Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/SpGMqSy3DaIJW8WkJAJdKc4Vjdc.roa
File:                     SpGMqSy3DaIJW8WkJAJdKc4Vjdc.roa (raw, json)
Hash identifier:          dM3C11N97XEOZoeEAzj6vAxRjY1+G3ySB9ay3vEcqCQ=
Subject key identifier:   4A:91:8C:A9:2C:B7:0D:A2:09:5B:C5:A4:24:02:5D:29:CE:15:8D:D7
Certificate issuer:       /CN=88678ca34c3c6365fb616a66077160a494a6e9d6
Certificate serial:       0196C36A5F8401FE758B1F48F0371F8BC825
Authority key identifier: 88:67:8C:A3:4C:3C:63:65:FB:61:6A:66:07:71:60:A4:94:A6:E9:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/SpGMqSy3DaIJW8WkJAJdKc4Vjdc.roa
Signing time:             Mon 12 May 2025 07:34:10 +0000
ROA not before:           Mon 12 May 2025 07:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12479
IP address blocks:        62.32.128.0/17 maxlen: 24
                          62.32.128.0/19 maxlen: 24
                          62.32.160.0/19 maxlen: 24
                          62.32.192.0/19 maxlen: 24
                          62.32.192.0/20 maxlen: 24
                          62.32.208.0/20 maxlen: 24
                          62.32.224.0/19 maxlen: 24
                          83.231.0.0/17 maxlen: 17
                          83.231.0.0/19 maxlen: 24
                          83.231.40.0/24 maxlen: 24
                          83.231.41.0/24 maxlen: 24
                          83.231.42.0/24 maxlen: 24
                          83.231.43.0/24 maxlen: 24
                          83.231.48.0/21 maxlen: 24
                          83.231.56.0/21 maxlen: 24
                          83.231.64.0/18 maxlen: 24
                          185.124.28.0/22 maxlen: 24
                          212.169.128.0/17 maxlen: 24
                          213.143.32.0/19 maxlen: 19
                          213.143.32.0/24 maxlen: 24
                          213.143.44.0/22 maxlen: 24
                          213.143.48.0/22 maxlen: 24
                          213.143.56.0/21 maxlen: 24
Validation:               Failed, certificate revoked on Mon 12 May 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:6a:5f:84:01:fe:75:8b:1f:48:f0:37:1f:8b:c8:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88678ca34c3c6365fb616a66077160a494a6e9d6
        Validity
            Not Before: May 12 07:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a918ca92cb70da2095bc5a424025d29ce158dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:99:54:9c:27:8b:64:62:d6:83:e4:1b:dd:fe:
                    bc:4d:ec:38:09:64:6e:cc:fb:c2:c6:ab:9e:55:1f:
                    ae:98:7a:a6:77:83:d4:99:fc:c7:4d:78:ea:d1:7f:
                    03:cc:7b:26:28:04:9a:bb:d8:6d:c1:01:60:86:a6:
                    00:c8:38:43:ad:7d:a8:70:2f:e4:b6:5e:57:3c:64:
                    d8:59:32:ce:2a:90:64:df:b4:41:3f:6a:39:73:4e:
                    85:f5:f0:3a:6c:ae:95:04:64:1c:1d:86:35:db:0d:
                    09:71:25:4c:03:71:74:30:d4:7e:a9:f8:84:fd:ff:
                    06:ad:8b:44:56:3e:48:1b:72:b9:c5:81:0b:b5:16:
                    86:f8:47:a4:88:f7:62:13:a3:cf:aa:c9:0d:5d:72:
                    80:38:74:e5:7b:08:30:ce:bd:01:3c:ce:8f:3a:5f:
                    1b:e2:d5:18:b5:af:1c:cc:22:44:2e:7e:c4:b0:06:
                    36:58:9a:57:02:77:a8:2e:c3:be:c3:d8:64:1b:53:
                    5e:3e:0c:d8:0f:56:b1:d0:65:88:5b:36:be:97:b1:
                    18:e1:f7:7e:30:81:40:d3:a9:01:25:0f:a0:84:1b:
                    86:ca:c6:a3:24:b5:ad:16:59:95:f0:02:a4:ca:97:
                    46:c2:2a:bf:6a:5b:70:ff:d1:61:da:73:10:fb:36:
                    66:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:91:8C:A9:2C:B7:0D:A2:09:5B:C5:A4:24:02:5D:29:CE:15:8D:D7
            X509v3 Authority Key Identifier:
                keyid:88:67:8C:A3:4C:3C:63:65:FB:61:6A:66:07:71:60:A4:94:A6:E9:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/SpGMqSy3DaIJW8WkJAJdKc4Vjdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3baacc-4201-4951-8354-f85f721fb1b8/1/iGeMo0w8Y2X7YWpmB3FgpJSm6dY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.32.128.0/17
                  83.231.0.0/17
                  185.124.28.0/22
                  212.169.128.0/17
                  213.143.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         91:8e:ea:6b:2b:2a:d0:7f:69:ca:e3:d8:dd:cc:fb:69:46:93:
         a4:30:44:98:ec:ff:fa:cc:cf:66:c7:f2:07:04:8b:3f:9d:fd:
         b0:a6:d8:13:63:25:31:6c:6b:3a:fa:e8:5a:32:fb:eb:b5:a2:
         62:5f:9c:6a:b4:91:30:c1:a2:45:20:e7:23:1b:66:f7:be:d9:
         f2:0a:c9:fc:57:d4:f6:1f:8d:3a:43:88:51:0e:04:fa:2b:38:
         c7:86:d7:39:25:47:7a:53:9b:5d:b5:a6:08:c1:06:e0:40:d5:
         21:44:39:e6:7b:9f:56:e1:0b:02:99:86:0f:b8:4e:3c:f0:00:
         09:5d:b5:f1:b1:97:46:12:8d:e2:33:f9:36:4d:2b:fb:1c:eb:
         a9:6e:fe:f2:f6:4e:74:c7:84:eb:19:39:81:77:90:9f:42:aa:
         1d:83:88:0c:61:43:09:f1:cf:69:e7:8f:ce:11:af:2d:52:a8:
         1a:c9:cc:d4:e8:46:29:a5:95:db:b3:e0:c4:c3:3a:cc:66:0f:
         72:29:c0:c4:39:77:2a:35:b0:39:cc:ed:0e:57:89:64:87:32:
         13:25:93:bc:5b:04:54:4c:48:db:12:15:07:fb:44:46:53:b1:
         a0:83:36:06:bd:c1:93:f3:a7:0c:8c:a6:d3:68:39:6d:39:38:
         12:ae:bc:0e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZbDal+EAf51ix9I8Dcfi8glMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4Njc4Y2EzNGMzYzYzNjVmYjYxNmE2NjA3NzE2MGE0OTRh
NmU5ZDYwHhcNMjUwNTEyMDczNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTkxOGNhOTJjYjcwZGEyMDk1YmM1YTQyNDAyNWQyOWNlMTU4ZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZlUnCeLZGLWg+Qb3f68Tew4CWRu
zPvCxqueVR+umHqmd4PUmfzHTXjq0X8DzHsmKASau9htwQFghqYAyDhDrX2ocC/k
tl5XPGTYWTLOKpBk37RBP2o5c06F9fA6bK6VBGQcHYY12w0JcSVMA3F0MNR+qfiE
/f8GrYtEVj5IG3K5xYELtRaG+EekiPdiE6PPqskNXXKAOHTlewgwzr0BPM6POl8b
4tUYta8czCJELn7EsAY2WJpXAneoLsO+w9hkG1NePgzYD1ax0GWIWza+l7EY4fd+
MIFA06kBJQ+ghBuGysajJLWtFlmV8AKkypdGwiq/altw/9Fh2nMQ+zZm5QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEqRjKkstw2iCVvFpCQCXSnOFY3XMB8GA1UdIwQY
MBaAFIhnjKNMPGNl+2FqZgdxYKSUpunWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUdlTW8wdzhZMlg3WVdwbUIzRmdwSlNtNmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zYmFhY2MtNDIwMS00OTUxLTgzNTQt
Zjg1ZjcyMWZiMWI4LzEvU3BHTXFTeTNEYUlKVzhXa0pBSmRLYzRWamRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zYmFhY2MtNDIwMS00OTUxLTgzNTQtZjg1ZjcyMWZiMWI4
LzEvaUdlTW8wdzhZMlg3WVdwbUIzRmdwSlNtNmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQHPiCAAwQH
U+cAAwQCuXwcAwQH1KmAAwQF1Y8gMA0GCSqGSIb3DQEBCwUAA4IBAQCRjuprKyrQ
f2nK49jdzPtpRpOkMESY7P/6zM9mx/IHBIs/nf2wptgTYyUxbGs6+uhaMvvrtaJi
X5xqtJEwwaJFIOcjG2b3vtnyCsn8V9T2H406Q4hRDgT6KzjHhtc5JUd6U5tdtaYI
wQbgQNUhRDnme59W4QsCmYYPuE488AAJXbXxsZdGEo3iM/k2TSv7HOupbv7y9k50
x4TrGTmBd5CfQqodg4gMYUMJ8c9p54/OEa8tUqgayczU6EYppZXbs+DEwzrMZg9y
KcDEOXcqNbA5zO0OV4lkhzITJZO8WwRUTEjbEhUH+0RGU7GggzYGvcGT86cMjKbT
aDltOTgSrrwO
-----END CERTIFICATE-----