Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/ZxBPcLMmva1bYPo3iRkNrUkvCHk.roa
File:                     ZxBPcLMmva1bYPo3iRkNrUkvCHk.roa (raw, json)
Hash identifier:          QUL0Pf41OG1cwKo2XjLVpokA+kgYmoy9oA+Nw8r/d9Q=
Subject key identifier:   67:10:4F:70:B3:26:BD:AD:5B:60:FA:37:89:19:0D:AD:49:2F:08:79
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       018F867B15F9DE3B22EA12B8FE5F9081DB20
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/ZxBPcLMmva1bYPo3iRkNrUkvCHk.roa
Signing time:             Fri 17 May 2024 12:16:04 +0000
ROA not before:           Fri 17 May 2024 12:16:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5377
IP address blocks:        77.70.128.0/17 maxlen: 17
                          77.70.128.0/19 maxlen: 19
                          77.70.144.0/20 maxlen: 20
                          77.70.160.0/20 maxlen: 20
                          77.70.176.0/22 maxlen: 24
                          77.70.181.0/24 maxlen: 24
                          77.70.184.0/21 maxlen: 24
                          77.70.192.0/19 maxlen: 19
                          77.70.207.0/24 maxlen: 24
                          77.70.240.0/20 maxlen: 20
                          77.70.254.0/24 maxlen: 24
                          77.70.255.0/24 maxlen: 24
                          193.219.192.0/18 maxlen: 18
                          193.219.196.0/24 maxlen: 24
                          193.220.0.0/16 maxlen: 16
                          193.220.88.0/21 maxlen: 21
                          193.220.94.0/24 maxlen: 24
                          193.220.165.0/24 maxlen: 24
                          193.220.220.0/22 maxlen: 22
                          193.220.224.0/20 maxlen: 20
                          193.220.240.0/20 maxlen: 24
                          2a02:6600::/29 maxlen: 32
                          2a02:6600:f000::/48 maxlen: 48
                          2a02:6600:f001::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 26 Jun 2024 13:04:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:7b:15:f9:de:3b:22:ea:12:b8:fe:5f:90:81:db:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: May 17 12:16:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67104f70b326bdad5b60fa3789190dad492f0879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:37:73:60:44:10:76:eb:5f:9c:ec:aa:06:06:
                    c2:10:61:73:fa:9d:01:a3:cb:31:ae:1c:f8:d2:40:
                    43:5a:67:a0:32:37:7f:f4:81:05:1c:35:84:71:a6:
                    94:fd:c6:4a:0b:4b:a0:89:d6:4a:37:b9:4a:95:f6:
                    f2:2f:10:57:4d:2b:64:01:1b:60:ad:78:eb:ff:9d:
                    0d:cf:fb:62:9c:45:c8:13:14:0d:6c:9a:6a:5f:82:
                    ca:81:6d:49:a2:57:8d:7a:59:b9:38:8a:ae:d8:33:
                    70:46:a6:7d:db:c6:95:21:c5:fa:cd:61:21:d7:12:
                    2f:81:b5:d6:24:48:b1:7a:a5:ed:d6:47:eb:69:61:
                    80:b6:08:b4:b1:85:c7:dc:3a:c1:85:e8:c9:1d:7a:
                    7c:cc:2b:75:22:e9:cf:b1:60:05:81:d8:75:4e:a5:
                    ff:a4:45:a2:c1:c1:87:1c:11:0d:14:4a:b1:fd:29:
                    38:0d:65:1f:d3:38:f4:b8:4b:67:2d:6b:c4:b2:34:
                    28:33:a6:aa:ef:07:d1:7a:c4:20:c5:fa:bc:a2:f8:
                    34:a9:c4:17:d0:c0:16:84:47:90:ab:39:2c:83:1e:
                    72:8c:f3:dc:88:dd:87:43:85:d8:1e:01:17:8c:fa:
                    5b:4a:87:c8:7d:cd:7a:ad:34:dc:d5:f9:f9:d0:99:
                    11:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:10:4F:70:B3:26:BD:AD:5B:60:FA:37:89:19:0D:AD:49:2F:08:79
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/ZxBPcLMmva1bYPo3iRkNrUkvCHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.70.128.0/17
                  193.219.192.0-193.220.255.255
                IPv6:
                  2a02:6600::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:04:fe:c2:1d:4c:ba:59:7e:1a:48:49:11:61:82:e5:62:ce:
         b2:35:1c:09:2c:6f:c1:a1:be:3b:cf:6e:ad:2f:58:93:ee:fe:
         67:e9:7f:17:9c:b8:bc:44:45:06:3a:6f:60:38:8e:4c:04:7f:
         55:ae:60:d2:af:c1:ba:5b:6a:8f:de:c8:c6:b1:a4:8e:32:e4:
         4b:8b:7b:0f:e5:a7:25:af:71:34:59:06:ec:b5:09:20:6f:97:
         fb:e0:73:98:6e:81:a8:ce:45:f8:71:8f:26:49:d4:29:ee:57:
         b3:20:dc:c0:12:07:d9:04:0a:f6:48:07:4f:3e:0d:a6:fe:d4:
         62:c6:97:ba:4f:ef:d0:fa:df:66:16:8b:96:da:fb:df:79:1b:
         53:6a:d5:21:e8:55:f3:8f:36:31:5c:f9:81:0b:00:dc:fe:39:
         6e:1a:44:4c:82:d1:a1:e3:ec:93:c6:c5:26:25:e2:dc:8a:9f:
         f6:0f:68:88:6b:62:cf:fb:b9:79:b4:12:c2:29:9f:14:01:19:
         a5:49:a6:21:2a:29:64:f3:72:74:09:3d:3b:85:9a:74:fa:fa:
         8c:2a:8e:d7:05:5c:58:86:65:cf:e4:e2:ac:dd:a8:ea:84:4d:
         9f:6c:4c:22:7c:45:b0:d5:89:1c:e8:41:cc:45:20:00:aa:cc:
         d7:d4:88:97
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAY+GexX53jsi6hK4/l+QgdsgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjQwNTE3MTIxNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzEwNGY3MGIzMjZiZGFkNWI2MGZhMzc4OTE5MGRhZDQ5MmYwODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTdzYEQQdutfnOyqBgbCEGFz+p0B
o8sxrhz40kBDWmegMjd/9IEFHDWEcaaU/cZKC0ugidZKN7lKlfbyLxBXTStkARtg
rXjr/50Nz/tinEXIExQNbJpqX4LKgW1JoleNelm5OIqu2DNwRqZ928aVIcX6zWEh
1xIvgbXWJEixeqXt1kfraWGAtgi0sYXH3DrBhejJHXp8zCt1IunPsWAFgdh1TqX/
pEWiwcGHHBENFEqx/Sk4DWUf0zj0uEtnLWvEsjQoM6aq7wfResQgxfq8ovg0qcQX
0MAWhEeQqzksgx5yjPPciN2HQ4XYHgEXjPpbSofIfc16rTTc1fn50JkRqwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGcQT3CzJr2tW2D6N4kZDa1JLwh5MB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvWnhCUGNMTW12YTFiWVBvM2lSa05yVWt2Q0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAZBAIAATATAwQHTUaAMAsD
BAbB28ADAwDB3DANBAIAAjAHAwUDKgJmADANBgkqhkiG9w0BAQsFAAOCAQEAIwT+
wh1Mull+GkhJEWGC5WLOsjUcCSxvwaG+O89urS9Yk+7+Z+l/F5y4vERFBjpvYDiO
TAR/Va5g0q/Bultqj97IxrGkjjLkS4t7D+WnJa9xNFkG7LUJIG+X++BzmG6BqM5F
+HGPJknUKe5XsyDcwBIH2QQK9kgHTz4Npv7UYsaXuk/v0PrfZhaLltr733kbU2rV
IehV8482MVz5gQsA3P45bhpETILRoePsk8bFJiXi3Iqf9g9oiGtiz/u5ebQSwimf
FAEZpUmmISopZPNydAk9O4WadPr6jCqO1wVcWIZlz+TirN2o6oRNn2xMInxFsNWJ
HOhBzEUgAKrM19SIlw==
-----END CERTIFICATE-----