Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/qDXFoCLTTE59QZ4mKngOjhy7UaU.roa
File:                     qDXFoCLTTE59QZ4mKngOjhy7UaU.roa (raw, json)
Hash identifier:          +E01l3Rwhch350OkDdJ4WM4KViGvrvgvA51zoS8i5bw=
Subject key identifier:   A8:35:C5:A0:22:D3:4C:4E:7D:41:9E:26:2A:78:0E:8E:1C:BB:51:A5
Certificate issuer:       /CN=3b3daef89306a75f0b88191440742a720afb3f20
Certificate serial:       019561BAB0C893E6C0FDD0EFE806B89EE27A
Authority key identifier: 3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/qDXFoCLTTE59QZ4mKngOjhy7UaU.roa
Signing time:             Tue 04 Mar 2025 15:16:19 +0000
ROA not before:           Tue 04 Mar 2025 15:16:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24796
IP address blocks:        185.33.108.0/22 maxlen: 22
                          185.33.108.0/23 maxlen: 23
                          185.33.108.0/24 maxlen: 24
                          185.33.109.0/24 maxlen: 24
                          185.33.110.0/23 maxlen: 23
                          185.33.110.0/24 maxlen: 24
                          185.33.111.0/24 maxlen: 24
                          193.24.29.0/24 maxlen: 24
                          193.201.40.0/24 maxlen: 24
                          2a0f:80:1::/48 maxlen: 48
                          2a0f:80:2::/48 maxlen: 48
                          2a0f:80:3::/48 maxlen: 48
                          2a0f:80:a::/48 maxlen: 48
                          2a0f:80:b::/48 maxlen: 48
                          2a0f:80:c::/48 maxlen: 48
                          2a0f:80:d::/48 maxlen: 48
                          2a0f:80:e::/48 maxlen: 48
                          2a0f:80:f::/48 maxlen: 48
                          2a0f:80:10::/48 maxlen: 48
                          2a0f:80:12::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 20 Mar 2025 08:18:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:61:ba:b0:c8:93:e6:c0:fd:d0:ef:e8:06:b8:9e:e2:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b3daef89306a75f0b88191440742a720afb3f20
        Validity
            Not Before: Mar  4 15:16:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a835c5a022d34c4e7d419e262a780e8e1cbb51a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:71:b0:5b:0f:ad:2b:0e:9f:d6:5c:74:2e:ff:
                    60:ed:06:3b:8e:d3:53:b7:d2:89:ea:4f:64:74:42:
                    98:ff:a4:df:aa:d6:1b:2f:a2:43:94:de:fb:c4:8c:
                    b7:29:c9:d8:b1:9b:fb:e8:9c:c2:ff:da:3e:7c:5a:
                    53:37:ae:e6:75:5e:dd:43:c5:7a:6e:4b:e6:08:c2:
                    97:f4:8a:e1:d4:61:8f:46:5c:bb:88:2e:71:ca:1c:
                    0e:7f:0d:ec:eb:22:3f:57:f8:c9:ee:39:59:73:49:
                    2d:9f:7e:f9:f9:d5:e3:cc:b7:c7:bc:08:58:3e:c5:
                    c9:fd:aa:dd:1c:9e:9a:ae:b6:01:7a:bb:b7:d5:99:
                    28:5a:18:df:df:bd:ec:7e:d4:d3:aa:61:07:6b:da:
                    07:49:4a:51:9e:72:33:69:bf:c1:76:9b:b8:e4:a8:
                    41:af:0d:f8:1e:fe:c9:99:58:dc:f6:b2:ea:f2:b6:
                    62:86:4b:02:8a:6c:60:ae:b2:87:97:3d:3f:6c:cc:
                    1f:2e:49:ea:d6:44:79:c8:15:0b:0a:63:13:d0:cb:
                    3c:d4:7e:43:8b:c7:1e:0c:8d:1a:fe:9a:ad:b9:33:
                    28:5b:8a:f5:88:7c:77:04:46:b1:e7:44:59:ac:64:
                    4d:5f:3c:f6:fb:7e:50:59:a6:77:c0:95:7a:cf:a6:
                    63:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:35:C5:A0:22:D3:4C:4E:7D:41:9E:26:2A:78:0E:8E:1C:BB:51:A5
            X509v3 Authority Key Identifier:
                keyid:3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/qDXFoCLTTE59QZ4mKngOjhy7UaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/Oz2u-JMGp18LiBkUQHQqcgr7PyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.108.0/22
                  193.24.29.0/24
                  193.201.40.0/24
                IPv6:
                  2a0f:80:1::-2a0f:80:3:ffff:ffff:ffff:ffff:ffff
                  2a0f:80:a::-2a0f:80:10:ffff:ffff:ffff:ffff:ffff
                  2a0f:80:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:62:28:c7:9e:82:fd:03:52:f1:44:55:86:f1:ab:4e:a6:cd:
         00:45:95:70:e4:a5:c3:fe:49:ad:d5:a7:01:fc:af:69:30:ad:
         12:57:18:f7:9e:c7:01:de:2d:f9:2a:5f:07:00:ff:fd:65:81:
         a1:06:b7:ed:3a:c2:5d:d9:7c:40:63:58:c0:a5:45:fd:e0:5e:
         c9:c9:54:fa:21:4f:c9:e1:37:48:48:bc:cf:07:a4:5f:ad:3b:
         7e:e6:f9:d0:02:7d:a8:b2:7b:fd:c9:cd:b4:26:7d:6f:c5:be:
         5e:cd:a5:6c:d7:4d:b2:07:07:1a:44:58:5c:e8:57:11:04:a7:
         9d:02:de:07:12:d3:4a:ab:26:72:02:fc:83:35:4e:75:ee:a4:
         1e:4f:87:3c:c7:0a:04:00:b8:53:e3:da:0a:da:e8:3c:5a:0e:
         ff:24:20:12:58:56:c5:02:82:d3:bc:a3:81:91:e0:51:f1:9e:
         fb:57:dc:7e:3e:7d:ed:c3:8b:65:9d:28:a7:16:f0:78:33:db:
         b0:a8:e2:9a:3e:62:d7:af:5b:2e:e9:16:b7:3e:cf:aa:dd:31:
         dd:88:37:9c:d6:06:a5:de:24:56:3c:b9:77:b3:37:ae:fc:d9:
         cc:cc:a8:46:e5:79:cd:83:65:e9:1b:89:0b:4d:f6:53:1e:d9:
         2c:a0:f1:13
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZVhurDIk+bA/dDv6Aa4nuJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiM2RhZWY4OTMwNmE3NWYwYjg4MTkxNDQwNzQyYTcyMGFm
YjNmMjAwHhcNMjUwMzA0MTUxNjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODM1YzVhMDIyZDM0YzRlN2Q0MTllMjYyYTc4MGU4ZTFjYmI1MWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXGwWw+tKw6f1lx0Lv9g7QY7jtNT
t9KJ6k9kdEKY/6TfqtYbL6JDlN77xIy3KcnYsZv76JzC/9o+fFpTN67mdV7dQ8V6
bkvmCMKX9Irh1GGPRly7iC5xyhwOfw3s6yI/V/jJ7jlZc0ktn375+dXjzLfHvAhY
PsXJ/ardHJ6arrYBeru31ZkoWhjf373sftTTqmEHa9oHSUpRnnIzab/Bdpu45KhB
rw34Hv7JmVjc9rLq8rZihksCimxgrrKHlz0/bMwfLknq1kR5yBULCmMT0Ms81H5D
i8ceDI0a/pqtuTMoW4r1iHx3BEax50RZrGRNXzz2+35QWaZ3wJV6z6ZjOQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFKg1xaAi00xOfUGeJip4Do4cu1GlMB8GA1UdIwQY
MBaAFDs9rviTBqdfC4gZFEB0KnIK+z8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3oydS1KTUdwMThMaUJrVVFIUXFjZ3I3UHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9mMTUwYjEtNDNiOS00OTExLWEwMDUt
YWFjYWQ4NmM2MTdkLzEvcURYRm9DTFRURTU5UVo0bUtuZ09qaHk3VWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9mMTUwYjEtNDNiOS00OTExLWEwMDUtYWFjYWQ4NmM2MTdk
LzEvT3oydS1KTUdwMThMaUJrVVFIUXFjZ3I3UHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzAYBAIAATASAwQCuSFsAwQA
wRgdAwQAwckoMDcEAgACMDEwEgMHACoPAIAAAQMHAioPAIAAADASAwcBKg8AgAAK
AwcAKg8AgAAQAwcAKg8AgAASMA0GCSqGSIb3DQEBCwUAA4IBAQCNYijHnoL9A1Lx
RFWG8atOps0ARZVw5KXD/kmt1acB/K9pMK0SVxj3nscB3i35Kl8HAP/9ZYGhBrft
OsJd2XxAY1jApUX94F7JyVT6IU/J4TdISLzPB6RfrTt+5vnQAn2osnv9yc20Jn1v
xb5ezaVs102yBwcaRFhc6FcRBKedAt4HEtNKqyZyAvyDNU517qQeT4c8xwoEALhT
49oK2ug8Wg7/JCASWFbFAoLTvKOBkeBR8Z77V9x+Pn3tw4tlnSinFvB4M9uwqOKa
PmLXr1su6Ra3Ps+q3THdiDec1gal3iRWPLl3szeu/NnMzKhG5XnNg2XpG4kLTfZT
HtksoPET
-----END CERTIFICATE-----