Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/oIm1wBRHXDanU9ZcWONnX3UF3Cw.roa
File:                     oIm1wBRHXDanU9ZcWONnX3UF3Cw.roa (raw, json)
Hash identifier:          MerSfBHCAmEZpUt8GDPFQs2S1UG4BvbZjYGplgzG1fE=
Subject key identifier:   A0:89:B5:C0:14:47:5C:36:A7:53:D6:5C:58:E3:67:5F:75:05:DC:2C
Certificate issuer:       /CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
Certificate serial:       018CC72771A3B9FDEF80BE1B64CCC2AA230E
Authority key identifier: FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/oIm1wBRHXDanU9ZcWONnX3UF3Cw.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47692
IP address blocks:        192.166.242.0/23 maxlen: 23
                          192.166.241.0/24 maxlen: 24
                          84.242.8.0/21 maxlen: 24
                          146.255.56.0/21 maxlen: 24
                          5.183.173.0/24 maxlen: 24
                          5.183.174.0/23 maxlen: 23
                          45.155.244.0/22 maxlen: 24
                          83.137.112.0/21 maxlen: 24
                          77.244.240.0/20 maxlen: 24
                          217.74.8.0/21 maxlen: 24
                          92.42.136.0/21 maxlen: 24
                          212.232.24.0/21 maxlen: 24
                          2a02:1b9::/32 maxlen: 32
                          2a02:1b8::/29 maxlen: 48
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:71:a3:b9:fd:ef:80:be:1b:64:cc:c2:aa:23:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a089b5c014475c36a753d65c58e3675f7505dc2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:23:c8:54:ef:8f:b0:6d:0c:13:55:cc:4e:1e:
                    ce:fb:bc:c0:ff:fc:92:df:da:b1:ae:f6:c3:87:28:
                    c4:9c:36:5f:5c:86:3c:d4:14:3c:ae:1b:2b:42:fe:
                    af:58:6e:4a:6c:ae:2c:2a:fd:4c:0a:f5:19:d0:2a:
                    24:5b:9a:85:43:cc:3f:ca:36:18:92:70:98:ab:ef:
                    fe:68:6c:08:c3:3b:cd:ff:60:91:1c:14:75:5b:d2:
                    68:43:d0:ed:ff:8b:e1:ac:48:a2:57:cc:04:a1:e0:
                    a3:b4:89:36:2f:57:5a:89:b1:41:ae:a8:51:b1:fc:
                    08:9e:23:9a:f8:24:f2:10:75:ed:be:60:18:ad:cf:
                    d7:4c:79:9c:36:00:00:14:c1:1d:c4:2a:dd:ba:26:
                    d5:00:66:14:da:ef:c8:10:64:28:57:77:63:5e:c3:
                    e5:c2:fc:b9:42:08:e2:f4:42:be:0d:7c:d2:92:6d:
                    82:be:00:5d:ee:c0:d8:07:bd:5f:df:7b:8f:a8:d0:
                    15:eb:28:69:ae:d2:e6:58:d0:a8:9d:e6:f7:06:e7:
                    9d:8d:ed:8a:7b:99:34:f2:69:b4:6d:77:7b:60:cc:
                    93:2e:fa:75:60:af:30:d6:ff:b6:f0:df:96:42:f7:
                    5d:06:a8:55:8e:52:19:20:df:4f:60:1f:e1:57:40:
                    3a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:89:B5:C0:14:47:5C:36:A7:53:D6:5C:58:E3:67:5F:75:05:DC:2C
            X509v3 Authority Key Identifier:
                keyid:FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/oIm1wBRHXDanU9ZcWONnX3UF3Cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.173.0-5.183.175.255
                  45.155.244.0/22
                  77.244.240.0/20
                  83.137.112.0/21
                  84.242.8.0/21
                  92.42.136.0/21
                  146.255.56.0/21
                  192.166.241.0-192.166.243.255
                  212.232.24.0/21
                  217.74.8.0/21
                IPv6:
                  2a02:1b8::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:ae:f7:ec:db:56:5a:2e:2c:5f:3e:40:16:86:32:cb:f7:c5:
         93:4f:de:66:b4:5f:91:a5:0c:cd:d1:ed:96:a0:9a:b4:49:93:
         d7:df:59:cf:1d:8b:1e:49:a9:3b:e4:18:65:18:fb:29:c8:d0:
         7b:ca:27:d2:7b:fb:50:d0:f0:f1:19:7c:c6:97:63:2f:c3:44:
         df:76:d6:e7:61:c9:6d:5e:b5:e5:a0:d0:d2:8a:51:90:7a:9b:
         74:4b:e9:3b:5d:ae:47:40:27:e8:ca:30:a9:94:74:c7:b6:50:
         d7:03:78:45:86:4f:1e:2a:9c:91:eb:7d:48:e4:30:cb:c6:a5:
         bd:8c:20:19:5b:0d:c6:9d:91:69:68:0b:26:5c:21:07:35:61:
         ca:91:ab:c6:65:d2:d9:ab:ea:72:1d:82:d6:87:71:f8:d1:7d:
         ee:98:0e:fa:bb:ee:de:d7:e9:3c:f4:36:76:68:23:24:bc:83:
         d5:92:9d:16:e0:d4:12:16:c9:b2:c5:1d:f2:ac:c7:14:14:b2:
         e0:87:01:ad:87:5e:9e:60:50:f0:e6:f9:c5:de:ca:64:44:55:
         88:d4:9e:35:cd:35:ce:f4:62:0a:67:d5:5e:13:0f:d5:03:9f:
         7f:b3:10:a5:4a:b2:37:20:2a:91:d0:6a:b7:fe:de:3b:01:6e:
         ce:da:1d:47
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYzHJ3Gjuf3vgL4bZMzCqiMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkM2ExZTg0NjViZmM0ZGY3MDA4OTQzNzJkMGI5ODA4ZThi
NjI5ZWEwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDg5YjVjMDE0NDc1YzM2YTc1M2Q2NWM1OGUzNjc1Zjc1MDVkYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yPIVO+PsG0ME1XMTh7O+7zA//yS
39qxrvbDhyjEnDZfXIY81BQ8rhsrQv6vWG5KbK4sKv1MCvUZ0CokW5qFQ8w/yjYY
knCYq+/+aGwIwzvN/2CRHBR1W9JoQ9Dt/4vhrEiiV8wEoeCjtIk2L1daibFBrqhR
sfwIniOa+CTyEHXtvmAYrc/XTHmcNgAAFMEdxCrduibVAGYU2u/IEGQoV3djXsPl
wvy5Qgji9EK+DXzSkm2CvgBd7sDYB71f33uPqNAV6yhprtLmWNConeb3Buedje2K
e5k08mm0bXd7YMyTLvp1YK8w1v+28N+WQvddBqhVjlIZIN9PYB/hV0A6HwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFKCJtcAUR1w2p1PWXFjjZ191BdwsMB8GA1UdIwQY
MBaAFP06HoRlv8TfcAiUNy0LmAjotinqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYt
OTU1NWQzMGY2ZjhmLzEvb0ltMXdCUkhYRGFuVTlaY1dPTm5YM1VGM0N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYtOTU1NWQzMGY2Zjhm
LzEvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBSBAIAATBMMAwDBAAFt60D
BAQFt6ADBAItm/QDBARN9PADBANTiXADBANU8ggDBANcKogDBAOS/zgwDAMEAMCm
8QMEAsCm8AMEA9ToGAMEA9lKCDANBAIAAjAHAwUDKgIBuDANBgkqhkiG9w0BAQsF
AAOCAQEAcK737NtWWi4sXz5AFoYyy/fFk0/eZrRfkaUMzdHtlqCatEmT199Zzx2L
HkmpO+QYZRj7KcjQe8on0nv7UNDw8Rl8xpdjL8NE33bW52HJbV615aDQ0opRkHqb
dEvpO12uR0An6MowqZR0x7ZQ1wN4RYZPHiqcket9SOQwy8alvYwgGVsNxp2RaWgL
JlwhBzVhypGrxmXS2avqch2C1odx+NF97pgO+rvu3tfpPPQ2dmgjJLyD1ZKdFuDU
EhbJssUd8qzHFBSy4IcBrYdenmBQ8Ob5xd7KZERViNSeNc01zvRiCmfVXhMP1QOf
f7MQpUqyNyAqkdBqt/7eOwFuztodRw==
-----END CERTIFICATE-----