Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/wcMhx6E89tmKSKYSgYW603_H8Vs.roa
File:                     wcMhx6E89tmKSKYSgYW603_H8Vs.roa (raw, json)
Hash identifier:          /6JqPLak1KTdvuYxPycsNtxuANlwWrexWjZNKSTe40E=
Subject key identifier:   C1:C3:21:C7:A1:3C:F6:D9:8A:48:A6:12:81:85:BA:D3:7F:C7:F1:5B
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       019232E962A1700FD1207BA1BC013D66F565
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/wcMhx6E89tmKSKYSgYW603_H8Vs.roa
Signing time:             Fri 27 Sep 2024 09:56:48 +0000
ROA not before:           Fri 27 Sep 2024 09:56:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211306
IP address blocks:        77.36.56.0/24 maxlen: 24
                          77.232.216.0/23 maxlen: 23
                          77.232.218.0/24 maxlen: 24
                          91.200.132.0/24 maxlen: 24
                          91.231.227.0/24 maxlen: 24
                          91.232.55.0/24 maxlen: 24
                          91.237.49.0/24 maxlen: 24
                          91.237.193.0/24 maxlen: 24
                          91.238.38.0/24 maxlen: 24
                          91.239.225.0/24 maxlen: 24
                          93.120.44.0/23 maxlen: 23
                          176.96.92.0/24 maxlen: 24
                          176.116.230.0/23 maxlen: 23
                          178.159.146.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 05:49:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:32:e9:62:a1:70:0f:d1:20:7b:a1:bc:01:3d:66:f5:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Sep 27 09:56:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1c321c7a13cf6d98a48a6128185bad37fc7f15b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:80:86:3f:dd:d6:53:34:66:be:f9:93:22:43:
                    6c:2a:e5:ce:ed:33:cc:c3:30:03:a7:26:e5:2e:d2:
                    b3:fd:91:05:a0:80:9d:1e:be:59:f6:c6:3b:7a:69:
                    d4:1b:a6:fd:12:a8:97:ff:fa:c4:b8:94:9d:dc:c3:
                    11:d2:40:4d:9c:ab:85:09:b2:c9:6c:bb:fe:94:bb:
                    19:d3:77:46:83:94:9b:ff:68:ce:67:50:06:9e:4e:
                    8e:9d:db:54:0b:64:e4:1c:73:6a:ac:24:f7:c3:7f:
                    ba:34:f3:a2:6d:8f:12:31:ff:c4:24:aa:6d:1e:72:
                    df:26:96:c2:b6:f6:8f:f8:72:78:c0:11:16:c2:c0:
                    f1:94:64:87:a3:5e:a9:07:8f:c1:63:6b:e8:3e:c8:
                    9c:99:76:1c:ee:26:2b:0b:04:e6:90:24:52:9c:60:
                    b3:c1:98:be:04:21:24:44:2b:fc:31:55:94:11:d2:
                    d9:ab:ee:69:ec:20:32:0c:0e:a2:0c:72:4c:c6:19:
                    3d:d2:70:d3:8b:ff:c7:6a:a0:5f:45:f4:2c:ab:94:
                    12:cd:f5:bb:ac:0a:3e:5a:8c:6c:12:1c:50:e4:94:
                    38:b2:04:e3:76:a9:bb:3a:8b:fd:78:34:4e:de:08:
                    33:25:1d:b7:75:d4:28:c4:58:8d:39:c1:b3:e8:74:
                    69:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C3:21:C7:A1:3C:F6:D9:8A:48:A6:12:81:85:BA:D3:7F:C7:F1:5B
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/wcMhx6E89tmKSKYSgYW603_H8Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.36.56.0/24
                  77.232.216.0-77.232.218.255
                  91.200.132.0/24
                  91.231.227.0/24
                  91.232.55.0/24
                  91.237.49.0/24
                  91.237.193.0/24
                  91.238.38.0/24
                  91.239.225.0/24
                  93.120.44.0/23
                  176.96.92.0/24
                  176.116.230.0/23
                  178.159.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:35:50:15:ab:ff:a4:4c:e5:ff:5c:71:5e:ef:ef:4a:8a:6c:
         6b:80:ea:2c:91:c0:18:67:12:53:24:a8:e6:7c:45:12:8f:7f:
         78:48:db:05:69:ed:bd:c0:27:1e:c5:a8:52:13:47:fe:c4:f7:
         22:02:bd:c4:e2:24:cc:35:f2:b6:52:eb:53:b5:64:f4:f6:d1:
         5b:59:97:d5:f4:50:13:76:bb:0c:03:a3:a9:39:81:dd:e6:c2:
         69:b3:23:7b:55:26:85:bc:17:20:fa:dc:26:5a:41:9c:84:a1:
         fa:6a:6e:a4:55:0a:8e:81:3d:90:13:4d:c6:a7:e9:00:dc:44:
         25:b5:3b:f4:1d:67:0d:62:47:5a:f7:c5:6a:10:74:18:6a:7f:
         d5:f5:69:ea:91:2b:c1:88:91:10:5c:43:56:38:70:94:28:d0:
         60:d2:78:13:e5:59:a0:6a:77:e1:0c:9d:ff:16:48:1b:49:d3:
         ea:7c:ce:e1:e4:6c:b4:6f:d3:f2:64:32:13:49:23:f3:c1:5f:
         58:1f:70:45:50:48:b5:06:17:d4:5c:22:5c:d5:62:cb:db:a5:
         77:ec:ac:58:fa:2f:d9:99:83:03:03:fc:2e:51:4d:e8:77:c6:
         a0:6c:6a:e6:a7:16:1b:a2:0e:ea:a6:1f:3e:51:5b:ef:7f:1a:
         90:ee:bf:4e
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZIy6WKhcA/RIHuhvAE9ZvVlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwOTI3MDk1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWMzMjFjN2ExM2NmNmQ5OGE0OGE2MTI4MTg1YmFkMzdmYzdmMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ICGP93WUzRmvvmTIkNsKuXO7TPM
wzADpyblLtKz/ZEFoICdHr5Z9sY7emnUG6b9EqiX//rEuJSd3MMR0kBNnKuFCbLJ
bLv+lLsZ03dGg5Sb/2jOZ1AGnk6OndtUC2TkHHNqrCT3w3+6NPOibY8SMf/EJKpt
HnLfJpbCtvaP+HJ4wBEWwsDxlGSHo16pB4/BY2voPsicmXYc7iYrCwTmkCRSnGCz
wZi+BCEkRCv8MVWUEdLZq+5p7CAyDA6iDHJMxhk90nDTi//HaqBfRfQsq5QSzfW7
rAo+WoxsEhxQ5JQ4sgTjdqm7Oov9eDRO3ggzJR23ddQoxFiNOcGz6HRpfQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFMHDIcehPPbZikimEoGFutN/x/FbMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvd2NNaHg2RTg5dG1LU0tZU2dZVzYwM19IOFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQATSQ4MAwD
BANN6NgDBABN6NoDBABbyIQDBABb5+MDBABb6DcDBABb7TEDBABb7cEDBABb7iYD
BABb7+EDBAFdeCwDBACwYFwDBAGwdOYDBACyn5IwDQYJKoZIhvcNAQELBQADggEB
AAg1UBWr/6RM5f9ccV7v70qKbGuA6iyRwBhnElMkqOZ8RRKPf3hI2wVp7b3AJx7F
qFITR/7E9yICvcTiJMw18rZS61O1ZPT20VtZl9X0UBN2uwwDo6k5gd3mwmmzI3tV
JoW8FyD63CZaQZyEofpqbqRVCo6BPZATTcan6QDcRCW1O/QdZw1iR1r3xWoQdBhq
f9X1aeqRK8GIkRBcQ1Y4cJQo0GDSeBPlWaBqd+EMnf8WSBtJ0+p8zuHkbLRv0/Jk
MhNJI/PBX1gfcEVQSLUGF9RcIlzVYsvbpXfsrFj6L9mZgwMD/C5RTeh3xqBsauan
FhuiDuqmHz5RW+9/GpDuv04=
-----END CERTIFICATE-----