Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/GldbSqyQ-zcNSNpGEEReJLMKTVY.roa
File:                     GldbSqyQ-zcNSNpGEEReJLMKTVY.roa (raw, json)
Hash identifier:          pt2tZS/DR0mRTy53CZuT8VHleobHLNk/U9hFNBe7cGY=
Subject key identifier:   1A:57:5B:4A:AC:90:FB:37:0D:48:DA:46:10:44:5E:24:B3:0A:4D:56
Certificate issuer:       /CN=c2eafaa30b340ecf810a4cb9af3b51c702566598
Certificate serial:       01942067CEABE48A9D6E1D3BF9EA773C33AE
Authority key identifier: C2:EA:FA:A3:0B:34:0E:CF:81:0A:4C:B9:AF:3B:51:C7:02:56:65:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wur6ows0Ds-BCky5rztRxwJWZZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/GldbSqyQ-zcNSNpGEEReJLMKTVY.roa
Signing time:             Wed 01 Jan 2025 05:47:41 +0000
ROA not before:           Wed 01 Jan 2025 05:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8410
IP address blocks:        194.0.120.0/22 maxlen: 22
                          194.55.161.0/24 maxlen: 24
                          194.55.163.0/24 maxlen: 24
                          194.55.168.0/24 maxlen: 24
                          194.55.171.0/24 maxlen: 24
                          195.140.180.0/22 maxlen: 22
                          212.15.32.0/21 maxlen: 21
                          212.15.40.0/24 maxlen: 24
                          212.15.41.0/24 maxlen: 24
                          212.15.42.0/24 maxlen: 24
                          212.15.43.0/24 maxlen: 24
                          212.15.44.0/24 maxlen: 24
                          212.15.45.0/24 maxlen: 24
                          212.15.46.0/24 maxlen: 24
                          212.15.47.0/24 maxlen: 24
                          212.15.48.0/24 maxlen: 24
                          212.15.50.0/24 maxlen: 24
                          212.15.52.0/24 maxlen: 24
                          212.15.53.0/24 maxlen: 24
                          212.15.54.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 30 Jan 2025 14:24:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ce:ab:e4:8a:9d:6e:1d:3b:f9:ea:77:3c:33:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2eafaa30b340ecf810a4cb9af3b51c702566598
        Validity
            Not Before: Jan  1 05:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a575b4aac90fb370d48da4610445e24b30a4d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f8:b0:5b:49:a6:e6:04:14:d8:f0:44:6b:a8:
                    73:69:06:79:b0:72:06:c5:23:02:c0:dd:ef:51:1e:
                    22:71:3a:8f:8f:0b:31:67:fc:d4:45:a7:b1:46:00:
                    a2:94:f2:47:ef:44:d1:ae:59:f6:5c:97:a0:2b:6e:
                    cd:93:fc:11:fa:37:c5:37:11:f1:af:4d:80:b5:12:
                    11:01:78:97:0b:f7:f6:15:63:7e:a0:8e:49:fc:0a:
                    01:56:98:3c:4c:16:b9:19:2a:ad:6e:d1:4b:7f:a6:
                    f3:e6:46:21:28:af:c3:5a:05:b9:4e:d5:67:bb:5d:
                    85:c2:ed:43:44:d5:6a:39:f5:3b:4a:f7:0d:0d:98:
                    9f:0b:3b:99:cb:13:57:d4:20:f6:28:50:fe:c8:11:
                    a8:92:8a:88:9f:57:fc:05:26:0b:3b:ac:b5:16:b7:
                    3b:fc:42:01:f6:68:23:ad:57:c7:b1:91:78:10:da:
                    b7:a7:73:51:83:be:65:1c:e4:bd:3b:ee:eb:d5:84:
                    4e:54:c0:82:dc:e1:cc:c0:2f:ac:e4:fa:98:fe:a3:
                    7c:cc:74:fc:e5:07:45:09:e1:8c:c2:87:f4:6b:05:
                    39:c4:c1:d2:14:ff:4c:f0:73:64:bc:7e:f5:d1:f7:
                    85:bd:8e:99:ce:f5:ad:70:9a:1d:39:00:3b:f7:1b:
                    57:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:57:5B:4A:AC:90:FB:37:0D:48:DA:46:10:44:5E:24:B3:0A:4D:56
            X509v3 Authority Key Identifier:
                keyid:C2:EA:FA:A3:0B:34:0E:CF:81:0A:4C:B9:AF:3B:51:C7:02:56:65:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wur6ows0Ds-BCky5rztRxwJWZZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/GldbSqyQ-zcNSNpGEEReJLMKTVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/a34a16-f880-4873-868b-5ecafda471f7/1/wur6ows0Ds-BCky5rztRxwJWZZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.120.0/22
                  194.55.161.0/24
                  194.55.163.0/24
                  194.55.168.0/24
                  194.55.171.0/24
                  195.140.180.0/22
                  212.15.32.0-212.15.48.255
                  212.15.50.0/24
                  212.15.52.0-212.15.54.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:ac:9d:e9:98:fb:57:7e:ff:d3:fb:db:f3:22:45:ae:51:1e:
         55:2d:87:a6:b3:f1:25:d4:de:0c:ab:71:d0:33:b1:0c:eb:ee:
         fe:68:21:cc:3e:6b:63:e3:34:a9:f5:c0:ca:03:91:f8:b3:8d:
         fe:10:8f:1c:43:d9:5b:75:ac:cf:d6:27:03:20:f6:4c:a0:90:
         59:41:4b:5c:bd:f8:81:03:a7:31:8c:f8:56:6e:b3:38:52:d6:
         f6:e1:6b:77:78:a4:f2:d9:1d:9b:e8:89:0a:f3:92:de:32:03:
         f4:7b:90:9d:4b:6d:24:60:f3:4a:1e:c1:48:b1:68:65:d4:7a:
         34:19:f0:5c:7f:1e:71:e1:e4:3b:ca:e4:8b:18:5b:4a:80:4d:
         fa:74:4d:fa:11:29:38:f1:c1:f4:d0:93:37:e2:f3:80:87:32:
         d9:e4:46:bd:4e:49:c1:ea:fe:9e:de:66:80:1a:3d:96:88:4b:
         88:1b:a6:e4:97:99:1a:5d:bc:1c:c4:ad:4e:98:d9:8b:02:3f:
         f0:92:d9:24:24:12:9b:ac:7b:b8:b1:69:69:8e:c9:11:3d:48:
         0e:9b:df:1e:9f:91:b6:12:87:d1:8f:dc:bf:d0:14:31:20:9f:
         a0:72:12:17:64:39:f3:27:be:1f:d1:6d:fc:71:72:1f:af:d5:
         8d:f2:e1:f4
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQgZ86r5Iqdbh07+ep3PDOuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWFmYWEzMGIzNDBlY2Y4MTBhNGNiOWFmM2I1MWM3MDI1
NjY1OTgwHhcNMjUwMTAxMDU0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTU3NWI0YWFjOTBmYjM3MGQ0OGRhNDYxMDQ0NWUyNGIzMGE0ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/iwW0mm5gQU2PBEa6hzaQZ5sHIG
xSMCwN3vUR4icTqPjwsxZ/zURaexRgCilPJH70TRrln2XJegK27Nk/wR+jfFNxHx
r02AtRIRAXiXC/f2FWN+oI5J/AoBVpg8TBa5GSqtbtFLf6bz5kYhKK/DWgW5TtVn
u12Fwu1DRNVqOfU7SvcNDZifCzuZyxNX1CD2KFD+yBGokoqIn1f8BSYLO6y1Frc7
/EIB9mgjrVfHsZF4ENq3p3NRg75lHOS9O+7r1YROVMCC3OHMwC+s5PqY/qN8zHT8
5QdFCeGMwof0awU5xMHSFP9M8HNkvH710feFvY6ZzvWtcJodOQA79xtXkwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFBpXW0qskPs3DUjaRhBEXiSzCk1WMB8GA1UdIwQY
MBaAFMLq+qMLNA7PgQpMua87UccCVmWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3VyNm93czBEcy1CQ2t5NXJ6dFJ4d0pXWlpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9hMzRhMTYtZjg4MC00ODczLTg2OGIt
NWVjYWZkYTQ3MWY3LzEvR2xkYlNxeVEtemNOU05wR0VFUmVKTE1LVFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9hMzRhMTYtZjg4MC00ODczLTg2OGItNWVjYWZkYTQ3MWY3
LzEvd3VyNm93czBEcy1CQ2t5NXJ6dFJ4d0pXWlpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQCwgB4AwQA
wjehAwQAwjejAwQAwjeoAwQAwjerAwQCw4y0MAwDBAXUDyADBADUDzADBADUDzIw
DAMEAtQPNAMEANQPNjANBgkqhkiG9w0BAQsFAAOCAQEAf6yd6Zj7V37/0/vb8yJF
rlEeVS2HprPxJdTeDKtx0DOxDOvu/mghzD5rY+M0qfXAygOR+LON/hCPHEPZW3Ws
z9YnAyD2TKCQWUFLXL34gQOnMYz4Vm6zOFLW9uFrd3ik8tkdm+iJCvOS3jID9HuQ
nUttJGDzSh7BSLFoZdR6NBnwXH8eceHkO8rkixhbSoBN+nRN+hEpOPHB9NCTN+Lz
gIcy2eRGvU5Jwer+nt5mgBo9lohLiBum5JeZGl28HMStTpjZiwI/8JLZJCQSm6x7
uLFpaY7JET1IDpvfHp+RthKH0Y/cv9AUMSCfoHISF2Q58ye+H9Ft/HFyH6/VjfLh
9A==
-----END CERTIFICATE-----