Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Edib4af0lFpS9KiiXzK4BllIPoc.roa
File:                     Edib4af0lFpS9KiiXzK4BllIPoc.roa (raw, json)
Hash identifier:          LZAWEa8+JosMb+6CVGKK7WQCfoM2bGcJVdL3MsF9QI0=
Subject key identifier:   11:D8:9B:E1:A7:F4:94:5A:52:F4:A8:A2:5F:32:B8:06:59:48:3E:87
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019422FCC620EDE459BFA71AB231B8376DB0
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Edib4af0lFpS9KiiXzK4BllIPoc.roa
Signing time:             Wed 01 Jan 2025 17:49:38 +0000
ROA not before:           Wed 01 Jan 2025 17:49:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26383
IP address blocks:        45.144.172.0/24 maxlen: 24
                          45.144.174.0/24 maxlen: 24
                          86.107.100.0/24 maxlen: 24
                          92.114.54.0/24 maxlen: 24
                          93.113.171.0/24 maxlen: 24
                          185.141.219.0/24 maxlen: 24
                          185.198.235.0/24 maxlen: 24
                          188.208.110.0/24 maxlen: 24
                          212.192.12.0/24 maxlen: 24
                          212.192.13.0/24 maxlen: 24
                          212.192.15.0/24 maxlen: 24
                          212.192.23.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 17:54:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:c6:20:ed:e4:59:bf:a7:1a:b2:31:b8:37:6d:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 17:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11d89be1a7f4945a52f4a8a25f32b80659483e87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:96:79:93:bc:e9:44:c7:9f:1a:2a:61:ec:30:
                    47:a2:8a:11:03:c6:cf:24:47:7c:74:43:42:d4:b2:
                    cc:20:61:34:2f:6f:17:5b:e8:3e:0d:18:6e:6e:6c:
                    4b:6b:8f:06:3d:bf:c5:f1:a4:e1:14:9d:6f:b6:dd:
                    0a:4d:80:ec:c5:33:64:fd:cf:87:9c:02:35:c1:01:
                    3e:59:9b:88:f7:78:bb:6e:2a:bc:82:56:b6:64:d9:
                    e2:a9:68:6d:ee:8f:68:76:e1:17:a7:aa:61:f1:8f:
                    cb:a4:85:39:ba:49:82:12:98:0f:93:c6:3c:d0:72:
                    93:d1:51:e9:d0:3c:16:04:b1:a0:b4:ba:1b:71:c5:
                    8d:d8:45:57:a2:81:a0:a7:b7:77:04:47:be:70:d6:
                    8d:f2:ff:42:b7:bf:66:b4:82:b2:53:35:03:8e:f8:
                    1d:73:40:7f:39:4c:04:c9:8c:f3:7d:d2:b3:20:1f:
                    a6:ef:7a:0f:80:d2:fe:ad:2e:a3:b7:6c:a4:46:5e:
                    85:a6:6d:f9:2a:5d:5d:ef:64:8c:45:2e:89:1a:1c:
                    45:df:5d:d0:b9:46:75:58:5b:4c:25:74:1e:49:3d:
                    81:80:be:cb:b2:3e:6d:e3:57:70:e4:2a:84:65:37:
                    1f:a6:29:f1:4f:12:97:a8:99:b2:78:b9:50:45:f4:
                    92:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D8:9B:E1:A7:F4:94:5A:52:F4:A8:A2:5F:32:B8:06:59:48:3E:87
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Edib4af0lFpS9KiiXzK4BllIPoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.172.0/24
                  45.144.174.0/24
                  86.107.100.0/24
                  92.114.54.0/24
                  93.113.171.0/24
                  185.141.219.0/24
                  185.198.235.0/24
                  188.208.110.0/24
                  212.192.12.0/23
                  212.192.15.0/24
                  212.192.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:0f:e5:7a:24:4e:bc:7b:73:f3:f7:d9:aa:c6:52:74:e3:e0:
         4d:52:66:12:f4:4f:dd:c0:f1:31:9d:1e:7e:fa:4c:71:9d:b6:
         64:a7:41:66:4b:4c:05:87:fd:dd:96:58:30:b2:57:c9:fd:c3:
         8a:71:7a:a8:de:68:37:06:c9:c7:b2:68:4f:ad:a4:a0:e8:33:
         57:e6:77:a7:d7:54:b4:33:4c:8f:cc:ab:37:6d:40:0b:51:b1:
         11:1d:ba:d0:6e:cd:91:9c:d2:86:83:7d:16:62:80:1c:fa:0e:
         be:13:7e:8d:35:52:bb:9e:ba:24:b5:dc:c9:e7:87:c9:03:45:
         32:62:0b:ea:4b:7b:03:14:77:c7:70:84:62:12:ba:cd:dc:b5:
         33:e7:1d:84:69:c2:8f:6c:1e:a0:e1:57:16:9f:d2:ec:1d:9a:
         f9:07:b2:a0:eb:15:a0:79:3b:a0:68:1c:67:aa:8d:bf:21:79:
         94:e3:09:79:f2:18:20:d6:ad:36:f9:eb:90:19:0d:79:dd:d3:
         cf:cd:5a:be:13:cf:c5:74:8b:df:4a:ac:07:5a:5f:99:c0:21:
         88:9a:7b:ac:7b:1e:e9:91:83:eb:d5:24:00:d0:e4:c4:a6:1d:
         83:28:00:27:f8:0b:71:56:bc:cb:ae:36:97:2f:a3:df:49:d6:
         1c:49:d3:0b
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQi/MYg7eRZv6casjG4N22wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAxMTc0OTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWQ4OWJlMWE3ZjQ5NDVhNTJmNGE4YTI1ZjMyYjgwNjU5NDgzZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJZ5k7zpRMefGiph7DBHoooRA8bP
JEd8dENC1LLMIGE0L28XW+g+DRhubmxLa48GPb/F8aThFJ1vtt0KTYDsxTNk/c+H
nAI1wQE+WZuI93i7biq8gla2ZNniqWht7o9oduEXp6ph8Y/LpIU5ukmCEpgPk8Y8
0HKT0VHp0DwWBLGgtLobccWN2EVXooGgp7d3BEe+cNaN8v9Ct79mtIKyUzUDjvgd
c0B/OUwEyYzzfdKzIB+m73oPgNL+rS6jt2ykRl6Fpm35Kl1d72SMRS6JGhxF313Q
uUZ1WFtMJXQeST2BgL7Lsj5t41dw5CqEZTcfpinxTxKXqJmyeLlQRfSSNQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFBHYm+Gn9JRaUvSool8yuAZZSD6HMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvRWRpYjRhZjBsRnBTOUtpaVh6SzRCbGxJUG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALZCsAwQA
LZCuAwQAVmtkAwQAXHI2AwQAXXGrAwQAuY3bAwQAucbrAwQAvNBuAwQB1MAMAwQA
1MAPAwQA1MAXMA0GCSqGSIb3DQEBCwUAA4IBAQB8D+V6JE68e3Pz99mqxlJ04+BN
UmYS9E/dwPExnR5++kxxnbZkp0FmS0wFh/3dllgwslfJ/cOKcXqo3mg3BsnHsmhP
raSg6DNX5nen11S0M0yPzKs3bUALUbERHbrQbs2RnNKGg30WYoAc+g6+E36NNVK7
nroktdzJ54fJA0UyYgvqS3sDFHfHcIRiErrN3LUz5x2EacKPbB6g4VcWn9LsHZr5
B7Kg6xWgeTugaBxnqo2/IXmU4wl58hgg1q02+euQGQ153dPPzVq+E8/FdIvfSqwH
Wl+ZwCGImnusex7pkYPr1SQA0OTEph2DKAAn+AtxVrzLrjaXL6PfSdYcSdML
-----END CERTIFICATE-----