Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/UkTicQb76n6fiQ4DOAt2p8emuRM.roa
File:                     UkTicQb76n6fiQ4DOAt2p8emuRM.roa (raw, json)
Hash identifier:          TtvVvBV2kOdBjhZ5Emnoj1Cp4Sv3MiN7UaezzJeLWYk=
Subject key identifier:   52:44:E2:71:06:FB:EA:7E:9F:89:0E:03:38:0B:76:A7:C7:A6:B9:13
Certificate issuer:       /CN=68a8e93d3f590f4450d1db3c2074598244353e93
Certificate serial:       0193F7ABB3053E10FAD5667A4FEB6758F953
Authority key identifier: 68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/UkTicQb76n6fiQ4DOAt2p8emuRM.roa
Signing time:             Tue 24 Dec 2024 07:57:25 +0000
ROA not before:           Tue 24 Dec 2024 07:57:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21221
IP address blocks:        2.56.226.0/23 maxlen: 23
                          46.182.180.0/23 maxlen: 23
                          46.182.182.0/23 maxlen: 23
                          178.255.192.0/21 maxlen: 24
                          185.70.208.0/22 maxlen: 22
                          185.214.148.0/22 maxlen: 22
                          217.18.64.0/20 maxlen: 24
                          2a00:19c0::/32 maxlen: 48
                          2a04:e1c0:1::/48 maxlen: 48
                          2a09:d240:1::/48 maxlen: 48
                          2a0b:9cc0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Tue 24 Dec 2024 10:18:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f7:ab:b3:05:3e:10:fa:d5:66:7a:4f:eb:67:58:f9:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68a8e93d3f590f4450d1db3c2074598244353e93
        Validity
            Not Before: Dec 24 07:57:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5244e27106fbea7e9f890e03380b76a7c7a6b913
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ca:da:cf:60:02:99:eb:47:7a:27:61:68:18:
                    14:e7:c2:8e:54:8a:01:5a:17:5a:87:fb:7f:c5:fc:
                    8f:5b:ce:fb:00:78:de:4f:e8:f2:c1:a5:50:b7:5d:
                    b1:4a:f5:3b:36:a3:32:d3:66:00:aa:2e:7b:1c:7e:
                    5e:4b:d5:ce:b9:5a:f8:d5:fc:97:44:e7:b1:af:b3:
                    99:41:e0:23:7b:04:4a:49:f1:91:24:19:0c:0d:19:
                    da:ec:e9:85:7a:0e:b7:88:14:7b:3b:df:54:2e:de:
                    5e:34:98:f8:23:8b:0d:d9:43:4a:bf:7e:72:3f:16:
                    4c:41:41:d3:43:43:c0:89:37:16:01:5c:07:33:0c:
                    ec:32:4f:e7:d6:f9:d9:1b:11:d0:6f:63:ae:56:31:
                    8e:fe:f5:d5:3a:b9:25:4e:99:4d:e7:03:e8:72:f3:
                    be:d0:ae:4b:08:53:c6:dd:8f:5c:bf:dd:88:28:7b:
                    22:74:2c:65:9c:f0:4f:64:f6:e2:f6:cd:63:1c:e0:
                    00:a9:0a:43:be:cb:3f:bc:ba:43:7a:95:aa:3c:ad:
                    ec:8b:d6:19:e3:cb:8e:da:b4:c1:cc:ac:d6:a6:dc:
                    1d:76:f6:84:ec:06:51:d7:05:54:05:7d:ca:84:0d:
                    4c:fc:29:e1:73:e9:cd:de:70:c1:99:e9:fa:b6:25:
                    bf:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:44:E2:71:06:FB:EA:7E:9F:89:0E:03:38:0B:76:A7:C7:A6:B9:13
            X509v3 Authority Key Identifier:
                keyid:68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/UkTicQb76n6fiQ4DOAt2p8emuRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.226.0/23
                  46.182.180.0/22
                  178.255.192.0/21
                  185.70.208.0/22
                  185.214.148.0/22
                  217.18.64.0/20
                IPv6:
                  2a00:19c0::/32
                  2a04:e1c0:1::/48
                  2a09:d240:1::/48
                  2a0b:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:b7:58:e1:72:0a:5f:89:ee:54:68:90:0e:12:55:72:e0:3c:
         54:45:e5:43:32:e3:a8:c4:0f:7a:1d:09:a0:a9:fe:91:40:7f:
         97:85:2d:bb:85:af:84:7c:73:7c:19:17:d1:24:c5:26:7e:a1:
         b4:6a:8c:cf:a0:11:c2:d2:1e:48:45:03:05:2b:86:78:59:9e:
         57:a5:6c:5e:64:b5:c3:c5:c3:12:02:f3:58:5c:52:c8:06:f2:
         c0:74:5a:8e:ef:96:6f:03:c1:03:58:f0:78:74:a0:78:64:d3:
         8a:89:42:fc:15:5a:fd:2b:4e:70:38:e5:a5:df:68:d5:b0:e7:
         a2:38:e1:d3:c7:c9:78:97:e2:22:e4:c0:46:3b:3b:ce:64:61:
         1e:af:4b:ce:1f:c6:10:75:cf:88:d6:13:b9:cb:ab:bf:90:09:
         cd:0b:09:ee:ba:ed:07:3d:10:e2:55:c2:17:c2:63:de:1f:f2:
         10:9f:f7:e1:a4:54:06:bf:f5:74:6b:34:e8:32:f9:44:74:15:
         d8:7f:71:be:6a:8b:b0:0b:cf:45:b9:64:3e:db:9c:6d:d8:e1:
         84:a7:c0:a4:3c:91:44:58:b0:de:42:a4:f9:a9:31:03:d1:97:
         c8:86:b3:ca:a3:89:1c:57:dd:32:4c:04:a2:4b:6f:69:57:69:
         76:c6:66:50
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZP3q7MFPhD61WZ6T+tnWPlTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YThlOTNkM2Y1OTBmNDQ1MGQxZGIzYzIwNzQ1OTgyNDQz
NTNlOTMwHhcNMjQxMjI0MDc1NzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQ0ZTI3MTA2ZmJlYTdlOWY4OTBlMDMzODBiNzZhN2M3YTZiOTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8raz2ACmetHeidhaBgU58KOVIoB
Whdah/t/xfyPW877AHjeT+jywaVQt12xSvU7NqMy02YAqi57HH5eS9XOuVr41fyX
ROexr7OZQeAjewRKSfGRJBkMDRna7OmFeg63iBR7O99ULt5eNJj4I4sN2UNKv35y
PxZMQUHTQ0PAiTcWAVwHMwzsMk/n1vnZGxHQb2OuVjGO/vXVOrklTplN5wPocvO+
0K5LCFPG3Y9cv92IKHsidCxlnPBPZPbi9s1jHOAAqQpDvss/vLpDepWqPK3si9YZ
48uO2rTBzKzWptwddvaE7AZR1wVUBX3KhA1M/Cnhc+nN3nDBmen6tiW/+wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFFJE4nEG++p+n4kOAzgLdqfHprkTMB8GA1UdIwQY
MBaAFGio6T0/WQ9EUNHbPCB0WYJENT6TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMt
MjVkZDRjYmIzNjk4LzEvVWtUaWNRYjc2bjZmaVE0RE9BdDJwOGVtdVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMtMjVkZDRjYmIzNjk4
LzEvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDAqBAIAATAkAwQBAjjiAwQC
Lra0AwQDsv/AAwQCuUbQAwQCudaUAwQE2RJAMCYEAgACMCADBQAqABnAAwcAKgTh
wAABAwcAKgnSQAABAwUDKgucwDANBgkqhkiG9w0BAQsFAAOCAQEAO7dY4XIKX4nu
VGiQDhJVcuA8VEXlQzLjqMQPeh0JoKn+kUB/l4Utu4WvhHxzfBkX0STFJn6htGqM
z6ARwtIeSEUDBSuGeFmeV6VsXmS1w8XDEgLzWFxSyAbywHRaju+WbwPBA1jweHSg
eGTTiolC/BVa/StOcDjlpd9o1bDnojjh08fJeJfiIuTARjs7zmRhHq9Lzh/GEHXP
iNYTucurv5AJzQsJ7rrtBz0Q4lXCF8Jj3h/yEJ/34aRUBr/1dGs06DL5RHQV2H9x
vmqLsAvPRblkPtucbdjhhKfApDyRRFiw3kKk+akxA9GXyIazyqOJHFfdMkwEoktv
aVdpdsZmUA==
-----END CERTIFICATE-----