Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/lerey0IRaiN84i0X_2wetrnypYQ.roa
File:                     lerey0IRaiN84i0X_2wetrnypYQ.roa (raw, json)
Hash identifier:          4ulk03MhV7Eo1ZcfJkIr6hRP77wvh21+ufLbkE6uABk=
Subject key identifier:   95:EA:DE:CB:42:11:6A:23:7C:E2:2D:17:FF:6C:1E:B6:B9:F2:A5:84
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       0194266C3019CCFFE6769C20CA38097D852B
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/lerey0IRaiN84i0X_2wetrnypYQ.roa
Signing time:             Thu 02 Jan 2025 09:50:11 +0000
ROA not before:           Thu 02 Jan 2025 09:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49100
IP address blocks:        109.125.128.0/19 maxlen: 19
                          109.125.128.0/22 maxlen: 22
                          185.82.28.0/22 maxlen: 22
                          185.82.28.0/24 maxlen: 24
                          185.129.184.0/21 maxlen: 21
                          185.129.196.0/22 maxlen: 22
                          185.129.197.0/24 maxlen: 24
                          185.129.200.0/22 maxlen: 22
                          185.129.212.0/22 maxlen: 22
                          185.129.216.0/22 maxlen: 22
                          185.129.228.0/22 maxlen: 22
                          185.129.230.0/23 maxlen: 23
                          185.129.237.0/24 maxlen: 24
                          185.129.240.0/22 maxlen: 22
                          2a03:54a0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 08 Jan 2025 08:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:30:19:cc:ff:e6:76:9c:20:ca:38:09:7d:85:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Jan  2 09:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95eadecb42116a237ce22d17ff6c1eb6b9f2a584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fe:7f:96:78:1d:85:7b:91:b6:fa:1f:37:60:
                    a7:84:18:94:7c:3b:bb:3b:19:ce:5d:cb:21:37:60:
                    26:05:39:22:63:d3:2a:d1:87:54:18:be:29:85:31:
                    c6:dc:a4:a6:31:98:2c:0b:86:7e:c6:36:69:b6:c6:
                    b6:47:55:b6:4c:1f:3c:52:42:a5:d2:6b:9f:88:9f:
                    85:75:c0:83:04:7e:34:4c:d1:98:f4:b1:02:ef:bc:
                    f1:65:cb:af:45:48:8f:6b:5c:4e:1c:9d:8d:2b:23:
                    a3:eb:5e:f6:b2:ec:99:0d:79:e3:9a:88:81:24:29:
                    24:85:d7:27:96:fa:40:51:18:a0:b5:07:39:03:f2:
                    44:b9:b6:ba:74:a6:70:18:d7:cb:ea:56:00:44:bd:
                    6f:d6:ca:69:d0:87:c7:f1:da:a6:a7:1e:30:dd:89:
                    86:a0:52:06:f2:48:70:c4:ee:72:30:04:90:53:ee:
                    eb:b6:f2:87:c8:9d:7e:03:d1:e1:80:54:83:8b:45:
                    9e:d2:e5:2a:60:69:27:a1:0b:d9:9f:68:e5:15:42:
                    b1:87:f1:0c:43:39:f2:32:3e:a0:10:80:a9:1b:e6:
                    a5:7e:43:dc:b5:8d:a6:44:ce:bb:69:86:3c:f1:f3:
                    30:54:3b:e8:8d:23:2a:6e:8d:de:b6:b7:66:c1:1d:
                    8c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:EA:DE:CB:42:11:6A:23:7C:E2:2D:17:FF:6C:1E:B6:B9:F2:A5:84
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/lerey0IRaiN84i0X_2wetrnypYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.125.128.0/19
                  185.82.28.0/22
                  185.129.184.0/21
                  185.129.196.0-185.129.203.255
                  185.129.212.0-185.129.219.255
                  185.129.228.0/22
                  185.129.237.0/24
                  185.129.240.0/22
                IPv6:
                  2a03:54a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:35:bf:f9:e6:58:e5:f6:b6:38:e9:97:ce:49:4a:9a:a2:16:
         67:d5:2b:4b:cc:65:d9:79:77:a0:91:99:ad:44:7e:0d:69:09:
         fc:47:47:20:15:06:de:d8:0b:22:89:b5:4d:c6:9f:f3:e8:4e:
         60:e5:dc:16:13:92:9a:a0:c2:e7:dd:63:28:34:ce:87:d9:d1:
         b0:94:16:56:c0:70:6d:99:e0:bf:7d:80:fc:cc:74:2e:90:a0:
         7a:33:fe:96:ba:d9:78:7a:9d:0e:2f:85:a5:6e:65:8e:ee:fe:
         d6:f4:67:1f:e7:48:fe:97:f9:9f:7b:44:50:be:d5:94:1f:b1:
         e9:82:9e:24:e2:07:1a:b5:ec:73:31:d8:82:35:83:8b:d6:08:
         6d:d0:34:c6:76:0f:51:00:50:83:29:eb:5d:3b:30:67:7c:b4:
         dc:c7:ea:05:22:63:26:78:67:23:6c:60:42:d0:91:26:fe:6a:
         15:04:75:0b:4e:ab:a9:0a:17:83:d7:70:13:1d:57:9d:29:16:
         13:fd:c8:7f:47:19:06:bc:d2:fa:81:4e:c4:79:22:23:0b:97:
         61:9c:4c:a8:93:24:06:77:1e:41:e3:5b:d8:bc:e8:1a:3b:d5:
         bf:21:a8:fa:79:e4:63:03:10:4f:6e:72:76:e4:c5:20:f5:ef:
         c0:66:85:8c
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZQmbDAZzP/mdpwgyjgJfYUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjUwMTAyMDk1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWVhZGVjYjQyMTE2YTIzN2NlMjJkMTdmZjZjMWViNmI5ZjJhNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqv5/lngdhXuRtvofN2CnhBiUfDu7
OxnOXcshN2AmBTkiY9Mq0YdUGL4phTHG3KSmMZgsC4Z+xjZptsa2R1W2TB88UkKl
0mufiJ+FdcCDBH40TNGY9LEC77zxZcuvRUiPa1xOHJ2NKyOj6172suyZDXnjmoiB
JCkkhdcnlvpAURigtQc5A/JEuba6dKZwGNfL6lYARL1v1spp0IfH8dqmpx4w3YmG
oFIG8khwxO5yMASQU+7rtvKHyJ1+A9HhgFSDi0We0uUqYGknoQvZn2jlFUKxh/EM
QznyMj6gEICpG+alfkPctY2mRM67aYY88fMwVDvojSMqbo3etrdmwR2MkQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFJXq3stCEWojfOItF/9sHra58qWEMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvbGVyZXkwSVJhaU44NGkwWF8yd2V0cm55cFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQFbX2AAwQC
uVIcAwQDuYG4MAwDBAK5gcQDBAK5gcgwDAMEArmB1AMEArmB2AMEArmB5AMEALmB
7QMEArmB8DANBAIAAjAHAwUAKgNUoDANBgkqhkiG9w0BAQsFAAOCAQEAnjW/+eZY
5fa2OOmXzklKmqIWZ9UrS8xl2Xl3oJGZrUR+DWkJ/EdHIBUG3tgLIom1Tcaf8+hO
YOXcFhOSmqDC591jKDTOh9nRsJQWVsBwbZngv32A/Mx0LpCgejP+lrrZeHqdDi+F
pW5lju7+1vRnH+dI/pf5n3tEUL7VlB+x6YKeJOIHGrXsczHYgjWDi9YIbdA0xnYP
UQBQgynrXTswZ3y03MfqBSJjJnhnI2xgQtCRJv5qFQR1C06rqQoXg9dwEx1XnSkW
E/3If0cZBrzS+oFOxHkiIwuXYZxMqJMkBnceQeNb2LzoGjvVvyGo+nnkYwMQT25y
duTFIPXvwGaFjA==
-----END CERTIFICATE-----