Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/Pwf2qxI38qaDAb4m_E8rie4kB_g.roa
File:                     Pwf2qxI38qaDAb4m_E8rie4kB_g.roa (raw, json)
Hash identifier:          LMJOGltsFeHRkKdEMTJuVjNDgzGzwpIc02vmtE4VcSg=
Subject key identifier:   3F:07:F6:AB:12:37:F2:A6:83:01:BE:26:FC:4F:2B:89:EE:24:07:F8
Certificate issuer:       /CN=7fcad89df1bf99a36f290cc3ef0f1e7b4d027533
Certificate serial:       018FED55A21331F7C4A8E97206F3A022ACB4
Authority key identifier: 7F:CA:D8:9D:F1:BF:99:A3:6F:29:0C:C3:EF:0F:1E:7B:4D:02:75:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/Pwf2qxI38qaDAb4m_E8rie4kB_g.roa
Signing time:             Thu 06 Jun 2024 11:36:03 +0000
ROA not before:           Thu 06 Jun 2024 11:36:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211381
IP address blocks:        5.8.248.0/24 maxlen: 24
                          62.233.53.0/24 maxlen: 24
                          109.107.157.0/24 maxlen: 24
                          185.93.6.0/24 maxlen: 24
                          185.201.252.0/24 maxlen: 24
                          185.229.251.0/24 maxlen: 24
                          185.237.165.0/24 maxlen: 24
                          185.241.61.0/24 maxlen: 24
                          185.251.25.0/24 maxlen: 24
                          193.3.168.0/24 maxlen: 24
                          193.169.105.0/24 maxlen: 24
                          194.15.46.0/24 maxlen: 24
                          194.26.232.0/24 maxlen: 24
                          194.62.105.0/24 maxlen: 24
                          212.86.114.0/24 maxlen: 24
                          212.86.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 17 Jun 2024 13:06:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ed:55:a2:13:31:f7:c4:a8:e9:72:06:f3:a0:22:ac:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fcad89df1bf99a36f290cc3ef0f1e7b4d027533
        Validity
            Not Before: Jun  6 11:36:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f07f6ab1237f2a68301be26fc4f2b89ee2407f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8c:c0:9d:c7:b8:ca:13:e6:0b:00:b2:ae:a8:
                    10:6a:c5:f3:a2:05:e9:31:93:3c:1b:4d:55:ea:2e:
                    f4:e8:1b:ab:80:84:9c:37:f9:18:d1:db:6a:f9:ba:
                    f0:2e:57:9f:dc:63:7c:20:58:05:d9:d9:24:5e:8a:
                    69:24:e8:94:7a:3a:a1:93:55:fe:ca:dc:5e:f5:f8:
                    f5:7f:bd:8e:e1:da:8e:e9:e5:cb:e9:fd:11:9e:9d:
                    0d:cc:1c:14:9f:07:86:69:d9:0e:55:7f:d1:e2:c4:
                    44:c0:93:3a:3e:21:10:2e:4a:89:a5:71:56:1c:7e:
                    a0:77:7c:d6:91:86:69:0a:1c:1f:f6:14:8a:8e:31:
                    18:9d:83:48:86:46:67:8e:d0:74:60:4f:f5:61:29:
                    e7:9b:b3:af:bd:0a:3d:8a:22:48:63:59:4e:fd:39:
                    16:d9:5c:9e:14:47:d1:13:81:0f:b6:59:e1:83:05:
                    a7:64:77:91:83:c7:f6:37:80:ab:ec:85:de:94:5b:
                    b9:5e:e4:6f:d2:e9:29:d9:70:fe:a0:24:a6:b0:2b:
                    37:4a:05:89:7d:74:f2:55:68:7e:45:9b:9d:e9:11:
                    56:70:2a:e5:9f:0c:35:06:c2:d6:f5:a1:c3:f3:3b:
                    79:a1:8a:a9:69:51:39:b5:61:4b:4f:d5:f8:b0:9f:
                    d2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:07:F6:AB:12:37:F2:A6:83:01:BE:26:FC:4F:2B:89:EE:24:07:F8
            X509v3 Authority Key Identifier:
                keyid:7F:CA:D8:9D:F1:BF:99:A3:6F:29:0C:C3:EF:0F:1E:7B:4D:02:75:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/Pwf2qxI38qaDAb4m_E8rie4kB_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/f8rYnfG_maNvKQzD7w8ee00CdTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.248.0/24
                  62.233.53.0/24
                  109.107.157.0/24
                  185.93.6.0/24
                  185.201.252.0/24
                  185.229.251.0/24
                  185.237.165.0/24
                  185.241.61.0/24
                  185.251.25.0/24
                  193.3.168.0/24
                  193.169.105.0/24
                  194.15.46.0/24
                  194.26.232.0/24
                  194.62.105.0/24
                  212.86.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:bb:16:5e:06:6b:51:fa:7a:2b:ee:f0:aa:1c:6f:b4:9a:15:
         0f:ce:4d:d1:ee:78:db:9f:d3:0d:2d:75:24:95:a6:ff:eb:dd:
         14:a5:16:63:34:c7:fa:c8:ed:66:12:c1:d4:98:ca:94:cc:da:
         72:3f:04:8e:67:1b:9c:10:1a:c9:1a:87:2d:3c:b8:c4:3e:7d:
         e8:56:7c:10:ac:b2:4f:28:a6:06:59:b4:ee:6c:40:6e:8e:ea:
         db:22:be:cd:aa:7b:e2:da:ce:d2:af:15:86:bb:1b:50:6a:69:
         3c:0e:f6:41:83:fe:bc:d6:06:7b:bb:c5:f5:a9:96:65:48:d1:
         a8:c4:6d:21:e0:1e:e9:2d:84:ba:97:a5:28:2f:88:ce:cf:16:
         5a:30:c0:b9:d3:b6:b0:1a:45:5d:ec:f4:da:7d:ff:fd:1b:dd:
         a1:ed:7d:8a:09:16:dd:39:a8:d4:c0:95:27:ba:a5:cb:c5:81:
         03:9a:46:67:40:37:32:9a:ba:8c:64:f2:fd:6c:5e:3a:d0:63:
         8f:53:83:d7:aa:c9:88:55:c5:bf:62:76:9b:cd:61:11:0e:94:
         48:5c:47:5c:d6:d5:e3:79:72:fd:e8:d8:0b:f5:52:d7:2a:0c:
         6d:70:3c:17:8d:66:44:89:bb:e4:6c:bf:db:f0:e5:2f:8e:de:
         7c:0b:86:41
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY/tVaITMffEqOlyBvOgIqy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmY2FkODlkZjFiZjk5YTM2ZjI5MGNjM2VmMGYxZTdiNGQw
Mjc1MzMwHhcNMjQwNjA2MTEzNjAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjA3ZjZhYjEyMzdmMmE2ODMwMWJlMjZmYzRmMmI4OWVlMjQwN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiozAnce4yhPmCwCyrqgQasXzogXp
MZM8G01V6i706BurgIScN/kY0dtq+brwLlef3GN8IFgF2dkkXoppJOiUejqhk1X+
ytxe9fj1f72O4dqO6eXL6f0Rnp0NzBwUnweGadkOVX/R4sREwJM6PiEQLkqJpXFW
HH6gd3zWkYZpChwf9hSKjjEYnYNIhkZnjtB0YE/1YSnnm7OvvQo9iiJIY1lO/TkW
2VyeFEfRE4EPtlnhgwWnZHeRg8f2N4Cr7IXelFu5XuRv0ukp2XD+oCSmsCs3SgWJ
fXTyVWh+RZud6RFWcCrlnww1BsLW9aHD8zt5oYqpaVE5tWFLT9X4sJ/SnQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFD8H9qsSN/KmgwG+JvxPK4nuJAf4MB8GA1UdIwQY
MBaAFH/K2J3xv5mjbykMw+8PHntNAnUzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjhyWW5mR19tYU52S1F6RDd3OGVlMDBDZFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85ZjhiMTYtMjg0Zi00NTEyLWIzZGMt
MDE1ZDlmMWI0YjUwLzEvUHdmMnF4STM4cWFEQWI0bV9FOHJpZTRrQl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85ZjhiMTYtMjg0Zi00NTEyLWIzZGMtMDE1ZDlmMWI0YjUw
LzEvZjhyWW5mR19tYU52S1F6RDd3OGVlMDBDZFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQABQj4AwQA
Puk1AwQAbWudAwQAuV0GAwQAucn8AwQAueX7AwQAue2lAwQAufE9AwQAufsZAwQA
wQOoAwQAwalpAwQAwg8uAwQAwhroAwQAwj5pAwQB1FZyMA0GCSqGSIb3DQEBCwUA
A4IBAQBiuxZeBmtR+nor7vCqHG+0mhUPzk3R7njbn9MNLXUklab/690UpRZjNMf6
yO1mEsHUmMqUzNpyPwSOZxucEBrJGoctPLjEPn3oVnwQrLJPKKYGWbTubEBujurb
Ir7Nqnvi2s7SrxWGuxtQamk8DvZBg/681gZ7u8X1qZZlSNGoxG0h4B7pLYS6l6Uo
L4jOzxZaMMC507awGkVd7PTaff/9G92h7X2KCRbdOajUwJUnuqXLxYEDmkZnQDcy
mrqMZPL9bF460GOPU4PXqsmIVcW/YnabzWERDpRIXEdc1tXjeXL96NgL9VLXKgxt
cDwXjWZEibvkbL/b8OUvjt58C4ZB
-----END CERTIFICATE-----