Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/DxdX2q7pjVEPilWFe6lLCvFVa0A.roa
File:                     DxdX2q7pjVEPilWFe6lLCvFVa0A.roa (raw, json)
Hash identifier:          l2pQFWg2wpUFrve3G6jbzRVmoPzQiUh0EnxTmhsxtzw=
Subject key identifier:   0F:17:57:DA:AE:E9:8D:51:0F:8A:55:85:7B:A9:4B:0A:F1:55:6B:40
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0192E343260594F384549DC9B785379C00E3
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/DxdX2q7pjVEPilWFe6lLCvFVa0A.roa
Signing time:             Thu 31 Oct 2024 15:48:01 +0000
ROA not before:           Thu 31 Oct 2024 15:48:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.148.0/22 maxlen: 24
                          77.47.212.0/23 maxlen: 24
                          77.47.240.0/23 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.136.0/22 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.146.0/24 maxlen: 24
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 04 Nov 2024 10:35:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e3:43:26:05:94:f3:84:54:9d:c9:b7:85:37:9c:00:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Oct 31 15:48:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f1757daaee98d510f8a55857ba94b0af1556b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:3b:7d:5c:26:5b:e2:18:65:36:5a:9d:9c:e9:
                    bd:39:fd:46:9f:4b:a6:e0:1b:a0:9b:67:2a:5c:2e:
                    db:40:6b:d8:8a:f6:27:7b:a0:84:22:39:70:1b:45:
                    c6:5c:bd:bf:e1:d9:d9:7d:3b:3a:09:ea:cd:26:dd:
                    db:3a:35:e0:8b:e7:e3:2a:e8:59:11:82:7e:18:c5:
                    ef:04:fe:9c:45:a2:7c:0d:e6:d6:44:02:3c:0f:0c:
                    10:8c:a9:34:e6:2e:36:76:d1:70:99:2a:fe:19:20:
                    bb:6a:01:ff:08:8c:45:fa:39:78:75:65:af:c2:83:
                    63:32:0d:e6:aa:bd:f5:d4:25:85:6f:25:90:80:d0:
                    52:8c:2e:5a:c9:1a:33:3f:85:fe:5c:b3:82:79:f8:
                    80:06:b3:fe:fc:66:56:a1:46:4d:2d:9c:7d:d0:aa:
                    8d:62:a5:62:0f:dd:8a:17:66:51:cb:8d:56:9e:b8:
                    02:fd:4f:a5:50:bd:ae:87:ec:1c:75:a6:7c:e7:f7:
                    e8:b2:75:3b:7f:23:4a:0e:f5:2d:5c:ef:3b:10:35:
                    fa:e5:3e:20:d4:6a:07:37:b6:c2:d8:69:f4:b9:0b:
                    a6:5b:b7:60:4b:00:5e:64:7e:c5:2a:7b:7f:b9:34:
                    c8:62:fc:7a:91:7a:59:ba:2e:d0:69:d4:6a:4f:cf:
                    5e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:17:57:DA:AE:E9:8D:51:0F:8A:55:85:7B:A9:4B:0A:F1:55:6B:40
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/DxdX2q7pjVEPilWFe6lLCvFVa0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.148.0/22
                  77.47.212.0/23
                  77.47.240.0/23
                  185.143.56.0/22
                  195.178.132.0-195.178.139.255
                  195.178.144.0/22
                  195.178.152.0-195.178.156.255
                  212.111.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:c1:ca:9c:4b:7d:7e:28:b3:b7:25:ee:10:ba:09:8b:ec:c3:
         dc:69:e0:de:2c:4f:c8:48:26:20:bc:31:af:1f:4d:2d:85:da:
         df:a4:98:a7:2f:bb:8c:f8:ae:fe:e7:07:59:1a:c8:a2:a9:02:
         8e:9a:a6:df:3c:8d:b0:70:1d:4e:06:fc:8f:2e:56:da:50:cd:
         c8:4f:ae:bb:b9:dc:c7:6b:f0:92:87:af:42:f8:18:c8:41:c2:
         ce:fb:13:ad:55:ce:d1:aa:17:80:a5:df:a5:dd:e7:73:f8:8a:
         78:57:23:94:7e:e3:fb:9f:07:7a:40:fb:d9:49:e5:89:e5:6f:
         5d:7f:44:da:87:6f:56:62:17:2a:5f:ea:e8:e2:6a:d0:29:4e:
         c1:6c:2f:db:17:18:52:7e:fc:ed:a6:86:77:da:ce:5f:cf:4c:
         45:35:8c:ca:1b:0b:09:eb:04:4e:c8:54:14:54:50:c6:23:99:
         8d:c8:31:16:8b:9b:7a:55:a1:04:e3:12:8e:4f:ae:ba:1c:1c:
         1b:bb:32:ee:4e:97:22:33:44:74:7f:80:4d:c2:5f:d3:84:bf:
         bf:a8:69:bb:09:bf:43:82:35:1d:df:f7:4c:5c:8c:da:82:d4:
         bf:44:a9:44:b8:02:8b:7e:52:d4:40:f1:18:e3:d3:12:09:9b:
         51:17:28:1c
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZLjQyYFlPOEVJ3Jt4U3nADjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQxMDMxMTU0ODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjE3NTdkYWFlZTk4ZDUxMGY4YTU1ODU3YmE5NGIwYWYxNTU2YjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9jt9XCZb4hhlNlqdnOm9Of1Gn0um
4Bugm2cqXC7bQGvYivYne6CEIjlwG0XGXL2/4dnZfTs6CerNJt3bOjXgi+fjKuhZ
EYJ+GMXvBP6cRaJ8DebWRAI8DwwQjKk05i42dtFwmSr+GSC7agH/CIxF+jl4dWWv
woNjMg3mqr311CWFbyWQgNBSjC5ayRozP4X+XLOCefiABrP+/GZWoUZNLZx90KqN
YqViD92KF2ZRy41WnrgC/U+lUL2uh+wcdaZ85/fosnU7fyNKDvUtXO87EDX65T4g
1GoHN7bC2Gn0uQumW7dgSwBeZH7FKnt/uTTIYvx6kXpZui7QadRqT89eUwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFA8XV9qu6Y1RD4pVhXupSwrxVWtAMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvRHhkWDJxN3BqVkVQaWxXRmU2bExDdkZWYTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCTS+UAwQB
TS/UAwQBTS/wAwQCuY84MAwDBALDsoQDBALDsogDBALDspAwDAMEA8OymAMEAMOy
nAMEANRvzzANBgkqhkiG9w0BAQsFAAOCAQEAysHKnEt9fiiztyXuELoJi+zD3Gng
3ixPyEgmILwxrx9NLYXa36SYpy+7jPiu/ucHWRrIoqkCjpqm3zyNsHAdTgb8jy5W
2lDNyE+uu7ncx2vwkoevQvgYyEHCzvsTrVXO0aoXgKXfpd3nc/iKeFcjlH7j+58H
ekD72UnlieVvXX9E2odvVmIXKl/q6OJq0ClOwWwv2xcYUn787aaGd9rOX89MRTWM
yhsLCesETshUFFRQxiOZjcgxFoubelWhBOMSjk+uuhwcG7sy7k6XIjNEdH+ATcJf
04S/v6hpuwm/Q4I1Hd/3TFyM2oLUv0SpRLgCi35S1EDxGOPTEgmbURcoHA==
-----END CERTIFICATE-----