Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/600aea-9ea5-4c67-a602-ab1a87ecdf1b/1/LExM0jQ5KpsYJMP9qFNSOLyrdP4.roa
File:                     LExM0jQ5KpsYJMP9qFNSOLyrdP4.roa (raw, json)
Hash identifier:          GTePK5q+0t7t0Q0bUeOb2BSuwtpzS10cuUhr1g1X6LE=
Subject key identifier:   2C:4C:4C:D2:34:39:2A:9B:18:24:C3:FD:A8:53:52:38:BC:AB:74:FE
Certificate issuer:       /CN=48e06a351a5189bcdc44840948dbfb40abf58be5
Certificate serial:       0192DCC23091CC8D3AD3C025B996E19C8264
Authority key identifier: 48:E0:6A:35:1A:51:89:BC:DC:44:84:09:48:DB:FB:40:AB:F5:8B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SOBqNRpRibzcRIQJSNv7QKv1i-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/600aea-9ea5-4c67-a602-ab1a87ecdf1b/1/LExM0jQ5KpsYJMP9qFNSOLyrdP4.roa
Signing time:             Wed 30 Oct 2024 09:29:26 +0000
ROA not before:           Wed 30 Oct 2024 09:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57811
IP address blocks:        185.73.211.0/24 maxlen: 24
                          188.64.80.0/23 maxlen: 23
                          188.64.82.0/24 maxlen: 24
                          188.64.83.0/24 maxlen: 24
                          188.64.84.0/24 maxlen: 24
                          188.64.85.0/24 maxlen: 24
                          188.64.86.0/24 maxlen: 24
                          188.64.87.0/24 maxlen: 24
                          2a00:8dc0::/32 maxlen: 48
                          2a00:8dc0::/40 maxlen: 40
                          2a00:8dc0:1000::/40 maxlen: 40
                          2a00:8dc0:1100::/40 maxlen: 40
                          2a00:8dc0:1200::/40 maxlen: 40
                          2a00:8dc0:1300::/40 maxlen: 40
                          2a00:8dc0:1400::/40 maxlen: 40
                          2a00:8dc0:1500::/40 maxlen: 40
                          2a00:8dc0:1600::/40 maxlen: 40
                          2a00:8dc0:aa00::/48 maxlen: 48
                          2a00:8dc0:b000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 13:49:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dc:c2:30:91:cc:8d:3a:d3:c0:25:b9:96:e1:9c:82:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48e06a351a5189bcdc44840948dbfb40abf58be5
        Validity
            Not Before: Oct 30 09:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c4c4cd234392a9b1824c3fda8535238bcab74fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:fd:5f:da:cd:4f:74:1c:c4:f1:c2:9f:31:31:
                    73:f5:05:d2:53:de:5f:93:01:28:81:58:a0:a3:0b:
                    51:aa:3d:ee:f5:5e:ba:a6:2c:ff:32:e4:e1:0b:0c:
                    12:c0:2a:95:b0:d9:00:f0:d2:8f:e6:25:74:b1:7d:
                    ac:34:43:c7:46:e7:d5:fb:d8:42:72:0f:6e:92:19:
                    32:86:f5:43:76:2a:b1:c6:cf:fb:32:b8:f3:83:18:
                    1a:db:c3:d0:f4:07:2e:f5:1d:07:9f:af:81:50:b3:
                    da:6a:ba:c8:67:67:32:3a:0d:5b:98:3f:cf:de:3d:
                    af:44:6c:1d:d3:7e:92:d2:69:51:6b:1e:8b:8c:88:
                    af:3f:f3:bc:b4:22:c6:7a:21:71:77:32:5a:12:55:
                    4d:83:57:d0:37:b7:51:cf:e3:48:72:d0:38:e3:18:
                    75:3f:88:55:ec:6f:4d:d9:9c:f7:a2:f9:b5:f6:cc:
                    97:46:56:56:55:11:f3:9a:2a:0d:df:9e:f6:78:8e:
                    31:96:9d:46:af:71:3d:ae:5d:ff:23:ba:2c:ec:0c:
                    d7:30:c1:32:69:cf:c2:cf:e7:d5:7a:d7:f4:e6:61:
                    ea:da:d8:3d:78:7e:db:0a:25:a9:8f:46:6d:a9:c0:
                    0f:21:aa:31:00:30:6c:1c:10:0a:cf:78:02:d5:73:
                    e6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4C:4C:D2:34:39:2A:9B:18:24:C3:FD:A8:53:52:38:BC:AB:74:FE
            X509v3 Authority Key Identifier:
                keyid:48:E0:6A:35:1A:51:89:BC:DC:44:84:09:48:DB:FB:40:AB:F5:8B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SOBqNRpRibzcRIQJSNv7QKv1i-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/600aea-9ea5-4c67-a602-ab1a87ecdf1b/1/LExM0jQ5KpsYJMP9qFNSOLyrdP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/600aea-9ea5-4c67-a602-ab1a87ecdf1b/1/SOBqNRpRibzcRIQJSNv7QKv1i-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.211.0/24
                  188.64.80.0/21
                IPv6:
                  2a00:8dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:86:2c:a7:59:12:61:60:fb:0f:93:77:12:96:ed:d9:53:67:
         d2:51:f3:d0:52:a0:65:ec:51:4a:6c:0b:77:4c:70:a6:ec:4e:
         65:7d:07:2a:5f:53:57:b7:26:8d:ba:7a:ec:c2:b5:f9:1c:b9:
         88:e7:c6:64:21:4e:17:79:ad:47:58:bc:12:ec:dd:a6:79:63:
         c5:e2:90:36:57:ab:30:0a:30:9d:79:d9:62:30:3e:48:30:82:
         26:9a:6a:97:4e:02:fb:5c:d2:e7:f7:33:ac:10:b2:df:e7:b9:
         79:af:ab:a2:14:96:87:7c:65:56:c7:67:18:7f:2c:8d:14:ad:
         1f:47:44:fd:95:b4:b0:ef:14:fb:ae:ed:5c:06:31:3f:8d:28:
         5c:16:56:bd:d6:11:cc:a6:bf:d2:6f:aa:03:7c:ec:24:e2:db:
         7e:dc:a9:5a:ae:cd:04:cd:d1:1f:ca:36:a8:69:30:d8:c2:79:
         72:ae:95:7e:ed:de:10:a0:ea:c1:cb:31:5a:a7:d2:2e:b9:a4:
         ff:c8:49:03:a1:26:ea:b9:2c:50:3c:4e:17:22:d8:e0:09:9e:
         aa:d2:3c:b0:e7:3f:98:30:c6:2c:5d:82:ec:0b:08:f0:fb:f7:
         44:52:cf:5d:39:a6:4e:b5:ea:fb:a4:26:d4:c2:3e:8a:88:90:
         4c:3c:ad:01
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZLcwjCRzI0608AluZbhnIJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZTA2YTM1MWE1MTg5YmNkYzQ0ODQwOTQ4ZGJmYjQwYWJm
NThiZTUwHhcNMjQxMDMwMDkyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzRjNGNkMjM0MzkyYTliMTgyNGMzZmRhODUzNTIzOGJjYWI3NGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3f1f2s1PdBzE8cKfMTFz9QXSU95f
kwEogVigowtRqj3u9V66piz/MuThCwwSwCqVsNkA8NKP5iV0sX2sNEPHRufV+9hC
cg9ukhkyhvVDdiqxxs/7Mrjzgxga28PQ9Acu9R0Hn6+BULPaarrIZ2cyOg1bmD/P
3j2vRGwd036S0mlRax6LjIivP/O8tCLGeiFxdzJaElVNg1fQN7dRz+NIctA44xh1
P4hV7G9N2Zz3ovm19syXRlZWVRHzmioN3572eI4xlp1Gr3E9rl3/I7os7AzXMMEy
ac/Cz+fVetf05mHq2tg9eH7bCiWpj0ZtqcAPIaoxADBsHBAKz3gC1XPmQQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCxMTNI0OSqbGCTD/ahTUji8q3T+MB8GA1UdIwQY
MBaAFEjgajUaUYm83ESECUjb+0Cr9YvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU09CcU5ScFJpYnpjUklRSlNOdjdRS3YxaS1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82MDBhZWEtOWVhNS00YzY3LWE2MDIt
YWIxYTg3ZWNkZjFiLzEvTEV4TTBqUTVLcHNZSk1QOXFGTlNPTHlyZFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82MDBhZWEtOWVhNS00YzY3LWE2MDItYWIxYTg3ZWNkZjFi
LzEvU09CcU5ScFJpYnpjUklRSlNOdjdRS3YxaS1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuUnTAwQD
vEBQMA0EAgACMAcDBQAqAI3AMA0GCSqGSIb3DQEBCwUAA4IBAQAthiynWRJhYPsP
k3cSlu3ZU2fSUfPQUqBl7FFKbAt3THCm7E5lfQcqX1NXtyaNunrswrX5HLmI58Zk
IU4Xea1HWLwS7N2meWPF4pA2V6swCjCdedliMD5IMIImmmqXTgL7XNLn9zOsELLf
57l5r6uiFJaHfGVWx2cYfyyNFK0fR0T9lbSw7xT7ru1cBjE/jShcFla91hHMpr/S
b6oDfOwk4tt+3Klars0EzdEfyjaoaTDYwnlyrpV+7d4QoOrByzFap9IuuaT/yEkD
oSbquSxQPE4XItjgCZ6q0jyw5z+YMMYsXYLsCwjw+/dEUs9dOaZOter7pCbUwj6K
iJBMPK0B
-----END CERTIFICATE-----