Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/zNATnlJvVTFnBjSrFqwtDavnwnA.roa
File:                     zNATnlJvVTFnBjSrFqwtDavnwnA.roa (raw, json)
Hash identifier:          Qa64yKim3Bywj9nN58pLrk8Y/ME1MCcoQB2qJGTT+K0=
Subject key identifier:   CC:D0:13:9E:52:6F:55:31:67:06:34:AB:16:AC:2D:0D:AB:E7:C2:70
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019633231659E4979EB992BBB88A4ADB94A3
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/zNATnlJvVTFnBjSrFqwtDavnwnA.roa
Signing time:             Mon 14 Apr 2025 07:10:59 +0000
ROA not before:           Mon 14 Apr 2025 07:10:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8311
IP address blocks:        194.143.196.0/24 maxlen: 24
                          194.143.200.0/24 maxlen: 24
                          194.143.210.0/23 maxlen: 23
                          194.143.211.0/24 maxlen: 24
                          194.143.212.0/23 maxlen: 23
                          194.143.214.0/24 maxlen: 24
                          194.143.215.0/24 maxlen: 24
                          213.220.10.0/23 maxlen: 23
                          213.220.12.0/22 maxlen: 22
                          213.220.18.0/23 maxlen: 24
                          213.220.24.0/21 maxlen: 24
                          213.220.32.0/22 maxlen: 22
                          213.220.40.0/21 maxlen: 24
                          213.220.48.0/21 maxlen: 24
                          213.220.58.0/23 maxlen: 24
                          213.220.60.0/23 maxlen: 24
                          213.220.63.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 15 Apr 2025 13:21:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:23:16:59:e4:97:9e:b9:92:bb:b8:8a:4a:db:94:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Apr 14 07:10:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccd0139e526f5531670634ab16ac2d0dabe7c270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8d:d2:e2:23:5d:12:de:de:34:c5:85:a9:67:
                    ba:52:24:2a:16:02:3e:db:03:91:3a:74:70:ed:0d:
                    ec:0f:64:63:80:84:5c:e0:e3:1e:fd:43:39:11:fc:
                    f6:b6:e4:68:c3:f5:9b:fc:6c:29:64:04:5c:14:ae:
                    7a:df:33:d3:5f:a3:f0:bf:f5:1d:c8:cc:1a:34:40:
                    65:f7:e5:3f:83:8e:46:df:f4:cf:f6:47:97:17:25:
                    5e:3b:09:7a:69:71:a2:e7:d9:7b:21:99:0d:08:7b:
                    80:8d:6d:a9:93:f1:a3:f4:ce:df:20:68:06:64:99:
                    a4:70:a5:1c:05:ae:33:e7:aa:4f:da:42:cb:90:3c:
                    10:24:04:9d:ee:55:96:56:34:89:84:fd:42:7d:36:
                    cc:47:37:a0:ad:19:00:96:f9:b4:b1:a0:04:bb:db:
                    a2:3c:bd:e3:c1:e1:6f:27:14:b7:30:6e:0b:20:a5:
                    28:57:17:06:32:ef:d7:a9:91:4e:e6:6e:28:39:6b:
                    74:c7:43:c9:a3:82:f4:57:0f:27:81:d4:af:1f:42:
                    81:b8:07:c4:8b:de:8f:4b:3e:91:86:a3:3b:f2:69:
                    bc:32:6c:c0:b1:ae:fe:79:b3:ff:fd:97:cb:c2:88:
                    6c:ae:19:eb:33:f1:e5:36:64:c0:d2:b0:e3:bf:01:
                    81:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:D0:13:9E:52:6F:55:31:67:06:34:AB:16:AC:2D:0D:AB:E7:C2:70
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/zNATnlJvVTFnBjSrFqwtDavnwnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.196.0/24
                  194.143.200.0/24
                  194.143.210.0-194.143.215.255
                  213.220.10.0-213.220.15.255
                  213.220.18.0/23
                  213.220.24.0-213.220.35.255
                  213.220.40.0-213.220.55.255
                  213.220.58.0-213.220.61.255
                  213.220.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:9b:bc:b0:07:23:b5:7a:dd:92:2d:84:5f:08:46:ce:91:72:
         32:e5:ca:3b:41:b3:b2:7c:f2:b4:8b:77:83:6e:71:f3:ab:f9:
         4b:36:26:a6:0e:f9:c6:eb:c1:ae:d8:75:4a:f8:a8:cb:8b:36:
         2c:3b:d9:6c:1b:19:8a:68:ff:1b:c8:a2:cc:38:b0:54:19:04:
         59:78:60:0d:f6:e6:1d:19:bf:e9:8a:ed:33:0f:d1:19:99:d7:
         94:e2:8a:07:b7:53:0d:fe:3a:31:03:32:03:98:96:36:7f:c1:
         63:1e:2b:48:11:45:8f:f4:a2:0e:2e:7b:07:a2:3f:cf:34:f8:
         76:c5:2a:a4:82:29:b7:9d:63:e5:28:bb:7a:c3:a5:c8:d3:4b:
         3e:8a:26:e2:3c:d1:a8:59:ed:64:67:ef:89:9b:fd:b3:4f:a7:
         f6:bb:69:79:ba:66:9f:84:0e:18:89:4d:5e:5d:7e:2e:86:fc:
         a5:ad:ed:b4:5a:4d:66:f1:1a:11:e5:76:46:c7:fd:17:20:15:
         b4:6a:4b:bd:e7:82:89:09:3f:56:ac:a7:2b:5c:3e:80:96:a1:
         94:bf:90:b3:1a:63:49:d0:ca:49:bb:fc:a7:f9:29:d7:e3:e5:
         38:74:e1:af:aa:e5:76:da:6b:af:25:c4:4b:8a:0f:d4:52:de:
         08:51:ec:1d
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZYzIxZZ5JeeuZK7uIpK25SjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwNDE0MDcxMDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2QwMTM5ZTUyNmY1NTMxNjcwNjM0YWIxNmFjMmQwZGFiZTdjMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzY3S4iNdEt7eNMWFqWe6UiQqFgI+
2wOROnRw7Q3sD2RjgIRc4OMe/UM5Efz2tuRow/Wb/GwpZARcFK563zPTX6Pwv/Ud
yMwaNEBl9+U/g45G3/TP9keXFyVeOwl6aXGi59l7IZkNCHuAjW2pk/Gj9M7fIGgG
ZJmkcKUcBa4z56pP2kLLkDwQJASd7lWWVjSJhP1CfTbMRzegrRkAlvm0saAEu9ui
PL3jweFvJxS3MG4LIKUoVxcGMu/XqZFO5m4oOWt0x0PJo4L0Vw8ngdSvH0KBuAfE
i96PSz6RhqM78mm8MmzAsa7+ebP//ZfLwohsrhnrM/HlNmTA0rDjvwGBzQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFMzQE55Sb1UxZwY0qxasLQ2r58JwMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvek5BVG5sSnZWVEZuQmpTckZxd3REYXZud25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQAwo/EAwQA
wo/IMAwDBAHCj9IDBAPCj9AwDAMEAdXcCgMEBNXcAAMEAdXcEjAMAwQD1dwYAwQC
1dwgMAwDBAPV3CgDBAPV3DAwDAMEAdXcOgMEAdXcPAMEANXcPzANBgkqhkiG9w0B
AQsFAAOCAQEAq5u8sAcjtXrdki2EXwhGzpFyMuXKO0GzsnzytIt3g25x86v5SzYm
pg75xuvBrth1Svioy4s2LDvZbBsZimj/G8iizDiwVBkEWXhgDfbmHRm/6YrtMw/R
GZnXlOKKB7dTDf46MQMyA5iWNn/BYx4rSBFFj/SiDi57B6I/zzT4dsUqpIIpt51j
5Si7esOlyNNLPoom4jzRqFntZGfviZv9s0+n9rtpebpmn4QOGIlNXl1+Lob8pa3t
tFpNZvEaEeV2Rsf9FyAVtGpLveeCiQk/VqynK1w+gJahlL+QsxpjSdDKSbv8p/kp
1+PlOHThr6rldtprryXES4oP1FLeCFHsHQ==
-----END CERTIFICATE-----