Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/H9ETR9uJxAxTaGtTEvYzmsu2z9g.roa
File:                     H9ETR9uJxAxTaGtTEvYzmsu2z9g.roa (raw, json)
Hash identifier:          Q8YhDNGI8pUXJGcar5ZbHfMWjIEWef2qZOQ5xPho0Nc=
Subject key identifier:   1F:D1:13:47:DB:89:C4:0C:53:68:6B:53:12:F6:33:9A:CB:B6:CF:D8
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018FD9C611FDE13A6438C8F2A2D73FA69927
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/H9ETR9uJxAxTaGtTEvYzmsu2z9g.roa
Signing time:             Sun 02 Jun 2024 16:26:27 +0000
ROA not before:           Sun 02 Jun 2024 16:26:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199839
IP address blocks:        31.24.249.0/24 maxlen: 32
                          2001:678:f30::/48 maxlen: 48
                          2a12:4940::/32 maxlen: 48
                          2a12:4942:174::/48 maxlen: 48
                          2a12:4942:4009::/48 maxlen: 48
                          2a12:4946:1600::/48 maxlen: 48
                          2a12:4946:1650::/48 maxlen: 48
                          2a12:4946:1655::/48 maxlen: 48
                          2a12:4946:1658::/48 maxlen: 48
                          2a12:4946:1700::/48 maxlen: 48
                          2a12:4946:1800::/48 maxlen: 48
                          2a12:4946:1900::/48 maxlen: 48
                          2a12:4946:3000::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 05 Jun 2024 16:49:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d9:c6:11:fd:e1:3a:64:38:c8:f2:a2:d7:3f:a6:99:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jun  2 16:26:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fd11347db89c40c53686b5312f6339acbb6cfd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:aa:23:a4:26:a8:98:fc:e6:65:0d:50:70:b0:
                    6d:8b:48:35:f4:e5:87:c9:68:29:e6:98:c8:a8:c3:
                    26:39:fe:75:98:a0:55:5d:80:b1:c1:c1:23:1c:47:
                    38:71:b3:53:7e:5c:21:b7:cc:0e:92:2d:6c:34:ee:
                    54:ac:b6:3c:bb:b7:8b:51:07:6a:80:7f:99:4d:7b:
                    93:aa:1e:bc:ed:b0:1f:3f:37:05:66:9d:80:92:9f:
                    c7:af:76:d5:0d:98:85:78:1b:11:6b:ee:60:18:40:
                    29:ed:cb:bd:05:85:3d:a1:e6:6e:3e:90:c2:e7:b9:
                    1b:db:01:10:9a:7f:4c:f0:62:84:c9:cd:4d:2e:07:
                    48:4a:48:e5:b0:5c:16:21:d8:c4:7f:d2:39:5d:76:
                    96:7c:72:e6:a2:ef:ef:f4:ec:a6:b5:1a:8e:82:e1:
                    54:09:49:54:19:ff:01:86:3f:10:bd:dd:7c:d8:07:
                    27:24:c6:26:47:f5:b7:1d:a0:49:5b:7a:41:63:83:
                    3a:42:c3:91:ee:42:98:db:1c:b1:92:34:cd:dd:2b:
                    04:26:18:a2:1b:81:8d:2c:5f:2f:0d:a6:84:7f:98:
                    a1:23:68:c7:29:e4:58:60:54:a9:bc:9f:ef:ad:37:
                    91:55:51:da:35:59:94:9b:74:eb:58:e4:86:07:17:
                    d3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D1:13:47:DB:89:C4:0C:53:68:6B:53:12:F6:33:9A:CB:B6:CF:D8
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/H9ETR9uJxAxTaGtTEvYzmsu2z9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.249.0/24
                IPv6:
                  2001:678:f30::/48
                  2a12:4940::/32
                  2a12:4942:174::/48
                  2a12:4942:4009::/48
                  2a12:4946:1600::/48
                  2a12:4946:1650::/48
                  2a12:4946:1655::/48
                  2a12:4946:1658::/48
                  2a12:4946:1700::/48
                  2a12:4946:1800::/48
                  2a12:4946:1900::/48
                  2a12:4946:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:ed:08:95:67:a8:6e:4f:73:da:46:ea:d0:03:7f:e2:f9:87:
         6a:eb:cc:da:44:de:7c:b3:09:c1:47:05:43:51:c2:47:7b:c5:
         b7:4a:a9:dc:59:3f:86:18:52:7b:75:14:65:0a:d8:8a:e4:fc:
         2d:84:c8:c5:37:c4:10:57:70:9a:4a:6a:f2:66:af:ae:6f:11:
         d5:15:2b:40:f6:20:af:17:9c:ac:3f:aa:46:92:12:05:23:0f:
         3e:f6:2d:1a:a8:c9:62:a5:31:67:53:1e:6d:4e:ef:52:76:22:
         62:f2:c7:ea:09:b5:bf:3c:0c:f7:d2:ef:8f:9e:62:9c:b1:95:
         71:ba:c9:71:db:a7:c1:e8:71:65:84:67:72:c7:9d:47:a8:85:
         06:07:18:c0:c0:da:24:7e:b4:92:fb:36:9a:8f:d4:02:26:52:
         00:e9:90:96:ce:6b:31:fa:88:cc:20:19:73:92:38:e1:2f:06:
         fa:49:24:6d:37:83:f9:3d:c9:5a:a3:0d:00:1b:87:06:a8:1c:
         ee:3d:fe:fa:46:91:d4:df:87:46:8a:1a:f8:c4:8e:45:a4:95:
         b4:2d:6d:85:e4:f0:53:ed:83:f0:7f:13:ff:fd:c5:a8:cc:59:
         06:fa:dd:5c:51:51:41:1b:fa:14:19:be:2b:82:e3:d1:59:61:
         57:6f:31:66
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAY/ZxhH94TpkOMjyotc/ppknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwNjAyMTYyNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQxMTM0N2RiODljNDBjNTM2ODZiNTMxMmY2MzM5YWNiYjZjZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaojpCaomPzmZQ1QcLBti0g19OWH
yWgp5pjIqMMmOf51mKBVXYCxwcEjHEc4cbNTflwht8wOki1sNO5UrLY8u7eLUQdq
gH+ZTXuTqh687bAfPzcFZp2Akp/Hr3bVDZiFeBsRa+5gGEAp7cu9BYU9oeZuPpDC
57kb2wEQmn9M8GKEyc1NLgdISkjlsFwWIdjEf9I5XXaWfHLmou/v9OymtRqOguFU
CUlUGf8Bhj8Qvd182AcnJMYmR/W3HaBJW3pBY4M6QsOR7kKY2xyxkjTN3SsEJhii
G4GNLF8vDaaEf5ihI2jHKeRYYFSpvJ/vrTeRVVHaNVmUm3TrWOSGBxfTfQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFB/RE0fbicQMU2hrUxL2M5rLts/YMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvSDlFVFI5dUp4QXhUYUd0VEV2WXptc3UyejlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDAMBAIAATAGAwQAHxj5
MHAEAgACMGoDBwAgAQZ4DzADBQAqEklAAwcAKhJJQgF0AwcAKhJJQkAJAwcAKhJJ
RhYAAwcAKhJJRhZQAwcAKhJJRhZVAwcAKhJJRhZYAwcAKhJJRhcAAwcAKhJJRhgA
AwcAKhJJRhkAAwcAKhJJRjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA77QiVZ6huT3Pa
RurQA3/i+Ydq68zaRN58swnBRwVDUcJHe8W3SqncWT+GGFJ7dRRlCtiK5PwthMjF
N8QQV3CaSmryZq+ubxHVFStA9iCvF5ysP6pGkhIFIw8+9i0aqMlipTFnUx5tTu9S
diJi8sfqCbW/PAz30u+PnmKcsZVxuslx26fB6HFlhGdyx51HqIUGBxjAwNokfrSS
+zaaj9QCJlIA6ZCWzmsx+ojMIBlzkjjhLwb6SSRtN4P5Pclaow0AG4cGqBzuPf76
RpHU34dGihr4xI5FpJW0LW2F5PBT7YPwfxP//cWozFkG+t1cUVFBG/oUGb4rguPR
WWFXbzFm
-----END CERTIFICATE-----