:b9:6a:15:3f:c7:fb:46:ab:2d:8c:6e:46:45:d1:
         7e:4b:b9:c1:75:86:99:d0:c3:29:97:b9:6e:b4:58:38:d3:2b:
         6c:6f:b9:3c:c6:30:d8:66:fb:2f:e8:6d:b8:87:60:00:39:68:
         47:4d:d6:c6:07:c5:43:e4:46:ce:c6:10:29:a7:a3:32:69:60:
         c3:54:c0:84:e4:83:17:ca:2a:2f:8b:65:f3:00:e3:bf:45:ed:
         04:d9:e2:c2:28:4a:81:3a:b5:9d:36:7c:86:99:76:ec:d3:8b:
         b8:f6:4f:86:84:ce:4d:a0:10:05:49:57:5d:d7:14:6d:97:c4:
         26:1b:4e:ac:88:96:20:d3:6a:97:2c:37:af:f3:48:69:cb:5d:
         f8:62:1e:5f:b1:45:52:64:ee:a8:9b:53:68:c6:c3:52:4a:21:
         bb:56:a4:70:c4:1e:b5:08:d5:6f:d3:88:14:c9:c5:7b:bf:ec:
         03:23:63:f2:c7:e4:23:f0:0f:b6:69:50:d2:08:36:50:8b:3f:
         2e:e4:d2:e1:1f:1e:35:32:3d:ca:8a:a8:96:94:7c:95:4a:0c:
         26:2e:fd:9c
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZbPvF3/aywVkDENy3KYpr0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNTE0MTY1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmUwNjI2ZTI5MDdjODdmMWUzZmYyOWZmODFhZDEyOTI1ODNhMDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZmDIj+eVVQ9dTcCv7bhJ2EESA9n
bnZhoa6beG0U5bKcDSaW1zNx82+4tS8Wmh6CqRGSst60/lYePXTuB095vaPOgOcz
r3i6/cz3Ar96Xf82UsYOqsE7Y9NU8Gq0epKdbKoRE9cQiMfk9O4Zkl+QpCznnpJ0
yE5JEBw8vf9gWmqVScR65kNZ8SIcH7D+68Z0Sd2F2wQoOGb8fNvAiQyi1uURlKvu
Q4n7wOmEOYkul/L1nwLjt1+wAkC7ySFgqlzAqhM+RWWVABL7VW85nbsUK9FzEijx
hV8143zWceX34vtizXY26Mbydr3rUb05Vh3d9qUQWpX1ZJjbE5QsslC65wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFILgYm4pB8h/Hj/yn/ga0Sklg6CKMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZ3VCaWJpa0h5SDhlUF9LZi1CclJLU1dEb0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjASBAIAATAMAwQAwQhe
AwQAwQjnMHAEAgACMGoDBwAqCRfAsZoDBwAqDhqDAIgDBwAqDxIGAHcDBwAqD+HA
AAMDBwAqD+HHAQADBwAqD+IAAAUDBwAqD+ICAJcDBQMqD+RAAwcAKg/qQAAIAwcA
Kg/qRACIAwcAKg/qR/9JAwcAKhLswAADMA0GCSqGSIb3DQEBCwUAA4IBAQAhfEii
eTznGwiJ7ssBLfQfTZ6hivoPeTcy1Qkq6vhf6J84+uKoybmjuWoVP8f7RqstjG5G
RdF+S7nBdYaZ0MMpl7lutFg40ytsb7k8xjDYZvsv6G24h2AAOWhHTdbGB8VD5EbO
xhApp6MyaWDDVMCE5IMXyiovi2XzAOO/Re0E2eLCKEqBOrWdNnyGmXbs04u49k+G
hM5NoBAFSVdd1xRtl8QmG06siJYg02qXLDev80hpy134Yh5fsUVSZO6om1NoxsNS
SiG7VqRwxB61CNVv04gUycV7v+wDI2Pyx+Qj8A+2aVDSCDZQiz8u5NLhHx41Mj3K
iqiWlHyVSgwmLv2c
-----END CERTIFICATE-----