Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/k8dA_deKjD2cuDuuiVNlbSbuI_A.roa
File:                     k8dA_deKjD2cuDuuiVNlbSbuI_A.roa (raw, json)
Hash identifier:          tCGzeZzwnKRyNU8i6ZJYMNO8VcncW7JxNKHLhdY3qXA=
Subject key identifier:   93:C7:40:FD:D7:8A:8C:3D:9C:B8:3B:AE:89:53:65:6D:26:EE:23:F0
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       018F488AF2C13861081A5D46D2CC52E90A7B
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/k8dA_deKjD2cuDuuiVNlbSbuI_A.roa
Signing time:             Sun 05 May 2024 11:36:56 +0000
ROA not before:           Sun 05 May 2024 11:36:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206924
IP address blocks:        91.198.241.0/24 maxlen: 24
                          185.230.223.0/24 maxlen: 24
                          2a0c:2f05:18::/48 maxlen: 48
                          2a0c:2f05:3512::/48 maxlen: 48
                          2a0c:2f07:d::/48 maxlen: 48
                          2a0c:2f07:f::/48 maxlen: 48
                          2a0c:2f07:29::/48 maxlen: 48
                          2a0c:2f07:384::/48 maxlen: 48
                          2a0c:2f07:666::/48 maxlen: 48
                          2a0c:2f07:ac1::/48 maxlen: 48
                          2a0c:2f07:4663::/48 maxlen: 48
                          2a0c:2f07:4896::/48 maxlen: 48
                          2a0c:2f07:9459::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 24 May 2024 17:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:48:8a:f2:c1:38:61:08:1a:5d:46:d2:cc:52:e9:0a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: May  5 11:36:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93c740fdd78a8c3d9cb83bae8953656d26ee23f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:53:25:61:8d:c0:d2:f5:ff:a5:40:56:0a:03:
                    4f:12:5a:db:9c:d1:cb:a4:41:dd:4a:25:b0:0a:ce:
                    a4:27:f1:dd:2c:84:87:52:13:ce:c8:6a:40:83:bc:
                    ff:c7:85:ca:b9:35:0c:a7:94:de:7c:8f:80:88:53:
                    e6:c8:1a:fe:60:57:80:b2:ca:68:b2:64:fa:ef:08:
                    ea:71:15:49:1c:c5:f1:e3:da:f0:9e:df:3d:d0:5c:
                    4d:e3:64:19:e1:90:90:98:89:16:de:75:bc:c1:3e:
                    f7:cf:ff:b3:04:73:5c:4d:ad:37:6d:10:1b:1d:3b:
                    35:9d:68:7c:82:56:43:2a:07:43:52:d9:a0:94:c2:
                    a2:1b:26:65:d8:68:b1:ee:32:12:a3:91:bb:fd:33:
                    55:a0:35:34:00:24:73:75:aa:1d:53:d4:68:89:c6:
                    4e:07:aa:03:57:bd:33:cc:b1:ff:af:54:30:43:a6:
                    19:92:ca:a4:bc:a8:28:04:0e:67:f6:91:a7:2e:3d:
                    14:bc:f0:ce:7e:d1:57:77:0d:8b:53:64:c4:fb:60:
                    d0:85:de:d6:65:ca:cf:af:4f:0a:1a:9e:b6:b0:93:
                    31:5d:c9:15:5f:d7:f6:2d:50:9f:08:13:cc:61:45:
                    ca:b2:40:d1:6c:a7:58:26:49:03:e8:89:f9:0e:7e:
                    f8:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:C7:40:FD:D7:8A:8C:3D:9C:B8:3B:AE:89:53:65:6D:26:EE:23:F0
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/k8dA_deKjD2cuDuuiVNlbSbuI_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.241.0/24
                  185.230.223.0/24
                IPv6:
                  2a0c:2f05:18::/48
                  2a0c:2f05:3512::/48
                  2a0c:2f07:d::/48
                  2a0c:2f07:f::/48
                  2a0c:2f07:29::/48
                  2a0c:2f07:384::/48
                  2a0c:2f07:666::/48
                  2a0c:2f07:ac1::/48
                  2a0c:2f07:4663::/48
                  2a0c:2f07:4896::/48
                  2a0c:2f07:9459::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:10:5a:54:32:e1:9b:c0:10:b9:0a:68:e1:c4:f8:be:14:e7:
         57:b9:e2:5d:64:aa:ae:c2:63:db:51:c5:32:71:5e:9d:ce:b3:
         d6:c2:3d:6c:c2:c4:eb:c5:c7:cf:99:80:5f:30:15:25:52:5e:
         52:df:d0:5f:81:46:e4:6c:61:c3:bb:44:87:2b:92:73:fb:d4:
         5e:e3:4d:a3:1d:f6:c7:10:1f:c9:b9:44:b8:f0:b7:7e:52:e9:
         12:39:9d:d4:78:50:b2:e1:c8:dc:c4:75:5d:60:06:ef:3e:bc:
         1f:7d:22:d9:b3:cb:0e:05:45:05:16:e8:40:69:bc:96:1c:4a:
         0b:db:7d:6a:eb:eb:19:f5:1b:d7:73:f8:16:1a:69:9f:05:f5:
         67:60:35:d6:c2:08:25:8e:02:eb:f3:04:45:c8:3a:a2:10:af:
         e3:24:2e:59:06:13:5e:c1:78:6c:14:c0:7e:40:73:75:07:88:
         a3:58:58:2f:30:aa:aa:73:d4:a8:10:22:80:a1:63:82:cb:5a:
         57:49:2f:5b:1e:b8:10:fe:97:28:cb:73:06:7a:8f:d6:2a:24:
         4e:34:49:a5:10:cd:50:d8:13:96:7c:7d:f7:7f:4a:65:93:97:
         a5:9d:5a:87:c0:38:35:e6:81:f6:a4:94:ba:93:4c:49:b4:ee:
         35:4c:fd:a3
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAY9IivLBOGEIGl1G0sxS6Qp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjQwNTA1MTEzNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2M3NDBmZGQ3OGE4YzNkOWNiODNiYWU4OTUzNjU2ZDI2ZWUyM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lMlYY3A0vX/pUBWCgNPElrbnNHL
pEHdSiWwCs6kJ/HdLISHUhPOyGpAg7z/x4XKuTUMp5TefI+AiFPmyBr+YFeAsspo
smT67wjqcRVJHMXx49rwnt890FxN42QZ4ZCQmIkW3nW8wT73z/+zBHNcTa03bRAb
HTs1nWh8glZDKgdDUtmglMKiGyZl2Gix7jISo5G7/TNVoDU0ACRzdaodU9RoicZO
B6oDV70zzLH/r1QwQ6YZksqkvKgoBA5n9pGnLj0UvPDOftFXdw2LU2TE+2DQhd7W
ZcrPr08KGp62sJMxXckVX9f2LVCfCBPMYUXKskDRbKdYJkkD6In5Dn744wIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFJPHQP3Xiow9nLg7rolTZW0m7iPwMB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvazhkQV9kZUtqRDJjdUR1dWlWTmxiU2J1SV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MBIEAgABMAwDBABbxvED
BAC55t8waQQCAAIwYwMHACoMLwUAGAMHACoMLwU1EgMHACoMLwcADQMHACoMLwcA
DwMHACoMLwcAKQMHACoMLwcDhAMHACoMLwcGZgMHACoMLwcKwQMHACoMLwdGYwMH
ACoMLwdIlgMHACoMLweUWTANBgkqhkiG9w0BAQsFAAOCAQEAmBBaVDLhm8AQuQpo
4cT4vhTnV7niXWSqrsJj21HFMnFenc6z1sI9bMLE68XHz5mAXzAVJVJeUt/QX4FG
5Gxhw7tEhyuSc/vUXuNNox32xxAfyblEuPC3flLpEjmd1HhQsuHI3MR1XWAG7z68
H30i2bPLDgVFBRboQGm8lhxKC9t9auvrGfUb13P4FhppnwX1Z2A11sIIJY4C6/ME
Rcg6ohCv4yQuWQYTXsF4bBTAfkBzdQeIo1hYLzCqqnPUqBAigKFjgstaV0kvWx64
EP6XKMtzBnqP1iokTjRJpRDNUNgTlnx9939KZZOXpZ1ah8A4NeaB9qSUupNMSbTu
NUz9ow==
-----END CERTIFICATE-----