Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/cf063f-9493-46f1-acd1-31c7fb4715f6/1/J3HAvcPyiOPFmYEMHV-ZGfyXZB8.roa
File:                     J3HAvcPyiOPFmYEMHV-ZGfyXZB8.roa (raw, json)
Hash identifier:          5YVHOuUcBUzSZKvwbIKYI2kYBE/UtZQshtuPFz5v39Y=
Subject key identifier:   27:71:C0:BD:C3:F2:88:E3:C5:99:81:0C:1D:5F:99:19:FC:97:64:1F
Certificate issuer:       /CN=dc0bde1467895c6f3a47197eac58ca13ae4bb78d
Certificate serial:       019010F2EE70B2B1B930BE766AD468340379
Authority key identifier: DC:0B:DE:14:67:89:5C:6F:3A:47:19:7E:AC:58:CA:13:AE:4B:B7:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AveFGeJXG86Rxl-rFjKE65Lt40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/cf063f-9493-46f1-acd1-31c7fb4715f6/1/J3HAvcPyiOPFmYEMHV-ZGfyXZB8.roa
Signing time:             Thu 13 Jun 2024 09:34:34 +0000
ROA not before:           Thu 13 Jun 2024 09:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49824
IP address blocks:        45.87.89.0/24 maxlen: 24
                          45.87.90.0/24 maxlen: 24
                          45.87.91.0/24 maxlen: 24
                          95.141.245.0/24 maxlen: 24
                          2a10:2f40::/48 maxlen: 48
                          2a10:2f40:1::/48 maxlen: 48
                          2a10:2f40:2::/48 maxlen: 48
                          2a10:2f40:3::/48 maxlen: 48
                          2a10:2f40:4::/48 maxlen: 48
                          2a10:2f40:5::/48 maxlen: 48
                          2a10:2f40:9::/48 maxlen: 48
                          2a10:2f40:a::/48 maxlen: 48
                          2a10:2f40:b::/48 maxlen: 48
                          2a10:2f40:c::/48 maxlen: 48
                          2a10:2f40:d::/48 maxlen: 48
                          2a10:2f40:1a::/48 maxlen: 48
                          2a14:7280::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 20 Jun 2024 09:42:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:f2:ee:70:b2:b1:b9:30:be:76:6a:d4:68:34:03:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc0bde1467895c6f3a47197eac58ca13ae4bb78d
        Validity
            Not Before: Jun 13 09:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2771c0bdc3f288e3c599810c1d5f9919fc97641f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e4:7c:14:93:3a:b8:9d:b9:ec:a4:d8:0a:4b:
                    78:70:00:ef:ae:81:40:4d:cb:03:4b:6a:27:aa:ad:
                    74:7c:d4:40:3b:6c:da:2c:99:0a:d2:08:9e:cf:6a:
                    18:c5:d7:a8:3b:a2:9a:fa:dd:d6:13:5f:89:e1:93:
                    68:87:0b:29:5d:03:29:85:e0:af:98:44:22:52:44:
                    39:8f:a9:cd:fb:e9:5d:ec:7b:e1:11:20:91:50:c6:
                    0e:a1:7c:11:2d:d7:9b:8f:78:dd:14:4f:e2:18:63:
                    e6:69:76:99:bc:7a:68:da:be:65:4d:23:06:a0:9f:
                    cc:cb:1b:d9:5a:04:83:d4:da:55:39:f2:3d:01:a7:
                    51:e8:fe:1f:dc:ae:64:45:9f:46:86:15:dc:35:d2:
                    c1:ba:51:42:11:a6:4d:62:20:00:10:d2:b5:70:cf:
                    94:f4:0d:ab:12:4c:06:6d:2e:a2:5f:9d:2e:e4:75:
                    9f:10:9f:21:e8:68:a9:aa:51:56:f3:3e:d1:0d:e4:
                    66:e3:c4:36:b4:e2:27:48:4a:8e:2d:f5:83:6d:31:
                    5f:44:73:2b:68:5a:88:ac:78:12:cb:d7:7f:22:61:
                    f0:b6:4a:dd:5b:af:b5:48:83:4b:e8:b6:93:5e:03:
                    58:db:26:a0:d7:d7:d6:ca:2e:f5:40:65:75:1b:30:
                    b9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:71:C0:BD:C3:F2:88:E3:C5:99:81:0C:1D:5F:99:19:FC:97:64:1F
            X509v3 Authority Key Identifier:
                keyid:DC:0B:DE:14:67:89:5C:6F:3A:47:19:7E:AC:58:CA:13:AE:4B:B7:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AveFGeJXG86Rxl-rFjKE65Lt40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/cf063f-9493-46f1-acd1-31c7fb4715f6/1/J3HAvcPyiOPFmYEMHV-ZGfyXZB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/cf063f-9493-46f1-acd1-31c7fb4715f6/1/3AveFGeJXG86Rxl-rFjKE65Lt40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.89.0-45.87.91.255
                  95.141.245.0/24
                IPv6:
                  2a10:2f40::-2a10:2f40:5:ffff:ffff:ffff:ffff:ffff
                  2a10:2f40:9::-2a10:2f40:d:ffff:ffff:ffff:ffff:ffff
                  2a10:2f40:1a::/48
                  2a14:7280::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:e0:90:43:c5:8f:f4:03:8b:b1:c9:73:98:e8:28:1a:fc:9a:
         b0:a9:44:8e:c3:fd:82:02:58:9a:2c:d4:aa:6d:18:63:8f:86:
         76:de:13:af:4f:38:68:92:bf:ec:f0:dc:7e:1e:5f:b5:69:1d:
         52:b8:10:96:1e:7d:83:cd:5e:fb:55:d9:01:1a:d3:47:9a:6b:
         36:ed:9c:99:19:59:9f:3b:85:61:b3:67:1c:fb:70:0d:15:18:
         9c:5a:f2:a8:20:21:e5:23:56:8d:43:95:82:9a:1f:60:d3:ab:
         ab:d1:e9:54:7d:12:8b:4e:64:9e:dd:ea:58:43:3d:cb:a0:3f:
         0c:09:d2:fd:90:45:7b:e5:95:a6:44:36:92:78:c7:6b:f5:2c:
         dd:92:5d:ce:8d:84:34:65:b8:ee:86:b6:73:1d:92:89:9e:12:
         77:db:36:ac:75:00:d3:f3:0d:c7:5a:17:d5:6a:4e:36:ad:b5:
         6e:75:cd:51:7f:8d:36:c5:9d:04:9b:3b:5a:b0:ff:3d:9f:d2:
         54:62:05:46:8d:4f:16:69:4f:4b:78:4b:44:b8:7d:c9:50:1e:
         6e:62:59:fa:3c:ca:bc:56:c7:76:fd:c4:cc:78:85:e1:06:74:
         16:3f:98:c7:86:4e:e6:5e:56:e0:ca:93:26:c5:55:b1:56:c7:
         27:0d:04:0f
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZAQ8u5wsrG5ML52atRoNAN5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMGJkZTE0Njc4OTVjNmYzYTQ3MTk3ZWFjNThjYTEzYWU0
YmI3OGQwHhcNMjQwNjEzMDkzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzcxYzBiZGMzZjI4OGUzYzU5OTgxMGMxZDVmOTkxOWZjOTc2NDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+R8FJM6uJ257KTYCkt4cADvroFA
TcsDS2onqq10fNRAO2zaLJkK0giez2oYxdeoO6Ka+t3WE1+J4ZNohwspXQMpheCv
mEQiUkQ5j6nN++ld7HvhESCRUMYOoXwRLdebj3jdFE/iGGPmaXaZvHpo2r5lTSMG
oJ/MyxvZWgSD1NpVOfI9AadR6P4f3K5kRZ9GhhXcNdLBulFCEaZNYiAAENK1cM+U
9A2rEkwGbS6iX50u5HWfEJ8h6GipqlFW8z7RDeRm48Q2tOInSEqOLfWDbTFfRHMr
aFqIrHgSy9d/ImHwtkrdW6+1SINL6LaTXgNY2yag19fWyi71QGV1GzC5FwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFCdxwL3D8ojjxZmBDB1fmRn8l2QfMB8GA1UdIwQY
MBaAFNwL3hRniVxvOkcZfqxYyhOuS7eNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0F2ZUZHZUpYRzg2UnhsLXJGaktFNjVMdDQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9jZjA2M2YtOTQ5My00NmYxLWFjZDEt
MzFjN2ZiNDcxNWY2LzEvSjNIQXZjUHlpT1BGbVlFTUhWLVpHZnlYWkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9jZjA2M2YtOTQ5My00NmYxLWFjZDEtMzFjN2ZiNDcxNWY2
LzEvM0F2ZUZHZUpYRzg2UnhsLXJGaktFNjVMdDQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjAaBAIAATAUMAwDBAAtV1kD
BAItV1gDBABfjfUwPAQCAAIwNjAQAwUGKhAvQAMHASoQL0AABDASAwcAKhAvQAAJ
AwcBKhAvQAAMAwcAKhAvQAAaAwUDKhRygDANBgkqhkiG9w0BAQsFAAOCAQEAqeCQ
Q8WP9AOLsclzmOgoGvyasKlEjsP9ggJYmizUqm0YY4+Gdt4Tr084aJK/7PDcfh5f
tWkdUrgQlh59g81e+1XZARrTR5prNu2cmRlZnzuFYbNnHPtwDRUYnFryqCAh5SNW
jUOVgpofYNOrq9HpVH0Si05knt3qWEM9y6A/DAnS/ZBFe+WVpkQ2knjHa/Us3ZJd
zo2ENGW47oa2cx2SiZ4Sd9s2rHUA0/MNx1oX1WpONq21bnXNUX+NNsWdBJs7WrD/
PZ/SVGIFRo1PFmlPS3hLRLh9yVAebmJZ+jzKvFbHdv3EzHiF4QZ0Fj+Yx4ZO5l5W
4MqTJsVVsVbHJw0EDw==
-----END CERTIFICATE-----