Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Wvf3XghXF9V2i8JUvHKI9UuRmec.roa
File:                     Wvf3XghXF9V2i8JUvHKI9UuRmec.roa (raw, json)
Hash identifier:          z4BQlGirGqYMyDcr7ku37Vw1dRQSBfBm6C+MavGOrUY=
Subject key identifier:   5A:F7:F7:5E:08:57:17:D5:76:8B:C2:54:BC:72:88:F5:4B:91:99:E7
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       0194A6B3283E12225152E21E7A553964F152
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Wvf3XghXF9V2i8JUvHKI9UuRmec.roa
Signing time:             Mon 27 Jan 2025 07:39:06 +0000
ROA not before:           Mon 27 Jan 2025 07:39:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.240.0/24 maxlen: 24
                          45.155.242.0/24 maxlen: 24
                          194.143.205.0/24 maxlen: 24
                          194.143.209.0/24 maxlen: 24
                          194.143.217.0/24 maxlen: 24
                          194.143.221.0/24 maxlen: 24
                          195.114.192.0/24 maxlen: 24
                          195.114.198.0/24 maxlen: 24
                          213.220.3.0/24 maxlen: 24
                          213.220.19.0/24 maxlen: 24
                          213.220.58.0/24 maxlen: 24
                          213.220.59.0/24 maxlen: 24
                          213.220.60.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 10 Feb 2025 10:32:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a6:b3:28:3e:12:22:51:52:e2:1e:7a:55:39:64:f1:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jan 27 07:39:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5af7f75e085717d5768bc254bc7288f54b9199e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:07:1e:28:4a:27:2c:cd:39:c6:3b:ab:e0:04:
                    2f:61:4d:ea:1a:13:d2:37:a8:2c:a9:aa:b1:1e:41:
                    d8:01:25:36:5c:9f:6e:46:15:77:7a:72:28:d8:37:
                    83:36:61:25:8f:e4:6d:84:14:5c:70:ee:4c:30:1e:
                    71:23:dd:c2:d5:70:10:3b:99:f7:c9:c5:d9:92:bb:
                    5f:fe:59:e3:a0:a8:8a:60:15:ca:14:cf:31:b9:ef:
                    2c:5c:fb:7f:0b:04:34:08:d0:6b:8b:cc:88:ed:1e:
                    ec:90:ce:92:0b:aa:21:35:a1:c2:63:0f:45:10:06:
                    33:3b:e1:e0:32:49:be:80:4e:43:05:03:a0:a2:eb:
                    df:96:39:db:f5:6b:0b:3e:6c:44:51:9c:44:33:fd:
                    7b:4d:c3:ed:60:ad:ee:b7:ab:79:0d:91:38:19:5d:
                    b6:e2:d8:6e:69:72:86:d4:92:6f:2d:84:bf:1e:89:
                    a9:4f:55:06:69:41:84:7e:93:1a:4e:f2:48:63:7e:
                    43:c7:32:6f:02:9c:4e:c7:0d:2c:3f:39:fe:3c:b7:
                    6a:8e:dc:df:56:4a:fb:33:ff:7f:d1:3d:5d:a7:3b:
                    34:cd:74:96:1f:7f:e8:f1:ed:c9:50:0c:69:d5:bb:
                    c4:b9:7b:0d:2e:ed:eb:39:27:c0:2a:a6:7f:7b:ab:
                    e2:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:F7:F7:5E:08:57:17:D5:76:8B:C2:54:BC:72:88:F5:4B:91:99:E7
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Wvf3XghXF9V2i8JUvHKI9UuRmec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.240.0/24
                  45.155.242.0/24
                  194.143.205.0/24
                  194.143.209.0/24
                  194.143.217.0/24
                  194.143.221.0/24
                  195.114.192.0/24
                  195.114.198.0/24
                  213.220.3.0/24
                  213.220.19.0/24
                  213.220.58.0-213.220.60.255

    Signature Algorithm: sha256WithRSAEncryption
         66:70:45:60:f2:c2:81:96:e6:39:25:3b:95:5a:8c:2f:7d:24:
         c9:ca:16:cf:55:2b:87:87:88:ab:03:23:26:94:96:a7:e0:5f:
         ec:ec:91:96:00:b3:4b:be:40:b2:92:06:3c:9e:e4:a3:9a:28:
         33:64:b7:7f:f1:42:70:a8:6a:a1:04:fc:c8:a4:10:81:f5:f5:
         5a:de:ba:bb:30:62:60:de:7a:60:51:e7:c7:06:df:31:01:d4:
         3f:9e:25:58:25:02:82:e7:02:67:17:86:3e:88:eb:85:9b:53:
         28:ab:3b:52:27:43:e9:b4:3b:17:75:dc:ad:85:b6:60:1c:d6:
         f8:11:f4:10:2e:2c:54:10:9d:3a:b6:38:7b:ec:b7:56:ff:ff:
         c1:f9:55:04:86:7f:dd:95:a6:ae:15:f6:97:2f:5d:27:6e:71:
         fc:b8:a8:12:6f:6d:df:5f:78:2f:3a:e6:e3:af:62:2a:89:c7:
         9c:50:09:57:ec:2e:95:3d:cb:84:a9:c8:b2:5b:d7:11:aa:ca:
         b7:82:3c:59:e7:a9:f3:83:2e:f1:7d:21:2e:14:88:f4:21:5f:
         0d:1f:f2:5c:61:0f:33:2f:c1:c5:13:9b:42:37:6e:03:c6:0d:
         05:67:6f:a8:3e:3d:40:1d:b1:55:2a:09:f2:72:eb:8a:b5:2b:
         33:be:8c:c6
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZSmsyg+EiJRUuIeelU5ZPFSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwMTI3MDczOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWY3Zjc1ZTA4NTcxN2Q1NzY4YmMyNTRiYzcyODhmNTRiOTE5OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AceKEonLM05xjur4AQvYU3qGhPS
N6gsqaqxHkHYASU2XJ9uRhV3enIo2DeDNmElj+RthBRccO5MMB5xI93C1XAQO5n3
ycXZkrtf/lnjoKiKYBXKFM8xue8sXPt/CwQ0CNBri8yI7R7skM6SC6ohNaHCYw9F
EAYzO+HgMkm+gE5DBQOgouvfljnb9WsLPmxEUZxEM/17TcPtYK3ut6t5DZE4GV22
4thuaXKG1JJvLYS/HompT1UGaUGEfpMaTvJIY35DxzJvApxOxw0sPzn+PLdqjtzf
Vkr7M/9/0T1dpzs0zXSWH3/o8e3JUAxp1bvEuXsNLu3rOSfAKqZ/e6vikQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFFr3914IVxfVdovCVLxyiPVLkZnnMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvV3ZmM1hnaFhGOVYyaThKVXZIS0k5VXVSbWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQALZvwAwQA
LZvyAwQAwo/NAwQAwo/RAwQAwo/ZAwQAwo/dAwQAw3LAAwQAw3LGAwQA1dwDAwQA
1dwTMAwDBAHV3DoDBADV3DwwDQYJKoZIhvcNAQELBQADggEBAGZwRWDywoGW5jkl
O5VajC99JMnKFs9VK4eHiKsDIyaUlqfgX+zskZYAs0u+QLKSBjye5KOaKDNkt3/x
QnCoaqEE/MikEIH19VreurswYmDeemBR58cG3zEB1D+eJVglAoLnAmcXhj6I64Wb
UyirO1InQ+m0Oxd13K2FtmAc1vgR9BAuLFQQnTq2OHvst1b//8H5VQSGf92Vpq4V
9pcvXSducfy4qBJvbd9feC865uOvYiqJx5xQCVfsLpU9y4SpyLJb1xGqyreCPFnn
qfODLvF9IS4UiPQhXw0f8lxhDzMvwcUTm0I3bgPGDQVnb6g+PUAdsVUqCfJy64q1
KzO+jMY=
-----END CERTIFICATE-----