Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/QAokbciRMj51-nXQR5XMjJpVC9o.roa
File:                     QAokbciRMj51-nXQR5XMjJpVC9o.roa (raw, json)
Hash identifier:          Modn0yYH4MEO2Z5XGPbYScM9Hqd5NZ2WxW49SsvOGpM=
Subject key identifier:   40:0A:24:6D:C8:91:32:3E:75:FA:75:D0:47:95:CC:8C:9A:55:0B:DA
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0191E707BA0286F24EB0CEC2B467B21E963D
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/QAokbciRMj51-nXQR5XMjJpVC9o.roa
Signing time:             Thu 12 Sep 2024 16:18:48 +0000
ROA not before:           Thu 12 Sep 2024 16:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2.56.0.0/22 maxlen: 22
                          45.67.117.0/24 maxlen: 24
                          89.40.161.0/24 maxlen: 24
                          91.242.70.0/24 maxlen: 24
                          91.242.71.0/24 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          91.242.123.0/24 maxlen: 24
                          91.242.124.0/24 maxlen: 24
                          91.242.125.0/24 maxlen: 24
                          91.242.126.0/24 maxlen: 24
                          91.242.127.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          185.173.244.0/24 maxlen: 24
                          194.50.201.0/24 maxlen: 24
                          194.180.238.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 26 Sep 2024 15:40:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e7:07:ba:02:86:f2:4e:b0:ce:c2:b4:67:b2:1e:96:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Sep 12 16:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=400a246dc891323e75fa75d04795cc8c9a550bda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5b:bb:55:38:5e:9a:ca:d5:5b:10:fe:d5:61:
                    88:ce:33:40:b1:19:bd:56:d1:63:a6:19:fe:83:f7:
                    ca:8c:62:3a:a5:c3:4f:45:22:a8:ed:07:d0:ae:e4:
                    bf:98:ce:4b:f5:e3:24:b9:c5:33:94:8c:b4:03:4f:
                    46:80:35:04:23:6a:43:fb:ce:c7:64:7e:74:db:53:
                    3a:88:8e:6b:72:3c:35:d3:63:dd:54:a9:e8:c3:5c:
                    e6:e0:9a:67:39:56:89:5f:30:26:cd:df:8a:fa:52:
                    31:d3:8d:d3:2d:cb:ed:85:d0:47:ab:f7:77:16:66:
                    e5:35:9e:50:33:90:e6:d3:89:b8:8f:2a:64:08:1d:
                    2e:4d:88:94:a0:cb:1c:bb:ee:2b:26:2a:0a:e4:2c:
                    96:82:32:e6:5e:44:6c:0d:ca:41:4a:bb:90:be:0b:
                    aa:6a:2a:6b:a6:fd:d7:fd:21:3b:e5:2e:c3:b6:5a:
                    73:88:6c:df:df:51:f8:98:ff:41:f6:90:33:16:c0:
                    a6:a6:74:51:83:82:07:fd:f7:5f:8e:78:42:00:09:
                    8c:ba:bf:77:b4:50:3f:6f:cf:d7:70:59:d4:d8:ee:
                    b3:1d:63:86:85:ac:4f:06:ce:1a:14:ff:36:47:ab:
                    4f:76:ef:ad:9c:a7:61:f2:fe:c1:48:75:50:99:ae:
                    6a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:0A:24:6D:C8:91:32:3E:75:FA:75:D0:47:95:CC:8C:9A:55:0B:DA
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/QAokbciRMj51-nXQR5XMjJpVC9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.0.0/22
                  45.67.117.0/24
                  89.40.161.0/24
                  91.242.70.0-91.242.73.255
                  91.242.75.0/24
                  91.242.123.0-91.242.127.255
                  185.40.105.0/24
                  185.173.244.0/24
                  194.50.201.0/24
                  194.180.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:82:ac:fa:d4:02:c5:73:a8:e6:65:fc:d2:aa:18:dd:16:d8:
         9f:35:a7:ea:7f:9d:fb:ee:1d:a6:c4:43:75:09:2c:7f:54:df:
         0c:be:33:a2:60:a7:db:d9:82:5f:7f:30:52:ab:0e:06:ad:69:
         63:2f:3b:f9:6c:85:72:47:3a:55:c7:a7:34:c3:c7:38:d0:0f:
         78:48:6c:32:1e:7c:38:20:92:d6:79:44:9f:6b:d6:95:f8:e3:
         48:84:17:0f:aa:5c:ae:12:8c:86:0a:cd:b6:86:70:d5:a8:27:
         dc:4d:e6:d7:9f:b7:d4:92:57:68:05:90:1a:a5:ce:86:3d:2a:
         5f:ce:a1:e6:17:d9:22:cb:36:79:f0:09:87:b6:11:df:59:0e:
         03:34:88:56:90:12:7d:48:af:24:8c:30:ea:26:f4:a1:ef:69:
         56:fb:0b:b8:73:43:a3:cd:2a:c3:0e:a4:8e:82:58:70:52:14:
         48:71:6d:cf:a3:33:73:1d:15:b6:f6:85:95:eb:c2:f7:15:26:
         a8:06:a5:b7:58:7a:bc:c8:69:6c:45:e2:42:29:31:82:73:49:
         06:ec:7f:a0:37:67:8d:30:86:3f:be:65:e0:92:27:c8:c2:69:
         17:8f:8a:c1:3f:60:c1:b7:d1:83:1c:df:b4:0c:a5:87:8b:c9:
         9d:4c:bd:ee
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZHnB7oChvJOsM7CtGeyHpY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwOTEyMTYxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDBhMjQ2ZGM4OTEzMjNlNzVmYTc1ZDA0Nzk1Y2M4YzlhNTUwYmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFu7VThemsrVWxD+1WGIzjNAsRm9
VtFjphn+g/fKjGI6pcNPRSKo7QfQruS/mM5L9eMkucUzlIy0A09GgDUEI2pD+87H
ZH5021M6iI5rcjw102PdVKnow1zm4JpnOVaJXzAmzd+K+lIx043TLcvthdBHq/d3
FmblNZ5QM5Dm04m4jypkCB0uTYiUoMscu+4rJioK5CyWgjLmXkRsDcpBSruQvguq
aiprpv3X/SE75S7DtlpziGzf31H4mP9B9pAzFsCmpnRRg4IH/fdfjnhCAAmMur93
tFA/b8/XcFnU2O6zHWOGhaxPBs4aFP82R6tPdu+tnKdh8v7BSHVQma5qWQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFEAKJG3IkTI+dfp10EeVzIyaVQvaMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUUFva2JjaVJNajUxLW5YUVI1WE1qSnBWQzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCAjgAAwQA
LUN1AwQAWSihMAwDBAFb8kYDBAFb8kgDBABb8kswDAMEAFvyewMEB1vyAAMEALko
aQMEALmt9AMEAMIyyQMEAMK07jANBgkqhkiG9w0BAQsFAAOCAQEAWYKs+tQCxXOo
5mX80qoY3RbYnzWn6n+d++4dpsRDdQksf1TfDL4zomCn29mCX38wUqsOBq1pYy87
+WyFckc6VcenNMPHONAPeEhsMh58OCCS1nlEn2vWlfjjSIQXD6pcrhKMhgrNtoZw
1agn3E3m15+31JJXaAWQGqXOhj0qX86h5hfZIss2efAJh7YR31kOAzSIVpASfUiv
JIww6ib0oe9pVvsLuHNDo80qww6kjoJYcFIUSHFtz6Mzcx0VtvaFlevC9xUmqAal
t1h6vMhpbEXiQikxgnNJBux/oDdnjTCGP75l4JInyMJpF4+KwT9gwbfRgxzftAyl
h4vJnUy97g==
-----END CERTIFICATE-----