Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/KPjVkE0m6rZKdLnDtrm45p4KCa0.roa
File:                     KPjVkE0m6rZKdLnDtrm45p4KCa0.roa (raw, json)
Hash identifier:          5C2SbeMLhEWx2q5b5GfneUAc6VaFDBhb09/va/l6H/8=
Subject key identifier:   28:F8:D5:90:4D:26:EA:B6:4A:74:B9:C3:B6:B9:B8:E6:9E:0A:09:AD
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019242249E92FEFC44AD3B174A6DE0CE3C84
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/KPjVkE0m6rZKdLnDtrm45p4KCa0.roa
Signing time:             Mon 30 Sep 2024 08:55:48 +0000
ROA not before:           Mon 30 Sep 2024 08:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35277
IP address blocks:        5.8.45.0/24 maxlen: 24
                          5.8.46.0/24 maxlen: 24
                          5.8.47.0/24 maxlen: 24
                          5.101.44.0/24 maxlen: 24
                          5.101.45.0/24 maxlen: 24
                          5.101.46.0/24 maxlen: 24
                          5.101.47.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.188.200.0/24 maxlen: 24
                          5.188.201.0/24 maxlen: 24
                          5.188.202.0/24 maxlen: 24
                          5.189.216.0/24 maxlen: 24
                          5.189.217.0/24 maxlen: 24
                          5.189.218.0/24 maxlen: 24
                          5.189.219.0/24 maxlen: 24
                          5.189.252.0/24 maxlen: 24
                          5.189.253.0/24 maxlen: 24
                          5.189.255.0/24 maxlen: 24
                          91.243.40.0/24 maxlen: 24
                          91.243.43.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 11 Oct 2024 08:27:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:24:9e:92:fe:fc:44:ad:3b:17:4a:6d:e0:ce:3c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Sep 30 08:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28f8d5904d26eab64a74b9c3b6b9b8e69e0a09ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:65:18:60:c5:3d:ba:79:d1:b6:00:7f:6e:4b:
                    7b:c2:43:1c:36:00:b1:f2:e7:fd:fd:6f:cf:7f:8f:
                    16:1d:4a:60:16:5c:d9:c3:cd:4f:8c:47:d9:53:29:
                    92:33:23:ee:92:88:c1:e7:c7:2a:e8:34:b9:87:83:
                    b5:dd:f8:02:aa:0e:ab:a4:7a:8b:2d:3b:d1:70:a0:
                    62:a1:d1:b3:98:1f:fa:26:a6:c3:e9:29:82:ce:a0:
                    76:bb:8e:a9:14:7b:bf:f8:24:c8:f4:60:34:22:a4:
                    7b:fe:c0:29:d2:fe:8e:98:bf:25:c1:7d:75:52:ce:
                    95:4f:d5:c9:18:ec:5b:b2:c0:2b:aa:88:fe:c6:b9:
                    d6:09:08:3d:23:ff:5b:5a:f0:b6:e6:75:88:02:c9:
                    25:12:3e:19:77:1d:35:ec:9c:61:b4:ee:80:da:a5:
                    9b:29:56:99:0a:94:26:df:f3:af:0e:d7:38:7f:73:
                    60:ee:cb:c7:40:ee:57:76:2b:45:f5:ef:df:3f:ad:
                    1a:df:b6:27:7f:2b:fd:ad:7f:60:23:e6:03:97:e5:
                    f8:48:ac:77:21:d4:0e:cd:9a:eb:51:8e:8f:d2:86:
                    16:08:d6:bd:8c:76:3d:5f:13:60:4f:27:b5:b2:1b:
                    65:8c:1c:da:6e:70:8e:3e:82:bf:9e:51:ea:2b:22:
                    d7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:F8:D5:90:4D:26:EA:B6:4A:74:B9:C3:B6:B9:B8:E6:9E:0A:09:AD
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/KPjVkE0m6rZKdLnDtrm45p4KCa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.45.0-5.8.47.255
                  5.101.44.0/22
                  5.188.50.0/24
                  5.188.200.0-5.188.202.255
                  5.189.216.0/22
                  5.189.252.0/23
                  5.189.255.0/24
                  91.243.40.0/24
                  91.243.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:c7:b3:af:8b:70:a4:cf:1c:ad:1d:12:a9:4f:85:c1:4f:77:
         67:57:31:1d:5c:de:4f:a3:60:e5:0e:6a:c5:e2:6a:8e:db:d4:
         69:34:2d:fe:cf:34:38:b2:29:19:46:9b:85:54:ec:c9:bc:9f:
         17:ca:f5:b8:d1:16:3e:92:ee:91:e2:68:8e:c1:c7:ef:b9:21:
         1a:7b:33:ab:20:99:ce:cb:5e:b9:f7:ad:f6:f6:51:4e:16:c2:
         1c:78:5d:2b:ac:9c:b4:3d:26:2b:36:4a:e4:60:b1:48:ae:7a:
         3e:87:9c:f5:94:d6:ca:11:7b:24:85:5b:85:28:fc:6c:50:d8:
         d7:cf:64:f3:49:c6:0d:09:fd:74:9c:b0:73:8a:10:24:90:05:
         18:c0:11:16:dd:d6:a5:f8:20:d7:bb:91:de:6c:af:56:c0:01:
         1b:a1:0f:eb:9f:2d:46:e2:d1:68:e3:26:2a:6a:a5:77:2b:28:
         5f:2c:9a:6c:b8:5a:b6:2d:39:0f:f4:ae:82:ef:2f:74:60:e6:
         42:07:01:39:ab:0e:b7:f1:ed:b4:12:30:14:bf:55:11:63:98:
         07:df:8f:75:81:24:95:cf:0b:75:90:06:23:17:5a:e5:bd:e2:
         82:32:64:33:6f:e7:3f:d4:ff:ad:f2:91:a2:ea:18:18:ed:dd:
         e5:81:c7:85
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZJCJJ6S/vxErTsXSm3gzjyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwOTMwMDg1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGY4ZDU5MDRkMjZlYWI2NGE3NGI5YzNiNmI5YjhlNjllMGEwOWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2UYYMU9unnRtgB/bkt7wkMcNgCx
8uf9/W/Pf48WHUpgFlzZw81PjEfZUymSMyPukojB58cq6DS5h4O13fgCqg6rpHqL
LTvRcKBiodGzmB/6JqbD6SmCzqB2u46pFHu/+CTI9GA0IqR7/sAp0v6OmL8lwX11
Us6VT9XJGOxbssArqoj+xrnWCQg9I/9bWvC25nWIAsklEj4Zdx017JxhtO6A2qWb
KVaZCpQm3/OvDtc4f3Ng7svHQO5XditF9e/fP60a37Ynfyv9rX9gI+YDl+X4SKx3
IdQOzZrrUY6P0oYWCNa9jHY9XxNgTye1shtljBzabnCOPoK/nlHqKyLXEwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFCj41ZBNJuq2SnS5w7a5uOaeCgmtMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvS1BqVmtFMG02clpLZExuRHRybTQ1cDRLQ2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBAAFCC0D
BAQFCCADBAIFZSwDBAAFvDIwDAMEAwW8yAMEAAW8ygMEAgW92AMEAQW9/AMEAAW9
/wMEAFvzKAMEAFvzKzANBgkqhkiG9w0BAQsFAAOCAQEAuMezr4twpM8crR0SqU+F
wU93Z1cxHVzeT6Ng5Q5qxeJqjtvUaTQt/s80OLIpGUabhVTsybyfF8r1uNEWPpLu
keJojsHH77khGnszqyCZzsteufet9vZRThbCHHhdK6yctD0mKzZK5GCxSK56Poec
9ZTWyhF7JIVbhSj8bFDY189k80nGDQn9dJywc4oQJJAFGMARFt3Wpfgg17uR3myv
VsABG6EP658tRuLRaOMmKmqldysoXyyabLhati05D/Sugu8vdGDmQgcBOasOt/Ht
tBIwFL9VEWOYB9+PdYEklc8LdZAGIxda5b3igjJkM2/nP9T/rfKRouoYGO3d5YHH
hQ==
-----END CERTIFICATE-----