Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/SO3vvqJe26SLdKjt3fnXsFO5R7w.roa
File:                     SO3vvqJe26SLdKjt3fnXsFO5R7w.roa (raw, json)
Hash identifier:          iSpUMYJpcGJmS+Qu5UQ777e26VfIqrTzg4LQ0NBlM2o=
Subject key identifier:   48:ED:EF:BE:A2:5E:DB:A4:8B:74:A8:ED:DD:F9:D7:B0:53:B9:47:BC
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019378937592069EB7385C505D77D5B04DFD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/SO3vvqJe26SLdKjt3fnXsFO5R7w.roa
Signing time:             Fri 29 Nov 2024 15:39:10 +0000
ROA not before:           Fri 29 Nov 2024 15:39:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205463
IP address blocks:        2.56.108.0/24 maxlen: 24
                          2.56.109.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          45.94.170.0/24 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.151.3.0/24 maxlen: 24
                          85.209.120.0/24 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          194.15.52.0/24 maxlen: 24
                          195.211.191.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 30 Nov 2024 21:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:78:93:75:92:06:9e:b7:38:5c:50:5d:77:d5:b0:4d:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov 29 15:39:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48edefbea25edba48b74a8edddf9d7b053b947bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:48:90:95:f1:f4:cc:a3:a0:19:b0:4a:c5:ad:
                    43:c9:85:b7:5f:6c:e2:44:57:4b:8f:36:16:56:23:
                    5c:d2:71:18:4c:df:13:68:df:94:e0:d4:08:58:26:
                    69:e8:22:7f:dd:7e:4e:24:11:3d:ef:d3:fa:9e:6f:
                    db:f4:b0:57:69:89:75:39:50:80:89:e0:87:e2:2e:
                    b6:21:98:81:5e:be:b3:b4:91:2d:0d:61:9c:2d:d4:
                    1b:8b:ca:94:8e:11:e4:5f:5f:94:1f:8e:6a:b2:eb:
                    8b:5e:59:1a:f2:66:ca:78:df:5c:8c:ac:97:11:a2:
                    4d:20:5a:23:a7:08:4a:95:b6:ef:c3:fd:7a:2a:af:
                    2a:cd:0c:6f:3c:ee:2a:b3:8f:e9:a0:60:39:6e:1e:
                    f0:66:27:6b:77:6e:c8:0a:6f:4b:0c:36:71:91:ec:
                    96:83:f0:e5:37:9a:72:8a:34:76:ea:64:82:df:c7:
                    34:9a:04:02:f8:28:f8:73:77:38:b4:da:da:46:18:
                    57:9c:39:0c:aa:a2:79:27:57:01:88:67:3c:59:6f:
                    7c:7c:f3:b1:f1:93:b2:8c:f0:4d:2f:b4:77:13:62:
                    58:d6:0e:6d:99:a7:f7:d3:33:2a:1e:43:e5:68:8e:
                    1d:e7:40:3c:0d:4e:25:af:d3:77:63:b0:4a:e5:78:
                    08:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:ED:EF:BE:A2:5E:DB:A4:8B:74:A8:ED:DD:F9:D7:B0:53:B9:47:BC
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/SO3vvqJe26SLdKjt3fnXsFO5R7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/23
                  45.81.113.0/24
                  45.81.115.0/24
                  45.88.139.0/24
                  45.94.170.0/24
                  45.132.181.0/24
                  45.151.3.0/24
                  85.209.120.0/24
                  193.57.41.0/24
                  194.15.52.0/24
                  195.211.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:89:ad:10:16:49:62:12:e5:1b:69:6b:90:3f:d9:63:bb:c2:
         8b:b9:1c:6b:d0:a0:de:48:64:f3:5a:39:32:9f:b5:b5:a3:b4:
         d4:00:c2:7a:d8:57:47:bc:a1:13:e9:0f:a6:54:bd:52:7a:3c:
         af:01:7a:9b:d3:be:84:11:f1:5e:98:0a:89:7a:a1:ca:52:c8:
         5e:5e:9f:dc:f2:13:aa:61:cd:fb:fc:20:03:18:4a:78:40:ee:
         9c:40:85:f9:58:b9:5d:3b:42:4b:2e:5e:df:69:6e:45:db:72:
         d9:48:7e:19:64:a6:44:99:b4:0a:1e:ad:46:e8:4a:b1:0e:02:
         4d:6a:51:eb:b0:01:a6:3b:0b:7e:f1:ff:33:b0:6c:10:f6:e8:
         79:c6:41:4b:9a:58:68:a3:72:a2:8b:39:f0:99:9f:6d:6a:21:
         2b:81:f3:16:ce:3a:0d:5e:87:ca:4e:b5:25:a5:d9:a1:32:03:
         9d:0e:0b:d1:5b:ab:82:5e:66:32:ce:dc:e6:1d:6d:d9:06:c2:
         24:05:69:70:2b:16:11:dd:7d:1b:13:37:42:4b:86:77:93:5f:
         38:a3:2b:f8:12:4e:6e:0c:1b:c0:a7:b1:aa:e0:e1:9d:93:88:
         68:3b:ce:92:3e:09:01:4f:7f:80:49:3f:86:d1:d7:8f:f1:1a:
         b1:8b:d4:68
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZN4k3WSBp63OFxQXXfVsE39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQxMTI5MTUzOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGVkZWZiZWEyNWVkYmE0OGI3NGE4ZWRkZGY5ZDdiMDUzYjk0N2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEiQlfH0zKOgGbBKxa1DyYW3X2zi
RFdLjzYWViNc0nEYTN8TaN+U4NQIWCZp6CJ/3X5OJBE979P6nm/b9LBXaYl1OVCA
ieCH4i62IZiBXr6ztJEtDWGcLdQbi8qUjhHkX1+UH45qsuuLXlka8mbKeN9cjKyX
EaJNIFojpwhKlbbvw/16Kq8qzQxvPO4qs4/poGA5bh7wZidrd27ICm9LDDZxkeyW
g/DlN5pyijR26mSC38c0mgQC+Cj4c3c4tNraRhhXnDkMqqJ5J1cBiGc8WW98fPOx
8ZOyjPBNL7R3E2JY1g5tmaf30zMqHkPlaI4d50A8DU4lr9N3Y7BK5XgIrQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEjt776iXtuki3So7d3517BTuUe8MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvU08zdnZxSmUyNlNMZEtqdDNmblhzRk81Ujd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBAjhsAwQA
LVFxAwQALVFzAwQALViLAwQALV6qAwQALYS1AwQALZcDAwQAVdF4AwQAwTkpAwQA
wg80AwQAw9O/MA0GCSqGSIb3DQEBCwUAA4IBAQBCia0QFkliEuUbaWuQP9lju8KL
uRxr0KDeSGTzWjkyn7W1o7TUAMJ62FdHvKET6Q+mVL1SejyvAXqb076EEfFemAqJ
eqHKUsheXp/c8hOqYc37/CADGEp4QO6cQIX5WLldO0JLLl7faW5F23LZSH4ZZKZE
mbQKHq1G6EqxDgJNalHrsAGmOwt+8f8zsGwQ9uh5xkFLmlhoo3KiiznwmZ9taiEr
gfMWzjoNXofKTrUlpdmhMgOdDgvRW6uCXmYyztzmHW3ZBsIkBWlwKxYR3X0bEzdC
S4Z3k184oyv4Ek5uDBvAp7Gq4OGdk4hoO86SPgkBT3+AST+G0deP8Rqxi9Ro
-----END CERTIFICATE-----