Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/QYzap6bBw2PHFPxyP9qJ6EAhzxo.roa
File:                     QYzap6bBw2PHFPxyP9qJ6EAhzxo.roa (raw, json)
Hash identifier:          IRYgTNejp/GufoS831+fjA+aeF3sFT4L3n8+p0uPIUU=
Subject key identifier:   41:8C:DA:A7:A6:C1:C3:63:C7:14:FC:72:3F:DA:89:E8:40:21:CF:1A
Certificate issuer:       /CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
Certificate serial:       01934419038EC6BAF4A67D59E06AC5C645EC
Authority key identifier: E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/QYzap6bBw2PHFPxyP9qJ6EAhzxo.roa
Signing time:             Tue 19 Nov 2024 11:05:10 +0000
ROA not before:           Tue 19 Nov 2024 11:05:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48789
IP address blocks:        46.238.212.0/22 maxlen: 22
                          46.238.228.0/22 maxlen: 22
                          46.238.236.0/22 maxlen: 22
                          46.238.240.0/21 maxlen: 21
                          46.238.248.0/23 maxlen: 23
                          46.239.176.0/20 maxlen: 20
                          89.191.152.0/23 maxlen: 23
                          89.191.154.0/24 maxlen: 24
                          94.101.16.0/20 maxlen: 21
                          94.101.24.0/21 maxlen: 21
                          94.141.135.0/24 maxlen: 24
                          94.141.152.0/23 maxlen: 23
                          185.174.152.0/23 maxlen: 23
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:47:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:19:03:8e:c6:ba:f4:a6:7d:59:e0:6a:c5:c6:45:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
        Validity
            Not Before: Nov 19 11:05:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=418cdaa7a6c1c363c714fc723fda89e84021cf1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0b:b2:57:9b:95:dc:3b:48:0b:27:a6:c0:7a:
                    af:93:b0:29:c0:5d:19:dd:3c:5d:9e:7e:19:1d:e7:
                    d6:f8:7d:4f:4d:69:d0:78:16:6e:aa:27:f4:5f:67:
                    67:8b:4d:47:6a:7d:a2:37:64:42:75:05:2f:5b:99:
                    24:bb:0b:15:3e:2c:9b:d7:ae:3d:cb:b4:af:20:8b:
                    7a:e8:65:6f:5c:98:ab:3c:fa:b6:d7:82:47:dc:dc:
                    22:d6:5a:a8:5e:99:92:8e:be:f0:77:b7:1a:83:88:
                    26:f8:a1:fa:bc:b4:5c:59:c7:1b:50:39:5a:ee:0c:
                    98:3c:f7:05:17:c1:1f:29:45:79:0c:59:3a:0b:d5:
                    a2:7c:e5:ba:07:d1:fd:0a:38:8b:90:d0:cc:d8:19:
                    1d:65:58:3b:90:8b:ed:b1:16:46:d4:a6:50:e6:58:
                    29:f7:b9:2d:4f:b3:e8:89:b4:cb:5f:35:b8:a1:49:
                    6b:d1:64:a6:1f:45:9d:de:ff:63:18:bd:0a:d9:92:
                    47:21:aa:79:67:d7:b2:da:f5:bb:3b:fa:cc:99:fc:
                    b8:e1:ad:ab:42:33:71:15:96:de:be:c6:de:65:ec:
                    0e:d7:b0:d8:8d:bd:11:4e:62:36:29:2f:33:21:c8:
                    36:3d:25:84:98:12:e3:66:59:13:37:de:dc:73:c0:
                    18:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:8C:DA:A7:A6:C1:C3:63:C7:14:FC:72:3F:DA:89:E8:40:21:CF:1A
            X509v3 Authority Key Identifier:
                keyid:E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/QYzap6bBw2PHFPxyP9qJ6EAhzxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.238.212.0/22
                  46.238.228.0/22
                  46.238.236.0-46.238.249.255
                  46.239.176.0/20
                  89.191.152.0-89.191.154.255
                  94.101.16.0/20
                  94.141.135.0/24
                  94.141.152.0/23
                  185.174.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:85:97:1b:ab:25:80:b3:83:53:44:91:b3:a2:e9:41:0c:3c:
         09:5c:48:a6:77:cc:05:fb:05:ee:15:b6:3b:f6:2e:40:fc:90:
         3b:29:7b:12:7d:2a:b9:71:15:4f:1b:f5:8a:38:4c:a3:ce:f6:
         7d:65:82:5b:cc:4e:f7:b6:88:c8:9c:bb:17:d7:d2:b6:db:37:
         92:9b:9b:7b:c6:53:19:61:8c:d1:eb:fd:d2:1d:ee:a6:24:78:
         05:17:e8:3c:58:4c:43:75:bd:d1:41:bb:d5:e6:e7:1a:75:ca:
         60:99:0b:98:92:ef:ec:b8:40:9b:2f:7f:5c:47:06:8c:dd:af:
         e1:c7:fb:ce:fb:a8:ac:77:fc:6d:4a:1e:c0:4f:ce:42:b8:0d:
         e9:39:4d:eb:63:2a:d2:f3:83:7f:5a:45:a9:3b:4b:d0:61:bc:
         88:17:53:bd:87:9f:2f:9b:2d:95:db:14:44:e9:aa:e1:10:7b:
         9c:9f:25:7e:cd:6a:65:ec:14:9d:50:6b:96:77:59:69:01:ba:
         43:8e:15:31:c8:cc:ba:c0:33:b9:6e:1c:aa:ab:25:dc:bc:bc:
         72:82:25:96:6f:5a:54:60:6d:f4:4f:5e:b4:56:95:6a:e7:66:
         74:a4:44:e5:f9:64:3f:d7:81:cd:f6:37:0b:54:a6:9d:b5:19:
         c2:d3:9c:ce
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZNEGQOOxrr0pn1Z4GrFxkXsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZThmNTZiYzFmNTAxMDI5MTY4MWJjMmQ4YzAyZjlhY2Jm
NzE0YTAwHhcNMjQxMTE5MTEwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MThjZGFhN2E2YzFjMzYzYzcxNGZjNzIzZmRhODllODQwMjFjZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnguyV5uV3DtICyemwHqvk7ApwF0Z
3Txdnn4ZHefW+H1PTWnQeBZuqif0X2dni01Han2iN2RCdQUvW5kkuwsVPiyb1649
y7SvIIt66GVvXJirPPq214JH3Nwi1lqoXpmSjr7wd7cag4gm+KH6vLRcWccbUDla
7gyYPPcFF8EfKUV5DFk6C9WifOW6B9H9CjiLkNDM2BkdZVg7kIvtsRZG1KZQ5lgp
97ktT7PoibTLXzW4oUlr0WSmH0Wd3v9jGL0K2ZJHIap5Z9ey2vW7O/rMmfy44a2r
QjNxFZbevsbeZewO17DYjb0RTmI2KS8zIcg2PSWEmBLjZlkTN97cc8AYEQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFEGM2qemwcNjxxT8cj/aiehAIc8aMB8GA1UdIwQY
MBaAFOLo9WvB9QECkWgbwtjAL5rL9xSgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTct
NDQ3ZWRjNGY5YWY2LzEvUVl6YXA2YkJ3MlBIRlB4eVA5cUo2RUFoenhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTctNDQ3ZWRjNGY5YWY2
LzEvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQCLu7UAwQC
Lu7kMAwDBAIu7uwDBAEu7vgDBAQu77AwDAMEA1m/mAMEAFm/mgMEBF5lEAMEAF6N
hwMEAV6NmAMEAbmumDANBgkqhkiG9w0BAQsFAAOCAQEAT4WXG6slgLODU0SRs6Lp
QQw8CVxIpnfMBfsF7hW2O/YuQPyQOyl7En0quXEVTxv1ijhMo872fWWCW8xO97aI
yJy7F9fStts3kpube8ZTGWGM0ev90h3upiR4BRfoPFhMQ3W90UG71ebnGnXKYJkL
mJLv7LhAmy9/XEcGjN2v4cf7zvuorHf8bUoewE/OQrgN6TlN62Mq0vODf1pFqTtL
0GG8iBdTvYefL5stldsUROmq4RB7nJ8lfs1qZewUnVBrlndZaQG6Q44VMcjMusAz
uW4cqqsl3Ly8coIllm9aVGBt9E9etFaVaudmdKRE5flkP9eBzfY3C1SmnbUZwtOc
zg==
-----END CERTIFICATE-----