Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/uoAZ_fMvWzQ04q81CF34ra-8PEA.roa
File:                     uoAZ_fMvWzQ04q81CF34ra-8PEA.roa (raw, json)
Hash identifier:          sd0KY+bxwMdcpJUyy6qp7LZRaZHAbh9W+HqEIZ4G2bY=
Subject key identifier:   BA:80:19:FD:F3:2F:5B:34:34:E2:AF:35:08:5D:F8:AD:AF:BC:3C:40
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       01920B10941AFE0AA6089C6312EB80D38368
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/uoAZ_fMvWzQ04q81CF34ra-8PEA.roa
Signing time:             Thu 19 Sep 2024 16:14:48 +0000
ROA not before:           Thu 19 Sep 2024 16:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.240.0/23 maxlen: 24
                          77.47.244.0/22 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.136.0/22 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.146.0/24 maxlen: 24
                          195.178.147.0/24 maxlen: 24
                          195.178.148.0/23 maxlen: 24
                          195.178.151.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24
                          212.111.216.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 20 Sep 2024 06:42:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0b:10:94:1a:fe:0a:a6:08:9c:63:12:eb:80:d3:83:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Sep 19 16:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba8019fdf32f5b3434e2af35085df8adafbc3c40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9c:a5:f1:22:c8:55:3a:b6:8f:9d:bb:47:c1:
                    44:a2:d5:d6:2a:82:03:ac:46:46:36:8e:ec:b4:d3:
                    28:b1:f9:6b:37:9a:8e:bc:98:2c:5a:e5:75:fc:3b:
                    d7:46:7f:75:32:25:d8:08:df:8a:0c:64:f5:18:e6:
                    34:a6:bf:e7:5c:d2:2e:bf:15:8c:ac:37:d6:83:24:
                    75:e9:8c:a8:80:ba:59:8d:bf:11:85:f4:30:69:e7:
                    9d:48:bf:93:99:58:87:db:10:25:0d:be:34:a3:57:
                    1a:cf:d0:4d:ff:fc:79:54:53:28:f0:99:45:cd:27:
                    0d:f5:b5:23:77:fd:83:c1:fa:c0:fb:e5:53:00:32:
                    67:38:6e:8e:a3:13:be:21:24:14:1f:be:14:82:60:
                    dc:db:a2:12:06:4a:09:2a:2d:50:a3:95:65:77:c8:
                    02:17:0d:92:7a:17:59:e1:59:d7:94:85:de:72:ca:
                    23:2a:87:6b:b5:47:2e:44:41:f3:64:9e:08:ef:44:
                    12:54:c9:f4:58:75:8b:a6:75:fe:d9:90:dd:d6:1e:
                    97:86:e1:6a:41:f4:60:e8:4a:04:23:68:26:e6:e4:
                    c5:5b:3e:e1:33:cf:fe:c4:ea:31:54:96:b4:98:b9:
                    0c:76:df:f5:82:67:3d:d4:88:58:a4:69:93:e1:ef:
                    fa:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:80:19:FD:F3:2F:5B:34:34:E2:AF:35:08:5D:F8:AD:AF:BC:3C:40
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/uoAZ_fMvWzQ04q81CF34ra-8PEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.240.0/23
                  77.47.244.0/22
                  185.143.56.0/22
                  195.178.132.0-195.178.139.255
                  195.178.144.0-195.178.149.255
                  195.178.151.0-195.178.156.255
                  212.111.207.0/24
                  212.111.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:77:75:0a:77:f0:15:cd:fc:26:e4:85:f2:73:a7:ae:59:e8:
         d5:b4:11:7d:c4:22:bd:f1:90:b8:a7:53:d7:d6:6b:04:73:d6:
         ab:b6:82:58:bb:87:72:51:1a:86:8d:d4:65:81:69:56:40:aa:
         3b:cd:f6:28:1f:45:b8:03:8a:14:9e:a0:a9:1e:ce:b8:7a:ef:
         82:04:5a:40:6e:e4:b4:37:e7:0a:0d:c6:45:76:64:09:4a:e7:
         b6:9a:c3:e5:c5:67:15:5d:9b:c9:6e:1a:27:c1:aa:ad:a3:07:
         bf:2b:97:ad:49:ec:11:5c:07:95:55:48:ee:79:51:41:cc:c3:
         7b:81:05:be:cf:45:65:46:25:0e:a3:57:1e:4f:92:f9:80:52:
         8a:b4:4c:41:d3:5f:f2:be:1d:2e:a7:1d:5f:3c:40:7f:4f:ee:
         2f:8a:96:9e:01:60:c4:33:93:0e:9e:29:bf:4d:c2:c5:9a:f3:
         2a:68:8b:83:fe:fc:31:ff:95:7d:20:ac:35:c8:f8:f0:2a:7d:
         b7:34:0d:a9:c3:14:7f:46:50:21:20:78:9c:43:ae:4f:b4:b5:
         5a:5e:2a:28:c0:08:84:e5:9d:47:53:80:46:8c:0f:f7:b4:e8:
         3b:ac:d4:ed:04:58:bc:89:56:9d:df:bf:9b:45:16:db:63:ac:
         93:99:27:d4
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZILEJQa/gqmCJxjEuuA04NoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwOTE5MTYxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTgwMTlmZGYzMmY1YjM0MzRlMmFmMzUwODVkZjhhZGFmYmMzYzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Jyl8SLIVTq2j527R8FEotXWKoID
rEZGNo7stNMosflrN5qOvJgsWuV1/DvXRn91MiXYCN+KDGT1GOY0pr/nXNIuvxWM
rDfWgyR16YyogLpZjb8RhfQwaeedSL+TmViH2xAlDb40o1caz9BN//x5VFMo8JlF
zScN9bUjd/2DwfrA++VTADJnOG6OoxO+ISQUH74UgmDc26ISBkoJKi1Qo5Vld8gC
Fw2SehdZ4VnXlIXecsojKodrtUcuREHzZJ4I70QSVMn0WHWLpnX+2ZDd1h6XhuFq
QfRg6EoEI2gm5uTFWz7hM8/+xOoxVJa0mLkMdt/1gmc91IhYpGmT4e/6qQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLqAGf3zL1s0NOKvNQhd+K2vvDxAMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvdW9BWl9mTXZXelEwNHE4MUNGMzRyYS04UEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQBTS/wAwQC
TS/0AwQCuY84MAwDBALDsoQDBALDsogwDAMEBMOykAMEAcOylDAMAwQAw7KXAwQA
w7KcAwQA1G/PAwQA1G/YMA0GCSqGSIb3DQEBCwUAA4IBAQA5d3UKd/AVzfwm5IXy
c6euWejVtBF9xCK98ZC4p1PX1msEc9artoJYu4dyURqGjdRlgWlWQKo7zfYoH0W4
A4oUnqCpHs64eu+CBFpAbuS0N+cKDcZFdmQJSue2msPlxWcVXZvJbhonwaqtowe/
K5etSewRXAeVVUjueVFBzMN7gQW+z0VlRiUOo1ceT5L5gFKKtExB01/yvh0upx1f
PEB/T+4vipaeAWDEM5MOnim/TcLFmvMqaIuD/vwx/5V9IKw1yPjwKn23NA2pwxR/
RlAhIHicQ65PtLVaXioowAiE5Z1HU4BGjA/3tOg7rNTtBFi8iVad37+bRRbbY6yT
mSfU
-----END CERTIFICATE-----