Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/XzV0v3v5mNiqGq01u-hNsYFF9HU.roa
File:                     XzV0v3v5mNiqGq01u-hNsYFF9HU.roa (raw, json)
Hash identifier:          +5GZvQg3kLNj/axn2futcisrB8LvA0bsbwCFn1nsfQM=
Subject key identifier:   5F:35:74:BF:7B:F9:98:D8:AA:1A:AD:35:BB:E8:4D:B1:81:45:F4:75
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       01953922474A18494B2E5BE49E57C292E7A6
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/XzV0v3v5mNiqGq01u-hNsYFF9HU.roa
Signing time:             Mon 24 Feb 2025 18:05:02 +0000
ROA not before:           Mon 24 Feb 2025 18:05:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6700
IP address blocks:        62.108.96.0/19 maxlen: 24
                          62.193.128.0/19 maxlen: 24
                          85.222.160.0/23 maxlen: 24
                          91.148.64.0/18 maxlen: 24
                          91.223.162.0/24 maxlen: 24
                          178.20.205.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24
                          194.106.160.0/19 maxlen: 24
                          195.252.64.0/18 maxlen: 24
                          213.244.228.0/22 maxlen: 24
                          213.244.232.0/21 maxlen: 24
                          217.26.64.0/20 maxlen: 24
                          2001:8c8::/32 maxlen: 32
                          2a02:e40::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 24 Feb 2025 18:08:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:39:22:47:4a:18:49:4b:2e:5b:e4:9e:57:c2:92:e7:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Feb 24 18:05:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f3574bf7bf998d8aa1aad35bbe84db18145f475
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e1:03:2f:64:fb:8b:66:85:7d:9e:b3:b9:77:
                    1c:47:27:18:64:93:21:3f:09:ef:d6:99:86:c3:75:
                    95:45:03:22:68:c2:97:e9:5b:74:50:01:fe:46:a5:
                    b0:c1:a4:fb:9e:68:80:23:14:22:8c:59:2c:45:c3:
                    0a:b2:c4:a9:f5:c9:bc:d3:05:63:38:1b:72:c4:8a:
                    48:26:d5:13:88:42:16:14:0e:8e:66:ff:59:68:48:
                    0a:01:6e:e7:d6:33:3d:f4:b1:a5:ac:cd:fd:cd:3a:
                    8d:49:08:ae:ae:6e:2b:1d:b7:18:e6:54:34:58:db:
                    d7:66:1d:1f:c9:0e:c5:dc:ad:6b:6f:41:32:a8:e6:
                    f6:7f:c1:c6:1c:71:bf:64:33:6f:33:d2:50:1c:e0:
                    f0:f9:8a:62:c5:b8:5c:93:6e:f5:3b:b2:6e:5b:be:
                    aa:c5:f1:2d:53:1f:2a:1f:d0:b5:5b:b2:28:c4:70:
                    bd:bf:45:14:79:f8:6a:ca:df:aa:84:60:0c:7c:38:
                    08:4b:48:01:6d:ec:7c:f2:7d:32:e0:5f:01:6d:f6:
                    95:c3:84:16:39:e7:83:90:9b:c0:36:a5:6a:d0:48:
                    30:e1:4d:74:cf:47:21:fa:e6:a9:f7:33:4e:37:a1:
                    11:60:50:b1:dc:2e:75:36:6a:d4:cb:5a:e2:20:0a:
                    9c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:35:74:BF:7B:F9:98:D8:AA:1A:AD:35:BB:E8:4D:B1:81:45:F4:75
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/XzV0v3v5mNiqGq01u-hNsYFF9HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.96.0/19
                  62.193.128.0/19
                  85.222.160.0/23
                  91.148.64.0/18
                  91.223.162.0/24
                  178.20.205.0/24
                  178.20.207.0/24
                  194.106.160.0/19
                  195.252.64.0/18
                  213.244.228.0-213.244.239.255
                  217.26.64.0/20
                IPv6:
                  2001:8c8::/32
                  2a02:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:00:62:c3:a6:c4:86:5a:48:20:c7:ac:3c:19:5b:9e:75:89:
         c2:2e:2f:a7:8e:35:87:02:29:a2:7d:21:11:3d:b1:81:dc:99:
         aa:d8:72:f8:0d:67:6a:df:7a:2d:d9:6c:a2:54:6b:6a:d4:27:
         cc:6c:6e:d6:66:ee:a1:f1:b1:c2:86:a3:ce:15:c6:8a:bf:87:
         16:99:58:e2:c7:4b:57:7a:5f:d2:ea:9b:41:17:c7:34:a7:48:
         66:45:4c:ca:da:12:b1:68:6b:c7:f1:24:bd:1d:2d:08:be:62:
         ef:7d:68:6e:8e:9b:25:20:9b:f0:de:8e:dc:85:0c:ae:12:54:
         19:bf:25:29:67:35:00:ac:40:46:e2:16:37:9c:4b:42:6a:54:
         fc:e7:bb:47:22:af:46:2f:36:f5:8f:56:dc:9e:1c:90:b0:76:
         1e:27:db:b7:23:a0:6c:99:01:84:33:49:bc:98:ca:db:32:8d:
         0e:a7:03:f0:a2:2d:f7:68:f4:3f:76:16:4c:91:e3:29:b3:e4:
         79:e7:4a:92:d9:80:26:33:50:bc:8e:35:3c:0a:72:b3:37:f7:
         bb:db:8d:6c:30:5b:29:c0:47:45:86:5b:5c:f7:af:d2:91:9e:
         1c:01:ab:74:c7:d2:69:d6:34:28:c6:7b:30:ad:15:65:ab:4b:
         a3:3f:b5:87
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZU5IkdKGElLLlvknlfCkuemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjUwMjI0MTgwNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjM1NzRiZjdiZjk5OGQ4YWExYWFkMzViYmU4NGRiMTgxNDVmNDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeEDL2T7i2aFfZ6zuXccRycYZJMh
Pwnv1pmGw3WVRQMiaMKX6Vt0UAH+RqWwwaT7nmiAIxQijFksRcMKssSp9cm80wVj
OBtyxIpIJtUTiEIWFA6OZv9ZaEgKAW7n1jM99LGlrM39zTqNSQiurm4rHbcY5lQ0
WNvXZh0fyQ7F3K1rb0EyqOb2f8HGHHG/ZDNvM9JQHODw+Ypixbhck271O7JuW76q
xfEtUx8qH9C1W7IoxHC9v0UUefhqyt+qhGAMfDgIS0gBbex88n0y4F8BbfaVw4QW
OeeDkJvANqVq0Egw4U10z0ch+uap9zNON6ERYFCx3C51NmrUy1riIAqcSwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFF81dL97+ZjYqhqtNbvoTbGBRfR1MB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvWHpWMHYzdjVtTmlxR3EwMXUtaE5zWUZGOUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBQBAIAATBKAwQFPmxgAwQF
PsGAAwQBVd6gAwQGW5RAAwQAW9+iAwQAshTNAwQAshTPAwQFwmqgAwQGw/xAMAwD
BALV9OQDBATV9OADBATZGkAwFAQCAAIwDgMFACABCMgDBQAqAg5AMA0GCSqGSIb3
DQEBCwUAA4IBAQACAGLDpsSGWkggx6w8GVuedYnCLi+njjWHAimifSERPbGB3Jmq
2HL4DWdq33ot2WyiVGtq1CfMbG7WZu6h8bHChqPOFcaKv4cWmVjix0tXel/S6ptB
F8c0p0hmRUzK2hKxaGvH8SS9HS0IvmLvfWhujpslIJvw3o7chQyuElQZvyUpZzUA
rEBG4hY3nEtCalT857tHIq9GLzb1j1bcnhyQsHYeJ9u3I6BsmQGEM0m8mMrbMo0O
pwPwoi33aPQ/dhZMkeMps+R550qS2YAmM1C8jjU8CnKzN/e7241sMFspwEdFhltc
96/SkZ4cAat0x9Jp1jQoxnswrRVlq0ujP7WH
-----END CERTIFICATE-----