Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/aN8kfx79-A2-lg4TBWirWuZWrg0.roa
File:                     aN8kfx79-A2-lg4TBWirWuZWrg0.roa (raw, json)
Hash identifier:          MUyQ9FhjssKyI5R8VXGaYL6tq28O0SYN8vSEUCXro+k=
Subject key identifier:   68:DF:24:7F:1E:FD:F8:0D:BE:96:0E:13:05:68:AB:5A:E6:56:AE:0D
Certificate issuer:       /CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Certificate serial:       0195144999CB87D6B1AB99AB1E74FF675EDC
Authority key identifier: AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/aN8kfx79-A2-lg4TBWirWuZWrg0.roa
Signing time:             Mon 17 Feb 2025 14:22:02 +0000
ROA not before:           Mon 17 Feb 2025 14:22:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202870
IP address blocks:        45.133.154.0/23 maxlen: 24
                          45.133.154.0/24 maxlen: 24
                          45.133.155.0/24 maxlen: 24
                          185.152.44.0/22 maxlen: 24
                          185.152.44.0/24 maxlen: 24
                          185.152.45.0/24 maxlen: 24
                          185.152.46.0/24 maxlen: 24
                          185.152.47.0/24 maxlen: 24
                          2a07:7e80::/29 maxlen: 32
                          2a07:7e80::/30 maxlen: 30
                          2a07:7e80::/31 maxlen: 31
                          2a07:7e80::/32 maxlen: 32
                          2a07:7e81::/32 maxlen: 32
                          2a07:7e82::/31 maxlen: 31
                          2a07:7e82::/32 maxlen: 32
                          2a07:7e83::/32 maxlen: 32
                          2a07:7e84::/31 maxlen: 31
                          2a07:7e84::/32 maxlen: 32
                          2a07:7e85::/32 maxlen: 32
                          2a07:7e86::/31 maxlen: 31
                          2a07:7e86::/32 maxlen: 32
                          2a07:7e87::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 19 Feb 2025 15:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:14:49:99:cb:87:d6:b1:ab:99:ab:1e:74:ff:67:5e:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
        Validity
            Not Before: Feb 17 14:22:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68df247f1efdf80dbe960e130568ab5ae656ae0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:db:43:37:b7:18:b7:88:22:49:73:fd:03:be:
                    9f:af:db:92:95:c2:e6:38:f2:99:2a:19:1e:0a:5c:
                    51:bb:ab:f8:b4:5c:c1:11:5f:fe:dc:1b:89:d9:f1:
                    b7:5c:a0:0c:d0:83:99:b7:d4:08:ee:90:e7:40:5e:
                    c3:de:af:91:ad:7f:43:63:28:64:3e:68:ff:9b:bb:
                    c7:1a:10:4f:fe:53:16:ff:ed:e1:fe:56:35:4d:80:
                    4e:c8:35:36:5f:31:f2:b3:cb:23:dc:8e:aa:58:c3:
                    8a:57:ea:27:4e:a3:4d:88:7e:17:bb:a5:97:d2:3b:
                    c9:83:8d:68:f0:84:62:f9:69:69:0f:41:6d:61:6d:
                    5d:7c:8a:cd:23:51:2f:a9:d1:4b:11:8a:84:9b:ae:
                    62:3b:f8:35:70:d4:00:8b:85:63:b8:56:94:1b:f2:
                    85:b7:75:06:20:7e:b6:de:bc:d4:7f:c5:c7:b1:d7:
                    e4:22:44:5a:b9:4d:2d:59:61:4b:1f:cb:97:af:dd:
                    64:e8:6c:07:8f:8e:ba:87:e2:b0:de:7b:ca:17:2d:
                    05:61:b5:e6:da:98:11:db:46:5e:fc:0c:08:e1:1e:
                    82:7e:6b:60:1d:57:5a:b9:7a:7c:e5:a3:de:6e:12:
                    69:72:9a:3d:f8:61:27:95:58:38:e9:81:81:74:c4:
                    6e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DF:24:7F:1E:FD:F8:0D:BE:96:0E:13:05:68:AB:5A:E6:56:AE:0D
            X509v3 Authority Key Identifier:
                keyid:AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/aN8kfx79-A2-lg4TBWirWuZWrg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.154.0/23
                  185.152.44.0/22
                IPv6:
                  2a07:7e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:5b:58:af:6a:27:94:8c:50:e4:b2:f7:4f:36:3d:8d:d4:98:
         04:b6:6e:cb:bf:8c:81:65:88:20:24:8c:4d:a9:52:77:10:d3:
         85:de:6a:97:79:ca:43:2f:df:52:6d:ec:8e:65:6d:1e:44:62:
         79:08:4f:53:37:b4:76:0c:e4:94:ca:37:b6:4a:6c:51:07:be:
         10:5d:df:bb:f0:e3:ea:02:58:c7:71:89:aa:5c:0f:f9:b7:07:
         8f:b7:4c:55:3a:c0:0e:d1:fe:3b:9b:e2:0a:ad:72:f0:c8:ae:
         05:11:a9:e3:07:98:69:6c:07:bc:6b:3b:40:db:dd:b0:6d:78:
         96:5d:ea:79:d1:bb:df:71:24:cc:e3:e9:3c:19:84:8f:17:bf:
         05:76:78:48:5f:95:d0:c4:ad:46:fb:03:e0:fb:cb:3f:15:ac:
         8f:bc:ac:3f:05:cd:5a:27:79:6f:49:13:b0:59:90:af:78:68:
         40:15:db:2b:1c:76:df:b8:a5:c3:52:af:5d:df:87:2f:37:9a:
         2e:75:d3:58:f0:72:ce:d9:34:b0:35:da:37:42:45:73:8c:b6:
         fa:d6:8d:4d:97:a8:dc:5a:6d:0f:95:87:59:e7:16:d3:22:01:
         dd:51:b4:ce:16:fb:4c:03:a9:21:ff:f4:13:31:32:d2:20:dd:
         3f:78:eb:fb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZUUSZnLh9axq5mrHnT/Z17cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjdlZDFjZWE0MzIxYzQ5YzNjYTEwZjNhZmZhZmRiZGFk
NTMyYzIwHhcNMjUwMjE3MTQyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRmMjQ3ZjFlZmRmODBkYmU5NjBlMTMwNTY4YWI1YWU2NTZhZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NtDN7cYt4giSXP9A76fr9uSlcLm
OPKZKhkeClxRu6v4tFzBEV/+3BuJ2fG3XKAM0IOZt9QI7pDnQF7D3q+RrX9DYyhk
Pmj/m7vHGhBP/lMW/+3h/lY1TYBOyDU2XzHys8sj3I6qWMOKV+onTqNNiH4Xu6WX
0jvJg41o8IRi+WlpD0FtYW1dfIrNI1EvqdFLEYqEm65iO/g1cNQAi4VjuFaUG/KF
t3UGIH623rzUf8XHsdfkIkRauU0tWWFLH8uXr91k6GwHj466h+Kw3nvKFy0FYbXm
2pgR20Ze/AwI4R6CfmtgHVdauXp85aPebhJpcpo9+GEnlVg46YGBdMRu/wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGjfJH8e/fgNvpYOEwVoq1rmVq4NMB8GA1UdIwQY
MBaAFKsn7RzqQyHEnDyhDzr/r9va1TLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQt
MWQwYmY1MjA4ZjkwLzEvYU44a2Z4NzktQTItbGc0VEJXaXJXdVpXcmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQtMWQwYmY1MjA4Zjkw
LzEvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBLYWaAwQC
uZgsMA0EAgACMAcDBQMqB36AMA0GCSqGSIb3DQEBCwUAA4IBAQBOW1ivaieUjFDk
svdPNj2N1JgEtm7Lv4yBZYggJIxNqVJ3ENOF3mqXecpDL99SbeyOZW0eRGJ5CE9T
N7R2DOSUyje2SmxRB74QXd+78OPqAljHcYmqXA/5twePt0xVOsAO0f47m+IKrXLw
yK4FEanjB5hpbAe8aztA292wbXiWXep50bvfcSTM4+k8GYSPF78FdnhIX5XQxK1G
+wPg+8s/FayPvKw/Bc1aJ3lvSROwWZCveGhAFdsrHHbfuKXDUq9d34cvN5ouddNY
8HLO2TSwNdo3QkVzjLb61o1Nl6jcWm0PlYdZ5xbTIgHdUbTOFvtMA6kh//QTMTLS
IN0/eOv7
-----END CERTIFICATE-----