Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/Hg2LQgssXDNHaalY3L0mQgWjqSI.roa
File:                     Hg2LQgssXDNHaalY3L0mQgWjqSI.roa (raw, json)
Hash identifier:          6Ai882sLkWVAbIDnRiiiHAOivKmfyB9+gz8SEuBSaGs=
Subject key identifier:   1E:0D:8B:42:0B:2C:5C:33:47:69:A9:58:DC:BD:26:42:05:A3:A9:22
Certificate issuer:       /CN=49dd8f1a62a5d7f80212de0f3efe75b2fa338ffe
Certificate serial:       01937CA554C1542DFD80966B9A5BAEB6FDCF
Authority key identifier: 49:DD:8F:1A:62:A5:D7:F8:02:12:DE:0F:3E:FE:75:B2:FA:33:8F:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sd2PGmKl1_gCEt4PPv51svozj_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/Hg2LQgssXDNHaalY3L0mQgWjqSI.roa
Signing time:             Sat 30 Nov 2024 10:37:10 +0000
ROA not before:           Sat 30 Nov 2024 10:37:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215597
IP address blocks:        5.181.196.0/24 maxlen: 24
                          5.181.197.0/24 maxlen: 24
                          82.199.222.0/23 maxlen: 23
                          82.199.222.0/24 maxlen: 24
                          82.199.223.0/24 maxlen: 24
                          91.213.191.0/24 maxlen: 24
                          91.217.185.0/24 maxlen: 24
                          185.95.206.0/23 maxlen: 23
                          185.95.206.0/24 maxlen: 24
                          185.95.207.0/24 maxlen: 24
                          212.95.142.0/24 maxlen: 24
                          212.95.148.0/24 maxlen: 24
                          2a12:f680:200::/48 maxlen: 48
                          2a12:f680:201::/48 maxlen: 48
                          2a12:f680:600::/48 maxlen: 48
                          2a12:f680:601::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 13:49:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:7c:a5:54:c1:54:2d:fd:80:96:6b:9a:5b:ae:b6:fd:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49dd8f1a62a5d7f80212de0f3efe75b2fa338ffe
        Validity
            Not Before: Nov 30 10:37:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e0d8b420b2c5c334769a958dcbd264205a3a922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ef:99:27:bb:4b:b5:7a:bf:a2:4b:2f:2e:b7:
                    97:ac:40:90:56:96:32:85:d4:5a:ae:8c:6c:a3:4f:
                    ce:dd:61:34:4c:d9:11:78:92:d5:11:d1:f3:06:db:
                    bb:c7:3d:c3:65:15:28:df:f1:23:7a:87:ad:9f:77:
                    25:31:aa:e6:64:e1:0a:62:39:9d:cb:94:55:4c:ec:
                    ee:12:d1:0a:06:1d:88:d5:ad:bd:73:27:8b:a2:a6:
                    14:ec:72:67:ef:84:0e:8a:ce:83:60:c1:db:4e:bd:
                    aa:4e:42:b0:70:3a:c6:0a:f0:93:d8:5a:cf:cd:6e:
                    a6:c2:92:d8:62:43:2b:49:44:69:53:3e:7d:09:21:
                    14:c3:75:c1:80:eb:3a:a4:84:37:7e:08:b8:c6:b6:
                    bd:20:a5:aa:8a:41:e7:03:d8:d1:1a:9c:4f:96:51:
                    66:10:5b:47:68:47:1f:6e:a2:3e:e3:e2:d7:25:df:
                    69:40:ca:d5:7c:c3:9b:12:5d:39:15:e4:59:f7:68:
                    df:df:ae:44:a9:12:89:8e:c1:ce:1e:7f:9f:12:92:
                    ea:f7:47:99:6f:a6:af:68:ef:44:d3:2e:67:3a:4d:
                    f3:35:7a:ed:0d:8b:bd:1e:6b:eb:91:c8:d2:33:35:
                    12:8e:bd:20:46:9e:15:37:45:53:7e:58:74:6a:77:
                    8e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:0D:8B:42:0B:2C:5C:33:47:69:A9:58:DC:BD:26:42:05:A3:A9:22
            X509v3 Authority Key Identifier:
                keyid:49:DD:8F:1A:62:A5:D7:F8:02:12:DE:0F:3E:FE:75:B2:FA:33:8F:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sd2PGmKl1_gCEt4PPv51svozj_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/Hg2LQgssXDNHaalY3L0mQgWjqSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/Sd2PGmKl1_gCEt4PPv51svozj_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.196.0/23
                  82.199.222.0/23
                  91.213.191.0/24
                  91.217.185.0/24
                  185.95.206.0/23
                  212.95.142.0/24
                  212.95.148.0/24
                IPv6:
                  2a12:f680:200::/47
                  2a12:f680:600::/47

    Signature Algorithm: sha256WithRSAEncryption
         8f:69:0b:c0:89:ce:a6:f8:fe:56:8a:23:e3:43:ba:47:8b:f4:
         e8:1c:4a:72:c7:31:69:64:9e:ad:60:db:94:2e:fe:cc:d5:8d:
         9c:3c:cc:6b:d1:a7:dd:88:5f:84:6f:ea:ee:52:72:41:12:f3:
         fa:95:a4:07:fc:40:c9:8d:9e:eb:14:4b:50:af:07:11:9f:f5:
         a5:79:84:e0:4c:cc:80:74:70:cf:81:6a:01:5d:87:b8:f2:d8:
         64:06:a7:7c:45:85:7e:e6:32:be:d9:cc:07:9c:81:4c:72:55:
         c3:d1:39:8f:70:12:5a:46:88:19:6e:fd:8c:3e:17:1e:24:c4:
         2f:2b:2d:31:8f:56:38:ab:10:af:91:75:3b:33:de:f4:c9:2b:
         47:78:06:de:4a:06:67:f3:3b:cf:02:05:8e:f3:f3:5f:e4:d5:
         9e:2e:d2:dd:69:07:32:09:3d:ec:64:5e:61:da:21:28:ab:4a:
         20:ca:27:d4:e1:03:98:6e:b8:0d:31:e5:86:3e:ed:54:cf:a1:
         fe:6f:fe:93:91:40:5e:e2:c7:33:c8:d2:a6:42:4d:7f:80:e2:
         f9:0a:87:8d:8f:52:af:96:26:e5:da:ff:0b:40:75:80:fb:a2:
         57:0b:c8:57:8b:6b:37:71:04:b0:34:93:07:94:68:78:02:e6:
         10:30:7d:f6
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZN8pVTBVC39gJZrmluutv3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZGQ4ZjFhNjJhNWQ3ZjgwMjEyZGUwZjNlZmU3NWIyZmEz
MzhmZmUwHhcNMjQxMTMwMTAzNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTBkOGI0MjBiMmM1YzMzNDc2OWE5NThkY2JkMjY0MjA1YTNhOTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO+ZJ7tLtXq/oksvLreXrECQVpYy
hdRaroxso0/O3WE0TNkReJLVEdHzBtu7xz3DZRUo3/Ejeoetn3clMarmZOEKYjmd
y5RVTOzuEtEKBh2I1a29cyeLoqYU7HJn74QOis6DYMHbTr2qTkKwcDrGCvCT2FrP
zW6mwpLYYkMrSURpUz59CSEUw3XBgOs6pIQ3fgi4xra9IKWqikHnA9jRGpxPllFm
EFtHaEcfbqI+4+LXJd9pQMrVfMObEl05FeRZ92jf365EqRKJjsHOHn+fEpLq90eZ
b6avaO9E0y5nOk3zNXrtDYu9HmvrkcjSMzUSjr0gRp4VN0VTflh0aneOsQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFB4Ni0ILLFwzR2mpWNy9JkIFo6kiMB8GA1UdIwQY
MBaAFEndjxpipdf4AhLeDz7+dbL6M4/+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2QyUEdtS2wxX2dDRXQ0UFB2NTFzdm96al80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8wMWIxZWYtMjMzYi00ZDZmLThkY2Yt
Y2VlYzQ5MTI0YzBmLzEvSGcyTFFnc3NYRE5IYWFsWTNMMG1RZ1dqcVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8wMWIxZWYtMjMzYi00ZDZmLThkY2YtY2VlYzQ5MTI0YzBm
LzEvU2QyUEdtS2wxX2dDRXQ0UFB2NTFzdm96al80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAwBAIAATAqAwQBBbXEAwQB
UsfeAwQAW9W/AwQAW9m5AwQBuV/OAwQA1F+OAwQA1F+UMBgEAgACMBIDBwEqEvaA
AgADBwEqEvaABgAwDQYJKoZIhvcNAQELBQADggEBAI9pC8CJzqb4/laKI+NDukeL
9OgcSnLHMWlknq1g25Qu/szVjZw8zGvRp92IX4Rv6u5SckES8/qVpAf8QMmNnusU
S1CvBxGf9aV5hOBMzIB0cM+BagFdh7jy2GQGp3xFhX7mMr7ZzAecgUxyVcPROY9w
ElpGiBlu/Yw+Fx4kxC8rLTGPVjirEK+RdTsz3vTJK0d4Bt5KBmfzO88CBY7z81/k
1Z4u0t1pBzIJPexkXmHaISirSiDKJ9ThA5huuA0x5YY+7VTPof5v/pORQF7ixzPI
0qZCTX+A4vkKh42PUq+WJuXa/wtAdYD7olcLyFeLazdxBLA0kweUaHgC5hAwffY=
-----END CERTIFICATE-----