Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tvF_b7kF4Aod7a0hofVcR5zfHKk.roa
File:                     tvF_b7kF4Aod7a0hofVcR5zfHKk.roa (raw, json)
Hash identifier:          i46QSIXTMMHQgetpF6HtiB1Sxyc6MoKyqZaVBjRnl5U=
Subject key identifier:   B6:F1:7F:6F:B9:05:E0:0A:1D:ED:AD:21:A1:F5:5C:47:9C:DF:1C:A9
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01920F47FC723E5B62F5AC139B4BD56421FC
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tvF_b7kF4Aod7a0hofVcR5zfHKk.roa
Signing time:             Fri 20 Sep 2024 11:53:48 +0000
ROA not before:           Fri 20 Sep 2024 11:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        103.125.77.0/24 maxlen: 24
                          103.125.78.0/24 maxlen: 24
                          103.125.79.0/24 maxlen: 24
                          167.160.16.0/24 maxlen: 24
                          167.160.17.0/24 maxlen: 24
                          167.160.29.0/24 maxlen: 24
                          198.55.28.0/24 maxlen: 24
                          198.55.29.0/24 maxlen: 24
                          203.188.164.0/24 maxlen: 24
                          203.188.167.0/24 maxlen: 24
                          203.188.168.0/24 maxlen: 24
                          203.188.169.0/24 maxlen: 24
                          203.188.170.0/24 maxlen: 24
                          203.188.171.0/24 maxlen: 24
                          203.188.172.0/24 maxlen: 24
                          203.188.173.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 23 Sep 2024 07:46:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0f:47:fc:72:3e:5b:62:f5:ac:13:9b:4b:d5:64:21:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Sep 20 11:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6f17f6fb905e00a1dedad21a1f55c479cdf1ca9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fa:45:e1:b6:82:47:f1:6b:15:0b:54:97:ad:
                    67:23:4d:45:b7:5f:bb:e4:13:e0:85:a5:bf:c8:a5:
                    bf:0f:dd:f6:ac:56:62:eb:a4:8b:1d:c4:ef:85:7e:
                    39:e3:4e:25:1c:1d:9d:ca:af:aa:09:85:8b:df:0d:
                    07:11:6a:46:87:f6:e6:ab:81:bb:2f:17:66:65:1f:
                    3b:6f:27:18:9e:9b:98:86:ac:b6:ec:cc:16:4e:89:
                    4d:a5:35:28:73:f6:82:a8:e0:46:e3:1e:7a:8b:fd:
                    24:56:82:77:48:27:1b:10:2f:01:d8:80:d7:4f:e0:
                    47:0d:78:a0:ea:38:9d:4e:20:09:bc:45:62:dd:1d:
                    cf:ac:b1:48:56:31:f6:9f:ef:4b:12:ab:ee:47:bd:
                    f0:57:ca:d7:62:0b:64:ff:d1:1f:0e:bd:0c:34:83:
                    da:62:0d:20:3a:1a:f6:d6:74:5c:1f:41:86:1b:8c:
                    8a:48:51:25:4c:52:25:5a:f5:0f:54:da:e8:dd:44:
                    49:30:76:bc:d9:7a:c4:3d:35:ba:35:1d:b1:60:b9:
                    0f:61:2d:6b:d7:37:11:03:8c:d6:e7:0a:d9:24:9e:
                    01:78:bb:c0:2c:1d:00:07:85:b4:4c:7d:7f:ae:f1:
                    7e:2d:26:fa:81:f2:84:30:07:a8:99:f6:2f:32:1f:
                    c2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F1:7F:6F:B9:05:E0:0A:1D:ED:AD:21:A1:F5:5C:47:9C:DF:1C:A9
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tvF_b7kF4Aod7a0hofVcR5zfHKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.125.77.0-103.125.79.255
                  167.160.16.0/23
                  167.160.29.0/24
                  198.55.28.0/23
                  203.188.164.0/24
                  203.188.167.0-203.188.173.255

    Signature Algorithm: sha256WithRSAEncryption
         07:8d:a8:88:21:8b:8d:1e:1b:f3:1e:31:8d:8c:89:da:d7:90:
         dc:a7:88:a8:77:37:f3:51:3e:74:06:a6:75:f8:9c:02:fe:05:
         46:69:ea:1f:d7:3f:ae:68:57:ad:69:0d:a3:99:ee:ae:fa:ec:
         0d:06:21:11:87:8e:23:e0:39:8b:3e:64:aa:8e:ee:d5:e6:4c:
         80:b9:55:44:6e:8b:3e:40:dd:88:d3:30:f3:b3:d9:42:72:81:
         d9:d3:79:62:4d:83:47:dd:65:de:e7:a7:56:16:50:97:6d:fa:
         77:1f:b8:13:c6:ce:e6:2c:85:2b:79:6b:15:77:b8:5b:1f:30:
         e4:78:64:40:a3:e1:84:67:bc:da:9f:5c:1d:db:ec:da:19:df:
         93:3c:dd:a1:d6:0e:e3:4f:79:df:e3:0d:f3:eb:8b:5d:f6:50:
         80:e3:aa:e2:6e:b9:89:23:dc:28:83:12:cf:ce:b1:b3:07:f1:
         4f:ef:d1:10:9f:7d:0e:f7:3e:4c:c1:66:c5:76:03:26:b4:20:
         22:e1:b2:45:b7:29:6c:cb:a2:79:cb:59:9b:0b:fe:ab:58:28:
         4a:41:ec:a5:64:c3:f1:27:28:cd:59:7b:12:99:12:47:0a:f8:
         2f:a6:c1:53:82:8a:4d:12:14:49:9d:91:85:fe:a7:e8:0d:62:
         cd:59:1c:63
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZIPR/xyPlti9awTm0vVZCH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwOTIwMTE1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmYxN2Y2ZmI5MDVlMDBhMWRlZGFkMjFhMWY1NWM0NzljZGYxY2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PpF4baCR/FrFQtUl61nI01Ft1+7
5BPghaW/yKW/D932rFZi66SLHcTvhX45404lHB2dyq+qCYWL3w0HEWpGh/bmq4G7
LxdmZR87bycYnpuYhqy27MwWTolNpTUoc/aCqOBG4x56i/0kVoJ3SCcbEC8B2IDX
T+BHDXig6jidTiAJvEVi3R3PrLFIVjH2n+9LEqvuR73wV8rXYgtk/9EfDr0MNIPa
Yg0gOhr21nRcH0GGG4yKSFElTFIlWvUPVNro3URJMHa82XrEPTW6NR2xYLkPYS1r
1zcRA4zW5wrZJJ4BeLvALB0AB4W0TH1/rvF+LSb6gfKEMAeomfYvMh/CXwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFLbxf2+5BeAKHe2tIaH1XEec3xypMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdHZGX2I3a0Y0QW9kN2EwaG9mVmNSNXpmSEtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBABnfU0D
BARnfUADBAGnoBADBACnoB0DBAHGNxwDBADLvKQwDAMEAMu8pwMEAcu8rDANBgkq
hkiG9w0BAQsFAAOCAQEAB42oiCGLjR4b8x4xjYyJ2teQ3KeIqHc381E+dAamdfic
Av4FRmnqH9c/rmhXrWkNo5nurvrsDQYhEYeOI+A5iz5kqo7u1eZMgLlVRG6LPkDd
iNMw87PZQnKB2dN5Yk2DR91l3uenVhZQl236dx+4E8bO5iyFK3lrFXe4Wx8w5Hhk
QKPhhGe82p9cHdvs2hnfkzzdodYO40953+MN8+uLXfZQgOOq4m65iSPcKIMSz86x
swfxT+/REJ99Dvc+TMFmxXYDJrQgIuGyRbcpbMuiectZmwv+q1goSkHspWTD8Sco
zVl7EpkSRwr4L6bBU4KKTRIUSZ2Rhf6n6A1izVkcYw==
-----END CERTIFICATE-----