Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/fxF1PmSk226yA-CecCBZ4zIfiCM.roa
File:                     fxF1PmSk226yA-CecCBZ4zIfiCM.roa (raw, json)
Hash identifier:          ZxYNnrkdKlx6WsQuAZeaONHHH8vSD0PV4VxhWItihzE=
Subject key identifier:   7F:11:75:3E:64:A4:DB:6E:B2:03:E0:9E:70:20:59:E3:32:1F:88:23
Certificate issuer:       /CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
Certificate serial:       019391C644229B4613E0B36233444137312C
Authority key identifier: 5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/fxF1PmSk226yA-CecCBZ4zIfiCM.roa
Signing time:             Wed 04 Dec 2024 13:05:09 +0000
ROA not before:           Wed 04 Dec 2024 13:05:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15987
IP address blocks:        46.41.0.0/18 maxlen: 22
                          46.41.14.0/24 maxlen: 24
                          46.41.32.0/24 maxlen: 24
                          46.41.47.0/24 maxlen: 24
                          185.112.252.0/22 maxlen: 24
                          188.246.0.0/19 maxlen: 22
                          188.246.0.0/23 maxlen: 24
                          188.246.17.0/24 maxlen: 24
                          188.246.23.0/24 maxlen: 24
                          217.144.128.0/20 maxlen: 20
                          217.144.128.0/24 maxlen: 24
                          217.144.129.0/24 maxlen: 24
                          217.144.143.0/24 maxlen: 24
                          2a02:a00::/29 maxlen: 29
                          2a02:a00::/32 maxlen: 32
                          2a02:a00::/34 maxlen: 34
                          2a02:a00:d::/48 maxlen: 48
                          2a02:a00:f::/48 maxlen: 48
                          2a02:a00:1f::/48 maxlen: 48
                          2a02:a00:1009::/48 maxlen: 48
                          2a02:a00:1049::/48 maxlen: 48
                          2a02:a00:3000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:48:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:91:c6:44:22:9b:46:13:e0:b3:62:33:44:41:37:31:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
        Validity
            Not Before: Dec  4 13:05:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f11753e64a4db6eb203e09e702059e3321f8823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c6:1a:d5:88:34:31:b5:48:66:15:66:1e:43:
                    cd:b2:90:dc:82:9e:20:4a:0a:b9:4e:37:46:cb:27:
                    6f:d7:57:d1:87:e6:09:c7:c6:1e:07:18:f7:47:ce:
                    92:3f:17:66:ed:a4:3f:bb:4b:8d:dc:a3:80:b0:aa:
                    8c:7f:f6:b3:e8:d7:e5:46:6f:23:b4:0e:f5:e1:c3:
                    1f:19:8d:ca:10:6c:e8:ed:4f:86:25:8e:12:97:42:
                    23:9e:5c:20:d7:50:47:05:a4:4a:05:05:63:d7:85:
                    7a:dc:e3:2f:84:2f:17:8f:28:c7:ab:c8:08:27:e4:
                    5d:81:57:d0:63:cd:e0:8f:4f:c8:13:aa:95:db:59:
                    6a:87:95:0d:86:08:1c:0d:56:0d:2d:db:58:a1:d8:
                    3b:3c:64:1f:92:f6:4d:58:ad:ed:62:d4:4a:c0:20:
                    f0:38:a1:d5:e5:44:87:81:21:c1:a8:c8:58:66:56:
                    6a:b5:10:cd:60:d5:18:13:0d:c1:b5:4f:f6:be:eb:
                    27:38:1b:1f:f6:36:c8:64:cd:ab:0e:96:bc:66:1d:
                    0f:45:96:82:fc:d3:78:9d:cf:7b:78:a7:5a:5e:7c:
                    ad:24:32:6f:60:06:30:6e:55:ee:6b:a6:0b:15:0d:
                    cb:3b:e6:8f:86:2e:c2:2e:1a:ab:bc:e9:be:a7:66:
                    35:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:11:75:3E:64:A4:DB:6E:B2:03:E0:9E:70:20:59:E3:32:1F:88:23
            X509v3 Authority Key Identifier:
                keyid:5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/fxF1PmSk226yA-CecCBZ4zIfiCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.41.0.0/18
                  185.112.252.0/22
                  188.246.0.0/19
                  217.144.128.0/20
                IPv6:
                  2a02:a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:c1:a1:cd:8b:3d:80:5b:8b:00:09:89:04:f7:59:43:a2:c0:
         5b:ad:2a:e4:13:31:1c:e2:56:2d:3b:5f:c7:f1:ac:14:0b:1e:
         35:9c:e9:25:dc:2b:3f:de:1a:3e:72:40:5e:45:b2:2f:93:5b:
         f4:51:50:f0:d6:bf:a5:ca:94:9e:31:bf:2b:aa:64:b0:21:6b:
         1e:1b:bc:df:fd:1f:14:ea:5e:6c:83:dd:e5:aa:92:a9:f8:f5:
         05:64:ff:e6:90:7e:53:7e:53:d9:87:8c:a5:8a:64:0f:85:d3:
         e3:0a:e9:7d:c6:df:0f:dc:f4:fd:40:35:d9:1b:1d:76:9c:60:
         54:00:ce:88:e8:3f:18:7e:37:d7:77:ee:31:c6:05:43:9e:ac:
         4c:1f:4f:b5:88:35:a8:b6:62:31:82:df:a2:8a:dc:c3:ac:47:
         3e:75:7a:20:64:17:11:eb:89:4d:49:13:26:0e:f6:19:b1:4c:
         67:3f:35:26:52:ae:cb:04:fc:94:b4:e6:7b:50:1b:df:59:51:
         13:6f:aa:08:9f:b7:bb:34:73:20:46:3d:ca:26:01:09:40:8f:
         e3:c7:24:e1:c2:e5:83:44:c1:5a:7d:c1:9a:97:8d:f5:71:26:
         32:11:c5:7c:d9:25:e5:08:47:f7:79:fc:e8:29:2e:15:22:d2:
         83:62:4d:6a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZORxkQim0YT4LNiM0RBNzEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZWRkNmIwZTM2ZjRiZDhmMWQ1N2UyNmNjMWMyZDE4YzY5
OTNjMDQwHhcNMjQxMjA0MTMwNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjExNzUzZTY0YTRkYjZlYjIwM2UwOWU3MDIwNTllMzMyMWY4ODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58Ya1Yg0MbVIZhVmHkPNspDcgp4g
Sgq5TjdGyydv11fRh+YJx8YeBxj3R86SPxdm7aQ/u0uN3KOAsKqMf/az6NflRm8j
tA714cMfGY3KEGzo7U+GJY4Sl0Ijnlwg11BHBaRKBQVj14V63OMvhC8XjyjHq8gI
J+RdgVfQY83gj0/IE6qV21lqh5UNhggcDVYNLdtYodg7PGQfkvZNWK3tYtRKwCDw
OKHV5USHgSHBqMhYZlZqtRDNYNUYEw3BtU/2vusnOBsf9jbIZM2rDpa8Zh0PRZaC
/NN4nc97eKdaXnytJDJvYAYwblXua6YLFQ3LO+aPhi7CLhqrvOm+p2Y1tQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFH8RdT5kpNtusgPgnnAgWeMyH4gjMB8GA1UdIwQY
MBaAFF3t1rDjb0vY8dV+JswcLRjGmTwEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODkt
YzY5ODcxZjVkMzA1LzEvZnhGMVBtU2syMjZ5QS1DZWNDQlo0eklmaUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODktYzY5ODcxZjVkMzA1
LzEvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQGLikAAwQC
uXD8AwQFvPYAAwQE2ZCAMA0EAgACMAcDBQMqAgoAMA0GCSqGSIb3DQEBCwUAA4IB
AQB8waHNiz2AW4sACYkE91lDosBbrSrkEzEc4lYtO1/H8awUCx41nOkl3Cs/3ho+
ckBeRbIvk1v0UVDw1r+lypSeMb8rqmSwIWseG7zf/R8U6l5sg93lqpKp+PUFZP/m
kH5TflPZh4ylimQPhdPjCul9xt8P3PT9QDXZGx12nGBUAM6I6D8YfjfXd+4xxgVD
nqxMH0+1iDWotmIxgt+iitzDrEc+dXogZBcR64lNSRMmDvYZsUxnPzUmUq7LBPyU
tOZ7UBvfWVETb6oIn7e7NHMgRj3KJgEJQI/jxyThwuWDRMFafcGal431cSYyEcV8
2SXlCEf3efzoKS4VItKDYk1q
-----END CERTIFICATE-----