Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/Lp6dBj-_saPcvYSzlZWIVt7XY6k.roa
File:                     Lp6dBj-_saPcvYSzlZWIVt7XY6k.roa (raw, json)
Hash identifier:          63Xah2XMbr/vbkEcfPDUbmgTVxydglo3HQpwvYzFWgM=
Subject key identifier:   2E:9E:9D:06:3F:BF:B1:A3:DC:BD:84:B3:95:95:88:56:DE:D7:63:A9
Certificate issuer:       /CN=cb20606de730456edd7335cc882cbdf4396f3460
Certificate serial:       0195F0A91DDFB2B1A89DDF591F3D313ACE1F
Authority key identifier: CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/Lp6dBj-_saPcvYSzlZWIVt7XY6k.roa
Signing time:             Tue 01 Apr 2025 09:22:49 +0000
ROA not before:           Tue 01 Apr 2025 09:22:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44914
IP address blocks:        78.28.0.0/19 maxlen: 19
                          78.28.32.0/19 maxlen: 19
                          78.28.32.0/21 maxlen: 21
                          78.28.40.0/21 maxlen: 21
                          78.28.48.0/24 maxlen: 24
                          78.28.56.0/23 maxlen: 23
                          78.28.58.0/23 maxlen: 23
                          78.28.60.0/22 maxlen: 22
                          78.28.62.0/23 maxlen: 23
                          188.125.128.0/20 maxlen: 20
                          188.125.144.0/22 maxlen: 22
                          188.125.148.0/22 maxlen: 22
                          188.125.152.0/22 maxlen: 22
                          188.125.157.0/24 maxlen: 24
                          188.125.158.0/24 maxlen: 24
                          2a02:e88:8000::/48 maxlen: 48
                          2a02:e88:8100::/48 maxlen: 48
Validation:               Failed, certificate revoked on Tue 01 Apr 2025 12:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f0:a9:1d:df:b2:b1:a8:9d:df:59:1f:3d:31:3a:ce:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb20606de730456edd7335cc882cbdf4396f3460
        Validity
            Not Before: Apr  1 09:22:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e9e9d063fbfb1a3dcbd84b395958856ded763a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ac:27:55:3e:11:4e:bb:09:60:81:59:b1:a4:
                    1f:6f:4e:7b:38:89:02:2f:59:2d:38:06:ea:8a:76:
                    a7:39:4e:01:ed:62:e8:6c:a8:07:00:fd:51:8e:2e:
                    37:f7:f7:4c:ca:9d:36:78:ad:07:11:65:3a:59:57:
                    eb:2c:78:17:63:ea:35:d9:47:27:2b:66:50:f4:5c:
                    0f:1b:40:8b:a9:c4:0c:43:51:6c:23:b4:f5:b3:2c:
                    da:f9:a8:2a:36:80:a1:15:ad:85:4f:ae:01:ea:c8:
                    5f:9b:69:15:d6:ef:b0:21:fd:6f:68:b0:c1:31:5a:
                    b3:f8:71:c2:82:a8:46:e3:e0:4e:aa:ed:e1:9f:22:
                    25:07:c0:97:5a:96:16:cc:e4:93:3e:eb:bb:4f:35:
                    94:b9:5b:43:ad:4c:b8:85:9e:cb:f8:73:cb:04:4b:
                    18:c0:a8:0e:e7:d6:d7:0f:e9:28:77:8a:6f:63:ad:
                    3b:9c:bd:7d:48:28:8a:17:0f:f2:95:ae:5b:79:10:
                    ce:cf:59:06:35:66:d0:d7:f9:03:dc:1f:3c:5a:6b:
                    eb:69:8b:ee:f3:68:68:be:b1:87:4d:b1:f0:a3:4d:
                    e7:24:fa:74:ba:d2:fa:c4:de:b5:c2:60:d0:08:c6:
                    5a:90:29:f8:4b:03:05:ea:15:98:89:73:87:fb:cb:
                    25:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:9E:9D:06:3F:BF:B1:A3:DC:BD:84:B3:95:95:88:56:DE:D7:63:A9
            X509v3 Authority Key Identifier:
                keyid:CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/Lp6dBj-_saPcvYSzlZWIVt7XY6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.28.0.0/18
                  188.125.128.0-188.125.155.255
                  188.125.157.0-188.125.158.255
                IPv6:
                  2a02:e88:8000::/48
                  2a02:e88:8100::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:cb:07:b1:cd:0f:4d:70:83:a0:a4:37:2d:07:de:dd:a0:f1:
         84:ec:1a:b8:50:15:fa:df:0a:dd:7b:ec:43:fb:f0:9d:31:c8:
         1d:1e:b0:03:38:b8:4e:bb:59:4d:d0:13:8a:8a:9b:77:90:7d:
         61:e9:c7:4c:84:b8:89:60:4e:74:f2:a9:eb:74:45:d8:07:0f:
         f3:81:87:4c:bf:78:ca:aa:34:3f:b8:1f:7b:a9:62:5c:99:82:
         91:fb:6b:61:53:b9:26:0c:f2:1f:d9:e8:3d:5c:50:6e:b5:07:
         42:4d:25:4f:cb:8e:ef:7a:d8:12:9f:b3:68:f4:56:5f:c2:96:
         00:ca:db:4b:24:7f:f5:7a:e0:44:8e:2a:f0:38:49:aa:e7:50:
         9e:44:7e:41:72:73:08:eb:50:3e:c6:16:30:af:fb:a1:43:5e:
         c2:c3:61:e8:51:a4:cd:43:2a:d0:49:7d:e0:e0:d5:dd:1b:25:
         17:b6:ae:2b:08:66:e1:bb:17:0c:c6:ae:9d:5a:ab:c2:6b:2c:
         3e:d6:38:65:db:38:62:cf:e4:48:85:41:df:fe:06:e2:93:d9:
         6c:39:b4:e4:03:44:19:5b:28:76:50:86:73:84:95:ff:d0:47:
         34:73:73:6e:4b:6e:42:1f:1a:40:1e:8a:f9:3e:2f:94:e6:25:
         07:db:31:3a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZXwqR3fsrGond9ZHz0xOs4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjA2MDZkZTczMDQ1NmVkZDczMzVjYzg4MmNiZGY0Mzk2
ZjM0NjAwHhcNMjUwNDAxMDkyMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTllOWQwNjNmYmZiMWEzZGNiZDg0YjM5NTk1ODg1NmRlZDc2M2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKwnVT4RTrsJYIFZsaQfb057OIkC
L1ktOAbqinanOU4B7WLobKgHAP1Rji439/dMyp02eK0HEWU6WVfrLHgXY+o12Ucn
K2ZQ9FwPG0CLqcQMQ1FsI7T1syza+agqNoChFa2FT64B6shfm2kV1u+wIf1vaLDB
MVqz+HHCgqhG4+BOqu3hnyIlB8CXWpYWzOSTPuu7TzWUuVtDrUy4hZ7L+HPLBEsY
wKgO59bXD+kod4pvY607nL19SCiKFw/yla5beRDOz1kGNWbQ1/kD3B88WmvraYvu
82hovrGHTbHwo03nJPp0utL6xN61wmDQCMZakCn4SwMF6hWYiXOH+8slsQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFC6enQY/v7Gj3L2Es5WViFbe12OpMB8GA1UdIwQY
MBaAFMsgYG3nMEVu3XM1zIgsvfQ5bzRgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQt
YjNkODZhYTQzYmM1LzEvTHA2ZEJqLV9zYVBjdllTemxaV0lWdDdYWTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQtYjNkODZhYTQzYmM1
LzEveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAoBAIAATAiAwQGThwAMAwD
BAe8fYADBAK8fZgwDAMEALx9nQMEALx9njAYBAIAAjASAwcAKgIOiIAAAwcAKgIO
iIEAMA0GCSqGSIb3DQEBCwUAA4IBAQB5ywexzQ9NcIOgpDctB97doPGE7Bq4UBX6
3wrde+xD+/CdMcgdHrADOLhOu1lN0BOKipt3kH1h6cdMhLiJYE508qnrdEXYBw/z
gYdMv3jKqjQ/uB97qWJcmYKR+2thU7kmDPIf2eg9XFButQdCTSVPy47vetgSn7No
9FZfwpYAyttLJH/1euBEjirwOEmq51CeRH5BcnMI61A+xhYwr/uhQ17Cw2HoUaTN
QyrQSX3g4NXdGyUXtq4rCGbhuxcMxq6dWqvCayw+1jhl2zhiz+RIhUHf/gbik9ls
ObTkA0QZWyh2UIZzhJX/0Ec0c3NuS25CHxpAHor5Pi+U5iUH2zE6
-----END CERTIFICATE-----