Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/3Xu1NeoW-AJo0pVDYHad1qzjWjc.roa
File:                     3Xu1NeoW-AJo0pVDYHad1qzjWjc.roa (raw, json)
Hash identifier:          BO1o9p3OQ5TflM3PSzr565uFdJ3cKcrSxjKsYwJ4pA0=
Subject key identifier:   DD:7B:B5:35:EA:16:F8:02:68:D2:95:43:60:76:9D:D6:AC:E3:5A:37
Certificate issuer:       /CN=39027738f978feda24a9d87b0cb8bb9aa7af540d
Certificate serial:       01941F8C6B4A4CF7A018C7056DE6629F7F78
Authority key identifier: 39:02:77:38:F9:78:FE:DA:24:A9:D8:7B:0C:B8:BB:9A:A7:AF:54:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/3Xu1NeoW-AJo0pVDYHad1qzjWjc.roa
Signing time:             Wed 01 Jan 2025 01:48:03 +0000
ROA not before:           Wed 01 Jan 2025 01:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202207
IP address blocks:        5.56.160.0/21 maxlen: 24
                          5.56.160.0/24 maxlen: 24
                          5.56.161.0/24 maxlen: 24
                          5.56.162.0/24 maxlen: 24
                          5.56.163.0/24 maxlen: 24
                          5.56.164.0/24 maxlen: 24
                          5.56.165.0/24 maxlen: 24
                          5.56.166.0/24 maxlen: 24
                          5.56.167.0/24 maxlen: 24
                          5.181.44.0/22 maxlen: 24
                          5.181.44.0/24 maxlen: 24
                          5.181.45.0/24 maxlen: 24
                          5.181.46.0/24 maxlen: 24
                          5.181.47.0/24 maxlen: 24
                          185.5.124.0/22 maxlen: 24
                          185.5.124.0/24 maxlen: 24
                          185.5.125.0/24 maxlen: 24
                          185.5.126.0/24 maxlen: 24
                          185.5.127.0/24 maxlen: 24
                          2a03:1c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 16 Jan 2025 11:33:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:6b:4a:4c:f7:a0:18:c7:05:6d:e6:62:9f:7f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39027738f978feda24a9d87b0cb8bb9aa7af540d
        Validity
            Not Before: Jan  1 01:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd7bb535ea16f80268d2954360769dd6ace35a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2f:7d:74:f3:97:2a:f4:70:36:df:f6:08:a4:
                    95:32:27:83:c9:80:77:2d:c1:13:3e:33:7a:fd:1b:
                    0a:e2:f6:bc:31:55:4d:a0:4e:a9:e7:e4:f9:4e:91:
                    e6:e0:bb:ff:74:79:5d:dd:fe:1f:75:5b:09:fd:f0:
                    aa:80:23:ef:b8:62:42:5c:ff:c4:91:bc:f5:65:57:
                    f3:b2:35:ed:56:f0:cd:98:81:3b:9a:68:f7:87:6b:
                    8a:61:45:b9:c2:94:65:8f:71:ec:2c:58:d4:6c:c2:
                    81:31:85:00:11:27:d8:04:f9:61:00:74:24:2e:75:
                    4d:6d:6b:d6:5b:9a:fd:aa:d6:85:b8:13:0f:96:76:
                    83:c7:22:91:35:46:be:3b:f3:e3:24:11:52:50:f7:
                    7f:8b:9b:db:7c:71:7f:94:0f:ad:14:cf:08:0f:e1:
                    2f:d0:6d:15:36:1e:73:4f:fe:83:4b:9e:77:f8:ed:
                    b6:d2:b4:87:36:7f:82:33:2f:92:08:17:30:95:19:
                    82:1a:76:0f:3c:8d:fa:de:6b:06:a1:86:44:37:2d:
                    37:b6:ac:c6:1a:a8:bd:ee:4d:9d:79:d9:81:cc:81:
                    6d:17:57:8b:3c:bc:14:89:85:5e:fa:c7:94:39:e2:
                    66:12:41:e1:7c:7a:c0:6a:f2:56:9a:31:3b:32:9a:
                    f4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:7B:B5:35:EA:16:F8:02:68:D2:95:43:60:76:9D:D6:AC:E3:5A:37
            X509v3 Authority Key Identifier:
                keyid:39:02:77:38:F9:78:FE:DA:24:A9:D8:7B:0C:B8:BB:9A:A7:AF:54:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/3Xu1NeoW-AJo0pVDYHad1qzjWjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/OQJ3OPl4_tokqdh7DLi7mqevVA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.160.0/21
                  5.181.44.0/22
                  185.5.124.0/22
                IPv6:
                  2a03:1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:0f:e3:c7:e5:da:45:68:2c:6e:47:e2:58:da:54:7c:aa:17:
         6e:06:1a:19:e7:7a:8c:d2:2b:74:92:c8:b5:9e:2a:91:79:3b:
         43:e5:93:61:2b:ed:ba:34:7a:76:9b:79:c6:38:e8:63:57:d3:
         d5:c9:68:1f:ea:2c:36:79:84:b3:fd:0f:b6:12:2d:fe:80:fb:
         44:0f:8c:31:6d:a2:db:7e:b5:9a:34:85:33:2d:d4:5f:a3:b9:
         8e:ba:27:77:6b:ea:b4:46:ef:20:65:f7:9a:d7:cd:22:62:47:
         72:32:b2:49:e1:7c:db:89:1c:b1:2a:68:b6:29:13:11:78:10:
         9a:f6:13:db:98:0f:9f:c3:7a:3f:4a:2d:9c:72:bb:f1:9b:00:
         3e:72:6d:b3:92:19:4b:5c:e0:d0:1f:50:8b:ca:3e:d5:bb:93:
         ef:65:95:21:4e:5d:ba:43:88:1c:64:d1:1b:00:e5:58:4d:ac:
         28:0c:1f:26:ad:f3:d4:a9:c2:65:f7:dc:ce:d0:ec:5b:92:7e:
         ac:5c:d6:b2:40:06:3a:68:19:0f:38:8d:6d:51:6e:86:57:2f:
         1a:aa:35:c9:73:04:d5:ad:ce:ed:86:d0:8d:d1:c1:29:4a:05:
         2e:38:f8:d5:2b:fb:27:03:ca:07:c4:5a:2f:db:d7:0f:dd:23:
         32:4d:fe:d1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQfjGtKTPegGMcFbeZin394MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDI3NzM4Zjk3OGZlZGEyNGE5ZDg3YjBjYjhiYjlhYTdh
ZjU0MGQwHhcNMjUwMTAxMDE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDdiYjUzNWVhMTZmODAyNjhkMjk1NDM2MDc2OWRkNmFjZTM1YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC99dPOXKvRwNt/2CKSVMieDyYB3
LcETPjN6/RsK4va8MVVNoE6p5+T5TpHm4Lv/dHld3f4fdVsJ/fCqgCPvuGJCXP/E
kbz1ZVfzsjXtVvDNmIE7mmj3h2uKYUW5wpRlj3HsLFjUbMKBMYUAESfYBPlhAHQk
LnVNbWvWW5r9qtaFuBMPlnaDxyKRNUa+O/PjJBFSUPd/i5vbfHF/lA+tFM8ID+Ev
0G0VNh5zT/6DS553+O220rSHNn+CMy+SCBcwlRmCGnYPPI363msGoYZENy03tqzG
Gqi97k2dedmBzIFtF1eLPLwUiYVe+seUOeJmEkHhfHrAavJWmjE7Mpr0kQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN17tTXqFvgCaNKVQ2B2ndas41o3MB8GA1UdIwQY
MBaAFDkCdzj5eP7aJKnYewy4u5qnr1QNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FKM09QbDRfdG9rcWRoN0RMaTdtcWV2VkEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTExN2MtNTFjNS00YWY4LWJiZWYt
ZjVkOGFiN2MxNWYwLzEvM1h1MU5lb1ctQUpvMHBWRFlIYWQxcXpqV2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTExN2MtNTFjNS00YWY4LWJiZWYtZjVkOGFiN2MxNWYw
LzEvT1FKM09QbDRfdG9rcWRoN0RMaTdtcWV2VkEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBTigAwQC
BbUsAwQCuQV8MA0EAgACMAcDBQAqAwHAMA0GCSqGSIb3DQEBCwUAA4IBAQAgD+PH
5dpFaCxuR+JY2lR8qhduBhoZ53qM0it0ksi1niqReTtD5ZNhK+26NHp2m3nGOOhj
V9PVyWgf6iw2eYSz/Q+2Ei3+gPtED4wxbaLbfrWaNIUzLdRfo7mOuid3a+q0Ru8g
Zfea180iYkdyMrJJ4XzbiRyxKmi2KRMReBCa9hPbmA+fw3o/Si2ccrvxmwA+cm2z
khlLXODQH1CLyj7Vu5PvZZUhTl26Q4gcZNEbAOVYTawoDB8mrfPUqcJl99zO0Oxb
kn6sXNayQAY6aBkPOI1tUW6GVy8aqjXJcwTVrc7thtCN0cEpSgUuOPjVK/snA8oH
xFov29cP3SMyTf7R
-----END CERTIFICATE-----