Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/95lAnR-YNESJWtIAFN4yEhFPpIk.roa
File:                     95lAnR-YNESJWtIAFN4yEhFPpIk.roa (raw, json)
Hash identifier:          GIN0yWsNSxi/ALGddfaPCUkqD7vveMgerSqH5cAwd1Y=
Subject key identifier:   F7:99:40:9D:1F:98:34:44:89:5A:D2:00:14:DE:32:12:11:4F:A4:89
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       0191E002177CFFB43EC6D04C04EB16F1BFAC
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/95lAnR-YNESJWtIAFN4yEhFPpIk.roa
Signing time:             Wed 11 Sep 2024 07:35:18 +0000
ROA not before:           Wed 11 Sep 2024 07:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208046
IP address blocks:        193.142.146.0/24 maxlen: 24
                          193.142.147.0/24 maxlen: 24
                          2a0f:ca80::/48 maxlen: 48
                          2a0f:ca80:1::/48 maxlen: 48
                          2a0f:ca80:617::/48 maxlen: 48
                          2a0f:ca80:618::/48 maxlen: 48
                          2a0f:ca80:619::/48 maxlen: 48
                          2a0f:ca80:1100::/40 maxlen: 40
                          2a0f:ca80:1200::/40 maxlen: 40
                          2a0f:ca80:1337::/48 maxlen: 48
                          2a0f:ca80:1338::/48 maxlen: 48
                          2a0f:ca81:b00b::/48 maxlen: 48
                          2a0f:ca83:1337::/48 maxlen: 48
                          2a0f:ca84::/40 maxlen: 40
                          2a0f:ca86::/40 maxlen: 40
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:48:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e0:02:17:7c:ff:b4:3e:c6:d0:4c:04:eb:16:f1:bf:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Sep 11 07:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f799409d1f983444895ad20014de3212114fa489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e5:d1:43:0f:c0:ff:9c:16:69:81:9e:b9:39:
                    b7:71:5b:c7:20:72:30:94:2e:8e:3d:20:8b:cb:25:
                    98:05:dc:65:f8:95:73:1a:a5:a9:d1:99:e3:aa:79:
                    8c:6e:44:f0:0c:c5:3c:c0:24:25:77:1b:35:8d:79:
                    45:39:d0:07:1b:40:5f:d0:50:c2:d9:6e:cc:c4:60:
                    5f:d5:91:93:7d:64:77:95:84:34:02:99:05:19:1a:
                    ef:7b:56:b3:eb:86:a1:5f:60:41:03:1a:98:64:ef:
                    04:c0:e3:99:00:30:ab:d3:9d:b3:6a:89:7e:23:3f:
                    b0:8e:25:eb:72:07:65:9b:43:93:36:20:c8:d0:3d:
                    41:52:64:39:2c:57:7e:7d:66:a5:cd:c1:fc:e3:24:
                    2e:25:1f:37:b5:e5:ea:0a:8f:9c:1a:79:92:79:f2:
                    2e:67:da:77:db:f0:bc:ce:13:a3:f6:7d:b4:77:de:
                    f1:e5:ac:ac:22:80:70:c3:7c:0a:c7:92:03:b6:6f:
                    50:a6:93:a4:13:6f:2e:df:2f:13:cd:5d:67:55:13:
                    95:94:36:86:7e:cd:35:f8:39:38:19:af:28:1e:8a:
                    d2:4b:bf:2c:0e:48:1e:ab:94:a9:e7:21:45:65:4e:
                    f8:b7:ef:3a:94:88:63:d9:c8:9c:b2:28:53:11:3e:
                    90:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:99:40:9D:1F:98:34:44:89:5A:D2:00:14:DE:32:12:11:4F:A4:89
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/95lAnR-YNESJWtIAFN4yEhFPpIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.146.0/23
                IPv6:
                  2a0f:ca80::/47
                  2a0f:ca80:617::-2a0f:ca80:619:ffff:ffff:ffff:ffff:ffff
                  2a0f:ca80:1100::-2a0f:ca80:12ff:ffff:ffff:ffff:ffff:ffff
                  2a0f:ca80:1337::-2a0f:ca80:1338:ffff:ffff:ffff:ffff:ffff
                  2a0f:ca81:b00b::/48
                  2a0f:ca83:1337::/48
                  2a0f:ca84::/40
                  2a0f:ca86::/40

    Signature Algorithm: sha256WithRSAEncryption
         a8:c1:fa:df:74:3a:b6:66:2c:45:5e:73:72:64:e0:37:d0:0a:
         ab:ab:a6:cf:75:49:16:9a:86:58:54:f9:5f:c4:b3:2f:5a:4e:
         4f:2f:45:70:ca:d2:5b:04:61:ec:ae:c6:e1:d6:22:60:78:31:
         cb:d3:d8:cf:c5:96:9d:00:3c:b9:bb:83:15:21:cf:9c:1c:79:
         72:52:fb:d6:46:ec:93:f5:63:78:cd:6f:6a:bf:ab:cb:ce:0b:
         12:05:6a:68:fe:8c:54:fa:f1:36:ff:d7:ff:fe:11:fb:cd:e6:
         9a:20:60:89:75:28:83:c3:7d:03:00:0e:39:32:b2:c8:49:51:
         f6:61:e1:dd:57:ac:07:e0:23:8e:fb:02:0c:a3:89:5c:e2:fd:
         70:da:59:e0:43:7a:72:44:c6:9b:3c:28:a2:b0:9c:0b:ca:69:
         52:9d:27:9e:63:c1:f3:a9:01:e3:52:c7:8e:d2:fc:5b:f4:7b:
         92:36:15:48:95:6e:14:dc:51:22:db:47:ae:d3:ab:ca:73:a1:
         a6:1f:96:80:f3:8b:75:bb:bf:59:e0:d2:cf:f0:d6:12:93:1a:
         e6:9f:da:9c:82:d7:1f:e6:0e:ed:89:46:60:a6:c6:33:6a:a8:
         64:4a:4f:49:96:74:28:35:8f:33:2c:ac:cc:38:97:5c:31:bd:
         46:26:c2:54
-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgISAZHgAhd8/7Q+xtBMBOsW8b+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjQwOTExMDczNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzk5NDA5ZDFmOTgzNDQ0ODk1YWQyMDAxNGRlMzIxMjExNGZhNDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uXRQw/A/5wWaYGeuTm3cVvHIHIw
lC6OPSCLyyWYBdxl+JVzGqWp0ZnjqnmMbkTwDMU8wCQldxs1jXlFOdAHG0Bf0FDC
2W7MxGBf1ZGTfWR3lYQ0ApkFGRrve1az64ahX2BBAxqYZO8EwOOZADCr052zaol+
Iz+wjiXrcgdlm0OTNiDI0D1BUmQ5LFd+fWalzcH84yQuJR83teXqCo+cGnmSefIu
Z9p32/C8zhOj9n20d97x5aysIoBww3wKx5IDtm9QppOkE28u3y8TzV1nVROVlDaG
fs01+Dk4Ga8oHorSS78sDkgeq5Sp5yFFZU74t+86lIhj2cicsihTET6QYwIDAQAB
o4ICdzCCAnMwHQYDVR0OBBYEFPeZQJ0fmDREiVrSABTeMhIRT6SJMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvOTVsQW5SLVlORVNKV3RJQUZONHlFaEZQcElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGMBggrBgEFBQcBBwEB/wR9MHswDAQCAAEwBgMEAcGOkjBr
BAIAAjBlAwcBKg/KgAAAMBIDBwAqD8qABhcDBwEqD8qABhgwEAMGACoPyoARAwYA
Kg/KgBIwEgMHACoPyoATNwMHACoPyoATOAMHACoPyoGwCwMHACoPyoMTNwMGACoP
yoQAAwYAKg/KhgAwDQYJKoZIhvcNAQELBQADggEBAKjB+t90OrZmLEVec3Jk4DfQ
Cqurps91SRaahlhU+V/Esy9aTk8vRXDK0lsEYeyuxuHWImB4McvT2M/Flp0APLm7
gxUhz5wceXJS+9ZG7JP1Y3jNb2q/q8vOCxIFamj+jFT68Tb/1//+EfvN5pogYIl1
KIPDfQMADjkysshJUfZh4d1XrAfgI477AgyjiVzi/XDaWeBDenJExps8KKKwnAvK
aVKdJ55jwfOpAeNSx47S/Fv0e5I2FUiVbhTcUSLbR67Tq8pzoaYfloDzi3W7v1ng
0s/w1hKTGuaf2pyC1x/mDu2JRmCmxjNqqGRKT0mWdCg1jzMsrMw4l1wxvUYmwlQ=
-----END CERTIFICATE-----