Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/POUnvHY7gccmJgtPdl_tgMgvC_4.roa
File:                     POUnvHY7gccmJgtPdl_tgMgvC_4.roa (raw, json)
Hash identifier:          KJ46rR6FZAQNqEUWiqfbjcMTw8nhR1KjhccRKsqjRg0=
Subject key identifier:   3C:E5:27:BC:76:3B:81:C7:26:26:0B:4F:76:5F:ED:80:C8:2F:0B:FE
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019386206606C48028E16C7278D1A07F1307
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/POUnvHY7gccmJgtPdl_tgMgvC_4.roa
Signing time:             Mon 02 Dec 2024 06:48:10 +0000
ROA not before:           Mon 02 Dec 2024 06:48:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44050
IP address blocks:        5.101.89.0/24 maxlen: 24
                          37.139.48.0/23 maxlen: 24
                          45.156.212.0/22 maxlen: 22
                          45.159.200.0/22 maxlen: 22
                          46.161.16.0/22 maxlen: 22
                          46.161.24.0/23 maxlen: 24
                          91.151.176.0/20 maxlen: 20
                          95.215.0.0/22 maxlen: 24
                          188.143.128.0/17 maxlen: 24
                          195.2.240.0/23 maxlen: 24
                          2a00:1d78::/32 maxlen: 48
                          2a00:1d78:666::/64 maxlen: 64
                          2a01:8380::/32 maxlen: 32
                          2a0c:8700::/29 maxlen: 29
                          2a0d:8fc0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 15:49:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:86:20:66:06:c4:80:28:e1:6c:72:78:d1:a0:7f:13:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Dec  2 06:48:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ce527bc763b81c726260b4f765fed80c82f0bfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e3:40:ea:a4:3d:5c:be:78:1f:ea:47:68:23:
                    17:6c:29:f3:d6:64:24:1d:43:2d:f6:bf:89:cc:7d:
                    5b:6e:ce:14:97:d7:8b:3b:3b:be:5c:db:d5:57:45:
                    8e:ee:65:dd:31:d6:9b:e7:f8:91:25:1b:01:e2:77:
                    9e:8b:10:7b:75:e0:55:d2:3d:29:5d:52:e4:1d:b0:
                    47:09:a8:82:58:aa:ee:a3:a6:52:81:f1:9f:39:d5:
                    86:de:af:cd:58:c9:ce:c7:3c:01:e0:d7:19:33:5f:
                    5b:a2:e8:0a:25:0f:e8:fe:8b:a4:99:40:39:59:d5:
                    a9:35:a2:0a:b3:c1:25:ae:4d:19:eb:4e:c0:30:4e:
                    85:9a:ef:ff:f6:a5:76:c9:90:5f:d4:78:dd:fd:62:
                    93:a6:1d:3b:18:89:d0:48:e8:b9:1c:66:c9:08:83:
                    85:92:f9:22:86:3c:3d:52:b5:6e:ac:2b:db:2c:56:
                    ca:8d:d7:ce:46:e9:01:9c:ac:16:2e:e4:e8:60:00:
                    9d:3a:7a:81:12:f8:07:91:17:a9:aa:20:93:d4:2d:
                    5e:e3:1c:50:d3:8b:c2:71:46:2d:58:2e:4a:16:0e:
                    74:7c:a1:af:b5:91:24:3d:59:6d:18:f5:d0:89:39:
                    cd:ba:61:10:03:a3:49:d5:f0:df:9a:d6:72:a3:3c:
                    6c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:E5:27:BC:76:3B:81:C7:26:26:0B:4F:76:5F:ED:80:C8:2F:0B:FE
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/POUnvHY7gccmJgtPdl_tgMgvC_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.89.0/24
                  37.139.48.0/23
                  45.156.212.0/22
                  45.159.200.0/22
                  46.161.16.0/22
                  46.161.24.0/23
                  91.151.176.0/20
                  95.215.0.0/22
                  188.143.128.0/17
                  195.2.240.0/23
                IPv6:
                  2a00:1d78::/32
                  2a01:8380::/32
                  2a0c:8700::/29
                  2a0d:8fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:dd:21:39:6e:c4:1e:8f:3f:96:be:8f:52:ed:87:f0:0a:6c:
         ec:5f:b5:d2:01:59:a6:12:c9:fb:57:17:41:34:ba:6e:73:66:
         d8:d5:a4:8b:9f:c8:d3:28:a1:d2:b1:9f:cd:b1:34:57:95:52:
         04:27:d4:85:e6:f8:38:2b:d6:eb:3f:c1:d1:32:8b:f8:3e:2d:
         bb:48:b2:19:e7:8b:54:c3:29:0f:c9:0a:e5:86:f5:27:f8:23:
         f2:bf:1b:c0:c5:93:d1:3c:07:49:38:1e:db:77:53:c9:68:96:
         92:bc:d7:10:7b:1e:0f:64:8f:8a:86:7b:dc:a6:d8:14:fd:0f:
         4e:90:27:6a:1b:33:b0:bc:67:ed:e1:4a:4f:da:9a:a3:63:c6:
         72:ac:47:ef:4e:9e:05:6f:bd:da:c9:65:ec:d4:1c:c5:8c:e7:
         7b:7b:bd:75:c4:9e:09:90:67:ab:00:59:63:9b:46:b6:87:73:
         12:eb:da:df:76:1e:e9:31:ac:4e:bd:70:88:d9:5d:1f:39:36:
         2b:0f:33:3f:c9:93:dd:70:d5:ff:f5:c7:18:4e:f6:e6:b1:e6:
         55:4b:b6:49:b1:32:98:4e:26:98:90:65:fa:2c:b8:e6:5d:b6:
         24:fe:f5:74:55:1d:09:2e:18:10:2c:b0:c4:27:94:f3:9d:39:
         d2:5e:78:42
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZOGIGYGxIAo4WxyeNGgfxMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQxMjAyMDY0ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2U1MjdiYzc2M2I4MWM3MjYyNjBiNGY3NjVmZWQ4MGM4MmYwYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+NA6qQ9XL54H+pHaCMXbCnz1mQk
HUMt9r+JzH1bbs4Ul9eLOzu+XNvVV0WO7mXdMdab5/iRJRsB4neeixB7deBV0j0p
XVLkHbBHCaiCWKruo6ZSgfGfOdWG3q/NWMnOxzwB4NcZM19bougKJQ/o/oukmUA5
WdWpNaIKs8Elrk0Z607AME6Fmu//9qV2yZBf1Hjd/WKTph07GInQSOi5HGbJCIOF
kvkihjw9UrVurCvbLFbKjdfORukBnKwWLuToYACdOnqBEvgHkRepqiCT1C1e4xxQ
04vCcUYtWC5KFg50fKGvtZEkPVltGPXQiTnNumEQA6NJ1fDfmtZyozxspwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFDzlJ7x2O4HHJiYLT3Zf7YDILwv+MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvUE9VbnZIWTdnY2NtSmd0UGRsX3RnTWd2Q180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBCBAIAATA8AwQABWVZAwQB
JYswAwQCLZzUAwQCLZ/IAwQCLqEQAwQBLqEYAwQEW5ewAwQCX9cAAwQHvI+AAwQB
wwLwMCIEAgACMBwDBQAqAB14AwUAKgGDgAMFAyoMhwADBQMqDY/AMA0GCSqGSIb3
DQEBCwUAA4IBAQCR3SE5bsQejz+Wvo9S7YfwCmzsX7XSAVmmEsn7VxdBNLpuc2bY
1aSLn8jTKKHSsZ/NsTRXlVIEJ9SF5vg4K9brP8HRMov4Pi27SLIZ54tUwykPyQrl
hvUn+CPyvxvAxZPRPAdJOB7bd1PJaJaSvNcQex4PZI+KhnvcptgU/Q9OkCdqGzOw
vGft4UpP2pqjY8ZyrEfvTp4Fb73ayWXs1BzFjOd7e711xJ4JkGerAFljm0a2h3MS
69rfdh7pMaxOvXCI2V0fOTYrDzM/yZPdcNX/9ccYTvbmseZVS7ZJsTKYTiaYkGX6
LLjmXbYk/vV0VR0JLhgQLLDEJ5TznTnSXnhC
-----END CERTIFICATE-----