Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/P2CLVH4rmjIHPMdlEQFkR2MJGQI.roa
File:                     P2CLVH4rmjIHPMdlEQFkR2MJGQI.roa (raw, json)
Hash identifier:          kHyv6HVFvf7bGUCy7paRIUX30ZRSmKBEi66bKryuRoQ=
Subject key identifier:   3F:60:8B:54:7E:2B:9A:32:07:3C:C7:65:11:01:64:47:63:09:19:02
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01904C25A78A00CF1EA8514B4EA2B9C4EA80
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/P2CLVH4rmjIHPMdlEQFkR2MJGQI.roa
Signing time:             Mon 24 Jun 2024 21:27:34 +0000
ROA not before:           Mon 24 Jun 2024 21:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        62.171.192.0/18 maxlen: 24
                          185.192.228.0/22 maxlen: 24
                          194.154.0.0/19 maxlen: 24
                          194.238.32.0/19 maxlen: 24
                          194.238.64.0/19 maxlen: 24
                          213.18.192.0/18 maxlen: 24
                          217.177.0.0/18 maxlen: 24
                          217.177.64.0/19 maxlen: 24
                          217.179.0.0/17 maxlen: 24
                          217.179.192.0/18 maxlen: 24
                          217.180.0.0/19 maxlen: 24
                          217.180.32.0/22 maxlen: 24
                          217.180.48.0/22 maxlen: 24
                          217.181.0.0/18 maxlen: 24
                          217.181.64.0/19 maxlen: 24
                          2a02:fb0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Thu 04 Jul 2024 19:17:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4c:25:a7:8a:00:cf:1e:a8:51:4b:4e:a2:b9:c4:ea:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jun 24 21:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f608b547e2b9a32073cc7651101644763091902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e3:bc:a3:4b:fe:8e:45:c4:ec:c5:5f:21:3d:
                    96:5c:78:e5:47:5a:17:85:77:d8:d3:94:73:30:f5:
                    74:92:56:32:ae:8c:0c:27:9b:bf:4c:95:7e:c7:99:
                    dd:09:72:9a:40:c3:b9:77:70:66:f7:76:d3:7a:63:
                    5a:a6:21:50:d0:65:3f:bc:a7:ad:dd:d5:4d:e9:8b:
                    51:dd:0c:8e:e7:df:08:64:80:ee:7e:47:4b:1f:f7:
                    47:90:e2:17:dd:e9:2a:8d:8d:07:7d:d0:81:72:3c:
                    be:d4:cd:52:cc:4f:7b:fd:55:64:4b:d7:63:a5:93:
                    13:b2:1f:f8:39:2b:f0:09:f8:6e:cb:f4:f7:80:91:
                    e5:42:d4:f8:41:5e:66:f6:43:9f:31:6f:3f:cd:d3:
                    b8:12:bd:7a:a0:04:69:36:1e:47:03:d7:1c:d6:93:
                    86:ff:29:54:05:c9:c2:47:29:d6:32:e2:ed:a4:08:
                    74:d0:31:2c:fc:b3:95:ef:46:e2:47:0e:8e:cf:76:
                    8c:7e:eb:17:62:e6:e6:87:32:82:87:a9:2a:04:8d:
                    39:93:fa:5b:01:3c:3d:ef:6d:4e:1e:b5:75:fe:49:
                    d8:8d:50:c9:cb:fd:24:67:e5:2e:b3:e9:c1:ee:8a:
                    c5:45:59:bf:35:03:13:d9:b4:45:db:b0:4c:9a:32:
                    b2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:60:8B:54:7E:2B:9A:32:07:3C:C7:65:11:01:64:47:63:09:19:02
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/P2CLVH4rmjIHPMdlEQFkR2MJGQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.192.0/18
                  185.192.228.0/22
                  194.154.0.0/19
                  194.238.32.0-194.238.95.255
                  213.18.192.0/18
                  217.177.0.0-217.177.95.255
                  217.179.0.0/17
                  217.179.192.0-217.180.35.255
                  217.180.48.0/22
                  217.181.0.0-217.181.95.255
                IPv6:
                  2a02:fb0::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:c4:97:6b:d0:da:d5:09:6d:e7:ca:0a:64:de:8b:da:e6:d7:
         d8:a5:d8:99:f7:85:98:c7:bb:0d:25:25:10:af:88:18:38:2a:
         8d:45:cb:25:ca:02:3a:8e:dc:f0:ce:3c:5c:31:c0:98:3f:6a:
         d2:62:e2:ec:75:09:95:c6:ed:ff:4b:fb:f3:24:63:ea:b1:a9:
         c2:4f:cc:ef:64:df:07:40:59:78:c1:9d:1c:8c:70:ae:6e:68:
         b7:fa:09:fe:d8:9a:04:77:24:dc:e7:50:4b:5e:b4:90:ae:76:
         92:72:74:ae:d3:96:85:ea:ab:83:76:2a:85:38:4c:0b:13:c5:
         4d:40:70:ac:99:88:a1:9b:9d:74:ff:c5:fe:e5:c1:1c:28:c1:
         b6:38:9c:45:fd:89:7c:5b:f2:53:98:6c:91:25:1b:49:50:25:
         03:2e:37:1d:c8:8e:45:b5:48:0d:40:2f:ee:db:40:11:de:4f:
         6e:10:4b:05:24:98:9a:78:41:36:b4:c4:90:0b:5e:bd:f2:c5:
         90:d4:c4:d5:dc:86:e7:e7:37:43:09:86:d5:55:4e:d0:76:18:
         a0:e6:73:95:ff:b8:eb:2d:fe:72:c1:3a:34:33:c3:78:ca:e6:
         e2:20:2f:e9:39:b3:34:3c:d7:c6:df:02:17:7e:2d:e6:39:04:
         9f:a1:c3:b2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZBMJaeKAM8eqFFLTqK5xOqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwNjI0MjEyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjYwOGI1NDdlMmI5YTMyMDczY2M3NjUxMTAxNjQ0NzYzMDkxOTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquO8o0v+jkXE7MVfIT2WXHjlR1oX
hXfY05RzMPV0klYyrowMJ5u/TJV+x5ndCXKaQMO5d3Bm93bTemNapiFQ0GU/vKet
3dVN6YtR3QyO598IZIDufkdLH/dHkOIX3ekqjY0HfdCBcjy+1M1SzE97/VVkS9dj
pZMTsh/4OSvwCfhuy/T3gJHlQtT4QV5m9kOfMW8/zdO4Er16oARpNh5HA9cc1pOG
/ylUBcnCRynWMuLtpAh00DEs/LOV70biRw6Oz3aMfusXYubmhzKCh6kqBI05k/pb
ATw9721OHrV1/knYjVDJy/0kZ+Uus+nB7orFRVm/NQMT2bRF27BMmjKygwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFD9gi1R+K5oyBzzHZREBZEdjCRkCMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvUDJDTFZINHJtaklIUE1kbEVRRmtSMk1KR1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEBj6rwAME
ArnA5AMEBcKaADAMAwQFwu4gAwQFwu5AAwQG1RLAMAsDAwDZsQMEBdmxQAMEB9mz
ADAMAwQG2bPAAwQC2bQgAwQC2bQwMAsDAwDZtQMEBdm1QDANBAIAAjAHAwUAKgIP
sDANBgkqhkiG9w0BAQsFAAOCAQEAZsSXa9Da1Qlt58oKZN6L2ubX2KXYmfeFmMe7
DSUlEK+IGDgqjUXLJcoCOo7c8M48XDHAmD9q0mLi7HUJlcbt/0v78yRj6rGpwk/M
72TfB0BZeMGdHIxwrm5ot/oJ/tiaBHck3OdQS160kK52knJ0rtOWheqrg3YqhThM
CxPFTUBwrJmIoZuddP/F/uXBHCjBtjicRf2JfFvyU5hskSUbSVAlAy43HciORbVI
DUAv7ttAEd5PbhBLBSSYmnhBNrTEkAtevfLFkNTE1dyG5+c3QwmG1VVO0HYYoOZz
lf+46y3+csE6NDPDeMrm4iAv6TmzNDzXxt8CF34t5jkEn6HDsg==
-----END CERTIFICATE-----