Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/TUHvAzPue4NUw2i9bcxc-mQ2Pmw.roa
File:                     TUHvAzPue4NUw2i9bcxc-mQ2Pmw.roa (raw, json)
Hash identifier:          sbkWtvlacQwgQJzsZhq8x2/6bePfC3ffq2yjOaJDqao=
Subject key identifier:   4D:41:EF:03:33:EE:7B:83:54:C3:68:BD:6D:CC:5C:FA:64:36:3E:6C
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0196AFAD9353B6F40F34124187C109090099
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/TUHvAzPue4NUw2i9bcxc-mQ2Pmw.roa
Signing time:             Thu 08 May 2025 11:35:10 +0000
ROA not before:           Thu 08 May 2025 11:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8820
IP address blocks:        46.236.208.0/20 maxlen: 24
                          46.236.240.0/20 maxlen: 24
                          78.41.48.0/22 maxlen: 24
                          81.92.0.0/20 maxlen: 24
                          82.139.192.0/18 maxlen: 24
                          82.139.196.0/22 maxlen: 24
                          82.139.222.0/23 maxlen: 24
                          82.139.252.0/22 maxlen: 24
                          195.8.224.0/19 maxlen: 24
                          195.8.253.0/24 maxlen: 24
                          195.8.254.2/31 maxlen: 32
                          212.17.224.0/19 maxlen: 24
                          212.60.128.0/19 maxlen: 24
                          213.240.128.0/18 maxlen: 24
                          2a01:170::/32 maxlen: 64
                          2a01:170:1000::/36 maxlen: 48
Validation:               Failed, certificate revoked on Fri 16 May 2025 07:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:ad:93:53:b6:f4:0f:34:12:41:87:c1:09:09:00:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: May  8 11:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d41ef0333ee7b8354c368bd6dcc5cfa64363e6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0a:cc:82:b3:e1:a0:96:27:0f:bf:ae:8d:8d:
                    e7:e1:88:95:f8:55:24:f6:00:0a:c4:03:b2:fc:fd:
                    05:15:7b:a4:17:a9:47:f5:06:d5:63:cd:e4:b4:88:
                    01:8f:23:03:0c:d6:cf:b3:c5:22:3a:6c:be:30:ff:
                    08:12:2a:94:76:25:86:c2:42:d3:26:68:60:21:fc:
                    bc:99:06:5b:d2:76:0f:75:cc:7b:e6:fa:f5:d7:69:
                    3c:b1:40:58:33:68:f0:eb:57:0a:73:5d:ba:54:18:
                    04:55:b0:39:ef:66:a9:82:46:85:94:cf:53:58:0b:
                    14:bb:1f:b3:20:5c:33:3d:5d:05:d3:4e:86:08:23:
                    f5:f1:8a:06:42:46:e5:0e:6e:66:c2:3b:de:6d:2d:
                    23:eb:f0:e9:28:30:6f:f5:af:ad:56:e4:68:50:39:
                    ec:1c:8c:0c:53:5d:55:15:7b:fd:7c:f9:0a:ce:7d:
                    a3:be:8a:d6:8b:d9:eb:3a:d0:eb:26:bf:59:d9:88:
                    a6:dd:06:38:be:19:de:33:88:e8:36:41:a4:e3:fe:
                    24:71:8e:27:a1:30:99:84:87:c6:23:d4:3b:2f:46:
                    17:d2:d7:e1:2b:3d:36:92:83:94:18:f6:d8:a0:52:
                    ac:c2:d5:0a:f9:02:49:db:d1:61:a9:88:94:ed:a7:
                    8c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:41:EF:03:33:EE:7B:83:54:C3:68:BD:6D:CC:5C:FA:64:36:3E:6C
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/TUHvAzPue4NUw2i9bcxc-mQ2Pmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.208.0/20
                  46.236.240.0/20
                  78.41.48.0/22
                  81.92.0.0/20
                  82.139.192.0/18
                  195.8.224.0/19
                  212.17.224.0/19
                  212.60.128.0/19
                  213.240.128.0/18
                IPv6:
                  2a01:170::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:fa:98:d8:6a:59:a3:9f:c7:5d:7b:ab:62:07:cb:57:c4:3b:
         74:4a:ad:88:97:c3:d6:59:a2:b4:9b:a3:44:c8:81:79:a2:ae:
         27:9d:39:e9:a6:9c:c7:df:76:1a:34:d4:da:6f:d0:f7:36:71:
         11:96:6a:71:2c:db:db:25:98:2d:28:44:92:7f:02:94:12:5b:
         09:0d:61:5d:ca:ca:ca:79:f3:7d:ad:19:78:77:2f:af:f4:04:
         8b:79:02:e7:e2:70:43:ed:dc:3b:27:bf:10:3f:01:5e:af:7b:
         25:d5:19:d4:f8:dd:4b:91:f3:0c:ae:72:3d:a8:60:bf:7f:45:
         ae:5c:24:e9:d9:0c:9a:4a:bb:b1:13:aa:eb:4a:5a:81:dc:e9:
         c1:df:01:c2:e5:77:48:0e:27:b3:88:09:6a:5a:6a:c7:f2:35:
         8f:11:ab:50:23:ef:6f:44:c4:83:88:57:62:04:cd:b8:88:ea:
         45:1e:ea:2b:62:5d:13:28:72:5c:53:64:7c:23:8b:a7:5e:1c:
         96:db:47:6d:b1:85:93:22:dc:29:e5:2f:d5:ae:f3:25:5f:40:
         20:2b:21:8c:75:cb:14:65:b2:28:5d:82:58:b1:13:06:ec:e7:
         2f:9d:8d:15:99:2e:bc:f2:9b:f6:51:3e:03:1f:30:fb:0a:ef:
         b2:12:85:38
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZavrZNTtvQPNBJBh8EJCQCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNTA4MTEzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQxZWYwMzMzZWU3YjgzNTRjMzY4YmQ2ZGNjNWNmYTY0MzYzZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwrMgrPhoJYnD7+ujY3n4YiV+FUk
9gAKxAOy/P0FFXukF6lH9QbVY83ktIgBjyMDDNbPs8UiOmy+MP8IEiqUdiWGwkLT
JmhgIfy8mQZb0nYPdcx75vr112k8sUBYM2jw61cKc126VBgEVbA572apgkaFlM9T
WAsUux+zIFwzPV0F006GCCP18YoGQkblDm5mwjvebS0j6/DpKDBv9a+tVuRoUDns
HIwMU11VFXv9fPkKzn2jvorWi9nrOtDrJr9Z2Yim3QY4vhneM4joNkGk4/4kcY4n
oTCZhIfGI9Q7L0YX0tfhKz02koOUGPbYoFKswtUK+QJJ29FhqYiU7aeMEQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFE1B7wMz7nuDVMNovW3MXPpkNj5sMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvVFVIdkF6UHVlNE5VdzJpOWJjeGMtbVEyUG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQELuzQAwQE
LuzwAwQCTikwAwQEUVwAAwQGUovAAwQFwwjgAwQF1BHgAwQF1DyAAwQG1fCAMA0E
AgACMAcDBQAqAQFwMA0GCSqGSIb3DQEBCwUAA4IBAQAY+pjYalmjn8dde6tiB8tX
xDt0Sq2Il8PWWaK0m6NEyIF5oq4nnTnpppzH33YaNNTab9D3NnERlmpxLNvbJZgt
KESSfwKUElsJDWFdysrKefN9rRl4dy+v9ASLeQLn4nBD7dw7J78QPwFer3sl1RnU
+N1LkfMMrnI9qGC/f0WuXCTp2QyaSruxE6rrSlqB3OnB3wHC5XdIDieziAlqWmrH
8jWPEatQI+9vRMSDiFdiBM24iOpFHuorYl0TKHJcU2R8I4unXhyW20dtsYWTItwp
5S/VrvMlX0AgKyGMdcsUZbIoXYJYsRMG7OcvnY0VmS688pv2UT4DHzD7Cu+yEoU4
-----END CERTIFICATE-----