Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/m5XszqXlCgF6qHKIDhLp6lI-mRU.roa
File:                     m5XszqXlCgF6qHKIDhLp6lI-mRU.roa (raw, json)
Hash identifier:          7lBgsRaE9/O7Iw0EhS37r8oMzQ0nsQzA9y8vsy47PF0=
Subject key identifier:   9B:95:EC:CE:A5:E5:0A:01:7A:A8:72:88:0E:12:E9:EA:52:3E:99:15
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       0196193F2C0E2AADB25789FDB037CF5D8E5C
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/m5XszqXlCgF6qHKIDhLp6lI-mRU.roa
Signing time:             Wed 09 Apr 2025 06:31:32 +0000
ROA not before:           Wed 09 Apr 2025 06:31:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.240.0/24 maxlen: 24
                          45.155.242.0/24 maxlen: 24
                          194.143.205.0/24 maxlen: 24
                          194.143.206.0/23 maxlen: 24
                          194.143.217.0/24 maxlen: 24
                          194.143.221.0/24 maxlen: 24
                          195.114.192.0/24 maxlen: 24
                          195.114.195.0/24 maxlen: 24
                          195.114.197.0/24 maxlen: 24
                          195.114.198.0/24 maxlen: 24
                          213.220.5.0/24 maxlen: 24
                          213.220.19.0/24 maxlen: 24
                          213.220.58.0/24 maxlen: 24
                          213.220.59.0/24 maxlen: 24
                          213.220.60.0/24 maxlen: 24
                          213.220.63.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 09 Apr 2025 08:13:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:19:3f:2c:0e:2a:ad:b2:57:89:fd:b0:37:cf:5d:8e:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Apr  9 06:31:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b95eccea5e50a017aa872880e12e9ea523e9915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:30:a6:99:55:a3:db:3b:dd:d6:64:21:91:4c:
                    29:7a:80:de:a8:b7:8b:c7:bb:2e:aa:7b:0d:ac:ec:
                    e1:18:e4:d7:1a:4b:9b:bf:c6:21:58:f0:34:31:86:
                    4a:4b:47:1a:ba:3c:55:67:20:47:46:a5:a5:b8:18:
                    77:b6:75:30:8a:1d:18:0e:6d:1e:ac:00:0e:9a:f3:
                    93:75:78:ab:dc:85:2e:07:90:f2:20:77:b6:f0:6d:
                    70:56:fb:d2:df:8a:90:bf:1a:2f:f8:62:d2:b6:96:
                    f2:ad:8d:7c:37:bb:1f:67:57:8b:c3:46:d7:d7:92:
                    1d:11:c5:7c:ed:d3:16:d8:89:d2:aa:31:6a:47:3d:
                    a9:f3:3c:1d:6c:96:63:1d:56:ec:7e:39:18:b2:27:
                    b2:6b:0e:93:84:a5:56:6a:f0:4f:6b:e3:35:7d:a0:
                    01:e2:d5:19:7e:72:78:17:39:fe:2f:30:ca:6b:3c:
                    41:fa:5e:1a:df:c7:e6:82:1d:3e:30:c6:d9:a7:0a:
                    d7:9e:fa:6d:57:02:c5:a5:d9:c7:0f:20:f8:ba:60:
                    20:8f:2a:c6:b5:c6:d4:cd:49:d0:e1:c2:76:ba:e1:
                    ca:7e:93:16:98:78:aa:26:5f:9b:5a:69:51:22:16:
                    96:94:16:4f:12:6e:44:be:73:43:ff:df:53:b4:a3:
                    c2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:95:EC:CE:A5:E5:0A:01:7A:A8:72:88:0E:12:E9:EA:52:3E:99:15
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/m5XszqXlCgF6qHKIDhLp6lI-mRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.240.0/24
                  45.155.242.0/24
                  194.143.205.0-194.143.207.255
                  194.143.217.0/24
                  194.143.221.0/24
                  195.114.192.0/24
                  195.114.195.0/24
                  195.114.197.0-195.114.198.255
                  213.220.5.0/24
                  213.220.19.0/24
                  213.220.58.0-213.220.60.255
                  213.220.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:16:af:18:8d:61:bf:49:d3:e6:4f:cd:7d:10:d5:7c:eb:fc:
         21:75:64:e2:44:39:cb:d3:67:76:97:17:84:98:da:25:bb:d3:
         4c:0c:65:4b:8e:5d:c1:49:53:3b:b6:6c:dc:6b:cc:64:75:cd:
         1a:cc:5c:fa:27:ca:4a:29:e4:2e:9e:a3:0c:8b:d0:08:4d:00:
         89:56:9c:3f:54:05:c8:af:04:a2:65:d3:a9:59:42:5c:02:72:
         be:24:7c:bb:76:53:b0:89:c4:ce:3f:d8:4c:c1:ac:04:03:93:
         b9:08:a1:3c:de:47:c9:5d:15:bb:e2:b9:40:df:f5:9a:c8:fe:
         32:ed:cd:0a:ff:65:c7:e9:f1:cc:55:33:87:e7:8f:9f:86:4d:
         38:f0:02:57:e6:cd:cd:fc:17:ca:94:71:6b:27:02:d8:54:c1:
         8e:7c:78:68:88:35:3a:64:7b:6a:d5:87:12:1f:db:6d:71:bb:
         b7:c6:16:1b:c1:0c:90:a3:46:c8:fa:eb:22:24:65:b2:1a:9a:
         4d:76:a0:51:02:7e:6b:30:da:a4:8d:99:97:d5:ed:af:ae:e0:
         c2:fc:46:ff:69:95:22:5d:0b:6b:f0:4b:d9:17:92:1a:b4:b6:
         ae:7b:43:ae:02:37:e2:df:9e:d9:80:1f:96:a9:dc:69:2c:0d:
         42:ea:58:ab
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZYZPywOKq2yV4n9sDfPXY5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwNDA5MDYzMTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjk1ZWNjZWE1ZTUwYTAxN2FhODcyODgwZTEyZTllYTUyM2U5OTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTCmmVWj2zvd1mQhkUwpeoDeqLeL
x7suqnsNrOzhGOTXGkubv8YhWPA0MYZKS0caujxVZyBHRqWluBh3tnUwih0YDm0e
rAAOmvOTdXir3IUuB5DyIHe28G1wVvvS34qQvxov+GLStpbyrY18N7sfZ1eLw0bX
15IdEcV87dMW2InSqjFqRz2p8zwdbJZjHVbsfjkYsieyaw6ThKVWavBPa+M1faAB
4tUZfnJ4Fzn+LzDKazxB+l4a38fmgh0+MMbZpwrXnvptVwLFpdnHDyD4umAgjyrG
tcbUzUnQ4cJ2uuHKfpMWmHiqJl+bWmlRIhaWlBZPEm5EvnND/99TtKPCXwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFJuV7M6l5QoBeqhyiA4S6epSPpkVMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvbTVYc3pxWGxDZ0Y2cUhLSURoTHA2bEktbVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQALZvwAwQA
LZvyMAwDBADCj80DBATCj8ADBADCj9kDBADCj90DBADDcsADBADDcsMwDAMEAMNy
xQMEAMNyxgMEANXcBQMEANXcEzAMAwQB1dw6AwQA1dw8AwQA1dw/MA0GCSqGSIb3
DQEBCwUAA4IBAQCXFq8YjWG/SdPmT819ENV86/whdWTiRDnL02d2lxeEmNolu9NM
DGVLjl3BSVM7tmzca8xkdc0azFz6J8pKKeQunqMMi9AITQCJVpw/VAXIrwSiZdOp
WUJcAnK+JHy7dlOwicTOP9hMwawEA5O5CKE83kfJXRW74rlA3/WayP4y7c0K/2XH
6fHMVTOH54+fhk048AJX5s3N/BfKlHFrJwLYVMGOfHhoiDU6ZHtq1YcSH9ttcbu3
xhYbwQyQo0bI+usiJGWyGppNdqBRAn5rMNqkjZmX1e2vruDC/Eb/aZUiXQtr8EvZ
F5IatLaue0OuAjfi357ZgB+WqdxpLA1C6lir
-----END CERTIFICATE-----