Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/lB_c51LGPGVY0NZ6w-bp5m_nu48.roa
File:                     lB_c51LGPGVY0NZ6w-bp5m_nu48.roa (raw, json)
Hash identifier:          96tL7wmiFfRGVskLZuv7aTPBoN1gy27BJFXnIcW6auo=
Subject key identifier:   94:1F:DC:E7:52:C6:3C:65:58:D0:D6:7A:C3:E6:E9:E6:6F:E7:BB:8F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01927815DF699FC55E138C66F7761DEAAEB5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/lB_c51LGPGVY0NZ6w-bp5m_nu48.roa
Signing time:             Thu 10 Oct 2024 20:19:12 +0000
ROA not before:           Thu 10 Oct 2024 20:19:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34872
IP address blocks:        45.154.97.0/24 maxlen: 24
                          62.3.50.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0c:b641:60::/44 maxlen: 48
                          2a0c:b641:150::/44 maxlen: 48
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:6d0::/44 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48
                          2a0c:b641:820::/44 maxlen: 48
                          2a0c:b641:cb0::/44 maxlen: 48
                          2a0f:8400::/32 maxlen: 48
Validation:               Failed, certificate revoked on Fri 01 Nov 2024 16:15:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:78:15:df:69:9f:c5:5e:13:8c:66:f7:76:1d:ea:ae:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Oct 10 20:19:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=941fdce752c63c6558d0d67ac3e6e9e66fe7bb8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0b:b1:55:d2:37:bc:e1:e5:64:6c:8e:28:5b:
                    37:41:ea:27:9b:25:38:30:31:f6:49:5e:1f:1b:db:
                    06:37:f0:2b:7d:13:a2:50:c9:9d:a2:f7:fe:da:a4:
                    0d:4a:64:d0:70:0d:96:0d:72:75:3b:96:da:1a:b9:
                    48:05:fe:21:49:36:b1:ba:8d:19:b9:1a:a6:b5:42:
                    1d:90:66:26:b2:01:e4:5d:72:8c:bb:6e:c3:8b:f9:
                    11:60:bc:e1:a1:5d:cd:0f:80:b2:f9:33:9b:8d:72:
                    85:5c:d5:20:af:85:2b:37:48:bc:ca:ee:23:19:c8:
                    38:e8:8b:62:db:51:89:46:7b:ac:88:e2:16:42:1d:
                    d9:b4:0e:f6:08:00:c7:da:2e:43:c0:26:c0:2f:7e:
                    1b:4e:5c:5d:f6:4a:3a:41:e4:23:d1:f9:01:49:27:
                    36:d4:02:d1:57:a0:da:64:90:22:b5:ff:2c:2d:1a:
                    de:74:12:95:37:38:b9:ca:89:1b:63:58:94:31:fb:
                    68:60:16:bf:1b:d0:1e:e1:6b:d9:13:1a:46:05:45:
                    4f:0f:9f:fe:8e:fa:b2:d8:13:a4:19:ee:08:2b:93:
                    1a:f3:64:59:6f:d3:55:0c:a0:71:87:6f:e7:4b:c3:
                    10:54:2e:3e:c7:d8:af:6a:19:23:8d:96:e0:66:88:
                    f6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:1F:DC:E7:52:C6:3C:65:58:D0:D6:7A:C3:E6:E9:E6:6F:E7:BB:8F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/lB_c51LGPGVY0NZ6w-bp5m_nu48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:60::/44
                  2a0c:b641:150::/44
                  2a0c:b641:540::/44
                  2a0c:b641:6d0::/44
                  2a0c:b641:70f::/48
                  2a0c:b641:820::/44
                  2a0c:b641:cb0::/44
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:8f:95:2d:4e:07:f5:31:42:d9:97:9f:1a:dd:23:e9:1b:b5:
         70:48:2e:53:68:73:34:f8:1f:69:a4:3b:d1:01:f3:d2:72:99:
         33:5c:18:21:87:46:9b:6c:d1:db:9c:ca:16:c2:9a:ee:42:cb:
         96:b9:13:71:c9:2a:51:4c:6c:36:d0:78:97:04:b2:f8:f5:b3:
         e0:ac:18:81:1a:2e:83:b0:62:e5:88:59:12:fa:5c:19:8b:9e:
         f5:45:d3:7a:0f:cf:16:9b:62:94:92:3a:5f:ad:2e:b4:f9:7b:
         f2:dd:da:1c:de:b2:e5:6a:9c:d9:14:28:cb:8c:32:2d:60:a5:
         de:9c:41:25:86:62:9c:67:02:d8:07:df:f1:6e:49:8e:20:b8:
         07:bb:8a:61:42:cb:7e:24:64:81:45:fc:1c:70:c3:1b:df:94:
         9d:06:4a:e3:a6:16:73:21:ce:bf:53:e6:e4:5a:70:ef:f3:9c:
         ab:4a:d6:ef:0a:4c:e6:72:e1:f9:96:f1:b6:84:36:d3:b7:2c:
         2b:0f:eb:39:a8:0b:4f:8f:7d:1d:e1:14:ad:b5:30:46:43:04:
         54:a8:12:40:14:5b:43:b3:fa:e5:0c:fa:cd:ab:5e:37:4f:2e:
         45:d1:2b:cc:90:6c:af:d3:09:24:15:c4:93:32:7c:80:49:aa:
         7f:c7:ed:f7
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAZJ4Fd9pn8VeE4xm93Yd6q61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQxMDEwMjAxOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDFmZGNlNzUyYzYzYzY1NThkMGQ2N2FjM2U2ZTllNjZmZTdiYjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wuxVdI3vOHlZGyOKFs3QeonmyU4
MDH2SV4fG9sGN/ArfROiUMmdovf+2qQNSmTQcA2WDXJ1O5baGrlIBf4hSTaxuo0Z
uRqmtUIdkGYmsgHkXXKMu27Di/kRYLzhoV3ND4Cy+TObjXKFXNUgr4UrN0i8yu4j
Gcg46Iti21GJRnusiOIWQh3ZtA72CADH2i5DwCbAL34bTlxd9ko6QeQj0fkBSSc2
1ALRV6DaZJAitf8sLRredBKVNzi5yokbY1iUMftoYBa/G9Ae4WvZExpGBUVPD5/+
jvqy2BOkGe4IK5Ma82RZb9NVDKBxh2/nS8MQVC4+x9ivahkjjZbgZoj2+wIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFJQf3OdSxjxlWNDWesPm6eZv57uPMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbEJfYzUxTEdQR1ZZME5aNnctYnA1bV9udTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHowGAQCAAEwEgMEAC2aYQME
AD4DMgMEAcIcYjBeBAIAAjBYMBADBQYqDLZAAwcFKgy2QQAAAwcEKgy2QQBgAwcE
Kgy2QQFQAwcEKgy2QQVAAwcEKgy2QQbQAwcAKgy2QQcPAwcEKgy2QQggAwcEKgy2
QQywAwUAKg+EADANBgkqhkiG9w0BAQsFAAOCAQEAgo+VLU4H9TFC2ZefGt0j6Ru1
cEguU2hzNPgfaaQ70QHz0nKZM1wYIYdGm2zR25zKFsKa7kLLlrkTcckqUUxsNtB4
lwSy+PWz4KwYgRoug7Bi5YhZEvpcGYue9UXTeg/PFptilJI6X60utPl78t3aHN6y
5Wqc2RQoy4wyLWCl3pxBJYZinGcC2Aff8W5JjiC4B7uKYULLfiRkgUX8HHDDG9+U
nQZK46YWcyHOv1Pm5Fpw7/Ocq0rW7wpM5nLh+ZbxtoQ207csKw/rOagLT499HeEU
rbUwRkMEVKgSQBRbQ7P65Qz6zateN08uRdErzJBsr9MJJBXEkzJ8gEmqf8ft9w==
-----END CERTIFICATE-----