Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/kVEAGEGPSgfIT1Gh668kvSnXhG4.roa
File:                     kVEAGEGPSgfIT1Gh668kvSnXhG4.roa (raw, json)
Hash identifier:          HeiD2nz+7PkKCQZMYZKxI/qMmVosyZMkk3qSj8trWVo=
Subject key identifier:   91:51:00:18:41:8F:4A:07:C8:4F:51:A1:EB:AF:24:BD:29:D7:84:6E
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FC5423EB3A74B5649EE52AD5BE194
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/kVEAGEGPSgfIT1Gh668kvSnXhG4.roa
Signing time:             Tue 02 Jan 2024 04:30:17 +0000
ROA not before:           Tue 02 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207023
IP address blocks:        91.245.88.0/23 maxlen: 23
                          91.234.122.0/23 maxlen: 24
                          194.33.64.0/23 maxlen: 23
                          176.118.200.0/22 maxlen: 22
                          176.118.204.0/22 maxlen: 22
                          77.36.72.0/21 maxlen: 21
                          91.200.133.0/24 maxlen: 24
                          192.162.186.0/23 maxlen: 24
                          176.116.238.0/23 maxlen: 24
                          91.237.92.0/24 maxlen: 24
                          46.173.252.0/23 maxlen: 23
                          91.232.18.0/24 maxlen: 24
                          91.229.147.0/24 maxlen: 24
                          37.97.116.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Fri 26 Jul 2024 12:40:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c5:42:3e:b3:a7:4b:56:49:ee:52:ad:5b:e1:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91510018418f4a07c84f51a1ebaf24bd29d7846e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2e:6b:d7:e9:e9:4a:7c:c8:95:51:34:9b:3d:
                    95:cf:b6:39:b7:d8:30:88:c4:33:16:ec:e0:d2:0c:
                    d0:d0:e2:7b:08:48:c7:9e:6a:11:48:59:01:f2:ae:
                    9a:09:33:72:21:9a:94:9b:2f:3a:07:67:80:f6:72:
                    3a:9f:fc:3d:1f:b2:fa:b7:15:45:29:17:03:95:fc:
                    f7:82:67:99:52:14:ae:db:50:ef:c3:43:d4:da:5d:
                    ca:b7:39:a6:d5:cf:55:f1:3c:0a:2a:13:ac:a5:91:
                    5c:d0:11:64:4c:f1:10:8e:99:3d:b4:ad:70:94:6d:
                    d6:fe:1d:f1:e1:60:62:9c:6c:a5:1b:77:73:64:53:
                    a2:1d:9a:66:1c:27:8f:81:b2:d8:a2:bc:cf:d6:14:
                    e2:98:99:ce:aa:0d:41:cc:1f:59:de:ed:e5:8c:1a:
                    80:f2:ae:29:64:b6:b0:27:81:e4:c2:7a:c0:0e:9e:
                    80:69:3a:1b:56:8f:fc:a8:a6:ac:00:0c:eb:b2:96:
                    df:e8:8b:50:06:dd:cb:f9:da:cf:fa:cc:4f:80:31:
                    c2:21:89:66:2a:c0:df:02:af:55:1f:64:0e:74:b2:
                    2a:a9:27:ab:3c:57:b0:bc:c3:7d:61:1c:89:e6:32:
                    bc:46:57:9a:fd:2c:8a:4c:45:ac:ec:8e:3a:89:ac:
                    86:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:51:00:18:41:8F:4A:07:C8:4F:51:A1:EB:AF:24:BD:29:D7:84:6E
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/kVEAGEGPSgfIT1Gh668kvSnXhG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.97.116.0/22
                  46.173.252.0/23
                  77.36.72.0/21
                  91.200.133.0/24
                  91.229.147.0/24
                  91.232.18.0/24
                  91.234.122.0/23
                  91.237.92.0/24
                  91.245.88.0/23
                  176.116.238.0/23
                  176.118.200.0/21
                  192.162.186.0/23
                  194.33.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:df:4b:19:2a:02:1f:fc:82:7d:1f:3d:4e:13:03:dc:17:2d:
         19:a6:54:09:c6:5e:b3:68:49:dc:77:4b:df:e5:01:7a:46:84:
         47:8b:e1:d8:e4:61:9c:4c:42:4c:c6:39:2d:ca:70:9b:af:07:
         32:1a:e5:37:fa:e4:d3:e4:75:4d:f6:ad:ad:20:26:21:8b:1b:
         63:3c:b5:57:d6:8f:ef:15:52:51:45:70:90:6c:2e:93:1b:7d:
         c2:7f:60:21:20:50:61:73:a4:f0:00:d4:7e:7c:27:59:3a:8f:
         75:4e:48:56:6b:45:6b:f2:65:e5:80:08:d5:7c:95:34:3e:a5:
         49:7b:d4:72:10:7d:14:e8:4f:01:ad:8d:64:33:5f:b9:85:57:
         d3:0a:e4:2e:a3:91:1a:18:48:5e:b9:49:cc:fe:bb:f8:6d:b2:
         a3:5a:65:59:a4:12:d5:26:b4:40:92:73:12:44:fd:8c:f4:a5:
         7a:73:11:b9:ed:9b:99:43:03:54:47:f3:6f:6a:8f:0e:9d:94:
         77:56:63:7b:a2:4f:0e:cc:16:53:a3:10:81:eb:39:74:d3:af:
         18:5f:c9:7a:c5:39:ed:d2:65:da:85:78:60:06:a2:59:50:d8:
         c4:92:c7:71:14:c3:48:4c:aa:e4:1e:87:25:71:53:7c:1f:b3:
         0f:85:9e:25
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYzIb8VCPrOnS1ZJ7lKtW+GUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTUxMDAxODQxOGY0YTA3Yzg0ZjUxYTFlYmFmMjRiZDI5ZDc4NDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAji5r1+npSnzIlVE0mz2Vz7Y5t9gw
iMQzFuzg0gzQ0OJ7CEjHnmoRSFkB8q6aCTNyIZqUmy86B2eA9nI6n/w9H7L6txVF
KRcDlfz3gmeZUhSu21Dvw0PU2l3Ktzmm1c9V8TwKKhOspZFc0BFkTPEQjpk9tK1w
lG3W/h3x4WBinGylG3dzZFOiHZpmHCePgbLYorzP1hTimJnOqg1BzB9Z3u3ljBqA
8q4pZLawJ4HkwnrADp6AaTobVo/8qKasAAzrspbf6ItQBt3L+drP+sxPgDHCIYlm
KsDfAq9VH2QOdLIqqSerPFewvMN9YRyJ5jK8Rlea/SyKTEWs7I46iayG/QIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFJFRABhBj0oHyE9RoeuvJL0p14RuMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEva1ZFQUdFR1BTZ2ZJVDFHaDY2OGt2U25YaEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCJWF0AwQB
Lq38AwQDTSRIAwQAW8iFAwQAW+WTAwQAW+gSAwQBW+p6AwQAW+1cAwQBW/VYAwQB
sHTuAwQDsHbIAwQBwKK6AwQBwiFAMA0GCSqGSIb3DQEBCwUAA4IBAQCE30sZKgIf
/IJ9Hz1OEwPcFy0ZplQJxl6zaEncd0vf5QF6RoRHi+HY5GGcTEJMxjktynCbrwcy
GuU3+uTT5HVN9q2tICYhixtjPLVX1o/vFVJRRXCQbC6TG33Cf2AhIFBhc6TwANR+
fCdZOo91TkhWa0Vr8mXlgAjVfJU0PqVJe9RyEH0U6E8BrY1kM1+5hVfTCuQuo5Ea
GEheuUnM/rv4bbKjWmVZpBLVJrRAknMSRP2M9KV6cxG57ZuZQwNUR/Nvao8OnZR3
VmN7ok8OzBZToxCB6zl0068YX8l6xTnt0mXahXhgBqJZUNjEksdxFMNITKrkHocl
cVN8H7MPhZ4l
-----END CERTIFICATE-----