Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/r_pQH4xRKLeVXfRLfN44iFgYE3o.roa
File:                     r_pQH4xRKLeVXfRLfN44iFgYE3o.roa (raw, json)
Hash identifier:          muj4BPhEEADGNgieXgQKaGmP472e9zufzb59Yhul7+o=
Subject key identifier:   AF:FA:50:1F:8C:51:28:B7:95:5D:F4:4B:7C:DE:38:88:58:18:13:7A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0191179F0BEA2415FED146818A937ADABEA0
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/r_pQH4xRKLeVXfRLfN44iFgYE3o.roa
Signing time:             Sat 03 Aug 2024 09:43:04 +0000
ROA not before:           Sat 03 Aug 2024 09:43:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34872
IP address blocks:        45.154.97.0/24 maxlen: 24
                          62.3.50.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0c:b641:60::/44 maxlen: 48
                          2a0c:b641:150::/44 maxlen: 48
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48
                          2a0c:b641:820::/44 maxlen: 48
                          2a0c:b641:cb0::/44 maxlen: 48
                          2a0f:8400::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 17 Sep 2024 21:56:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:17:9f:0b:ea:24:15:fe:d1:46:81:8a:93:7a:da:be:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Aug  3 09:43:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=affa501f8c5128b7955df44b7cde38885818137a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9a:7f:17:97:c8:a3:64:82:37:61:9e:5c:28:
                    64:f0:b3:02:7e:8c:65:61:b5:11:87:c1:60:5d:80:
                    8c:1f:8b:73:12:19:48:35:ec:ee:99:02:38:63:f4:
                    ec:a9:1c:f0:b7:de:bb:a9:62:e6:f0:3a:d8:fb:c3:
                    70:58:b4:d3:60:9a:0c:ad:aa:28:a5:57:2b:be:3d:
                    40:3f:d0:8c:83:b1:f9:64:b7:f3:dc:0a:50:99:59:
                    24:98:61:a9:f7:11:5a:ee:82:a6:45:39:cb:a0:ab:
                    9a:ae:1c:dd:10:3e:cb:aa:27:be:57:8b:24:5b:e8:
                    7c:f4:ee:56:44:9e:14:36:b8:b7:10:c3:a5:09:33:
                    92:5c:72:ad:68:f0:51:d0:32:21:29:fc:ca:5a:95:
                    50:67:d8:a0:8c:ea:f7:9d:ca:98:79:a1:a0:ac:3e:
                    52:0c:36:18:e4:23:3f:9d:07:03:32:9f:14:36:3c:
                    7b:7e:e0:35:b3:38:5d:9e:da:c3:83:7d:f8:99:05:
                    52:ce:3b:d0:cb:f7:c2:d1:7f:f0:9e:7d:a6:de:24:
                    45:4f:3f:84:40:78:71:44:23:fd:40:cf:94:3f:f0:
                    ca:01:2c:8c:94:f0:ff:17:08:70:f2:be:c6:4f:de:
                    0d:db:71:84:e7:d4:86:09:d6:1d:3d:59:71:f2:29:
                    ea:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:FA:50:1F:8C:51:28:B7:95:5D:F4:4B:7C:DE:38:88:58:18:13:7A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/r_pQH4xRKLeVXfRLfN44iFgYE3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:60::/44
                  2a0c:b641:150::/44
                  2a0c:b641:540::/44
                  2a0c:b641:70f::/48
                  2a0c:b641:820::/44
                  2a0c:b641:cb0::/44
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:70:77:3d:24:dd:65:02:1d:ea:0e:81:f8:79:1f:14:0c:d4:
         d5:a8:d9:ea:9f:8a:70:0a:bf:d2:9e:4f:02:c8:01:a6:ba:8c:
         ce:39:20:7c:c2:1d:71:49:39:50:05:f3:9c:d7:21:91:e2:6e:
         8f:52:77:0b:5b:31:94:b4:04:b9:f0:a9:4d:9f:50:17:8e:e6:
         ea:a9:52:1b:23:d9:9e:8d:a5:ff:67:25:27:f0:87:c5:c3:b6:
         c6:96:00:92:03:b4:37:9d:36:24:80:a8:48:f2:72:77:5c:e2:
         d8:25:cc:a4:47:da:7a:64:20:48:37:e7:f9:80:2c:ea:b8:99:
         ac:32:52:5b:50:3b:b1:03:36:4b:b8:7a:ec:73:83:05:2c:dd:
         9d:26:02:0a:da:23:48:cf:db:48:88:05:d6:4f:8f:47:d8:d8:
         5f:3a:17:eb:17:38:6f:8e:16:fd:03:6d:1c:53:00:04:43:d2:
         07:a0:30:02:2c:dd:80:56:74:12:08:80:03:35:4c:04:10:b6:
         b7:03:39:e5:68:43:b5:6f:9a:c8:f9:41:a9:55:f8:8c:f4:6a:
         dd:c5:be:53:2d:28:fd:3b:d3:50:24:dd:7a:bf:e9:f0:e1:77:
         ff:27:fe:7e:59:2a:7c:c6:3f:1c:5f:ea:2c:b8:5d:7a:3a:4c:
         07:0f:ba:84
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZEXnwvqJBX+0UaBipN62r6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwODAzMDk0MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmZhNTAxZjhjNTEyOGI3OTU1ZGY0NGI3Y2RlMzg4ODU4MTgxMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpp/F5fIo2SCN2GeXChk8LMCfoxl
YbURh8FgXYCMH4tzEhlINezumQI4Y/TsqRzwt967qWLm8DrY+8NwWLTTYJoMraoo
pVcrvj1AP9CMg7H5ZLfz3ApQmVkkmGGp9xFa7oKmRTnLoKuarhzdED7Lqie+V4sk
W+h89O5WRJ4UNri3EMOlCTOSXHKtaPBR0DIhKfzKWpVQZ9igjOr3ncqYeaGgrD5S
DDYY5CM/nQcDMp8UNjx7fuA1szhdntrDg334mQVSzjvQy/fC0X/wnn2m3iRFTz+E
QHhxRCP9QM+UP/DKASyMlPD/Fwhw8r7GT94N23GE59SGCdYdPVlx8inq5QIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFK/6UB+MUSi3lV30S3zeOIhYGBN6MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcl9wUUg0eFJLTGVWWGZSTGZONDRpRmdZRTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwGAQCAAEwEgMEAC2aYQME
AD4DMgMEAcIcYjBVBAIAAjBPMBADBQYqDLZAAwcFKgy2QQAAAwcEKgy2QQBgAwcE
Kgy2QQFQAwcEKgy2QQVAAwcAKgy2QQcPAwcEKgy2QQggAwcEKgy2QQywAwUAKg+E
ADANBgkqhkiG9w0BAQsFAAOCAQEAf3B3PSTdZQId6g6B+HkfFAzU1ajZ6p+KcAq/
0p5PAsgBprqMzjkgfMIdcUk5UAXznNchkeJuj1J3C1sxlLQEufCpTZ9QF47m6qlS
GyPZno2l/2clJ/CHxcO2xpYAkgO0N502JICoSPJyd1zi2CXMpEfaemQgSDfn+YAs
6riZrDJSW1A7sQM2S7h67HODBSzdnSYCCtojSM/bSIgF1k+PR9jYXzoX6xc4b44W
/QNtHFMABEPSB6AwAizdgFZ0EgiAAzVMBBC2twM55WhDtW+ayPlBqVX4jPRq3cW+
Uy0o/TvTUCTder/p8OF3/yf+flkqfMY/HF/qLLhdejpMBw+6hA==
-----END CERTIFICATE-----