Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/VgfEZYNGg6P0Tzs6a9g1BZRGOlM.roa
File:                     VgfEZYNGg6P0Tzs6a9g1BZRGOlM.roa (raw, json)
Hash identifier:          PTUtnVF2bf6ScVYMju/XbvaD1r9XirTNcvy+oAK4Ldg=
Subject key identifier:   56:07:C4:65:83:46:83:A3:F4:4F:3B:3A:6B:D8:35:05:94:46:3A:53
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       018D61295942613E5769FE9C2CBFEAB76B13
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/VgfEZYNGg6P0Tzs6a9g1BZRGOlM.roa
Signing time:             Wed 31 Jan 2024 20:15:16 +0000
ROA not before:           Wed 31 Jan 2024 20:15:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51083
IP address blocks:        80.67.180.0/24 maxlen: 24
                          80.67.183.0/24 maxlen: 24
                          80.67.185.0/24 maxlen: 24
                          80.67.189.0/24 maxlen: 24
                          2001:912::/36 maxlen: 36
                          2001:912:1000::/36 maxlen: 36
                          2001:912:1000::/40 maxlen: 40
                          2001:912:1100::/40 maxlen: 40
                          2001:912:1a80::/44 maxlen: 44
                          2001:912:1ac0::/44 maxlen: 44
                          2001:912:2000::/36 maxlen: 36
                          2001:912:3000::/36 maxlen: 36
                          2001:912:4000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 11:48:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:61:29:59:42:61:3e:57:69:fe:9c:2c:bf:ea:b7:6b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan 31 20:15:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5607c465834683a3f44f3b3a6bd8350594463a53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a4:79:b8:2c:b3:c9:23:9e:f7:ac:d8:70:d1:
                    be:3f:22:32:66:b2:f1:88:a5:c5:53:a6:ba:21:14:
                    10:7c:b6:7b:d1:b7:fe:42:f2:e7:76:57:f9:9d:df:
                    32:cf:f8:de:0d:83:da:c1:c6:e5:ec:ba:3c:e2:b1:
                    1a:82:17:02:36:cf:09:32:c0:d5:cf:f9:8a:a5:45:
                    6e:1d:ce:71:57:70:b8:cf:d0:fe:b9:ba:a4:69:9d:
                    08:4c:32:04:5a:07:12:c5:3e:68:d3:11:8e:48:2f:
                    62:8e:db:39:18:7d:ea:0f:41:9f:41:02:50:5d:5c:
                    67:62:4a:83:57:24:86:f2:9d:6f:25:1a:f2:cd:33:
                    a2:dc:84:c2:ed:d8:f4:64:0d:fe:b7:cb:91:05:bf:
                    33:bf:66:73:ed:f3:1d:0d:6a:1f:ee:53:27:06:3a:
                    8f:4d:93:54:1e:c7:18:1a:ee:76:5f:44:5e:bf:dd:
                    64:0c:fc:25:e7:ed:c0:f4:12:f5:57:07:93:78:58:
                    c4:dd:ca:dc:3f:40:b0:35:0e:cc:8a:95:95:54:b2:
                    36:1e:40:75:b6:b8:ec:7d:cd:7a:9d:ee:2d:2d:d2:
                    c4:37:8c:00:2b:3d:b8:65:f6:6e:d2:0a:8e:67:6c:
                    6f:8b:02:87:35:e2:7a:1b:58:71:bc:80:f6:b9:4e:
                    f1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:07:C4:65:83:46:83:A3:F4:4F:3B:3A:6B:D8:35:05:94:46:3A:53
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/VgfEZYNGg6P0Tzs6a9g1BZRGOlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.67.180.0/24
                  80.67.183.0/24
                  80.67.185.0/24
                  80.67.189.0/24
                IPv6:
                  2001:912::-2001:912:4fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         71:86:50:a6:bf:e2:b2:df:09:0e:d9:e9:25:4e:84:4e:e9:36:
         b5:5e:5f:f6:8e:45:93:1e:72:43:19:59:ca:38:89:d1:66:5e:
         a1:c0:ec:f1:79:52:ac:d4:e3:e3:3c:85:70:2d:96:f0:ca:5c:
         93:c1:80:28:1e:5f:f0:6b:ca:2f:cc:a2:30:05:07:59:ed:82:
         fb:37:5c:ab:16:ba:74:c8:b0:0c:0d:75:0b:a9:97:a5:8d:c3:
         2a:6b:08:f4:cb:1a:c7:a2:b5:1d:88:3b:4a:72:8f:5e:e2:b6:
         fc:9a:08:b4:0c:ac:09:01:66:70:0b:64:48:3a:96:cf:3d:1f:
         3f:17:39:08:52:04:fe:70:0b:63:da:2a:0a:84:6b:be:fd:b5:
         49:c3:15:26:a4:45:89:2e:c1:aa:0a:1e:20:a5:48:cb:e6:9a:
         10:20:ef:36:85:a5:6c:f5:b1:53:e1:f5:3b:2d:ac:e6:3f:fd:
         27:8b:cc:12:90:0c:92:85:e5:8e:32:dc:d1:61:52:fa:6a:5a:
         11:a8:0d:a5:1a:2f:45:b1:e6:4c:14:de:82:fd:cf:54:28:00:
         48:ff:ed:79:13:bc:fb:84:17:2a:27:7f:f4:5a:3a:76:6c:f0:
         6c:14:c5:73:cf:28:4a:d8:ed:9f:a9:30:39:50:d7:2a:ba:5b:
         46:4d:e8:7c
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAY1hKVlCYT5Xaf6cLL/qt2sTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjQwMTMxMjAxNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjA3YzQ2NTgzNDY4M2EzZjQ0ZjNiM2E2YmQ4MzUwNTk0NDYzYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKR5uCyzySOe96zYcNG+PyIyZrLx
iKXFU6a6IRQQfLZ70bf+QvLndlf5nd8yz/jeDYPawcbl7Lo84rEaghcCNs8JMsDV
z/mKpUVuHc5xV3C4z9D+ubqkaZ0ITDIEWgcSxT5o0xGOSC9ijts5GH3qD0GfQQJQ
XVxnYkqDVySG8p1vJRryzTOi3ITC7dj0ZA3+t8uRBb8zv2Zz7fMdDWof7lMnBjqP
TZNUHscYGu52X0Rev91kDPwl5+3A9BL1VweTeFjE3crcP0CwNQ7MipWVVLI2HkB1
trjsfc16ne4tLdLEN4wAKz24ZfZu0gqOZ2xviwKHNeJ6G1hxvID2uU7xlQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFFYHxGWDRoOj9E87OmvYNQWURjpTMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvVmdmRVpZTkdnNlAwVHpzNmE5ZzFCWlJHT2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAeBAIAATAYAwQAUEO0AwQA
UEO3AwQAUEO5AwQAUEO9MBcEAgACMBEwDwMFASABCRIDBgQgAQkSQDANBgkqhkiG
9w0BAQsFAAOCAQEAcYZQpr/ist8JDtnpJU6ETuk2tV5f9o5Fkx5yQxlZyjiJ0WZe
ocDs8XlSrNTj4zyFcC2W8Mpck8GAKB5f8GvKL8yiMAUHWe2C+zdcqxa6dMiwDA11
C6mXpY3DKmsI9Msax6K1HYg7SnKPXuK2/JoItAysCQFmcAtkSDqWzz0fPxc5CFIE
/nALY9oqCoRrvv21ScMVJqRFiS7BqgoeIKVIy+aaECDvNoWlbPWxU+H1Oy2s5j/9
J4vMEpAMkoXljjLc0WFS+mpaEagNpRovRbHmTBTegv3PVCgASP/teRO8+4QXKid/
9Fo6dmzwbBTFc88oStjtn6kwOVDXKrpbRk3ofA==
-----END CERTIFICATE-----