Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/3W847SymzIs8P8JVFggqpjeQKsQ.roa
File:                     3W847SymzIs8P8JVFggqpjeQKsQ.roa (raw, json)
Hash identifier:          gqThGCUREjlJsrkvwyEbF6pmaeSkJV+PMPOCPYUS+M0=
Subject key identifier:   DD:6F:38:ED:2C:A6:CC:8B:3C:3F:C2:55:16:08:2A:A6:37:90:2A:C4
Certificate issuer:       /CN=aa2a58c697a1449976b0d11d6f126025e14089c6
Certificate serial:       019352578E62E829797BB978C030F80B5C84
Authority key identifier: AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/3W847SymzIs8P8JVFggqpjeQKsQ.roa
Signing time:             Fri 22 Nov 2024 05:28:09 +0000
ROA not before:           Fri 22 Nov 2024 05:28:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44507
IP address blocks:        5.175.88.0/21 maxlen: 21
                          46.42.0.0/18 maxlen: 18
                          46.42.8.0/21 maxlen: 21
                          46.42.16.0/21 maxlen: 21
                          46.42.24.0/21 maxlen: 21
                          46.42.32.0/21 maxlen: 21
                          46.42.40.0/21 maxlen: 21
                          46.42.48.0/21 maxlen: 21
                          46.42.56.0/21 maxlen: 21
                          46.228.96.0/20 maxlen: 20
                          134.90.152.0/21 maxlen: 21
                          146.247.32.0/21 maxlen: 21
                          178.57.32.0/21 maxlen: 21
                          178.57.40.0/21 maxlen: 21
                          178.57.48.0/21 maxlen: 21
                          185.16.56.0/22 maxlen: 22
                          188.120.48.0/20 maxlen: 20
                          194.58.160.0/21 maxlen: 21
                          194.58.176.0/21 maxlen: 21
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 03:48:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:52:57:8e:62:e8:29:79:7b:b9:78:c0:30:f8:0b:5c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa2a58c697a1449976b0d11d6f126025e14089c6
        Validity
            Not Before: Nov 22 05:28:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd6f38ed2ca6cc8b3c3fc25516082aa637902ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7d:51:80:bc:4e:2e:fc:01:f0:a0:e0:37:b3:
                    69:b7:d9:44:29:a5:2d:8b:98:57:25:e5:85:11:8e:
                    ac:13:37:29:43:2d:46:1c:af:72:09:a4:30:c5:cc:
                    e4:22:57:b1:84:23:54:6a:43:5f:66:be:ba:18:8c:
                    b3:60:cd:e4:51:b4:a1:86:0c:82:90:13:47:82:01:
                    97:e0:f9:90:bc:74:de:05:62:40:a2:0e:ba:39:80:
                    e7:c1:29:84:5b:d8:df:2e:1b:ad:82:ce:e6:13:fb:
                    93:ca:ff:91:ee:24:63:e9:a1:b7:d6:90:5c:94:f0:
                    7f:0a:c9:36:5e:c1:00:17:f6:69:f9:51:9b:8d:40:
                    0f:f4:85:62:60:39:04:9d:10:14:06:ac:0b:c4:2b:
                    4f:15:24:2f:62:d3:30:04:7d:92:96:bb:a4:74:fc:
                    2a:5a:dd:81:2a:a8:eb:22:c9:68:18:16:c1:c2:be:
                    cf:41:43:a3:79:f2:5a:07:d6:f1:f4:28:fe:a9:a6:
                    7b:ff:56:40:e0:2e:05:88:cd:ec:41:56:a9:25:80:
                    e2:a7:ac:22:26:52:8a:8e:b7:be:61:5c:16:f3:53:
                    e2:44:a0:56:a0:6f:67:cc:a3:23:83:81:7b:2f:45:
                    83:fd:d6:26:24:9d:b8:42:6b:95:20:ab:dc:3f:1f:
                    7a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6F:38:ED:2C:A6:CC:8B:3C:3F:C2:55:16:08:2A:A6:37:90:2A:C4
            X509v3 Authority Key Identifier:
                keyid:AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/3W847SymzIs8P8JVFggqpjeQKsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/qipYxpehRJl2sNEdbxJgJeFAicY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.88.0/21
                  46.42.0.0/18
                  46.228.96.0/20
                  134.90.152.0/21
                  146.247.32.0/21
                  178.57.32.0-178.57.55.255
                  185.16.56.0/22
                  188.120.48.0/20
                  194.58.160.0/21
                  194.58.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cb:8c:7e:af:d1:e9:3c:6d:eb:f8:45:00:62:e0:66:ad:8c:4b:
         6e:79:cb:b7:10:b5:63:65:db:60:d5:eb:b3:41:c8:f0:2d:6a:
         3c:72:5b:25:f5:4a:8f:93:a8:17:9a:56:91:51:e8:d3:16:d4:
         f0:4b:22:31:e9:c1:e4:42:1b:50:ea:c8:dc:04:27:0c:f7:65:
         0f:f8:51:c4:cc:01:cf:8c:bb:e0:97:b2:d3:fe:27:bd:07:9e:
         16:b3:b0:ca:d1:2a:91:77:74:92:f0:80:07:b5:5a:79:5c:2c:
         8d:e1:55:cb:45:04:b3:1c:14:6e:f3:c5:57:ba:7e:3a:16:e4:
         16:d6:03:b2:92:3f:35:b0:d6:e3:0c:4e:60:dd:96:ea:75:71:
         64:7b:e4:0f:0c:ec:44:48:d4:d8:31:0d:42:8a:7e:60:61:fb:
         2d:48:04:38:25:e9:25:56:0b:b2:f2:f9:7a:7c:a2:f7:f0:d2:
         0c:58:99:45:91:e3:f1:7a:90:8b:35:3a:97:4e:04:a4:3a:10:
         0f:20:9e:c6:e6:7e:32:31:67:9a:37:5f:9a:6d:54:41:d6:fc:
         a7:57:1c:8e:d4:ef:47:3c:b4:21:d9:da:ef:ef:96:07:08:44:
         53:66:80:cc:d8:2b:a8:86:82:cb:83:22:b1:0a:eb:9c:07:cd:
         15:70:b7:c7
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZNSV45i6Cl5e7l4wDD4C1yEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMmE1OGM2OTdhMTQ0OTk3NmIwZDExZDZmMTI2MDI1ZTE0
MDg5YzYwHhcNMjQxMTIyMDUyODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDZmMzhlZDJjYTZjYzhiM2MzZmMyNTUxNjA4MmFhNjM3OTAyYWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA131RgLxOLvwB8KDgN7Npt9lEKaUt
i5hXJeWFEY6sEzcpQy1GHK9yCaQwxczkIlexhCNUakNfZr66GIyzYM3kUbShhgyC
kBNHggGX4PmQvHTeBWJAog66OYDnwSmEW9jfLhutgs7mE/uTyv+R7iRj6aG31pBc
lPB/Csk2XsEAF/Zp+VGbjUAP9IViYDkEnRAUBqwLxCtPFSQvYtMwBH2SlrukdPwq
Wt2BKqjrIsloGBbBwr7PQUOjefJaB9bx9Cj+qaZ7/1ZA4C4FiM3sQVapJYDip6wi
JlKKjre+YVwW81PiRKBWoG9nzKMjg4F7L0WD/dYmJJ24QmuVIKvcPx96zwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFN1vOO0spsyLPD/CVRYIKqY3kCrEMB8GA1UdIwQY
MBaAFKoqWMaXoUSZdrDRHW8SYCXhQInGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgt
YmU2MjJjMzEzMmRmLzEvM1c4NDdTeW16SXM4UDhKVkZnZ3FwamVRS3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgtYmU2MjJjMzEzMmRm
LzEvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDBa9YAwQG
LioAAwQELuRgAwQDhlqYAwQDkvcgMAwDBAWyOSADBAOyOTADBAK5EDgDBAS8eDAD
BAPCOqADBAPCOrAwDQYJKoZIhvcNAQELBQADggEBAMuMfq/R6Txt6/hFAGLgZq2M
S255y7cQtWNl22DV67NByPAtajxyWyX1So+TqBeaVpFR6NMW1PBLIjHpweRCG1Dq
yNwEJwz3ZQ/4UcTMAc+Mu+CXstP+J70HnhazsMrRKpF3dJLwgAe1WnlcLI3hVctF
BLMcFG7zxVe6fjoW5BbWA7KSPzWw1uMMTmDdlup1cWR75A8M7ERI1NgxDUKKfmBh
+y1IBDgl6SVWC7Ly+Xp8ovfw0gxYmUWR4/F6kIs1OpdOBKQ6EA8gnsbmfjIxZ5o3
X5ptVEHW/KdXHI7U70c8tCHZ2u/vlgcIRFNmgMzYK6iGgsuDIrEK65wHzRVwt8c=
-----END CERTIFICATE-----