Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/PdgK5GOH305BsFcaZXMkWjGa650.roa
File:                     PdgK5GOH305BsFcaZXMkWjGa650.roa (raw, json)
Hash identifier:          xUvP8un09B0BxCRglsqdAO7sQnd2JcBe6zvySI7fKa8=
Subject key identifier:   3D:D8:0A:E4:63:87:DF:4E:41:B0:57:1A:65:73:24:5A:31:9A:EB:9D
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0192F6BE06317B18E92230267565F002929B
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/PdgK5GOH305BsFcaZXMkWjGa650.roa
Signing time:             Mon 04 Nov 2024 10:35:01 +0000
ROA not before:           Mon 04 Nov 2024 10:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.148.0/22 maxlen: 24
                          77.47.212.0/23 maxlen: 24
                          77.47.240.0/23 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.136.0/22 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.146.0/24 maxlen: 24
                          195.178.147.0/24 maxlen: 24
                          195.178.148.0/23 maxlen: 24
                          195.178.151.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 05 Nov 2024 06:11:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f6:be:06:31:7b:18:e9:22:30:26:75:65:f0:02:92:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Nov  4 10:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dd80ae46387df4e41b0571a6573245a319aeb9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e8:26:8a:22:ce:52:66:55:c9:84:dc:37:35:
                    1b:15:27:fa:37:3e:fa:cd:dd:c5:33:bd:0b:e0:20:
                    dc:58:0d:0d:0b:17:59:f6:91:aa:ab:dc:6e:5d:78:
                    f8:25:61:3b:29:a2:7c:a8:61:71:d0:26:5b:8e:b6:
                    2c:fd:17:e8:a2:68:25:fa:44:f9:ba:74:07:bd:ca:
                    1e:12:98:eb:40:70:bc:d7:53:13:3d:b6:7d:c8:eb:
                    21:72:14:76:9d:be:87:e8:d5:70:18:29:d5:4c:4a:
                    31:1c:5d:8a:62:5b:14:a8:f9:b7:72:22:42:15:1e:
                    78:df:e5:5a:0a:62:fd:d8:fb:61:88:de:c7:72:c3:
                    e6:53:e7:9d:d5:8e:99:49:de:27:68:7f:2b:c3:0e:
                    62:ea:1c:14:df:cc:92:94:c1:4a:d9:a4:6a:8f:bb:
                    c0:38:81:33:1e:03:a6:59:4d:a2:ba:f9:48:38:7b:
                    2f:8a:dc:57:e2:69:c8:4e:53:2c:15:12:d8:72:09:
                    48:9a:af:61:e4:0c:0d:5b:be:5e:2d:ac:f4:fb:ef:
                    36:dd:6a:75:71:75:ee:6b:60:46:c9:71:2e:63:8c:
                    8e:07:73:e1:89:29:9b:5e:0a:eb:de:4d:57:0c:da:
                    6a:a1:00:c8:e7:58:fc:4e:85:b4:d3:de:4e:ea:08:
                    8a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D8:0A:E4:63:87:DF:4E:41:B0:57:1A:65:73:24:5A:31:9A:EB:9D
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/PdgK5GOH305BsFcaZXMkWjGa650.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.148.0/22
                  77.47.212.0/23
                  77.47.240.0/23
                  185.143.56.0/22
                  195.178.132.0-195.178.139.255
                  195.178.144.0-195.178.149.255
                  195.178.151.0-195.178.156.255
                  212.111.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:91:ec:92:34:f2:b0:f0:77:10:bd:de:8c:6d:08:7f:1d:8c:
         8a:a7:26:05:21:71:95:27:e4:6c:8e:25:e4:e7:be:c5:90:35:
         c6:c1:8b:e1:8e:b2:9a:9f:ef:21:e7:88:29:05:9d:34:31:5a:
         3e:83:9d:a5:d0:2d:b1:7c:35:44:b9:dd:5d:ea:5f:26:3c:e0:
         9d:6c:06:8c:23:50:ed:a4:e0:e7:88:da:d1:49:26:34:4f:64:
         8c:5b:58:3f:9f:54:66:3e:10:e9:2a:ff:08:61:0d:4d:86:f9:
         b8:8c:b7:27:ba:0b:d6:15:f7:00:eb:08:e2:1f:e6:56:02:50:
         9d:c1:77:34:5e:64:10:e8:2e:51:ca:c6:d0:f4:8d:cc:81:f3:
         28:b9:0a:ad:1e:84:79:84:44:d1:82:89:9e:6e:c2:ad:5f:ff:
         5a:34:09:d7:95:f3:80:8f:27:42:31:ca:be:33:cc:04:75:04:
         d9:c9:c5:53:0e:27:96:2f:de:60:30:30:8f:e8:85:25:1f:d7:
         1a:ec:b5:a1:a8:d5:c7:5f:8f:99:de:15:87:5a:5f:24:33:de:
         00:2a:f3:09:3e:95:73:15:9e:f3:37:f1:17:78:2c:f6:0a:83:
         d3:81:be:8d:79:fb:53:98:a3:8d:e7:d5:b7:12:8c:cc:81:db:
         a5:3e:7d:48
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZL2vgYxexjpIjAmdWXwApKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQxMTA0MTAzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ4MGFlNDYzODdkZjRlNDFiMDU3MWE2NTczMjQ1YTMxOWFlYjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoegmiiLOUmZVyYTcNzUbFSf6Nz76
zd3FM70L4CDcWA0NCxdZ9pGqq9xuXXj4JWE7KaJ8qGFx0CZbjrYs/Rfoomgl+kT5
unQHvcoeEpjrQHC811MTPbZ9yOshchR2nb6H6NVwGCnVTEoxHF2KYlsUqPm3ciJC
FR543+VaCmL92PthiN7HcsPmU+ed1Y6ZSd4naH8rww5i6hwU38ySlMFK2aRqj7vA
OIEzHgOmWU2iuvlIOHsvitxX4mnITlMsFRLYcglImq9h5AwNW75eLaz0++823Wp1
cXXua2BGyXEuY4yOB3PhiSmbXgrr3k1XDNpqoQDI51j8ToW0095O6giKjwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFD3YCuRjh99OQbBXGmVzJFoxmuudMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvUGRnSzVHT0gzMDVCc0ZjYVpYTWtXakdhNjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCTS+UAwQB
TS/UAwQBTS/wAwQCuY84MAwDBALDsoQDBALDsogwDAMEBMOykAMEAcOylDAMAwQA
w7KXAwQAw7KcAwQA1G/PMA0GCSqGSIb3DQEBCwUAA4IBAQCvkeySNPKw8HcQvd6M
bQh/HYyKpyYFIXGVJ+RsjiXk577FkDXGwYvhjrKan+8h54gpBZ00MVo+g52l0C2x
fDVEud1d6l8mPOCdbAaMI1DtpODniNrRSSY0T2SMW1g/n1RmPhDpKv8IYQ1Nhvm4
jLcnugvWFfcA6wjiH+ZWAlCdwXc0XmQQ6C5RysbQ9I3MgfMouQqtHoR5hETRgome
bsKtX/9aNAnXlfOAjydCMcq+M8wEdQTZycVTDieWL95gMDCP6IUlH9ca7LWhqNXH
X4+Z3hWHWl8kM94AKvMJPpVzFZ7zN/EXeCz2CoPTgb6NeftTmKON59W3EozMgdul
Pn1I
-----END CERTIFICATE-----