Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/92mf3kyaC7f2ug6BXbVGdEfQjQM.roa
File:                     92mf3kyaC7f2ug6BXbVGdEfQjQM.roa (raw, json)
Hash identifier:          NB61ho3xCvpVEYfNCZTXhIgvTpxx+n/JlwRcwaCvDHU=
Subject key identifier:   F7:69:9F:DE:4C:9A:0B:B7:F6:BA:0E:81:5D:B5:46:74:47:D0:8D:03
Certificate issuer:       /CN=b436c0f0ec8bbedf0f60844dfe4fe939369a4b40
Certificate serial:       0193DC106B879D1F031679A5E6903428C28A
Authority key identifier: B4:36:C0:F0:EC:8B:BE:DF:0F:60:84:4D:FE:4F:E9:39:36:9A:4B:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDbA8OyLvt8PYIRN_k_pOTaaS0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/92mf3kyaC7f2ug6BXbVGdEfQjQM.roa
Signing time:             Wed 18 Dec 2024 23:18:03 +0000
ROA not before:           Wed 18 Dec 2024 23:18:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50782
IP address blocks:        2.57.48.0/22 maxlen: 22
                          91.215.240.0/22 maxlen: 22
                          185.159.200.0/22 maxlen: 22
                          185.246.20.0/22 maxlen: 22
                          194.127.196.0/24 maxlen: 24
                          194.127.202.0/24 maxlen: 24
                          194.127.206.0/24 maxlen: 24
                          194.127.214.0/24 maxlen: 24
                          2a07:b6c0::/29 maxlen: 29
                          2a0d:6680::/29 maxlen: 29
                          2a0f:afc0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 19 Dec 2024 05:05:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:dc:10:6b:87:9d:1f:03:16:79:a5:e6:90:34:28:c2:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b436c0f0ec8bbedf0f60844dfe4fe939369a4b40
        Validity
            Not Before: Dec 18 23:18:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7699fde4c9a0bb7f6ba0e815db5467447d08d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b3:8b:9b:67:b5:97:8d:e9:31:fe:d1:96:ed:
                    09:25:87:20:8a:4a:36:91:aa:58:35:2f:a4:d3:88:
                    ce:f9:9f:f3:e3:fb:1a:93:79:12:be:6d:c1:2c:60:
                    16:92:3a:09:db:68:76:42:87:ca:9e:a0:7c:b6:44:
                    b6:42:1a:e8:50:5d:48:c8:f7:cc:e4:38:99:46:f8:
                    91:be:5c:e4:d0:3d:ae:19:6b:84:8a:36:04:e0:36:
                    a4:ce:68:50:e2:77:b9:65:d7:f5:e6:d6:16:86:42:
                    3f:81:f8:6b:9a:03:0a:25:f9:57:ea:33:33:ca:0e:
                    0a:2d:ec:3a:80:9d:1c:5f:ae:2f:ea:e4:30:a3:52:
                    85:5d:1e:ff:2d:c2:f8:f1:bd:35:f6:07:d8:ec:6f:
                    72:c4:f3:7a:74:51:00:73:5e:db:00:15:a1:b9:e1:
                    9f:79:1b:8b:e2:56:8f:e2:3d:d7:f9:12:8e:e1:3e:
                    7f:7e:7e:9b:b8:33:96:c3:8e:83:63:0a:ec:16:82:
                    e9:b7:66:03:87:15:0b:38:52:01:ca:79:74:57:5d:
                    2b:dc:6c:6b:fe:0a:77:31:40:28:7b:da:86:2d:f3:
                    f1:4e:bb:a8:fe:70:6c:99:7e:87:39:76:86:bb:2d:
                    b3:11:48:ae:64:71:09:08:22:82:0c:13:7f:65:fc:
                    ef:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:69:9F:DE:4C:9A:0B:B7:F6:BA:0E:81:5D:B5:46:74:47:D0:8D:03
            X509v3 Authority Key Identifier:
                keyid:B4:36:C0:F0:EC:8B:BE:DF:0F:60:84:4D:FE:4F:E9:39:36:9A:4B:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDbA8OyLvt8PYIRN_k_pOTaaS0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/92mf3kyaC7f2ug6BXbVGdEfQjQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/tDbA8OyLvt8PYIRN_k_pOTaaS0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.48.0/22
                  91.215.240.0/22
                  185.159.200.0/22
                  185.246.20.0/22
                  194.127.196.0/24
                  194.127.202.0/24
                  194.127.206.0/24
                  194.127.214.0/24
                IPv6:
                  2a07:b6c0::/29
                  2a0d:6680::/29
                  2a0f:afc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:5d:e3:a7:3e:b4:f2:47:95:73:e1:dc:8e:62:13:4c:0f:2f:
         94:6f:ce:4f:a3:62:15:7d:7c:d8:e5:f5:fe:35:a1:67:ee:ec:
         d6:d7:8c:97:10:f1:c2:6b:61:a9:00:e1:05:77:65:e5:e1:aa:
         01:68:40:ad:a5:31:f1:49:27:e4:f7:4b:7b:dc:82:d1:7a:79:
         57:24:ad:c5:d7:9b:13:26:11:d9:0d:ec:d6:fd:63:85:c5:a6:
         cb:16:cf:67:0f:0a:35:d7:b3:d8:4a:3f:fb:76:63:f4:04:7a:
         0b:7a:7b:9c:96:94:da:ec:c4:7a:9a:4a:17:f2:01:f8:00:24:
         b3:50:51:8b:b9:26:32:86:81:49:20:25:76:83:99:60:8f:fa:
         c1:ab:ea:27:85:0d:01:d8:4f:ac:03:e9:24:5d:7f:df:a8:5f:
         84:03:e8:ad:30:81:4a:a3:dd:ea:5e:10:83:6d:ad:10:b9:c4:
         fd:6b:f5:c0:fb:74:11:07:56:15:44:69:fe:00:dd:d2:97:e6:
         90:be:d9:ac:61:12:19:6c:2b:1e:81:bd:b2:70:87:14:60:3c:
         ab:1c:97:8f:7d:f3:d6:0f:9d:07:f4:23:56:ad:5f:54:04:b9:
         34:e3:6c:cb:5b:73:19:50:49:69:8c:35:80:ab:32:2a:9e:85:
         d7:4a:26:d6
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZPcEGuHnR8DFnml5pA0KMKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzZjMGYwZWM4YmJlZGYwZjYwODQ0ZGZlNGZlOTM5MzY5
YTRiNDAwHhcNMjQxMjE4MjMxODAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzY5OWZkZTRjOWEwYmI3ZjZiYTBlODE1ZGI1NDY3NDQ3ZDA4ZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLOLm2e1l43pMf7Rlu0JJYcgiko2
kapYNS+k04jO+Z/z4/sak3kSvm3BLGAWkjoJ22h2QofKnqB8tkS2QhroUF1IyPfM
5DiZRviRvlzk0D2uGWuEijYE4DakzmhQ4ne5Zdf15tYWhkI/gfhrmgMKJflX6jMz
yg4KLew6gJ0cX64v6uQwo1KFXR7/LcL48b019gfY7G9yxPN6dFEAc17bABWhueGf
eRuL4laP4j3X+RKO4T5/fn6buDOWw46DYwrsFoLpt2YDhxULOFIBynl0V10r3Gxr
/gp3MUAoe9qGLfPxTruo/nBsmX6HOXaGuy2zEUiuZHEJCCKCDBN/ZfzvvwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFPdpn95Mmgu39roOgV21RnRH0I0DMB8GA1UdIwQY
MBaAFLQ2wPDsi77fD2CETf5P6Tk2mktAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERiQThPeUx2dDhQWUlSTl9rX3BPVGFhUzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9kYjY2YWItNzBhYy00MWFkLTk5NTgt
ZGQ4YjVhZmNlZTNiLzEvOTJtZjNreWFDN2YydWc2QlhiVkdkRWZRalFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9kYjY2YWItNzBhYy00MWFkLTk5NTgtZGQ4YjVhZmNlZTNi
LzEvdERiQThPeUx2dDhQWUlSTl9rX3BPVGFhUzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTA2BAIAATAwAwQCAjkwAwQC
W9fwAwQCuZ/IAwQCufYUAwQAwn/EAwQAwn/KAwQAwn/OAwQAwn/WMBsEAgACMBUD
BQMqB7bAAwUDKg1mgAMFAyoPr8AwDQYJKoZIhvcNAQELBQADggEBAGJd46c+tPJH
lXPh3I5iE0wPL5Rvzk+jYhV9fNjl9f41oWfu7NbXjJcQ8cJrYakA4QV3ZeXhqgFo
QK2lMfFJJ+T3S3vcgtF6eVckrcXXmxMmEdkN7Nb9Y4XFpssWz2cPCjXXs9hKP/t2
Y/QEegt6e5yWlNrsxHqaShfyAfgAJLNQUYu5JjKGgUkgJXaDmWCP+sGr6ieFDQHY
T6wD6SRdf9+oX4QD6K0wgUqj3epeEINtrRC5xP1r9cD7dBEHVhVEaf4A3dKX5pC+
2axhEhlsKx6BvbJwhxRgPKscl49989YPnQf0I1atX1QEuTTjbMtbcxlQSWmMNYCr
MiqehddKJtY=
-----END CERTIFICATE-----