Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/G7gGlulc8rhRQJWELrWnkCW-R2g.roa
File:                     G7gGlulc8rhRQJWELrWnkCW-R2g.roa (raw, json)
Hash identifier:          mlOFpH4/AT/qfaF+kV61Z6+JKedGuOjtp/8xEXGTmNA=
Subject key identifier:   1B:B8:06:96:E9:5C:F2:B8:51:40:95:84:2E:B5:A7:90:25:BE:47:68
Certificate issuer:       /CN=3ad65216812ed24fd1c719871a59a971dec30a26
Certificate serial:       019209615DA4FA50B1357809A57502EFE592
Authority key identifier: 3A:D6:52:16:81:2E:D2:4F:D1:C7:19:87:1A:59:A9:71:DE:C3:0A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OtZSFoEu0k_RxxmHGlmpcd7DCiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/G7gGlulc8rhRQJWELrWnkCW-R2g.roa
Signing time:             Thu 19 Sep 2024 08:23:48 +0000
ROA not before:           Thu 19 Sep 2024 08:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35579
IP address blocks:        37.122.220.0/22 maxlen: 24
                          78.142.66.0/23 maxlen: 23
                          78.142.80.0/22 maxlen: 24
                          78.142.85.0/24 maxlen: 24
                          78.142.86.0/23 maxlen: 23
                          78.142.88.0/23 maxlen: 23
                          78.142.90.0/24 maxlen: 24
                          78.142.91.0/24 maxlen: 24
                          92.63.213.0/24 maxlen: 24
                          195.16.244.0/24 maxlen: 24
                          195.16.252.0/24 maxlen: 24
                          2a04:5080::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 24 Sep 2024 07:45:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:61:5d:a4:fa:50:b1:35:78:09:a5:75:02:ef:e5:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad65216812ed24fd1c719871a59a971dec30a26
        Validity
            Not Before: Sep 19 08:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bb80696e95cf2b8514095842eb5a79025be4768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c0:6e:6c:d5:91:ff:62:81:9b:f2:8f:4d:a4:
                    0a:7c:e0:ba:f7:20:fa:af:f1:3d:4a:17:ad:72:0e:
                    ac:65:37:6f:47:72:8f:92:06:fb:53:97:8b:29:47:
                    86:b4:da:ff:a5:3b:a5:a7:ad:72:77:c8:ee:6b:30:
                    72:08:91:0f:3a:e2:a8:ab:d4:58:26:98:d2:9a:f6:
                    fe:a1:33:77:6a:78:73:3d:de:e6:d6:ee:95:ef:36:
                    46:8e:a6:de:6a:13:ef:09:02:87:7f:0a:76:18:1e:
                    79:9c:f2:56:89:c1:5b:d3:fb:c9:65:ab:73:fd:be:
                    be:1c:fc:3d:e4:dc:25:ab:0a:a3:77:a3:26:ff:97:
                    c1:73:e6:af:0b:e5:89:a9:92:de:be:0a:7b:45:78:
                    d8:b1:3f:60:6d:d4:c1:c7:49:27:fb:f2:ac:f7:ad:
                    80:c4:9c:98:b6:4e:99:c2:f9:3f:b4:63:d0:29:2c:
                    df:78:5f:07:22:48:a7:ba:b9:17:62:1a:bf:86:af:
                    02:7d:55:d6:20:ef:64:72:7f:f5:35:f0:78:38:14:
                    fe:7f:da:a1:22:63:2a:16:f5:cb:e4:7b:a1:3a:56:
                    8a:6d:be:b5:fa:ca:06:61:73:04:8a:17:2d:25:2b:
                    91:fd:4d:f6:7d:7e:ec:b3:35:57:26:d2:14:d0:8d:
                    3f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B8:06:96:E9:5C:F2:B8:51:40:95:84:2E:B5:A7:90:25:BE:47:68
            X509v3 Authority Key Identifier:
                keyid:3A:D6:52:16:81:2E:D2:4F:D1:C7:19:87:1A:59:A9:71:DE:C3:0A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OtZSFoEu0k_RxxmHGlmpcd7DCiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/G7gGlulc8rhRQJWELrWnkCW-R2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/b8cae4-b5af-4380-9817-46538ca5383c/1/OtZSFoEu0k_RxxmHGlmpcd7DCiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.220.0/22
                  78.142.66.0/23
                  78.142.80.0/22
                  78.142.85.0-78.142.91.255
                  92.63.213.0/24
                  195.16.244.0/24
                  195.16.252.0/24
                IPv6:
                  2a04:5080::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:2a:85:c0:45:7d:96:83:65:19:a2:72:50:26:ec:89:30:d7:
         5f:6a:32:15:5e:c2:e9:b2:cd:6e:49:f9:23:c6:ab:21:cd:6d:
         40:02:44:68:92:11:ff:e7:e6:32:2f:92:88:e8:57:81:4c:0f:
         36:b4:11:c3:0a:62:44:87:72:59:bd:ed:5d:a6:46:e7:63:d6:
         2c:ed:a9:b7:14:36:a8:8e:00:26:57:c3:32:19:e3:06:5b:de:
         de:cd:54:3e:f9:29:45:3f:f7:f0:6d:50:06:1b:7d:a1:2b:77:
         44:56:6b:10:20:1c:e7:b0:a6:b7:05:65:b9:3b:41:ee:31:71:
         ee:7d:de:03:50:6c:42:c2:9a:10:8a:a2:bb:5f:75:f8:d6:dd:
         67:f5:f7:3f:c8:78:e8:47:7d:46:61:55:65:ce:fd:51:91:af:
         91:1e:91:c7:8f:b4:e7:f3:52:0c:bf:38:68:a0:19:c4:ac:9c:
         c5:84:b8:4e:1f:fc:db:08:1d:dd:40:99:97:df:a0:39:1d:0d:
         41:e0:3c:19:19:88:57:86:9f:af:fd:7f:35:c1:b3:52:ad:61:
         70:97:ee:e6:cc:b8:33:f3:99:d5:90:0b:5c:e9:e1:20:5c:6c:
         d8:f1:9e:d4:3e:ae:26:48:6a:62:a7:29:3b:45:33:3a:0f:00:
         28:e3:bc:60
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZIJYV2k+lCxNXgJpXUC7+WSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDY1MjE2ODEyZWQyNGZkMWM3MTk4NzFhNTlhOTcxZGVj
MzBhMjYwHhcNMjQwOTE5MDgyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmI4MDY5NmU5NWNmMmI4NTE0MDk1ODQyZWI1YTc5MDI1YmU0NzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8BubNWR/2KBm/KPTaQKfOC69yD6
r/E9Shetcg6sZTdvR3KPkgb7U5eLKUeGtNr/pTulp61yd8juazByCJEPOuKoq9RY
JpjSmvb+oTN3anhzPd7m1u6V7zZGjqbeahPvCQKHfwp2GB55nPJWicFb0/vJZatz
/b6+HPw95Nwlqwqjd6Mm/5fBc+avC+WJqZLevgp7RXjYsT9gbdTBx0kn+/Ks962A
xJyYtk6Zwvk/tGPQKSzfeF8HIkinurkXYhq/hq8CfVXWIO9kcn/1NfB4OBT+f9qh
ImMqFvXL5HuhOlaKbb61+soGYXMEihctJSuR/U32fX7sszVXJtIU0I0/gwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFBu4BpbpXPK4UUCVhC61p5AlvkdoMB8GA1UdIwQY
MBaAFDrWUhaBLtJP0ccZhxpZqXHewwomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RaU0ZvRXUwa19SeHhtSEdsbXBjZDdEQ2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9iOGNhZTQtYjVhZi00MzgwLTk4MTct
NDY1MzhjYTUzODNjLzEvRzdnR2x1bGM4cmhSUUpXRUxyV25rQ1ctUjJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9iOGNhZTQtYjVhZi00MzgwLTk4MTctNDY1MzhjYTUzODNj
LzEvT3RaU0ZvRXUwa19SeHhtSEdsbXBjZDdEQ2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQCJXrcAwQB
To5CAwQCTo5QMAwDBABOjlUDBAJOjlgDBABcP9UDBADDEPQDBADDEPwwDQQCAAIw
BwMFAyoEUIAwDQYJKoZIhvcNAQELBQADggEBAGMqhcBFfZaDZRmiclAm7Ikw119q
MhVewumyzW5J+SPGqyHNbUACRGiSEf/n5jIvkojoV4FMDza0EcMKYkSHclm97V2m
Rudj1iztqbcUNqiOACZXwzIZ4wZb3t7NVD75KUU/9/BtUAYbfaErd0RWaxAgHOew
prcFZbk7Qe4xce593gNQbELCmhCKortfdfjW3Wf19z/IeOhHfUZhVWXO/VGRr5Ee
kcePtOfzUgy/OGigGcSsnMWEuE4f/NsIHd1AmZffoDkdDUHgPBkZiFeGn6/9fzXB
s1KtYXCX7ubMuDPzmdWQC1zp4SBcbNjxntQ+riZIamKnKTtFMzoPACjjvGA=
-----END CERTIFICATE-----