Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FbaoaT-TdyrgVoV-M2BsDaY4GzQ.roa
File:                     FbaoaT-TdyrgVoV-M2BsDaY4GzQ.roa (raw, json)
Hash identifier:          f9FAqKBoyBnsrJcFvZRB8egCsl7bL4AhgXTJ3IrK42Q=
Subject key identifier:   15:B6:A8:69:3F:93:77:2A:E0:56:85:7E:33:60:6C:0D:A6:38:1B:34
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019499E4A734422BC796FAF0968E8AA1F190
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FbaoaT-TdyrgVoV-M2BsDaY4GzQ.roa
Signing time:             Fri 24 Jan 2025 19:58:06 +0000
ROA not before:           Fri 24 Jan 2025 19:58:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        147.45.49.0/24 maxlen: 24
                          147.45.50.0/24 maxlen: 24
                          147.45.51.0/24 maxlen: 24
                          147.45.60.0/24 maxlen: 24
                          147.45.84.0/24 maxlen: 24
                          147.45.85.0/24 maxlen: 24
                          147.45.86.0/24 maxlen: 24
                          147.45.87.0/24 maxlen: 24
                          147.45.116.0/24 maxlen: 24
                          147.45.126.0/24 maxlen: 24
                          147.45.177.0/24 maxlen: 24
                          147.45.178.0/24 maxlen: 24
                          147.45.179.0/24 maxlen: 24
                          147.45.200.0/23 maxlen: 23
                          147.45.202.0/23 maxlen: 23
                          147.45.204.0/24 maxlen: 24
                          147.45.217.0/24 maxlen: 24
                          147.45.221.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 10 Feb 2025 08:57:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:99:e4:a7:34:42:2b:c7:96:fa:f0:96:8e:8a:a1:f1:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan 24 19:58:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15b6a8693f93772ae056857e33606c0da6381b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:41:21:a2:2b:e0:62:55:ae:a5:d7:55:b7:33:
                    21:09:4b:05:fe:24:94:8d:7f:60:73:f9:49:b6:0a:
                    28:09:79:a6:17:b0:08:e7:37:fb:aa:92:9b:1b:75:
                    d0:2b:92:13:0c:24:2e:be:84:59:c5:89:63:3a:f1:
                    7a:44:d1:7a:6c:4c:90:bf:04:0a:2d:50:c8:3b:4f:
                    b4:15:f6:04:42:68:2e:3a:d1:61:ae:fc:17:42:c4:
                    48:da:3c:18:b1:01:20:d2:b0:a0:a3:79:a9:42:bb:
                    6d:92:e9:f1:ec:5d:be:ab:fe:a2:3a:7a:41:0c:1c:
                    2e:5e:21:09:7d:46:b0:7a:ef:a6:6e:fe:84:69:e3:
                    50:de:60:12:9b:c2:14:ca:2e:fb:8f:8d:83:17:94:
                    d4:c4:bc:2e:bb:60:cd:3c:1a:c0:a8:89:61:ca:9f:
                    30:b6:fb:0a:79:4f:00:a2:b5:e4:63:b5:f1:e1:fe:
                    2a:0d:9d:e4:2c:0d:b9:67:d7:09:ae:b2:f0:c7:f9:
                    a3:39:56:be:ad:c9:f1:c5:bd:8b:e1:e4:c9:b2:6e:
                    8e:9a:19:77:a5:50:2b:28:7a:37:23:81:08:9d:f4:
                    57:04:f0:03:58:ed:8a:38:43:61:81:01:23:08:63:
                    59:4d:a8:58:44:54:f6:78:ba:58:68:92:80:4f:63:
                    4b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B6:A8:69:3F:93:77:2A:E0:56:85:7E:33:60:6C:0D:A6:38:1B:34
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FbaoaT-TdyrgVoV-M2BsDaY4GzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.49.0-147.45.51.255
                  147.45.60.0/24
                  147.45.84.0/22
                  147.45.116.0/24
                  147.45.126.0/24
                  147.45.177.0-147.45.179.255
                  147.45.200.0-147.45.204.255
                  147.45.217.0/24
                  147.45.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:42:52:1c:6e:85:df:9b:52:b4:5f:cc:ef:d8:03:0c:ea:46:
         ad:68:2c:37:90:4b:8e:3b:c0:6d:a8:b6:69:1b:28:dc:98:dd:
         77:3a:92:32:9b:28:c5:b1:9c:16:a4:60:5c:76:b6:71:5c:af:
         3c:44:97:fa:7a:f4:03:9b:c7:aa:4e:54:4c:3e:5e:a1:f4:8a:
         07:73:bd:f7:73:16:38:32:2f:b9:54:1a:6c:4f:43:2b:6f:e8:
         58:f7:10:60:ab:a4:dc:58:62:c0:3e:36:f2:f3:2d:a4:48:e8:
         fb:7a:87:84:34:52:45:23:4e:0f:87:fb:90:3d:be:51:7b:fa:
         dc:2b:61:aa:24:b5:99:71:58:48:f4:60:80:68:bd:ae:6f:9a:
         6a:f9:52:d2:c0:df:10:5b:94:1e:91:64:4b:cb:5d:62:27:76:
         a9:1b:87:1a:23:2c:1c:63:42:b3:3d:cc:9e:89:6d:f0:5e:c9:
         23:72:0e:08:d4:5b:62:41:c7:af:d6:fa:ee:01:ce:a3:78:53:
         62:ca:ab:be:10:99:d4:a1:67:0c:29:bb:b1:7e:be:37:dc:2e:
         1b:6f:16:81:7b:99:4e:36:c2:5f:3e:b3:ef:57:e4:36:44:2a:
         f5:58:b9:f9:94:ee:98:af:3d:1d:db:1d:99:ef:c3:36:e5:9d:
         1d:41:b3:a1
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZSZ5Kc0QivHlvrwlo6KofGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTI0MTk1ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWI2YTg2OTNmOTM3NzJhZTA1Njg1N2UzMzYwNmMwZGE2MzgxYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/EEhoivgYlWupddVtzMhCUsF/iSU
jX9gc/lJtgooCXmmF7AI5zf7qpKbG3XQK5ITDCQuvoRZxYljOvF6RNF6bEyQvwQK
LVDIO0+0FfYEQmguOtFhrvwXQsRI2jwYsQEg0rCgo3mpQrttkunx7F2+q/6iOnpB
DBwuXiEJfUaweu+mbv6EaeNQ3mASm8IUyi77j42DF5TUxLwuu2DNPBrAqIlhyp8w
tvsKeU8AorXkY7Xx4f4qDZ3kLA25Z9cJrrLwx/mjOVa+rcnxxb2L4eTJsm6Omhl3
pVArKHo3I4EInfRXBPADWO2KOENhgQEjCGNZTahYRFT2eLpYaJKAT2NLlwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFBW2qGk/k3cq4FaFfjNgbA2mOBs0MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvRmJhb2FULVRkeXJnVm9WLU0yQnNEYVk0R3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBACTLTED
BAKTLTADBACTLTwDBAKTLVQDBACTLXQDBACTLX4wDAMEAJMtsQMEApMtsDAMAwQD
ky3IAwQAky3MAwQAky3ZAwQAky3dMA0GCSqGSIb3DQEBCwUAA4IBAQAqQlIcboXf
m1K0X8zv2AMM6kataCw3kEuOO8BtqLZpGyjcmN13OpIymyjFsZwWpGBcdrZxXK88
RJf6evQDm8eqTlRMPl6h9IoHc733cxY4Mi+5VBpsT0Mrb+hY9xBgq6TcWGLAPjby
8y2kSOj7eoeENFJFI04Ph/uQPb5Re/rcK2GqJLWZcVhI9GCAaL2ub5pq+VLSwN8Q
W5QekWRLy11iJ3apG4caIywcY0KzPcyeiW3wXskjcg4I1FtiQcev1vruAc6jeFNi
yqu+EJnUoWcMKbuxfr433C4bbxaBe5lONsJfPrPvV+Q2RCr1WLn5lO6Yrz0d2x2Z
78M25Z0dQbOh
-----END CERTIFICATE-----