Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/OSFrb-h3pMrohkZPZeGEctGRfgA.roa
File:                     OSFrb-h3pMrohkZPZeGEctGRfgA.roa (raw, json)
Hash identifier:          axER7eiO2sRzpjuBNUiiTbndpMy/XrZ0iodHjxp//1U=
Subject key identifier:   39:21:6B:6F:E8:77:A4:CA:E8:86:46:4F:65:E1:84:72:D1:91:7E:00
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018E9507E0213461F879E7D07F790A232CF7
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/OSFrb-h3pMrohkZPZeGEctGRfgA.roa
Signing time:             Sun 31 Mar 2024 15:01:45 +0000
ROA not before:           Sun 31 Mar 2024 15:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        62.204.37.0/24 maxlen: 24
                          2a13:8e00::/29 maxlen: 29
                          2a13:9200::/29 maxlen: 29
                          2a13:9300::/29 maxlen: 29
                          2a13:a700::/29 maxlen: 29
                          2a13:b100::/29 maxlen: 29
                          2a13:b500::/29 maxlen: 29
                          2a13:b900::/29 maxlen: 29
                          2a13:da00::/29 maxlen: 29
                          2a13:e200::/29 maxlen: 29
                          2a13:e400::/29 maxlen: 29
                          2a13:fe00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 13 May 2024 20:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:07:e0:21:34:61:f8:79:e7:d0:7f:79:0a:23:2c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Mar 31 15:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39216b6fe877a4cae886464f65e18472d1917e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a1:6b:28:a1:4c:01:51:4f:ec:0a:4a:95:68:
                    0b:e4:87:a0:2f:3d:97:45:6e:88:8b:c3:f7:83:ce:
                    6a:b9:d0:fe:aa:6f:0c:f2:c6:27:4a:21:55:55:88:
                    65:10:97:ee:e3:d5:79:5d:1c:3a:9f:bb:ee:00:9f:
                    e7:17:52:04:e1:ae:aa:84:5e:9b:64:65:35:cd:07:
                    e1:5c:69:44:3b:3e:88:e7:b4:d4:b3:79:6f:9d:cd:
                    97:27:ab:bf:d9:9e:b2:87:a2:90:d6:01:23:ea:48:
                    4e:88:4c:3c:84:c6:54:49:c4:83:69:66:96:26:fd:
                    6b:c6:cc:b5:06:58:8b:e9:60:91:a1:80:68:8c:77:
                    72:80:18:98:a5:af:71:24:45:8a:95:af:81:00:9a:
                    a7:9c:fc:0e:7c:f8:6a:13:c7:c4:cf:f4:a8:8c:14:
                    06:7d:ec:60:23:fe:21:4c:82:c8:9a:78:1d:57:76:
                    c3:2d:ac:4d:65:35:20:ec:8a:79:8a:9b:88:13:f3:
                    22:1d:0b:ae:39:80:2b:56:85:71:b5:26:f7:19:65:
                    2f:de:94:d2:c7:90:4e:9f:96:c2:d5:3c:9c:de:5f:
                    1a:0a:d1:ce:c0:df:7e:5b:ff:6d:c7:15:62:77:c7:
                    d8:1c:91:a1:b1:e8:e7:29:c8:de:c9:aa:97:62:3d:
                    df:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:21:6B:6F:E8:77:A4:CA:E8:86:46:4F:65:E1:84:72:D1:91:7E:00
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/OSFrb-h3pMrohkZPZeGEctGRfgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.37.0/24
                IPv6:
                  2a13:8e00::/29
                  2a13:9200::/29
                  2a13:9300::/29
                  2a13:a700::/29
                  2a13:b100::/29
                  2a13:b500::/29
                  2a13:b900::/29
                  2a13:da00::/29
                  2a13:e200::/29
                  2a13:e400::/29
                  2a13:fe00::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:81:f8:f4:69:2f:a8:b8:e6:9b:a6:da:48:bc:54:38:06:01:
         53:10:3c:7e:05:e9:4f:d1:34:0d:d7:32:1a:84:10:86:a6:87:
         33:91:f0:a7:8d:3b:65:b1:9c:00:05:c6:85:6a:d3:aa:b4:c8:
         38:eb:52:b8:0f:7a:90:02:e6:ee:d0:13:d0:5a:5e:bf:23:bd:
         fc:d6:5a:7c:2a:19:6e:7e:d4:f4:b0:f6:4d:81:9c:f2:50:ad:
         18:a3:a3:60:02:cd:8f:14:c4:b7:4f:86:a6:49:19:be:dc:e8:
         22:6b:0a:00:41:e7:2d:79:13:ad:a6:0d:f4:6d:06:51:f4:89:
         68:84:96:6b:cc:15:4e:31:01:ad:1a:78:bb:d1:e3:ec:b8:02:
         20:60:d5:41:1e:8b:7e:12:6b:51:0e:b7:07:01:8f:a7:3c:e3:
         43:59:d7:7f:45:2a:ce:91:65:2a:5c:bb:99:0b:32:1d:5d:30:
         b9:be:bc:e5:55:b4:5a:db:e9:68:be:38:91:38:45:ee:ff:9c:
         42:11:ce:ab:8c:a4:2c:c3:32:8c:79:75:7b:60:9a:f9:9d:1f:
         40:8d:85:e4:0d:a0:f4:08:82:ea:67:d6:10:70:fd:5a:4e:20:
         9e:0d:c2:9d:54:d8:2c:fb:6f:e3:51:97:10:fc:4a:ed:e6:e4:
         09:5c:6f:cd
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAY6VB+AhNGH4eefQf3kKIyz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMzMxMTUwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTIxNmI2ZmU4NzdhNGNhZTg4NjQ2NGY2NWUxODQ3MmQxOTE3ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqFrKKFMAVFP7ApKlWgL5IegLz2X
RW6Ii8P3g85qudD+qm8M8sYnSiFVVYhlEJfu49V5XRw6n7vuAJ/nF1IE4a6qhF6b
ZGU1zQfhXGlEOz6I57TUs3lvnc2XJ6u/2Z6yh6KQ1gEj6khOiEw8hMZUScSDaWaW
Jv1rxsy1BliL6WCRoYBojHdygBiYpa9xJEWKla+BAJqnnPwOfPhqE8fEz/SojBQG
fexgI/4hTILImngdV3bDLaxNZTUg7Ip5ipuIE/MiHQuuOYArVoVxtSb3GWUv3pTS
x5BOn5bC1Tyc3l8aCtHOwN9+W/9txxVid8fYHJGhsejnKcjeyaqXYj3fQQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFDkha2/od6TK6IZGT2XhhHLRkX4AMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvT1NGcmItaDNwTXJvaGtaUFplR0VjdEdSZmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzAMBAIAATAGAwQAPswlMFME
AgACME0DBQMqE44AAwUDKhOSAAMFAyoTkwADBQMqE6cAAwUDKhOxAAMFAyoTtQAD
BQMqE7kAAwUDKhPaAAMFAyoT4gADBQMqE+QAAwUDKhP+ADANBgkqhkiG9w0BAQsF
AAOCAQEACoH49GkvqLjmm6baSLxUOAYBUxA8fgXpT9E0DdcyGoQQhqaHM5Hwp407
ZbGcAAXGhWrTqrTIOOtSuA96kALm7tAT0FpevyO9/NZafCoZbn7U9LD2TYGc8lCt
GKOjYALNjxTEt0+GpkkZvtzoImsKAEHnLXkTraYN9G0GUfSJaISWa8wVTjEBrRp4
u9Hj7LgCIGDVQR6LfhJrUQ63BwGPpzzjQ1nXf0UqzpFlKly7mQsyHV0wub685VW0
WtvpaL44kThF7v+cQhHOq4ykLMMyjHl1e2Ca+Z0fQI2F5A2g9AiC6mfWEHD9Wk4g
ng3CnVTYLPtv41GXEPxK7ebkCVxvzQ==
-----END CERTIFICATE-----