Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/p1GYv_VDMyoOKnynl32jyDIXnlQ.roa
File:                     p1GYv_VDMyoOKnynl32jyDIXnlQ.roa (raw, json)
Hash identifier:          oMM7+xIBXfhVShIqyktIMsSMMnD7Sk/ixua2J3NUmO4=
Subject key identifier:   A7:51:98:BF:F5:43:33:2A:0E:2A:7C:A7:97:7D:A3:C8:32:17:9E:54
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0194282429DCB43BEE53AF5A2C9D7087D94A
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/p1GYv_VDMyoOKnynl32jyDIXnlQ.roa
Signing time:             Thu 02 Jan 2025 17:50:46 +0000
ROA not before:           Thu 02 Jan 2025 17:50:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203380
IP address blocks:        77.76.13.0/24 maxlen: 24
                          78.128.99.0/24 maxlen: 24
                          78.128.127.0/24 maxlen: 24
                          79.124.7.0/24 maxlen: 24
                          79.124.77.0/24 maxlen: 24
                          82.118.227.0/24 maxlen: 24
                          82.118.230.0/24 maxlen: 24
                          82.118.234.0/24 maxlen: 24
                          82.118.235.0/24 maxlen: 24
                          82.118.245.0/24 maxlen: 24
                          91.148.141.0/24 maxlen: 24
                          94.72.140.0/23 maxlen: 24
                          94.72.141.0/24 maxlen: 24
                          94.72.143.0/24 maxlen: 24
                          130.185.251.0/24 maxlen: 24
                          2a01:8740:1::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 08 Jan 2025 13:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:29:dc:b4:3b:ee:53:af:5a:2c:9d:70:87:d9:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a75198bff543332a0e2a7ca7977da3c832179e54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:be:44:26:7d:14:7c:2d:78:62:23:0b:c6:b9:
                    08:a3:d8:49:c6:a1:a5:f2:51:0d:16:fb:8e:c0:24:
                    ac:ce:b6:18:52:bb:d9:5c:63:53:dc:5f:e8:64:5d:
                    29:a6:b5:34:af:0e:f2:ba:45:65:2c:ed:8a:7d:51:
                    c0:10:aa:e6:c2:f9:7c:65:24:9c:43:d3:48:1d:da:
                    06:a2:fd:3d:fa:d6:61:4b:a2:74:e0:49:ef:77:df:
                    71:7c:0a:f4:57:1a:ae:c1:2c:b4:4b:86:0f:17:27:
                    a2:b8:e3:4a:0d:dc:ea:d4:3c:1d:e7:32:79:02:7f:
                    bc:be:29:71:87:6a:dd:a9:86:4c:42:26:a2:ef:7d:
                    52:46:34:c3:8a:38:85:d7:eb:4c:55:26:01:e0:10:
                    78:1c:f9:7b:b7:3d:8d:50:08:3a:ab:fd:05:91:69:
                    5b:38:51:52:c1:8f:ae:14:2a:c4:48:d7:14:e5:d2:
                    0c:37:4c:27:62:96:b8:cc:a0:f0:a6:ba:cb:eb:b5:
                    1b:f9:1e:34:67:6e:92:2e:3a:cf:91:af:fe:65:87:
                    da:85:19:72:04:06:5a:33:81:3a:aa:04:7e:23:e5:
                    8f:9e:df:a4:10:71:a8:9f:58:5f:4f:60:62:cf:3a:
                    f8:a9:fb:f6:94:28:7c:90:09:55:2f:9d:1d:80:8c:
                    56:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:51:98:BF:F5:43:33:2A:0E:2A:7C:A7:97:7D:A3:C8:32:17:9E:54
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/p1GYv_VDMyoOKnynl32jyDIXnlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.13.0/24
                  78.128.99.0/24
                  78.128.127.0/24
                  79.124.7.0/24
                  79.124.77.0/24
                  82.118.227.0/24
                  82.118.230.0/24
                  82.118.234.0/23
                  82.118.245.0/24
                  91.148.141.0/24
                  94.72.140.0/23
                  94.72.143.0/24
                  130.185.251.0/24
                IPv6:
                  2a01:8740:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:66:c3:b4:7a:d1:0e:d0:86:6e:87:99:0b:0b:18:95:fc:af:
         64:84:b9:c6:91:34:2f:20:94:b7:a1:5f:9f:f4:ce:bd:7e:ef:
         92:fd:df:1f:bc:ac:94:8e:97:74:33:4d:f6:7b:4e:c5:6e:2c:
         3c:e6:02:33:4b:6e:8b:9e:0b:92:d0:73:23:22:4c:bd:28:c2:
         10:d7:06:48:9d:3c:14:03:c7:db:4e:5f:24:75:cc:a2:74:4c:
         50:b3:6f:37:cc:da:fe:9a:ff:8c:6e:ad:81:01:db:97:3e:27:
         d3:46:bc:f9:0f:10:74:ec:61:6d:66:14:81:45:9a:47:64:b7:
         99:0d:46:fb:33:40:88:65:bf:65:be:a6:9c:79:82:96:dc:67:
         12:0f:58:e3:32:d0:23:97:fe:4f:fa:6a:69:9a:1c:59:ac:fd:
         f4:94:b2:39:ba:e0:da:84:d5:14:12:ff:a8:93:a7:c4:69:d6:
         9e:e1:6c:90:33:d1:70:cd:d6:d0:b1:ac:63:45:5e:bb:d2:c0:
         a0:01:69:56:dd:15:39:58:0f:0c:fa:a7:8e:02:64:f5:61:5b:
         bf:46:1c:ef:96:48:27:36:4e:0d:30:db:f0:57:38:0b:80:26:
         13:aa:5b:51:b1:17:a7:18:ac:61:95:2c:2f:2d:ad:89:f6:3e:
         a5:d7:cf:96
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZQoJCnctDvuU69aLJ1wh9lKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzUxOThiZmY1NDMzMzJhMGUyYTdjYTc5NzdkYTNjODMyMTc5ZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhr5EJn0UfC14YiMLxrkIo9hJxqGl
8lENFvuOwCSszrYYUrvZXGNT3F/oZF0pprU0rw7yukVlLO2KfVHAEKrmwvl8ZSSc
Q9NIHdoGov09+tZhS6J04Envd99xfAr0VxquwSy0S4YPFyeiuONKDdzq1Dwd5zJ5
An+8vilxh2rdqYZMQiai731SRjTDijiF1+tMVSYB4BB4HPl7tz2NUAg6q/0FkWlb
OFFSwY+uFCrESNcU5dIMN0wnYpa4zKDwprrL67Ub+R40Z26SLjrPka/+ZYfahRly
BAZaM4E6qgR+I+WPnt+kEHGon1hfT2Bizzr4qfv2lCh8kAlVL50dgIxWGwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFKdRmL/1QzMqDip8p5d9o8gyF55UMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvcDFHWXZfVkRNeW9PS255bmwzMmp5RElYbmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBUBAIAATBOAwQATUwNAwQA
ToBjAwQAToB/AwQAT3wHAwQAT3xNAwQAUnbjAwQAUnbmAwQBUnbqAwQAUnb1AwQA
W5SNAwQBXkiMAwQAXkiPAwQAgrn7MA8EAgACMAkDBwAqAYdAAAEwDQYJKoZIhvcN
AQELBQADggEBAFRmw7R60Q7Qhm6HmQsLGJX8r2SEucaRNC8glLehX5/0zr1+75L9
3x+8rJSOl3QzTfZ7TsVuLDzmAjNLboueC5LQcyMiTL0owhDXBkidPBQDx9tOXyR1
zKJ0TFCzbzfM2v6a/4xurYEB25c+J9NGvPkPEHTsYW1mFIFFmkdkt5kNRvszQIhl
v2W+ppx5gpbcZxIPWOMy0COX/k/6ammaHFms/fSUsjm64NqE1RQS/6iTp8Rp1p7h
bJAz0XDN1tCxrGNFXrvSwKABaVbdFTlYDwz6p44CZPVhW79GHO+WSCc2Tg0w2/BX
OAuAJhOqW1GxF6cYrGGVLC8trYn2PqXXz5Y=
-----END CERTIFICATE-----