Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/f_WgJQw-gpii6mbUqRtrQHh1NwU.roa
File:                     f_WgJQw-gpii6mbUqRtrQHh1NwU.roa (raw, json)
Hash identifier:          zBYXoOczdk3ngws+UpCdH+MBD2mNFrJLGb3Dy2I2T7o=
Subject key identifier:   7F:F5:A0:25:0C:3E:82:98:A2:EA:66:D4:A9:1B:6B:40:78:75:37:05
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018E7941E4EB66C470E597D2DB48D2C142FF
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/f_WgJQw-gpii6mbUqRtrQHh1NwU.roa
Signing time:             Tue 26 Mar 2024 05:35:45 +0000
ROA not before:           Tue 26 Mar 2024 05:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        77.81.182.0/24 maxlen: 24
                          85.204.18.0/24 maxlen: 24
                          89.34.106.0/24 maxlen: 24
                          89.35.129.0/24 maxlen: 24
                          89.37.192.0/24 maxlen: 24
                          89.40.215.0/24 maxlen: 24
                          89.46.42.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          94.198.171.0/24 maxlen: 24
                          128.0.41.0/24 maxlen: 24
                          185.198.233.0/24 maxlen: 24
                          188.212.121.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 26 Mar 2024 05:37:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:41:e4:eb:66:c4:70:e5:97:d2:db:48:d2:c1:42:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Mar 26 05:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ff5a0250c3e8298a2ea66d4a91b6b4078753705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f5:b5:95:ae:9c:9d:b9:96:25:83:18:01:95:
                    50:fe:a1:24:90:ee:30:74:3b:4f:c7:53:2d:d7:b3:
                    c6:4c:65:2b:d4:b0:aa:f1:b9:5f:67:c6:bf:d2:f2:
                    de:c2:29:5a:85:07:48:d1:32:f9:8a:3e:28:57:37:
                    5d:24:75:ba:68:c9:b4:9d:02:06:8f:91:ac:a4:3e:
                    30:9b:30:c2:7f:89:6b:f2:80:ed:f7:15:6c:3e:0e:
                    cf:55:85:08:be:ee:dc:ff:04:75:09:9f:9c:11:e1:
                    8e:23:88:21:06:3d:20:98:9b:63:34:43:ca:36:d9:
                    20:7e:09:bd:c8:a0:40:3a:0d:c3:03:0f:bd:54:32:
                    28:22:7c:1c:48:76:0c:d2:cb:81:e2:a2:9c:50:7d:
                    cf:c2:11:2e:18:6f:50:08:06:9d:54:59:2b:98:96:
                    f9:fb:b5:67:0c:16:2f:ed:14:e6:14:df:c1:d7:50:
                    9e:b8:fe:41:2b:e6:a3:fe:25:43:9c:30:0b:2e:7f:
                    5d:8c:ae:e0:d5:3e:b7:24:5f:28:a9:89:a1:b7:fb:
                    6f:57:fd:16:f4:86:5a:2d:59:e9:55:58:37:6a:e1:
                    ed:e5:3e:7c:b1:47:ac:0a:8e:3c:e7:d6:4a:bf:e2:
                    cb:3a:60:7e:ba:03:37:ec:66:85:5d:a8:8f:15:a8:
                    5b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F5:A0:25:0C:3E:82:98:A2:EA:66:D4:A9:1B:6B:40:78:75:37:05
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/f_WgJQw-gpii6mbUqRtrQHh1NwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.182.0/24
                  85.204.18.0/24
                  89.34.106.0/24
                  89.35.129.0/24
                  89.37.192.0/24
                  89.40.215.0/24
                  89.46.42.0/24
                  89.47.36.0/24
                  94.198.171.0/24
                  128.0.41.0/24
                  185.198.233.0/24
                  188.212.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:87:bd:ad:e0:d8:d0:4d:0f:8a:28:a7:77:de:7d:0e:ed:fe:
         3e:a1:94:24:43:85:cd:ee:de:c4:0c:b7:5b:77:60:37:ff:ab:
         1b:a7:1e:3b:72:41:89:11:86:b9:44:bf:98:a8:3e:24:e1:31:
         35:d4:07:54:ff:32:b0:b3:4e:8d:c2:ba:5b:3b:cb:12:fb:1a:
         72:4f:99:06:f0:08:b8:ba:0d:13:8e:f9:62:c8:29:ef:2d:a3:
         d1:c0:9e:79:2a:a4:ad:79:83:78:cd:9b:7b:83:3a:f2:da:37:
         c3:4e:56:97:fe:14:90:c9:f4:73:c9:ac:61:42:4b:1c:c1:63:
         47:45:8c:d6:96:82:9b:93:d8:7e:d8:8a:0b:36:e5:2c:98:65:
         df:a4:a6:4d:8d:b0:55:29:27:09:31:ee:22:71:0b:e2:38:21:
         02:da:32:63:67:38:73:8f:28:a0:5b:68:7e:2a:72:be:e7:a0:
         6c:56:ef:02:5f:b5:d4:a1:e2:54:bf:28:12:a2:96:89:cb:a7:
         05:eb:7b:a9:34:a2:86:af:60:63:55:57:18:52:d8:07:4c:f7:
         46:32:02:67:c8:cd:3f:22:55:e0:7b:1b:65:0d:30:bc:a3:54:
         e9:b4:6f:b8:46:70:d0:fb:5b:3e:dc:1b:e8:08:38:41:6f:83:
         f1:7e:21:94
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY55QeTrZsRw5ZfS20jSwUL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMzI2MDUzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmY1YTAyNTBjM2U4Mjk4YTJlYTY2ZDRhOTFiNmI0MDc4NzUzNzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvW1la6cnbmWJYMYAZVQ/qEkkO4w
dDtPx1Mt17PGTGUr1LCq8blfZ8a/0vLewilahQdI0TL5ij4oVzddJHW6aMm0nQIG
j5GspD4wmzDCf4lr8oDt9xVsPg7PVYUIvu7c/wR1CZ+cEeGOI4ghBj0gmJtjNEPK
Ntkgfgm9yKBAOg3DAw+9VDIoInwcSHYM0suB4qKcUH3PwhEuGG9QCAadVFkrmJb5
+7VnDBYv7RTmFN/B11CeuP5BK+aj/iVDnDALLn9djK7g1T63JF8oqYmht/tvV/0W
9IZaLVnpVVg3auHt5T58sUesCo4859ZKv+LLOmB+ugM37GaFXaiPFahbRQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFH/1oCUMPoKYoupm1Kkba0B4dTcFMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZl9XZ0pRdy1ncGlpNm1iVXFSdHJRSGgxTndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQATVG2AwQA
VcwSAwQAWSJqAwQAWSOBAwQAWSXAAwQAWSjXAwQAWS4qAwQAWS8kAwQAXsarAwQA
gAApAwQAucbpAwQAvNR5MA0GCSqGSIb3DQEBCwUAA4IBAQBOh72t4NjQTQ+KKKd3
3n0O7f4+oZQkQ4XN7t7EDLdbd2A3/6sbpx47ckGJEYa5RL+YqD4k4TE11AdU/zKw
s06NwrpbO8sS+xpyT5kG8Ai4ug0TjvliyCnvLaPRwJ55KqSteYN4zZt7gzry2jfD
TlaX/hSQyfRzyaxhQkscwWNHRYzWloKbk9h+2IoLNuUsmGXfpKZNjbBVKScJMe4i
cQviOCEC2jJjZzhzjyigW2h+KnK+56BsVu8CX7XUoeJUvygSopaJy6cF63upNKKG
r2BjVVcYUtgHTPdGMgJnyM0/IlXgextlDTC8o1TptG+4RnDQ+1s+3BvoCDhBb4Px
fiGU
-----END CERTIFICATE-----