Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/bFs0spZYKCYF46d-wHh7Vxv4n3I.roa
File:                     bFs0spZYKCYF46d-wHh7Vxv4n3I.roa (raw, json)
Hash identifier:          hBs4PJDpzIDDGwr7XCb637os5+f293QvCRGKrxgZcLE=
Subject key identifier:   6C:5B:34:B2:96:58:28:26:05:E3:A7:7E:C0:78:7B:57:1B:F8:9F:72
Certificate issuer:       /CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
Certificate serial:       0194244586250E21D542FB9A5409E1F1BEE9
Authority key identifier: 5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/bFs0spZYKCYF46d-wHh7Vxv4n3I.roa
Signing time:             Wed 01 Jan 2025 23:48:43 +0000
ROA not before:           Wed 01 Jan 2025 23:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15987
IP address blocks:        46.41.0.0/18 maxlen: 22
                          46.41.14.0/24 maxlen: 24
                          46.41.32.0/24 maxlen: 24
                          46.41.47.0/24 maxlen: 24
                          185.112.252.0/22 maxlen: 24
                          188.246.0.0/19 maxlen: 22
                          188.246.0.0/23 maxlen: 24
                          188.246.17.0/24 maxlen: 24
                          188.246.23.0/24 maxlen: 24
                          217.144.128.0/20 maxlen: 20
                          217.144.128.0/24 maxlen: 24
                          217.144.129.0/24 maxlen: 24
                          217.144.143.0/24 maxlen: 24
                          2a02:a00::/29 maxlen: 29
                          2a02:a00::/32 maxlen: 32
                          2a02:a00::/34 maxlen: 34
                          2a02:a00:d::/48 maxlen: 48
                          2a02:a00:f::/48 maxlen: 48
                          2a02:a00:1f::/48 maxlen: 48
                          2a02:a00:1009::/48 maxlen: 48
                          2a02:a00:1049::/48 maxlen: 48
                          2a02:a00:3000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Mon 20 Jan 2025 12:09:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:86:25:0e:21:d5:42:fb:9a:54:09:e1:f1:be:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
        Validity
            Not Before: Jan  1 23:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c5b34b29658282605e3a77ec0787b571bf89f72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5a:a9:18:9e:7f:ba:7d:29:48:55:af:da:01:
                    c4:b6:1f:a3:d5:0a:94:c1:5a:6d:da:be:e3:99:6a:
                    64:a6:72:f4:41:51:de:17:1f:8a:f6:75:5f:6e:ef:
                    97:07:98:98:3d:0f:c1:c9:8c:bb:4b:7b:cc:b3:80:
                    40:12:05:9c:6f:ee:a3:ad:72:e8:92:d9:0c:51:be:
                    b5:39:fb:b0:a5:53:36:35:9f:4f:49:56:f9:9f:0f:
                    fa:66:2c:31:d4:fb:aa:d7:ba:95:76:c2:29:2b:47:
                    4f:91:79:1a:db:e5:41:20:f0:a9:c4:7d:ed:12:57:
                    82:a9:7a:a5:f2:cb:4b:26:84:ca:15:c9:22:a2:21:
                    9b:84:e4:0e:ce:10:e5:bb:e8:5d:d0:87:a1:a1:42:
                    dc:69:24:af:08:e4:c0:db:e7:05:15:5a:35:68:5f:
                    83:45:bd:02:d8:0c:0d:1e:f7:84:98:17:74:5e:8e:
                    53:4a:3c:a3:20:11:17:44:0d:35:b5:6b:17:db:03:
                    b5:c7:51:e7:c0:73:58:b8:3f:a7:db:26:9a:4f:bc:
                    a3:59:89:27:d0:a0:9c:60:e9:9c:a6:6b:17:0a:03:
                    c8:3c:b8:32:3e:69:30:03:31:f9:88:a2:6e:e7:04:
                    4f:90:c6:f9:bf:6f:f5:a9:70:5c:78:d7:fa:f2:79:
                    01:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5B:34:B2:96:58:28:26:05:E3:A7:7E:C0:78:7B:57:1B:F8:9F:72
            X509v3 Authority Key Identifier:
                keyid:5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/bFs0spZYKCYF46d-wHh7Vxv4n3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.41.0.0/18
                  185.112.252.0/22
                  188.246.0.0/19
                  217.144.128.0/20
                IPv6:
                  2a02:a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:9c:98:cd:de:ed:55:0d:bc:b7:42:61:35:9a:1d:7d:bb:23:
         e3:80:f9:5a:bf:6c:25:ae:08:7f:37:1e:23:17:bd:2b:11:4e:
         01:b4:5e:c0:97:bc:37:98:96:5c:77:ce:cc:2e:a4:c7:17:37:
         f3:09:b4:49:bc:4c:f8:b8:a8:56:92:dd:61:aa:83:7b:cf:0b:
         7e:ac:05:09:53:76:0b:ad:fb:c8:8e:45:3e:23:89:d6:db:7b:
         19:b6:b8:44:87:47:d3:12:4e:94:d9:06:88:16:84:eb:05:91:
         d1:f1:c7:41:fa:c5:12:a8:60:16:79:25:dd:9b:87:7d:32:e9:
         7b:a4:ed:77:0c:5a:14:84:47:f0:9c:13:46:3f:b9:b0:73:2d:
         68:6d:4d:78:1b:e1:87:bc:a9:33:9a:46:da:4c:8d:38:62:8d:
         f3:f1:37:d6:58:13:14:f2:31:f7:f1:67:1f:7b:6e:c8:e9:8a:
         dc:26:87:c0:5c:70:6a:01:3b:da:a2:d6:2f:6b:7c:59:06:3c:
         20:53:32:89:5d:09:a6:03:7a:11:a1:e3:da:0f:00:17:6d:0b:
         4e:60:da:28:0f:07:50:3b:1b:41:fe:85:96:85:03:66:16:97:
         49:0c:07:10:d8:d6:eb:a6:08:6d:3a:84:ec:ba:94:08:7a:b5:
         5b:cb:2d:cd
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQkRYYlDiHVQvuaVAnh8b7pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZWRkNmIwZTM2ZjRiZDhmMWQ1N2UyNmNjMWMyZDE4YzY5
OTNjMDQwHhcNMjUwMTAxMjM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzViMzRiMjk2NTgyODI2MDVlM2E3N2VjMDc4N2I1NzFiZjg5ZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1qpGJ5/un0pSFWv2gHEth+j1QqU
wVpt2r7jmWpkpnL0QVHeFx+K9nVfbu+XB5iYPQ/ByYy7S3vMs4BAEgWcb+6jrXLo
ktkMUb61OfuwpVM2NZ9PSVb5nw/6Ziwx1Puq17qVdsIpK0dPkXka2+VBIPCpxH3t
EleCqXql8stLJoTKFckioiGbhOQOzhDlu+hd0IehoULcaSSvCOTA2+cFFVo1aF+D
Rb0C2AwNHveEmBd0Xo5TSjyjIBEXRA01tWsX2wO1x1HnwHNYuD+n2yaaT7yjWYkn
0KCcYOmcpmsXCgPIPLgyPmkwAzH5iKJu5wRPkMb5v2/1qXBceNf68nkB5wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFGxbNLKWWCgmBeOnfsB4e1cb+J9yMB8GA1UdIwQY
MBaAFF3t1rDjb0vY8dV+JswcLRjGmTwEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODkt
YzY5ODcxZjVkMzA1LzEvYkZzMHNwWllLQ1lGNDZkLXdIaDdWeHY0bjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODktYzY5ODcxZjVkMzA1
LzEvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQGLikAAwQC
uXD8AwQFvPYAAwQE2ZCAMA0EAgACMAcDBQMqAgoAMA0GCSqGSIb3DQEBCwUAA4IB
AQBjnJjN3u1VDby3QmE1mh19uyPjgPlav2wlrgh/Nx4jF70rEU4BtF7Al7w3mJZc
d87MLqTHFzfzCbRJvEz4uKhWkt1hqoN7zwt+rAUJU3YLrfvIjkU+I4nW23sZtrhE
h0fTEk6U2QaIFoTrBZHR8cdB+sUSqGAWeSXdm4d9Mul7pO13DFoUhEfwnBNGP7mw
cy1obU14G+GHvKkzmkbaTI04Yo3z8TfWWBMU8jH38Wcfe27I6YrcJofAXHBqATva
otYva3xZBjwgUzKJXQmmA3oRoePaDwAXbQtOYNooDwdQOxtB/oWWhQNmFpdJDAcQ
2NbrpghtOoTsupQIerVbyy3N
-----END CERTIFICATE-----