Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/kv7kFGLm9NXYCC07hCzC8wGOfcM.roa
File:                     kv7kFGLm9NXYCC07hCzC8wGOfcM.roa (raw, json)
Hash identifier:          MLiFh8i7jAganZSlbsMVhA8C/5eNRZj43jQ5LDBtm34=
Subject key identifier:   92:FE:E4:14:62:E6:F4:D5:D8:08:2D:3B:84:2C:C2:F3:01:8E:7D:C3
Certificate issuer:       /CN=b986028c9feb6f142b3fecb64667f48874ba9c37
Certificate serial:       019422FB938FD72122E303B1930CF482E1EF
Authority key identifier: B9:86:02:8C:9F:EB:6F:14:2B:3F:EC:B6:46:67:F4:88:74:BA:9C:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/kv7kFGLm9NXYCC07hCzC8wGOfcM.roa
Signing time:             Wed 01 Jan 2025 17:48:20 +0000
ROA not before:           Wed 01 Jan 2025 17:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34362
IP address blocks:        85.94.64.0/22 maxlen: 22
                          85.94.68.0/22 maxlen: 22
                          85.94.72.0/22 maxlen: 22
                          85.94.76.0/22 maxlen: 22
                          85.94.80.0/22 maxlen: 22
                          85.94.84.0/22 maxlen: 22
                          85.94.88.0/22 maxlen: 22
                          85.94.92.0/22 maxlen: 22
                          176.62.0.0/22 maxlen: 22
                          176.62.4.0/22 maxlen: 22
                          176.62.8.0/22 maxlen: 22
                          176.62.12.0/22 maxlen: 22
                          176.62.16.0/22 maxlen: 22
                          176.62.20.0/22 maxlen: 22
                          176.62.24.0/22 maxlen: 22
                          176.62.28.0/24 maxlen: 24
                          176.62.29.0/24 maxlen: 24
                          176.62.30.0/24 maxlen: 24
                          176.62.32.0/22 maxlen: 22
                          176.62.36.0/22 maxlen: 22
                          176.62.40.0/22 maxlen: 22
                          176.62.44.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 14:32:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:93:8f:d7:21:22:e3:03:b1:93:0c:f4:82:e1:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b986028c9feb6f142b3fecb64667f48874ba9c37
        Validity
            Not Before: Jan  1 17:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92fee41462e6f4d5d8082d3b842cc2f3018e7dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:64:eb:98:8c:f4:64:d3:3d:36:fa:6c:b9:8b:
                    4d:e7:ef:32:c5:d3:29:d3:23:29:b7:ad:41:98:e5:
                    c6:b8:a3:97:74:c1:1b:08:4f:b5:a1:14:16:60:7f:
                    e7:4b:f8:cb:8e:e5:9a:ec:17:bd:6b:9a:3d:19:36:
                    bc:5b:76:34:b4:97:34:0a:9b:fe:3c:d2:8e:34:63:
                    55:aa:47:a2:35:9c:2f:2c:3e:50:be:98:03:67:e9:
                    f6:a4:a7:3d:cb:10:d8:ea:9d:b9:06:09:3b:6f:fb:
                    36:7f:cf:06:0e:58:fe:01:e5:4c:cb:fa:1e:fc:a3:
                    51:46:d8:41:9d:c8:aa:87:ab:c6:09:6d:ac:e5:5c:
                    3a:0e:8a:d0:f3:87:38:aa:fc:d7:89:25:24:3d:65:
                    f0:62:4e:6f:76:bf:b7:b5:e2:03:4e:79:77:c9:ae:
                    11:80:a2:a6:b3:61:d1:58:e0:1a:51:1b:02:3f:2e:
                    5d:77:80:b6:96:d3:64:62:47:20:39:eb:b1:5a:9b:
                    f4:df:61:00:80:7c:6f:3c:87:41:a3:ae:48:18:4b:
                    46:53:e9:ad:53:2d:ab:de:27:ee:c4:7f:ce:36:c9:
                    92:06:85:8f:64:5b:dd:44:5e:a8:d8:2c:3d:dc:e7:
                    5b:a5:8c:02:29:a7:89:17:40:69:0b:4f:43:e2:ec:
                    ab:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:FE:E4:14:62:E6:F4:D5:D8:08:2D:3B:84:2C:C2:F3:01:8E:7D:C3
            X509v3 Authority Key Identifier:
                keyid:B9:86:02:8C:9F:EB:6F:14:2B:3F:EC:B6:46:67:F4:88:74:BA:9C:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/kv7kFGLm9NXYCC07hCzC8wGOfcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.94.64.0/19
                  176.62.0.0-176.62.30.255
                  176.62.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         24:c7:96:56:28:8a:a1:28:28:0b:1f:93:c1:33:85:d7:4c:98:
         39:f6:9b:5d:c5:df:1e:ad:de:45:08:68:e0:32:66:3f:90:42:
         12:50:3f:d6:73:31:10:cc:82:6c:69:e9:0e:9c:c6:9b:a2:fe:
         a1:3d:b4:ad:1c:b3:e7:12:15:38:02:a9:d2:7a:ec:03:59:46:
         02:27:30:58:58:32:6a:53:c7:45:4c:63:65:b6:89:54:c5:d0:
         34:1f:b1:b9:46:96:07:64:e4:91:45:85:fa:80:35:d1:ca:21:
         1e:23:fb:d6:1d:1c:4a:ee:87:76:19:40:a0:55:07:3c:7a:a9:
         ac:f5:d1:98:48:08:f1:ab:86:54:e4:00:1d:a3:e4:52:e0:53:
         ba:8d:cb:77:cc:96:28:a4:c1:01:7b:58:cf:82:ae:98:1a:41:
         6e:74:c0:9f:2c:86:01:1c:8f:00:7b:28:53:01:ff:1c:a4:b7:
         4b:12:14:c9:3b:83:82:03:d5:04:88:86:23:a5:a6:ed:3e:7e:
         29:67:c1:a0:6a:15:57:7d:55:a3:e9:61:8b:fb:fd:f3:d0:6f:
         53:c3:fb:c9:ef:a6:8f:b0:84:4a:bc:1e:49:c9:1d:6e:e4:2c:
         b9:81:a4:6d:00:67:2e:b0:bc:39:8b:93:1a:3a:9d:20:90:f2:
         b2:37:be:82
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQi+5OP1yEi4wOxkwz0guHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ODYwMjhjOWZlYjZmMTQyYjNmZWNiNjQ2NjdmNDg4NzRi
YTljMzcwHhcNMjUwMTAxMTc0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmZlZTQxNDYyZTZmNGQ1ZDgwODJkM2I4NDJjYzJmMzAxOGU3ZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02TrmIz0ZNM9NvpsuYtN5+8yxdMp
0yMpt61BmOXGuKOXdMEbCE+1oRQWYH/nS/jLjuWa7Be9a5o9GTa8W3Y0tJc0Cpv+
PNKONGNVqkeiNZwvLD5QvpgDZ+n2pKc9yxDY6p25Bgk7b/s2f88GDlj+AeVMy/oe
/KNRRthBnciqh6vGCW2s5Vw6DorQ84c4qvzXiSUkPWXwYk5vdr+3teIDTnl3ya4R
gKKms2HRWOAaURsCPy5dd4C2ltNkYkcgOeuxWpv032EAgHxvPIdBo65IGEtGU+mt
Uy2r3ifuxH/ONsmSBoWPZFvdRF6o2Cw93OdbpYwCKaeJF0BpC09D4uyrVQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFJL+5BRi5vTV2AgtO4QswvMBjn3DMB8GA1UdIwQY
MBaAFLmGAoyf628UKz/stkZn9Ih0upw3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVlZQ2pKX3JieFFyUC15MlJtZjBpSFM2bkRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8yODU4NTAtNzU1MS00MjI5LTg3YjYt
M2E0NDY4YzRkZmRmLzEva3Y3a0ZHTG05TlhZQ0MwN2hDekM4d0dPZmNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8yODU4NTAtNzU1MS00MjI5LTg3YjYtM2E0NDY4YzRkZmRm
LzEvdVlZQ2pKX3JieFFyUC15MlJtZjBpSFM2bkRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZAwQFVV5AMAsD
AwGwPgMEALA+HgMEBLA+IDANBgkqhkiG9w0BAQsFAAOCAQEAJMeWViiKoSgoCx+T
wTOF10yYOfabXcXfHq3eRQho4DJmP5BCElA/1nMxEMyCbGnpDpzGm6L+oT20rRyz
5xIVOAKp0nrsA1lGAicwWFgyalPHRUxjZbaJVMXQNB+xuUaWB2TkkUWF+oA10coh
HiP71h0cSu6HdhlAoFUHPHqprPXRmEgI8auGVOQAHaPkUuBTuo3Ld8yWKKTBAXtY
z4KumBpBbnTAnyyGARyPAHsoUwH/HKS3SxIUyTuDggPVBIiGI6Wm7T5+KWfBoGoV
V31Vo+lhi/v989BvU8P7ye+mj7CESrweSckdbuQsuYGkbQBnLrC8OYuTGjqdIJDy
sje+gg==
-----END CERTIFICATE-----