Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nCBd4cJL6mp4PLSom8KtYrehMgs.roa
File:                     nCBd4cJL6mp4PLSom8KtYrehMgs.roa (raw, json)
Hash identifier:          6sTj1F7k9ziu7hFIusa/R0qu2P27TdbtH0LguKvTpa0=
Subject key identifier:   9C:20:5D:E1:C2:4B:EA:6A:78:3C:B4:A8:9B:C2:AD:62:B7:A1:32:0B
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0C3B7CF0D72901A2D8531E4C6B3E
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nCBd4cJL6mp4PLSom8KtYrehMgs.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        91.243.44.0/22 maxlen: 22
                          5.188.10.0/23 maxlen: 23
                          46.161.26.0/24 maxlen: 24
                          5.8.66.0/23 maxlen: 23
                          91.243.52.0/22 maxlen: 22
                          91.243.56.0/22 maxlen: 22
                          46.161.28.0/22 maxlen: 22
                          5.101.92.0/22 maxlen: 22
                          46.161.41.0/24 maxlen: 24
                          5.188.48.0/23 maxlen: 23
                          5.188.60.0/23 maxlen: 23
                          91.243.32.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 15:49:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0c:3b:7c:f0:d7:29:01:a2:d8:53:1e:4c:6b:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c205de1c24bea6a783cb4a89bc2ad62b7a1320b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:12:74:41:47:f2:2d:24:b7:9c:13:04:07:42:
                    c0:59:e4:4d:32:f3:28:3b:a6:e9:55:06:ae:fb:be:
                    d6:c8:ca:4a:b5:9b:f3:1c:2d:d0:33:f0:b5:8f:bb:
                    04:40:9b:a7:f1:33:84:6e:33:7e:6c:6e:30:ed:57:
                    ff:2b:b6:35:92:3c:da:f2:2d:2b:38:b2:cc:0c:cc:
                    7f:61:92:08:e6:fc:c1:a5:b9:45:ae:dd:84:c7:0e:
                    72:52:ad:b9:a6:2f:e6:0e:3c:f5:e5:31:06:21:99:
                    08:3d:18:73:3b:02:c1:ca:1f:15:0e:6c:6d:df:6b:
                    c0:5d:eb:70:de:9d:f6:53:1e:af:4f:8a:51:d4:68:
                    dc:39:07:ec:f4:48:c0:04:92:c1:33:09:ff:7d:3f:
                    6b:0e:ef:c1:ad:24:88:0c:fb:34:94:52:31:b8:64:
                    47:e6:1e:51:62:66:99:af:57:45:cd:ac:6c:15:9d:
                    07:43:21:35:fb:92:17:0a:7c:74:29:08:72:84:63:
                    e8:d4:3c:6e:5c:69:87:42:09:5f:81:85:d6:e4:f4:
                    c9:31:f2:6a:8e:ed:75:1a:3c:a6:6a:ac:f0:59:99:
                    69:02:1e:98:8b:cc:c2:c5:c0:5d:42:be:3e:3c:e4:
                    fd:5a:13:dc:d5:13:ce:a7:3d:9d:d2:36:89:39:a1:
                    96:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:20:5D:E1:C2:4B:EA:6A:78:3C:B4:A8:9B:C2:AD:62:B7:A1:32:0B
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nCBd4cJL6mp4PLSom8KtYrehMgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.66.0/23
                  5.101.92.0/22
                  5.188.10.0/23
                  5.188.48.0/23
                  5.188.60.0/23
                  46.161.26.0/24
                  46.161.28.0/22
                  46.161.41.0/24
                  91.243.32.0/22
                  91.243.44.0/22
                  91.243.52.0-91.243.59.255

    Signature Algorithm: sha256WithRSAEncryption
         41:61:f9:fc:bf:13:ba:bd:2b:c3:95:98:64:45:07:9a:d6:02:
         7c:35:b5:70:e4:62:5e:14:e7:b7:48:e5:00:3a:26:13:d1:99:
         de:fb:b6:12:60:c1:59:56:ba:af:01:31:db:a2:63:06:fc:57:
         b9:4a:c6:40:f3:a0:59:20:7c:f9:9c:ae:bd:7f:dd:75:c8:71:
         e4:82:7b:6d:8e:c2:73:11:1e:28:83:5f:7b:57:a0:17:a6:74:
         38:2d:0f:9e:f1:80:dc:04:06:d0:1a:ac:1f:f5:b8:67:b7:bd:
         2a:b8:14:a6:62:b6:48:c6:1e:79:29:8f:d3:06:fb:ae:03:a5:
         52:b0:bd:9b:44:de:ad:6d:94:03:67:37:2e:fa:62:8c:fa:7d:
         09:94:97:47:de:cc:09:52:ac:ed:1c:19:e6:17:b8:2d:97:ff:
         c2:b4:1d:7d:b1:17:a0:ec:3e:60:19:5c:b2:9b:d1:5c:71:54:
         bb:da:04:7f:83:ec:87:ef:e0:5e:4c:ef:9b:25:f8:da:cf:b6:
         60:71:7f:e7:c7:7d:99:55:ba:f1:c0:18:2d:7e:a4:fe:62:ac:
         d3:8c:ad:17:37:83:ac:e4:92:17:a6:62:ba:73:39:7a:66:74:
         a9:63:68:15:93:98:d8:bc:25:50:13:58:0a:00:56:01:34:3f:
         c2:6a:cd:8e
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYzFbgw7fPDXKQGi2FMeTGs+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzIwNWRlMWMyNGJlYTZhNzgzY2I0YTg5YmMyYWQ2MmI3YTEzMjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRJ0QUfyLSS3nBMEB0LAWeRNMvMo
O6bpVQau+77WyMpKtZvzHC3QM/C1j7sEQJun8TOEbjN+bG4w7Vf/K7Y1kjza8i0r
OLLMDMx/YZII5vzBpblFrt2Exw5yUq25pi/mDjz15TEGIZkIPRhzOwLByh8VDmxt
32vAXetw3p32Ux6vT4pR1GjcOQfs9EjABJLBMwn/fT9rDu/BrSSIDPs0lFIxuGRH
5h5RYmaZr1dFzaxsFZ0HQyE1+5IXCnx0KQhyhGPo1DxuXGmHQglfgYXW5PTJMfJq
ju11GjymaqzwWZlpAh6Yi8zCxcBdQr4+POT9WhPc1RPOpz2d0jaJOaGWNQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFJwgXeHCS+pqeDy0qJvCrWK3oTILMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvbkNCZDRjSkw2bXA0UExTb204S3RZcmVoTWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBBQhCAwQC
BWVcAwQBBbwKAwQBBbwwAwQBBbw8AwQALqEaAwQCLqEcAwQALqEpAwQCW/MgAwQC
W/MsMAwDBAJb8zQDBAJb8zgwDQYJKoZIhvcNAQELBQADggEBAEFh+fy/E7q9K8OV
mGRFB5rWAnw1tXDkYl4U57dI5QA6JhPRmd77thJgwVlWuq8BMduiYwb8V7lKxkDz
oFkgfPmcrr1/3XXIceSCe22OwnMRHiiDX3tXoBemdDgtD57xgNwEBtAarB/1uGe3
vSq4FKZitkjGHnkpj9MG+64DpVKwvZtE3q1tlANnNy76Yoz6fQmUl0fezAlSrO0c
GeYXuC2X/8K0HX2xF6DsPmAZXLKb0VxxVLvaBH+D7Ifv4F5M75sl+NrPtmBxf+fH
fZlVuvHAGC1+pP5irNOMrRc3g6zkkhemYrpzOXpmdKljaBWTmNi8JVATWAoAVgE0
P8JqzY4=
-----END CERTIFICATE-----