Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/447677-9972-4df8-b508-b91b92d4d801/1/WQGxvD2BeU7kVpxbYWQUh8rRvN8.roa
File:                     WQGxvD2BeU7kVpxbYWQUh8rRvN8.roa (raw, json)
Hash identifier:          VD7C9Srcjt3wdcEk18Eamfkwcci4C0Fwa/Rz/jRqWzU=
Subject key identifier:   59:01:B1:BC:3D:81:79:4E:E4:56:9C:5B:61:64:14:87:CA:D1:BC:DF
Certificate issuer:       /CN=7d2ea3ecad5a402b8fe5a2a6138af66aac257ff9
Certificate serial:       0193AC3349E5FC9A89337EB4DDC8E7A4EDBA
Authority key identifier: 7D:2E:A3:EC:AD:5A:40:2B:8F:E5:A2:A6:13:8A:F6:6A:AC:25:7F:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fS6j7K1aQCuP5aKmE4r2aqwlf_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/447677-9972-4df8-b508-b91b92d4d801/1/WQGxvD2BeU7kVpxbYWQUh8rRvN8.roa
Signing time:             Mon 09 Dec 2024 16:14:22 +0000
ROA not before:           Mon 09 Dec 2024 16:14:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        5.42.199.0/24 maxlen: 24
                          5.253.63.0/24 maxlen: 24
                          45.129.78.0/24 maxlen: 24
                          77.83.85.0/24 maxlen: 24
                          77.83.86.0/24 maxlen: 24
                          79.133.180.0/24 maxlen: 24
                          89.191.234.0/24 maxlen: 24
                          176.119.141.0/24 maxlen: 24
                          194.113.153.0/24 maxlen: 24
                          194.147.215.0/24 maxlen: 24
                          195.226.194.0/24 maxlen: 24
                          195.245.239.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 26 Dec 2024 14:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ac:33:49:e5:fc:9a:89:33:7e:b4:dd:c8:e7:a4:ed:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d2ea3ecad5a402b8fe5a2a6138af66aac257ff9
        Validity
            Not Before: Dec  9 16:14:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5901b1bc3d81794ee4569c5b61641487cad1bcdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:88:90:18:1d:cc:f0:5b:ad:54:2d:14:11:e3:
                    be:b0:69:34:2d:b4:6c:92:70:41:c6:c1:1c:94:d4:
                    c7:31:64:66:66:d0:b1:3c:32:59:80:53:f4:74:15:
                    2b:48:32:c0:0b:fc:ce:0a:23:6c:78:de:84:b8:ab:
                    2d:d6:d1:fa:9f:00:02:99:ca:8d:8a:d0:58:f7:34:
                    c5:34:71:40:b0:aa:bd:64:cd:81:d7:ea:0c:bc:99:
                    dd:81:61:61:18:e2:78:13:4e:64:9e:ea:e2:36:92:
                    f5:25:41:28:55:8f:ef:80:f8:a8:27:7b:e1:76:f0:
                    a9:e0:77:91:c8:27:7e:52:5a:5a:5b:22:ca:33:7d:
                    6c:4c:c2:9f:1e:95:0a:49:ff:36:a2:92:49:8a:20:
                    ab:42:f7:dd:9e:40:89:30:10:f2:61:24:ae:3a:32:
                    28:b7:29:ae:4f:5d:35:2d:e9:18:6a:bb:12:18:00:
                    01:fc:d5:05:bf:f6:fb:5c:9a:b6:e3:c7:f7:7d:80:
                    e1:d0:b9:86:1e:ab:f3:65:71:48:b8:30:cf:56:79:
                    18:b3:37:c0:e6:8f:d4:2d:a8:34:f6:a0:97:ba:0d:
                    4c:70:c3:51:26:0b:48:02:52:39:71:2a:6e:b9:ff:
                    54:ba:b4:b2:e1:36:2d:0f:b3:0e:34:56:5e:65:f1:
                    28:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:01:B1:BC:3D:81:79:4E:E4:56:9C:5B:61:64:14:87:CA:D1:BC:DF
            X509v3 Authority Key Identifier:
                keyid:7D:2E:A3:EC:AD:5A:40:2B:8F:E5:A2:A6:13:8A:F6:6A:AC:25:7F:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fS6j7K1aQCuP5aKmE4r2aqwlf_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/447677-9972-4df8-b508-b91b92d4d801/1/WQGxvD2BeU7kVpxbYWQUh8rRvN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/447677-9972-4df8-b508-b91b92d4d801/1/fS6j7K1aQCuP5aKmE4r2aqwlf_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.199.0/24
                  5.253.63.0/24
                  45.129.78.0/24
                  77.83.85.0-77.83.86.255
                  79.133.180.0/24
                  89.191.234.0/24
                  176.119.141.0/24
                  194.113.153.0/24
                  194.147.215.0/24
                  195.226.194.0/24
                  195.245.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:58:fe:70:bb:13:fe:05:d9:02:b2:55:97:f8:8c:46:b4:a7:
         47:58:5a:9d:a3:c3:d6:ff:ff:8c:23:00:0c:09:fe:73:64:aa:
         7e:c3:22:3c:53:a4:2b:6f:09:1a:c5:3c:c6:85:5c:fc:4c:d5:
         a2:6d:57:82:2c:3b:1e:20:f8:fa:9e:d6:10:9e:c6:c7:31:ea:
         60:f3:8d:a4:d8:22:17:04:98:1b:d0:cc:52:62:1a:5d:f7:01:
         44:33:73:c3:8f:95:87:f4:7d:b2:f3:ef:dc:45:31:db:76:a9:
         f0:ae:52:1b:d1:3f:81:ec:cd:56:50:f5:bf:0d:98:c8:43:44:
         a9:32:90:b4:64:d7:98:07:af:af:94:59:0d:01:d7:37:ac:1b:
         97:04:05:99:10:c1:b1:cd:ad:c5:e0:17:f9:12:ca:e0:9b:1d:
         aa:dd:8c:77:55:3a:cd:5f:ef:fd:b4:7e:4c:31:67:aa:eb:4a:
         58:4f:04:38:8f:79:87:cb:0e:bf:c5:19:a8:a7:99:1b:b3:0b:
         a9:22:8f:aa:9a:48:57:d4:17:4c:30:b2:2e:38:d8:ee:a4:75:
         fc:7e:35:6c:23:89:79:89:de:d7:c6:28:d1:28:2a:4e:29:62:
         38:d6:1f:8a:8e:ef:d7:63:ab:b0:ad:2f:f6:8e:61:b1:af:13:
         c4:da:f4:b7
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZOsM0nl/JqJM3603cjnpO26MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMmVhM2VjYWQ1YTQwMmI4ZmU1YTJhNjEzOGFmNjZhYWMy
NTdmZjkwHhcNMjQxMjA5MTYxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTAxYjFiYzNkODE3OTRlZTQ1NjljNWI2MTY0MTQ4N2NhZDFiY2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIiQGB3M8FutVC0UEeO+sGk0LbRs
knBBxsEclNTHMWRmZtCxPDJZgFP0dBUrSDLAC/zOCiNseN6EuKst1tH6nwACmcqN
itBY9zTFNHFAsKq9ZM2B1+oMvJndgWFhGOJ4E05knuriNpL1JUEoVY/vgPioJ3vh
dvCp4HeRyCd+UlpaWyLKM31sTMKfHpUKSf82opJJiiCrQvfdnkCJMBDyYSSuOjIo
tymuT101LekYarsSGAAB/NUFv/b7XJq248f3fYDh0LmGHqvzZXFIuDDPVnkYszfA
5o/ULag09qCXug1McMNRJgtIAlI5cSpuuf9UurSy4TYtD7MONFZeZfEoLwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFFkBsbw9gXlO5FacW2FkFIfK0bzfMB8GA1UdIwQY
MBaAFH0uo+ytWkArj+WiphOK9mqsJX/5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlM2ajdLMWFRQ3VQNWFLbUU0cjJhcXdsZl9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy80NDc2NzctOTk3Mi00ZGY4LWI1MDgt
YjkxYjkyZDRkODAxLzEvV1FHeHZEMkJlVTdrVnB4YllXUVVoOHJSdk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy80NDc2NzctOTk3Mi00ZGY4LWI1MDgtYjkxYjkyZDRkODAx
LzEvZlM2ajdLMWFRQ3VQNWFLbUU0cjJhcXdsZl9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQABSrHAwQA
Bf0/AwQALYFOMAwDBABNU1UDBABNU1YDBABPhbQDBABZv+oDBACwd40DBADCcZkD
BADCk9cDBADD4sIDBADD9e8wDQYJKoZIhvcNAQELBQADggEBAAdY/nC7E/4F2QKy
VZf4jEa0p0dYWp2jw9b//4wjAAwJ/nNkqn7DIjxTpCtvCRrFPMaFXPxM1aJtV4Is
Ox4g+Pqe1hCexscx6mDzjaTYIhcEmBvQzFJiGl33AUQzc8OPlYf0fbLz79xFMdt2
qfCuUhvRP4HszVZQ9b8NmMhDRKkykLRk15gHr6+UWQ0B1zesG5cEBZkQwbHNrcXg
F/kSyuCbHardjHdVOs1f7/20fkwxZ6rrSlhPBDiPeYfLDr/FGainmRuzC6kij6qa
SFfUF0wwsi442O6kdfx+NWwjiXmJ3tfGKNEoKk4pYjjWH4qO79djq7CtL/aOYbGv
E8Ta9Lc=
-----END CERTIFICATE-----