Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/EgeYB6qdeGZdPsmu8KasxN7aul4.roa
File:                     EgeYB6qdeGZdPsmu8KasxN7aul4.roa (raw, json)
Hash identifier:          I+gXtoP/zE+NW1OYjvHgJU7koi21jx6i/TpHNDYqf/M=
Subject key identifier:   12:07:98:07:AA:9D:78:66:5D:3E:C9:AE:F0:A6:AC:C4:DE:DA:BA:5E
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019386CAAE46127C2FF1F5EB5E4F65967C6E
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/EgeYB6qdeGZdPsmu8KasxN7aul4.roa
Signing time:             Mon 02 Dec 2024 09:54:10 +0000
ROA not before:           Mon 02 Dec 2024 09:54:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        31.210.46.0/24 maxlen: 24
                          31.210.50.0/24 maxlen: 24
                          31.210.51.0/24 maxlen: 24
                          31.210.53.0/24 maxlen: 24
                          31.210.54.0/24 maxlen: 24
                          77.92.148.0/24 maxlen: 24
                          78.135.78.0/24 maxlen: 24
                          188.132.170.0/24 maxlen: 24
                          188.132.215.0/24 maxlen: 24
                          188.132.227.0/24 maxlen: 24
                          188.132.228.0/24 maxlen: 24
                          188.132.229.0/24 maxlen: 24
                          212.68.36.0/24 maxlen: 24
                          212.68.49.0/24 maxlen: 24
                          212.68.56.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 14 Dec 2024 21:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:86:ca:ae:46:12:7c:2f:f1:f5:eb:5e:4f:65:96:7c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Dec  2 09:54:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12079807aa9d78665d3ec9aef0a6acc4dedaba5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:32:82:ff:03:8c:ae:b8:3f:ea:39:8b:5e:62:
                    de:97:58:fd:07:cd:ab:df:ea:1f:ff:ed:6e:63:0c:
                    5b:6e:96:da:2e:e9:66:70:21:51:9e:e4:90:8f:f8:
                    67:1e:cb:b9:21:5f:bb:c4:80:66:77:4b:56:6e:72:
                    13:f0:e4:d5:e4:e1:ca:00:b5:07:69:92:cf:dc:4e:
                    ac:5c:62:90:26:ca:aa:75:89:73:63:b2:c6:08:bc:
                    31:92:6f:67:49:9e:d0:7c:6d:6d:76:59:a7:e7:00:
                    b2:38:4b:5d:6a:58:fd:96:52:63:bb:7b:64:5b:dc:
                    5d:92:b3:c3:e1:37:78:dc:37:a3:55:1b:8d:d0:c3:
                    1b:bd:75:1c:aa:1f:48:8f:f3:88:79:bb:57:c4:5d:
                    aa:80:b7:10:d8:b9:30:bf:10:7c:2b:0b:09:c4:1b:
                    ac:93:7f:3c:34:54:53:12:af:aa:b9:c5:0a:c4:01:
                    de:74:d6:09:25:db:49:62:3b:c3:df:dd:fb:1e:43:
                    67:ff:ff:0a:58:ce:55:ec:f9:5e:59:d1:ce:d9:13:
                    4a:a7:a1:9e:76:29:5c:ad:dd:15:8e:64:1d:e4:20:
                    25:1b:3c:8d:b2:af:90:da:7f:9c:46:af:f5:95:5d:
                    b6:ec:f3:ee:bf:23:7b:1e:b3:6d:b0:d1:7f:0e:cf:
                    0c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:07:98:07:AA:9D:78:66:5D:3E:C9:AE:F0:A6:AC:C4:DE:DA:BA:5E
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/EgeYB6qdeGZdPsmu8KasxN7aul4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.46.0/24
                  31.210.50.0/23
                  31.210.53.0-31.210.54.255
                  77.92.148.0/24
                  78.135.78.0/24
                  188.132.170.0/24
                  188.132.215.0/24
                  188.132.227.0-188.132.229.255
                  212.68.36.0/24
                  212.68.49.0/24
                  212.68.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:d4:6e:cd:c7:0e:f5:b6:2c:8e:00:03:aa:a3:c2:63:e8:50:
         25:49:3d:7e:33:6c:37:a4:aa:be:55:b2:4f:d9:61:ce:b3:aa:
         a1:b3:7e:c5:2d:41:a8:f4:01:b1:ff:b1:ba:58:ca:43:79:c2:
         41:ae:13:dc:69:8e:bc:9c:ac:b0:68:98:ec:51:b4:b8:75:85:
         26:8f:85:b8:4a:7a:d1:b5:b1:bb:3d:c4:72:77:f8:45:97:19:
         d4:ae:bd:ed:d1:b6:bd:11:ed:ff:97:9b:a5:4d:14:57:3e:e2:
         85:80:7c:4d:e9:63:b0:bb:44:19:98:0c:2c:80:02:e3:fc:e0:
         02:6b:6b:67:03:d2:97:e7:c6:98:54:50:b0:ac:f0:4e:90:5f:
         02:11:9a:77:cf:b9:e8:e8:41:5d:73:46:19:5c:8a:01:75:dc:
         5d:c1:95:bc:f1:b0:fd:4a:79:40:0e:1c:84:23:d5:43:72:14:
         90:bc:55:7c:69:1d:93:70:66:7c:b1:66:de:a1:02:14:d4:b4:
         c9:d2:a1:d0:c9:96:25:1a:a9:67:69:be:e3:44:1b:ce:f6:95:
         8b:0d:4d:bd:f0:79:0c:f3:cf:27:b1:44:2b:17:b2:83:33:b0:
         da:18:e0:b4:7c:e0:8d:80:ba:5c:eb:c3:bb:11:53:a3:f4:a7:
         fb:7e:5f:93
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZOGyq5GEnwv8fXrXk9llnxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQxMjAyMDk1NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjA3OTgwN2FhOWQ3ODY2NWQzZWM5YWVmMGE2YWNjNGRlZGFiYTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDKC/wOMrrg/6jmLXmLel1j9B82r
3+of/+1uYwxbbpbaLulmcCFRnuSQj/hnHsu5IV+7xIBmd0tWbnIT8OTV5OHKALUH
aZLP3E6sXGKQJsqqdYlzY7LGCLwxkm9nSZ7QfG1tdlmn5wCyOEtdalj9llJju3tk
W9xdkrPD4Td43DejVRuN0MMbvXUcqh9Ij/OIebtXxF2qgLcQ2LkwvxB8KwsJxBus
k388NFRTEq+qucUKxAHedNYJJdtJYjvD3937HkNn//8KWM5V7PleWdHO2RNKp6Ge
dilcrd0VjmQd5CAlGzyNsq+Q2n+cRq/1lV227PPuvyN7HrNtsNF/Ds8MJQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFBIHmAeqnXhmXT7JrvCmrMTe2rpeMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvRWdlWUI2cWRlR1pkUHNtdThLYXN4TjdhdWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAH9IuAwQB
H9IyMAwDBAAf0jUDBAAf0jYDBABNXJQDBABOh04DBAC8hKoDBAC8hNcwDAMEALyE
4wMEAbyE5AMEANREJAMEANREMQMEANREODANBgkqhkiG9w0BAQsFAAOCAQEAadRu
zccO9bYsjgADqqPCY+hQJUk9fjNsN6SqvlWyT9lhzrOqobN+xS1BqPQBsf+xuljK
Q3nCQa4T3GmOvJyssGiY7FG0uHWFJo+FuEp60bWxuz3Ecnf4RZcZ1K697dG2vRHt
/5ebpU0UVz7ihYB8TeljsLtEGZgMLIAC4/zgAmtrZwPSl+fGmFRQsKzwTpBfAhGa
d8+56OhBXXNGGVyKAXXcXcGVvPGw/Up5QA4chCPVQ3IUkLxVfGkdk3BmfLFm3qEC
FNS0ydKh0MmWJRqpZ2m+40QbzvaViw1NvfB5DPPPJ7FEKxeygzOw2hjgtHzgjYC6
XOvDuxFTo/Sn+35fkw==
-----END CERTIFICATE-----