Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/OdQKjrc-1TdMPA5XmTvmsnDsnhU.roa
File:                     OdQKjrc-1TdMPA5XmTvmsnDsnhU.roa (raw, json)
Hash identifier:          R+tTTlm73fuMQCydAZwf9EBt/sEOa0QdmCKCOsCLcsw=
Subject key identifier:   39:D4:0A:8E:B7:3E:D5:37:4C:3C:0E:57:99:3B:E6:B2:70:EC:9E:15
Certificate issuer:       /CN=29993007c7c92df6178e7cb43183fd7f52a526d8
Certificate serial:       0191C42C984DB7D8E58B68DFB64550764BE0
Authority key identifier: 29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/OdQKjrc-1TdMPA5XmTvmsnDsnhU.roa
Signing time:             Thu 05 Sep 2024 21:52:22 +0000
ROA not before:           Thu 05 Sep 2024 21:52:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39582
IP address blocks:        37.77.0.0/19 maxlen: 24
                          37.77.1.0/24 maxlen: 24
                          37.77.2.0/24 maxlen: 24
                          37.77.3.0/24 maxlen: 24
                          37.77.4.0/24 maxlen: 24
                          37.77.5.0/24 maxlen: 24
                          37.77.6.0/24 maxlen: 24
                          37.77.7.0/24 maxlen: 24
                          37.77.8.0/24 maxlen: 24
                          37.77.9.0/24 maxlen: 24
                          37.77.10.0/24 maxlen: 24
                          37.77.15.0/24 maxlen: 24
                          37.77.16.0/24 maxlen: 24
                          37.77.17.0/24 maxlen: 24
                          37.77.18.0/24 maxlen: 24
                          37.77.20.0/24 maxlen: 24
                          37.77.21.0/24 maxlen: 24
                          37.77.22.0/24 maxlen: 24
                          37.77.23.0/24 maxlen: 24
                          37.77.24.0/24 maxlen: 24
                          37.77.26.0/24 maxlen: 24
                          37.77.27.0/24 maxlen: 24
                          37.77.30.0/24 maxlen: 24
                          37.77.31.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 10 Oct 2024 09:19:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c4:2c:98:4d:b7:d8:e5:8b:68:df:b6:45:50:76:4b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29993007c7c92df6178e7cb43183fd7f52a526d8
        Validity
            Not Before: Sep  5 21:52:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39d40a8eb73ed5374c3c0e57993be6b270ec9e15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e7:5f:a6:2b:71:00:ac:86:4b:53:91:d5:22:
                    d8:41:6b:42:2a:d3:f7:ec:08:5f:dd:00:61:2c:27:
                    32:0a:2e:4e:d9:6b:13:ab:bf:a8:eb:4f:1c:32:ab:
                    fc:42:49:ca:9c:a9:e1:e1:9a:9a:6b:bb:cb:6d:8c:
                    bd:34:65:f8:56:53:81:77:2c:2b:cb:48:32:a6:22:
                    76:2a:f4:08:0a:ee:73:f6:cc:f9:0f:26:3c:51:0f:
                    c1:c8:8c:82:e2:6c:8d:84:e5:62:ba:d3:f5:70:d4:
                    10:51:25:2e:00:2b:c1:f3:45:f9:00:1d:2c:ab:89:
                    b3:26:f9:99:db:c2:b6:1a:5e:6c:28:4a:4f:d3:01:
                    d7:6f:6d:44:2c:fb:36:9b:23:90:bc:f6:95:77:8c:
                    42:53:6b:bf:52:08:52:70:59:fc:16:71:4e:ab:5d:
                    ea:60:48:ed:9f:03:ea:ed:0e:19:25:34:07:33:87:
                    fb:d1:fd:66:99:40:49:3e:a8:79:48:a3:b2:81:a3:
                    c0:3d:9b:bf:40:cf:ad:bd:ab:b5:eb:6e:6b:f7:04:
                    25:a6:88:c1:78:0b:78:fc:6f:eb:da:5c:d7:d4:a1:
                    16:ee:e1:f2:72:bd:cd:aa:e0:70:bf:09:31:20:73:
                    ad:61:3f:3b:87:3c:cf:81:bb:6f:5c:01:72:f4:d7:
                    21:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D4:0A:8E:B7:3E:D5:37:4C:3C:0E:57:99:3B:E6:B2:70:EC:9E:15
            X509v3 Authority Key Identifier:
                keyid:29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/OdQKjrc-1TdMPA5XmTvmsnDsnhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         79:5e:e8:b9:53:36:f2:cd:7e:fd:1d:ac:ef:d3:6d:7a:3c:b6:
         ad:e4:06:72:17:02:65:04:f2:3c:7b:f6:34:e9:54:37:d7:4c:
         40:53:ef:39:28:6e:f3:dc:c2:52:8f:89:06:78:50:91:58:42:
         ce:6b:37:c3:8d:94:1b:b4:65:df:26:17:33:f0:99:41:0f:90:
         85:c0:6f:ea:ee:cf:10:30:ce:ed:b5:34:a3:34:7d:b1:5e:54:
         4e:12:8e:43:98:ed:41:47:67:63:08:1e:c0:5e:9a:24:68:80:
         a6:ab:dd:68:b0:b9:3b:dc:48:e2:ba:d4:96:9e:76:41:66:4d:
         6b:47:87:49:c3:32:65:81:5e:3d:8f:51:bc:a1:d0:d2:76:8f:
         54:51:9f:53:10:37:e5:47:82:c3:77:ae:f5:e3:03:83:af:84:
         af:08:85:cc:74:f5:3e:d0:1d:07:b1:83:3d:10:9b:04:9b:d7:
         eb:b0:d3:4c:58:a7:06:fa:ef:6d:ac:55:84:ed:4d:7e:01:96:
         4d:88:51:1c:a0:70:7e:c9:61:ef:4f:5b:28:9c:f5:fb:6d:4d:
         ee:3c:09:eb:8e:81:7f:fd:90:11:bf:96:86:98:85:98:3c:32:
         2d:3f:64:70:fd:36:b9:35:b7:a6:01:ec:66:9a:bd:ab:b4:60:
         35:92:2f:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHELJhNt9jli2jftkVQdkvgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTkzMDA3YzdjOTJkZjYxNzhlN2NiNDMxODNmZDdmNTJh
NTI2ZDgwHhcNMjQwOTA1MjE1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ0MGE4ZWI3M2VkNTM3NGMzYzBlNTc5OTNiZTZiMjcwZWM5ZTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+dfpitxAKyGS1OR1SLYQWtCKtP3
7Ahf3QBhLCcyCi5O2WsTq7+o608cMqv8QknKnKnh4Zqaa7vLbYy9NGX4VlOBdywr
y0gypiJ2KvQICu5z9sz5DyY8UQ/ByIyC4myNhOViutP1cNQQUSUuACvB80X5AB0s
q4mzJvmZ28K2Gl5sKEpP0wHXb21ELPs2myOQvPaVd4xCU2u/UghScFn8FnFOq13q
YEjtnwPq7Q4ZJTQHM4f70f1mmUBJPqh5SKOygaPAPZu/QM+tvau1625r9wQlpojB
eAt4/G/r2lzX1KEW7uHycr3NquBwvwkxIHOtYT87hzzPgbtvXAFy9Nch8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnUCo63PtU3TDwOV5k75rJw7J4VMB8GA1UdIwQY
MBaAFCmZMAfHyS32F458tDGD/X9SpSbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODkt
MWU4MjlmZmExYzNhLzEvT2RRS2pyYy0xVGRNUEE1WG1Udm1zbkRzbmhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODktMWU4MjlmZmExYzNh
LzEvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFJU0AMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Xui5UzbyzX79Hazv0216PLat5AZyFwJlBPI8e/Y0
6VQ310xAU+85KG7z3MJSj4kGeFCRWELOazfDjZQbtGXfJhcz8JlBD5CFwG/q7s8Q
MM7ttTSjNH2xXlROEo5DmO1BR2djCB7AXpokaICmq91osLk73EjiutSWnnZBZk1r
R4dJwzJlgV49j1G8odDSdo9UUZ9TEDflR4LDd6714wODr4SvCIXMdPU+0B0HsYM9
EJsEm9frsNNMWKcG+u9trFWE7U1+AZZNiFEcoHB+yWHvT1sonPX7bU3uPAnrjoF/
/ZARv5aGmIWYPDItP2Rw/Ta5NbemAexmmr2rtGA1ki8d
-----END CERTIFICATE-----