Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/IZsIva9k-Ztd60NeGoSmF0fdvsM.roa
File:                     IZsIva9k-Ztd60NeGoSmF0fdvsM.roa (raw, json)
Hash identifier:          fn++StFFidO77qj2lddBmt3/rFEnZbgnFi+8WpLahMw=
Subject key identifier:   21:9B:08:BD:AF:64:F9:9B:5D:EB:43:5E:1A:84:A6:17:47:DD:BE:C3
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       01952E0128FA62F052C38EBE52181FB388B4
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/IZsIva9k-Ztd60NeGoSmF0fdvsM.roa
Signing time:             Sat 22 Feb 2025 14:13:02 +0000
ROA not before:           Sat 22 Feb 2025 14:13:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48847
IP address blocks:        109.233.16.0/21 maxlen: 21
                          109.233.16.0/24 maxlen: 24
                          109.233.17.0/24 maxlen: 24
                          109.233.18.0/24 maxlen: 24
                          109.233.19.0/24 maxlen: 24
                          109.233.19.56/29 maxlen: 29
                          109.233.19.128/25 maxlen: 25
                          109.233.19.128/30 maxlen: 30
                          109.233.20.0/24 maxlen: 24
                          109.233.20.196/30 maxlen: 30
                          109.233.21.0/24 maxlen: 24
                          109.233.21.92/30 maxlen: 30
                          109.233.21.100/30 maxlen: 30
                          109.233.22.0/24 maxlen: 24
                          109.233.23.0/24 maxlen: 24
                          109.233.23.0/30 maxlen: 30
                          109.233.23.152/29 maxlen: 29
                          185.12.220.0/22 maxlen: 22
                          185.12.221.0/24 maxlen: 24
                          185.12.221.152/29 maxlen: 29
                          185.12.222.0/24 maxlen: 24
                          185.12.223.0/24 maxlen: 24
                          2a03:6900::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 14 Apr 2025 18:45:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:2e:01:28:fa:62:f0:52:c3:8e:be:52:18:1f:b3:88:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Feb 22 14:13:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=219b08bdaf64f99b5deb435e1a84a61747ddbec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:24:ff:fa:00:7a:aa:c2:1a:b9:0e:45:30:cb:
                    1f:bd:1f:fa:d0:25:db:b6:99:59:1d:9d:bd:ca:bb:
                    b6:22:8a:85:a2:9f:49:56:f6:ae:3a:d4:16:34:00:
                    a7:82:40:66:5e:2e:e4:31:65:0d:68:db:b5:bf:45:
                    f7:43:5f:c7:1a:9b:c7:43:8d:3b:d6:78:17:33:54:
                    30:d7:2d:0f:af:25:b1:89:17:a2:e5:9d:45:53:b8:
                    29:a6:3e:74:29:17:8f:8c:44:1b:a8:a5:bb:5f:3d:
                    9a:af:32:a3:85:bf:76:49:e3:12:5c:15:8f:c5:52:
                    6b:b3:f1:6b:a2:fa:08:cd:77:84:66:d1:91:94:bb:
                    a6:b2:63:b1:b3:e9:6c:6e:0f:45:0d:78:91:91:62:
                    ab:e2:4f:cc:d8:98:39:11:63:5f:6a:ca:1a:4b:2d:
                    83:f7:66:b7:85:b6:b5:ca:3b:77:ba:2d:5b:5f:f8:
                    71:f0:31:9e:5f:5e:aa:90:27:bf:2a:ed:aa:c0:88:
                    5a:2d:ac:f3:e4:d1:74:4d:20:30:ff:de:16:30:63:
                    06:e4:bc:c6:28:d7:24:8c:de:f6:cb:a8:51:13:00:
                    15:8f:c1:6b:5f:18:72:fb:00:98:07:2c:0b:69:c8:
                    8a:c8:ad:fc:75:2a:15:45:ca:1f:a4:07:61:0d:0c:
                    67:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9B:08:BD:AF:64:F9:9B:5D:EB:43:5E:1A:84:A6:17:47:DD:BE:C3
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/IZsIva9k-Ztd60NeGoSmF0fdvsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.16.0/21
                  185.12.220.0/22
                IPv6:
                  2a03:6900::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:e2:d3:50:ce:1c:a3:f1:89:fc:d7:8f:0a:db:4d:1d:38:c8:
         12:c5:92:01:7e:ed:59:05:8e:56:82:24:36:ee:b5:f5:1b:b9:
         f0:75:f9:9a:ac:24:ab:14:f2:a4:b2:c2:c6:a2:a7:f6:20:76:
         40:2f:49:4e:6e:76:ce:39:be:7f:75:cb:5d:1c:6e:d3:6a:90:
         1b:77:c9:82:c0:0d:43:15:6a:e9:49:39:8d:8a:96:5e:e4:b5:
         c8:e4:c6:85:37:81:1e:5b:4a:8b:f1:72:92:bc:d0:f9:5b:27:
         94:2a:6d:e1:55:73:be:4b:f3:b5:7e:a8:f8:c7:1c:31:44:aa:
         5b:e1:44:87:31:4a:3a:cb:d4:26:ea:0a:27:56:b0:59:d9:ee:
         ca:dd:53:85:32:0d:99:b5:88:e9:8e:7d:46:79:c9:8e:af:18:
         a5:c6:31:3e:3e:d4:9e:ad:4b:76:59:22:2b:89:2c:b7:43:e8:
         b5:49:a3:04:17:3a:53:9f:60:8a:e5:15:fb:26:ef:d5:27:be:
         fa:ee:8a:0e:22:9c:4e:62:bf:3c:5c:93:49:32:83:b4:7e:d0:
         4a:e8:57:c8:10:80:cc:75:71:53:62:55:3c:17:d1:c0:76:7d:
         4e:b0:34:3a:3a:36:d9:a3:aa:b9:b5:82:68:9e:f0:65:ce:51:
         d3:be:7d:fd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZUuASj6YvBSw46+Uhgfs4i0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjUwMjIyMTQxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTliMDhiZGFmNjRmOTliNWRlYjQzNWUxYTg0YTYxNzQ3ZGRiZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyT/+gB6qsIauQ5FMMsfvR/60CXb
tplZHZ29yru2IoqFop9JVvauOtQWNACngkBmXi7kMWUNaNu1v0X3Q1/HGpvHQ407
1ngXM1Qw1y0PryWxiRei5Z1FU7gppj50KRePjEQbqKW7Xz2arzKjhb92SeMSXBWP
xVJrs/FrovoIzXeEZtGRlLumsmOxs+lsbg9FDXiRkWKr4k/M2Jg5EWNfasoaSy2D
92a3hba1yjt3ui1bX/hx8DGeX16qkCe/Ku2qwIhaLazz5NF0TSAw/94WMGMG5LzG
KNckjN72y6hREwAVj8FrXxhy+wCYBywLaciKyK38dSoVRcofpAdhDQxnDQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCGbCL2vZPmbXetDXhqEphdH3b7DMB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvSVpzSXZhOWstWnRkNjBOZUdvU21GMGZkdnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekQAwQC
uQzcMA0EAgACMAcDBQAqA2kAMA0GCSqGSIb3DQEBCwUAA4IBAQAW4tNQzhyj8Yn8
148K200dOMgSxZIBfu1ZBY5WgiQ27rX1G7nwdfmarCSrFPKkssLGoqf2IHZAL0lO
bnbOOb5/dctdHG7TapAbd8mCwA1DFWrpSTmNipZe5LXI5MaFN4EeW0qL8XKSvND5
WyeUKm3hVXO+S/O1fqj4xxwxRKpb4USHMUo6y9Qm6gonVrBZ2e7K3VOFMg2ZtYjp
jn1GecmOrxilxjE+PtSerUt2WSIriSy3Q+i1SaMEFzpTn2CK5RX7Ju/VJ7767ooO
IpxOYr88XJNJMoO0ftBK6FfIEIDMdXFTYlU8F9HAdn1OsDQ6OjbZo6q5tYJonvBl
zlHTvn39
-----END CERTIFICATE-----