Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/KyksSzNk0uekdI0kt_wBIpwTyX8.roa
File:                     KyksSzNk0uekdI0kt_wBIpwTyX8.roa (raw, json)
Hash identifier:          RwJaU2URFEpVmlldktj5SDbcONdCva8ixNKayrpqVr0=
Subject key identifier:   2B:29:2C:4B:33:64:D2:E7:A4:74:8D:24:B7:FC:01:22:9C:13:C9:7F
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01929EAD6675090B52255235DDE2F737821E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/KyksSzNk0uekdI0kt_wBIpwTyX8.roa
Signing time:             Fri 18 Oct 2024 08:10:16 +0000
ROA not before:           Fri 18 Oct 2024 08:10:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55410
IP address blocks:        45.116.105.0/24 maxlen: 24
                          45.116.106.0/23 maxlen: 24
                          62.169.140.0/22 maxlen: 24
                          110.172.180.0/24 maxlen: 24
                          110.172.181.0/24 maxlen: 24
                          110.172.182.0/23 maxlen: 24
                          114.69.236.0/23 maxlen: 24
                          114.69.238.0/24 maxlen: 24
                          114.69.239.0/24 maxlen: 24
                          118.91.180.0/23 maxlen: 24
                          118.91.182.0/24 maxlen: 24
                          118.91.183.0/24 maxlen: 24
                          203.188.160.0/22 maxlen: 24
                          212.56.60.0/22 maxlen: 24
                          212.104.144.0/24 maxlen: 24
                          212.104.145.0/24 maxlen: 24
                          212.104.146.0/23 maxlen: 24
                          213.254.188.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 19:48:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9e:ad:66:75:09:0b:52:25:52:35:dd:e2:f7:37:82:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Oct 18 08:10:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b292c4b3364d2e7a4748d24b7fc01229c13c97f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:52:83:23:69:22:47:63:14:ab:80:09:37:93:
                    c6:07:bd:4d:b8:9f:f2:a1:4f:98:45:29:ca:3e:a3:
                    6e:27:dd:1d:65:46:7d:c1:f6:4d:c7:c4:d3:10:19:
                    ab:fa:17:a8:b3:45:d8:bc:57:12:43:d8:53:9c:02:
                    e0:0f:1e:8d:13:f2:fe:a9:a4:21:f8:03:5c:a3:da:
                    31:a6:a5:6b:69:c3:dc:38:52:bb:fb:db:23:5e:a7:
                    77:e7:71:82:94:aa:07:e1:49:b0:27:99:85:46:e0:
                    83:14:22:92:5d:24:bc:00:79:cf:e2:be:52:75:4d:
                    96:23:ec:bb:6f:fe:a9:dd:62:ff:ab:1b:ec:fa:72:
                    00:0d:c1:45:3e:0f:3e:d7:20:f8:8d:2b:e1:dd:f7:
                    73:07:12:09:3e:c4:a3:ec:e5:ed:c5:ee:ad:28:63:
                    32:25:a0:6f:19:50:be:ab:0b:47:9b:e8:41:e8:a7:
                    5e:35:42:5c:63:76:57:c2:e1:4e:f8:1b:3a:73:44:
                    4f:7f:9d:27:38:bf:58:ff:28:f4:5d:aa:4a:71:14:
                    32:fb:e0:bb:44:40:e8:4d:84:fa:5e:94:c6:26:6f:
                    c3:6a:1c:d0:0e:7f:92:94:5f:93:f6:b0:45:03:5f:
                    dd:66:6d:2a:3a:15:f2:5e:6f:d1:82:d6:3f:e1:be:
                    e7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:29:2C:4B:33:64:D2:E7:A4:74:8D:24:B7:FC:01:22:9C:13:C9:7F
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/KyksSzNk0uekdI0kt_wBIpwTyX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.116.105.0-45.116.107.255
                  62.169.140.0/22
                  110.172.180.0/22
                  114.69.236.0/22
                  118.91.180.0/22
                  203.188.160.0/22
                  212.56.60.0/22
                  212.104.144.0/22
                  213.254.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:dc:4c:b7:83:d1:8a:4c:ae:d6:a0:f8:16:bd:4b:35:1b:aa:
         43:16:c3:ba:15:9c:b6:d7:bf:06:3d:28:12:cb:d3:4b:d6:15:
         84:5b:89:d6:57:3b:df:3f:81:d8:18:a1:01:ed:ab:78:0e:7a:
         42:8e:ab:58:94:54:51:ab:84:b7:f8:82:47:6f:15:20:95:e0:
         ac:8a:19:be:93:62:2e:66:90:0f:83:97:62:77:69:28:f3:72:
         30:80:63:1a:ec:00:61:df:59:ef:b1:99:00:c3:89:b3:1a:75:
         45:83:00:f2:ad:8b:6f:06:c0:23:67:7b:c0:27:d5:63:4e:9a:
         43:58:a1:66:cb:86:0e:d5:27:84:cd:04:8b:d9:af:08:40:1f:
         2f:33:34:91:2f:53:88:33:0c:ac:dc:d1:d2:d1:b7:37:ed:53:
         a4:8a:e9:06:da:79:eb:4f:c1:12:86:de:11:b7:2f:83:02:8e:
         e8:1a:64:07:6f:41:24:f5:71:33:0b:20:da:e0:cb:59:1e:9d:
         3e:3e:49:02:95:e3:13:55:63:7e:51:d2:15:1b:ee:6c:50:96:
         03:1d:a5:c1:4f:d4:49:6f:34:39:46:c8:84:b0:d4:4f:21:be:
         fd:eb:f3:e1:5f:36:59:3f:47:e3:9d:2f:b5:71:d0:6b:e3:a9:
         40:62:c6:d7
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZKerWZ1CQtSJVI13eL3N4IeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQxMDE4MDgxMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjI5MmM0YjMzNjRkMmU3YTQ3NDhkMjRiN2ZjMDEyMjljMTNjOTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1KDI2kiR2MUq4AJN5PGB71NuJ/y
oU+YRSnKPqNuJ90dZUZ9wfZNx8TTEBmr+heos0XYvFcSQ9hTnALgDx6NE/L+qaQh
+ANco9oxpqVracPcOFK7+9sjXqd353GClKoH4UmwJ5mFRuCDFCKSXSS8AHnP4r5S
dU2WI+y7b/6p3WL/qxvs+nIADcFFPg8+1yD4jSvh3fdzBxIJPsSj7OXtxe6tKGMy
JaBvGVC+qwtHm+hB6KdeNUJcY3ZXwuFO+Bs6c0RPf50nOL9Y/yj0XapKcRQy++C7
REDoTYT6XpTGJm/DahzQDn+SlF+T9rBFA1/dZm0qOhXyXm/RgtY/4b7nZQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCspLEszZNLnpHSNJLf8ASKcE8l/MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvS3lrc1N6TmswdWVrZEkwa3Rfd0JJcHdUeVg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBAAtdGkD
BAItdGgDBAI+qYwDBAJurLQDBAJyRewDBAJ2W7QDBALLvKADBALUODwDBALUaJAD
BALV/rwwDQYJKoZIhvcNAQELBQADggEBAFPcTLeD0YpMrtag+Ba9SzUbqkMWw7oV
nLbXvwY9KBLL00vWFYRbidZXO98/gdgYoQHtq3gOekKOq1iUVFGrhLf4gkdvFSCV
4KyKGb6TYi5mkA+Dl2J3aSjzcjCAYxrsAGHfWe+xmQDDibMadUWDAPKti28GwCNn
e8An1WNOmkNYoWbLhg7VJ4TNBIvZrwhAHy8zNJEvU4gzDKzc0dLRtzftU6SK6Qba
eetPwRKG3hG3L4MCjugaZAdvQST1cTMLINrgy1kenT4+SQKV4xNVY35R0hUb7mxQ
lgMdpcFP1ElvNDlGyISw1E8hvv3r8+FfNlk/R+OdL7Vx0GvjqUBixtc=
-----END CERTIFICATE-----