Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/oS6ITvJx8DtK5JiOb1W9ZXURi4s.roa
File:                     oS6ITvJx8DtK5JiOb1W9ZXURi4s.roa (raw, json)
Hash identifier:          qldHvuBlqfiLyC/imA0piJzVFXbdi8BTKFyFBZY67qY=
Subject key identifier:   A1:2E:88:4E:F2:71:F0:3B:4A:E4:98:8E:6F:55:BD:65:75:11:8B:8B
Certificate issuer:       /CN=567190854786a16afa6b0ec78dfb0620abaacfef
Certificate serial:       0191FB2B0EF1577A82AB4CC65DE134E65B1B
Authority key identifier: 56:71:90:85:47:86:A1:6A:FA:6B:0E:C7:8D:FB:06:20:AB:AA:CF:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VnGQhUeGoWr6aw7HjfsGIKuqz-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/oS6ITvJx8DtK5JiOb1W9ZXURi4s.roa
Signing time:             Mon 16 Sep 2024 14:09:48 +0000
ROA not before:           Mon 16 Sep 2024 14:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        5.172.160.0/20 maxlen: 20
                          5.172.170.0/24 maxlen: 24
                          81.2.64.0/18 maxlen: 18
                          81.187.0.0/16 maxlen: 23
                          81.187.161.0/24 maxlen: 24
                          90.155.0.0/18 maxlen: 24
                          90.155.64.0/19 maxlen: 20
                          90.155.96.0/20 maxlen: 20
                          178.238.144.0/20 maxlen: 20
                          194.4.172.0/22 maxlen: 24
                          217.169.0.0/19 maxlen: 19
                          2001:8b0::/32 maxlen: 63
                          2001:8b0:a::666/128 maxlen: 128
                          2001:8b6::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 23 Oct 2024 13:40:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fb:2b:0e:f1:57:7a:82:ab:4c:c6:5d:e1:34:e6:5b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=567190854786a16afa6b0ec78dfb0620abaacfef
        Validity
            Not Before: Sep 16 14:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a12e884ef271f03b4ae4988e6f55bd6575118b8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9e:99:42:b9:c0:7b:19:23:37:59:af:1e:98:
                    80:98:52:46:2e:9d:09:f5:5a:ef:05:29:1a:01:fd:
                    3c:99:1b:d2:92:d8:07:9a:4c:4d:51:3d:4d:dd:dd:
                    d5:60:12:5f:0d:b2:7f:47:ec:8d:40:bb:aa:86:e0:
                    e3:38:f5:d5:9a:45:2b:6c:45:4e:e0:7b:4a:2a:7c:
                    70:c7:60:17:5d:c3:8f:e7:29:13:c1:72:b2:d9:7e:
                    e6:c8:1c:97:18:74:36:50:f0:aa:71:21:41:69:db:
                    a2:b2:0e:e9:9b:2f:36:b2:e3:c6:86:43:77:01:d5:
                    76:74:88:7f:00:c9:f7:04:3b:34:0c:ad:23:20:aa:
                    b8:61:db:92:f1:e2:b3:6e:e7:67:da:17:e4:f3:e2:
                    9c:94:c4:ff:b5:55:ee:65:11:33:02:b7:24:5f:47:
                    76:d3:0d:ca:67:d1:56:7a:d5:78:d9:3b:38:68:d9:
                    42:53:04:7e:58:d5:34:d6:d9:1d:fa:9b:d4:74:f5:
                    31:f6:c9:7b:0b:f1:57:01:dc:d2:54:3f:77:2b:a4:
                    93:2e:35:15:92:b1:58:05:19:3c:b7:bb:7e:62:5e:
                    08:f0:50:15:fd:06:d4:40:73:b8:70:7b:9d:8e:e9:
                    43:b3:55:d4:15:46:2d:ff:97:c7:19:99:f4:e6:7f:
                    18:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:2E:88:4E:F2:71:F0:3B:4A:E4:98:8E:6F:55:BD:65:75:11:8B:8B
            X509v3 Authority Key Identifier:
                keyid:56:71:90:85:47:86:A1:6A:FA:6B:0E:C7:8D:FB:06:20:AB:AA:CF:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnGQhUeGoWr6aw7HjfsGIKuqz-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/oS6ITvJx8DtK5JiOb1W9ZXURi4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/24c324-a15e-4cd0-94c1-73ff40959348/1/VnGQhUeGoWr6aw7HjfsGIKuqz-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.160.0/20
                  81.2.64.0/18
                  81.187.0.0/16
                  90.155.0.0-90.155.111.255
                  178.238.144.0/20
                  194.4.172.0/22
                  217.169.0.0/19
                IPv6:
                  2001:8b0::/32
                  2001:8b6::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:e1:d0:0c:55:c9:11:cf:2c:2f:90:cc:71:20:b8:bc:d6:5d:
         60:3e:8b:84:76:71:dd:14:a2:dc:b2:68:bc:4a:8f:94:41:02:
         63:ea:37:b8:55:cd:35:67:0b:0d:55:16:d0:cd:fd:fb:42:54:
         5d:8c:4e:d6:2f:94:ae:59:e8:f1:2d:0d:ac:95:c3:5b:03:98:
         cb:d8:18:82:73:63:98:e0:fd:b0:19:f4:45:50:6c:04:1a:b0:
         77:f2:6c:19:52:e1:09:2e:0d:d2:fa:a4:c4:25:60:70:b3:01:
         8f:bd:df:dd:89:b7:b5:7a:d9:7f:e9:16:ab:09:52:3c:47:8c:
         1f:e4:a7:51:b9:27:ff:86:f6:fa:85:8d:b7:ce:1a:a8:6d:0c:
         c9:2e:ef:52:ce:f5:56:c6:38:30:15:01:44:2c:dd:6d:ca:01:
         09:75:f6:35:fa:ed:3e:46:5c:a9:67:47:93:57:34:48:f5:0d:
         fa:22:17:29:ad:7c:37:ac:5d:71:87:65:c5:32:fc:bb:d4:63:
         8e:57:bc:2a:5c:b5:5c:c8:86:a6:46:19:79:14:f2:71:e4:02:
         53:34:8f:ba:01:a5:c1:dc:a7:6e:72:d5:d1:6f:ff:a9:56:a0:
         af:65:32:f4:66:f3:36:d9:16:35:a6:ee:2c:7d:9d:01:be:59:
         ff:c9:2c:3c
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZH7Kw7xV3qCq0zGXeE05lsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NzE5MDg1NDc4NmExNmFmYTZiMGVjNzhkZmIwNjIwYWJh
YWNmZWYwHhcNMjQwOTE2MTQwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTJlODg0ZWYyNzFmMDNiNGFlNDk4OGU2ZjU1YmQ2NTc1MTE4YjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJ6ZQrnAexkjN1mvHpiAmFJGLp0J
9VrvBSkaAf08mRvSktgHmkxNUT1N3d3VYBJfDbJ/R+yNQLuqhuDjOPXVmkUrbEVO
4HtKKnxwx2AXXcOP5ykTwXKy2X7myByXGHQ2UPCqcSFBaduisg7pmy82suPGhkN3
AdV2dIh/AMn3BDs0DK0jIKq4YduS8eKzbudn2hfk8+KclMT/tVXuZREzArckX0d2
0w3KZ9FWetV42Ts4aNlCUwR+WNU01tkd+pvUdPUx9sl7C/FXAdzSVD93K6STLjUV
krFYBRk8t7t+Yl4I8FAV/QbUQHO4cHudjulDs1XUFUYt/5fHGZn05n8YqwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFKEuiE7ycfA7SuSYjm9VvWV1EYuLMB8GA1UdIwQY
MBaAFFZxkIVHhqFq+msOx437BiCrqs/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5HUWhVZUdvV3I2YXc3SGpmc0dJS3Vxei04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yNGMzMjQtYTE1ZS00Y2QwLTk0YzEt
NzNmZjQwOTU5MzQ4LzEvb1M2SVR2Sng4RHRLNUppT2IxVzlaWFVSaTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yNGMzMjQtYTE1ZS00Y2QwLTk0YzEtNzNmZjQwOTU5MzQ4
LzEvVm5HUWhVZUdvV3I2YXc3SGpmc0dJS3Vxei04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQEBaygAwQG
UQJAAwMAUbswCwMDAFqbAwQEWptgAwQEsu6QAwQCwgSsAwQF2akAMBQEAgACMA4D
BQAgAQiwAwUAIAEItjANBgkqhkiG9w0BAQsFAAOCAQEAO+HQDFXJEc8sL5DMcSC4
vNZdYD6LhHZx3RSi3LJovEqPlEECY+o3uFXNNWcLDVUW0M39+0JUXYxO1i+Urlno
8S0NrJXDWwOYy9gYgnNjmOD9sBn0RVBsBBqwd/JsGVLhCS4N0vqkxCVgcLMBj73f
3Ym3tXrZf+kWqwlSPEeMH+SnUbkn/4b2+oWNt84aqG0MyS7vUs71VsY4MBUBRCzd
bcoBCXX2NfrtPkZcqWdHk1c0SPUN+iIXKa18N6xdcYdlxTL8u9Rjjle8Kly1XMiG
pkYZeRTyceQCUzSPugGlwdynbnLV0W//qVagr2Uy9GbzNtkWNabuLH2dAb5Z/8ks
PA==
-----END CERTIFICATE-----