Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FPqeE58WdCvAFUpzqEfjN7pgES0.roa
File:                     FPqeE58WdCvAFUpzqEfjN7pgES0.roa (raw, json)
Hash identifier:          6Y9H30WrpjOm1zstODwzv/rgFn8/ANCnG67FlCJfWug=
Subject key identifier:   14:FA:9E:13:9F:16:74:2B:C0:15:4A:73:A8:47:E3:37:BA:60:11:2D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019201FCF8F9EDA6E3EC26C47D5777A83B55
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FPqeE58WdCvAFUpzqEfjN7pgES0.roa
Signing time:             Tue 17 Sep 2024 21:56:48 +0000
ROA not before:           Tue 17 Sep 2024 21:56:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34872
IP address blocks:        45.154.97.0/24 maxlen: 24
                          62.3.50.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0c:b641:60::/44 maxlen: 48
                          2a0c:b641:150::/44 maxlen: 48
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:6d0::/44 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48
                          2a0c:b641:820::/44 maxlen: 48
                          2a0c:b641:cb0::/44 maxlen: 48
                          2a0f:8400::/32 maxlen: 48
Validation:               Failed, certificate revoked on Tue 01 Oct 2024 06:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:01:fc:f8:f9:ed:a6:e3:ec:26:c4:7d:57:77:a8:3b:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Sep 17 21:56:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14fa9e139f16742bc0154a73a847e337ba60112d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:4c:bc:1a:75:a7:80:20:44:2a:c7:42:c0:67:
                    2f:6a:48:97:08:f7:67:5f:35:dd:ce:9d:72:01:3d:
                    0b:49:ca:c7:f2:8e:7b:fa:a2:d4:f3:6c:07:ff:8b:
                    4b:01:e1:71:b0:fa:27:0a:f1:3d:ce:b3:8f:20:ef:
                    1b:24:8a:75:5a:d0:15:6b:69:1c:e6:12:54:94:a5:
                    14:e2:ab:15:b6:83:7b:5a:69:b6:71:ca:02:6a:f0:
                    58:42:6f:5c:73:24:c0:0b:02:2d:bd:ea:85:a0:17:
                    b4:7b:a2:1e:1f:97:74:f2:33:e3:80:cd:85:4e:98:
                    c2:a3:15:25:13:e7:c4:12:b0:76:b1:27:6d:61:15:
                    6a:76:f6:94:d0:bd:dd:14:f3:3c:0b:d2:69:17:c2:
                    81:99:33:8b:34:ea:71:02:13:ab:97:88:51:ef:d1:
                    95:fd:8c:f0:64:68:67:52:8b:33:eb:a3:67:db:04:
                    7d:5f:be:c2:89:6d:60:87:50:93:40:3a:b2:cd:ef:
                    1c:da:9a:8d:cd:d5:d3:72:c7:96:46:bb:47:63:24:
                    e1:d5:8b:cb:26:e1:aa:9d:f3:00:14:fe:12:86:96:
                    e1:d8:19:4c:1c:36:e8:33:10:44:a5:92:62:69:9e:
                    a1:06:72:74:ce:12:42:a7:4e:fb:c1:a0:dc:a7:4d:
                    f4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:FA:9E:13:9F:16:74:2B:C0:15:4A:73:A8:47:E3:37:BA:60:11:2D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FPqeE58WdCvAFUpzqEfjN7pgES0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:60::/44
                  2a0c:b641:150::/44
                  2a0c:b641:540::/44
                  2a0c:b641:6d0::/44
                  2a0c:b641:70f::/48
                  2a0c:b641:820::/44
                  2a0c:b641:cb0::/44
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:a7:61:ef:5e:cc:cc:08:17:9f:cc:79:28:39:c7:28:05:60:
         5b:98:aa:0f:d8:1d:f6:9e:ca:a1:36:6b:fe:45:d9:c1:eb:94:
         2d:2a:c5:b5:9c:06:68:c6:98:8b:38:86:47:5b:7e:58:ab:e4:
         51:d8:d8:29:ca:4d:37:ef:57:6f:2a:f5:9d:28:a2:ab:3c:16:
         75:9c:e3:70:27:73:d1:96:e2:2a:68:0b:61:d2:c6:c6:bc:17:
         ab:66:56:92:1e:8b:f3:27:2f:d6:e1:9a:73:ff:46:51:27:7c:
         6a:d1:be:1a:fb:d1:48:7c:73:8e:6a:2a:4a:85:df:9d:61:30:
         3d:e3:17:99:96:f3:fb:01:f5:94:64:e0:1d:52:fa:8a:e1:17:
         e6:d2:08:14:30:14:94:cb:e0:60:fc:3a:01:85:5f:f9:64:b0:
         f8:37:1a:ea:c2:df:8b:c6:1f:e0:c0:61:49:a2:b3:df:0f:af:
         ff:74:bb:d5:61:ec:5d:75:dc:c2:30:14:23:d8:91:89:09:47:
         4d:b9:77:53:41:dd:bd:e2:b6:83:b4:3c:d0:17:96:1e:32:0b:
         b6:29:f6:10:38:60:5c:ae:61:37:ca:90:1c:ab:92:06:47:ec:
         24:3b:55:b6:5f:3b:56:82:3d:81:67:47:ad:1f:96:b6:7a:23:
         6f:b5:96:8c
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAZIB/Pj57abj7CbEfVd3qDtVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwOTE3MjE1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGZhOWUxMzlmMTY3NDJiYzAxNTRhNzNhODQ3ZTMzN2JhNjAxMTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ey8GnWngCBEKsdCwGcvakiXCPdn
XzXdzp1yAT0LScrH8o57+qLU82wH/4tLAeFxsPonCvE9zrOPIO8bJIp1WtAVa2kc
5hJUlKUU4qsVtoN7Wmm2ccoCavBYQm9ccyTACwItveqFoBe0e6IeH5d08jPjgM2F
TpjCoxUlE+fEErB2sSdtYRVqdvaU0L3dFPM8C9JpF8KBmTOLNOpxAhOrl4hR79GV
/YzwZGhnUosz66Nn2wR9X77CiW1gh1CTQDqyze8c2pqNzdXTcseWRrtHYyTh1YvL
JuGqnfMAFP4Shpbh2BlMHDboMxBEpZJiaZ6hBnJ0zhJCp077waDcp0300wIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFBT6nhOfFnQrwBVKc6hH4ze6YBEtMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRlBxZUU1OFdkQ3ZBRlVwenFFZmpON3BnRVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHowGAQCAAEwEgMEAC2aYQME
AD4DMgMEAcIcYjBeBAIAAjBYMBADBQYqDLZAAwcFKgy2QQAAAwcEKgy2QQBgAwcE
Kgy2QQFQAwcEKgy2QQVAAwcEKgy2QQbQAwcAKgy2QQcPAwcEKgy2QQggAwcEKgy2
QQywAwUAKg+EADANBgkqhkiG9w0BAQsFAAOCAQEAJqdh717MzAgXn8x5KDnHKAVg
W5iqD9gd9p7KoTZr/kXZweuULSrFtZwGaMaYiziGR1t+WKvkUdjYKcpNN+9Xbyr1
nSiiqzwWdZzjcCdz0ZbiKmgLYdLGxrwXq2ZWkh6L8ycv1uGac/9GUSd8atG+GvvR
SHxzjmoqSoXfnWEwPeMXmZbz+wH1lGTgHVL6iuEX5tIIFDAUlMvgYPw6AYVf+WSw
+Dca6sLfi8Yf4MBhSaKz3w+v/3S71WHsXXXcwjAUI9iRiQlHTbl3U0HdveK2g7Q8
0BeWHjILtin2EDhgXK5hN8qQHKuSBkfsJDtVtl87VoI9gWdHrR+Wtnojb7WWjA==
-----END CERTIFICATE-----