Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/279a3a-e7a0-4065-b6d8-0f6c412cf3df/1/xnC67U7ovnzg1bK5OP4mTK3r1OQ.roa
File:                     xnC67U7ovnzg1bK5OP4mTK3r1OQ.roa (raw, json)
Hash identifier:          VTazQXFvXTBxr4N+rcV336lgRcqjLDlD0IoLJBOHLn8=
Subject key identifier:   C6:70:BA:ED:4E:E8:BE:7C:E0:D5:B2:B9:38:FE:26:4C:AD:EB:D4:E4
Certificate issuer:       /CN=c7208a8b85bcb807cad64138543263acb204448b
Certificate serial:       018DA71A6732184CE72129332E4188EF494F
Authority key identifier: C7:20:8A:8B:85:BC:B8:07:CA:D6:41:38:54:32:63:AC:B2:04:44:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xyCKi4W8uAfK1kE4VDJjrLIERIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/279a3a-e7a0-4065-b6d8-0f6c412cf3df/1/xnC67U7ovnzg1bK5OP4mTK3r1OQ.roa
Signing time:             Wed 14 Feb 2024 10:12:21 +0000
ROA not before:           Wed 14 Feb 2024 10:12:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12479
IP address blocks:        37.11.0.0/16 maxlen: 24
                          37.14.0.0/15 maxlen: 24
                          37.35.128.0/17 maxlen: 24
                          37.97.124.0/22 maxlen: 24
                          62.14.0.0/15 maxlen: 24
                          87.216.0.0/13 maxlen: 24
                          146.158.128.0/17 maxlen: 24
                          185.4.188.0/22 maxlen: 24
                          188.76.0.0/14 maxlen: 24
                          212.9.64.0/19 maxlen: 24
                          212.106.192.0/18 maxlen: 24
                          213.179.96.0/19 maxlen: 24
Validation:               Failed, certificate revoked on Thu 15 Feb 2024 09:40:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:1a:67:32:18:4c:e7:21:29:33:2e:41:88:ef:49:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7208a8b85bcb807cad64138543263acb204448b
        Validity
            Not Before: Feb 14 10:12:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c670baed4ee8be7ce0d5b2b938fe264cadebd4e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8c:e1:28:05:f8:e5:3f:d1:1e:16:b7:e7:97:
                    9e:1e:89:c4:30:db:14:7e:e8:c1:72:01:d6:e9:40:
                    de:45:2b:5e:23:4f:7a:cc:65:c1:e6:40:f8:94:e3:
                    ae:d7:f1:cf:a0:8a:b5:a4:3e:2c:aa:ba:f9:c0:4b:
                    04:a6:5e:20:59:ce:8f:b9:a4:64:ea:ad:d5:a9:d2:
                    ef:7b:b1:3b:b5:68:5d:e7:1b:9f:94:db:51:37:01:
                    cb:91:e4:82:9d:ec:bd:07:62:ab:7c:c9:eb:3a:e0:
                    15:f1:c4:d6:80:50:f7:49:2d:8c:11:ab:99:8d:6b:
                    e8:08:25:2f:77:e1:c8:2f:59:6f:bb:81:54:90:fd:
                    bb:02:39:30:46:94:7e:96:89:ad:48:62:23:c0:09:
                    a4:7f:f1:6f:be:43:74:43:f6:12:f6:6e:e8:ce:08:
                    84:fe:42:eb:ff:6f:79:f4:b7:49:21:bd:87:02:bc:
                    97:56:a6:4b:75:4a:5f:11:77:b1:e0:ba:71:46:13:
                    06:6e:ba:83:cd:e0:84:65:25:4f:00:36:83:84:34:
                    ed:95:7a:35:d8:3a:b0:d1:09:fe:d1:05:93:99:e1:
                    8b:23:3d:95:f4:23:9d:8a:c7:d0:1d:d2:6d:8d:d3:
                    a8:e0:42:73:cd:0c:d9:dc:a1:2f:02:d8:9e:d9:18:
                    85:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:70:BA:ED:4E:E8:BE:7C:E0:D5:B2:B9:38:FE:26:4C:AD:EB:D4:E4
            X509v3 Authority Key Identifier:
                keyid:C7:20:8A:8B:85:BC:B8:07:CA:D6:41:38:54:32:63:AC:B2:04:44:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xyCKi4W8uAfK1kE4VDJjrLIERIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/279a3a-e7a0-4065-b6d8-0f6c412cf3df/1/xnC67U7ovnzg1bK5OP4mTK3r1OQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/279a3a-e7a0-4065-b6d8-0f6c412cf3df/1/xyCKi4W8uAfK1kE4VDJjrLIERIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.11.0.0/16
                  37.14.0.0/15
                  37.35.128.0/17
                  37.97.124.0/22
                  62.14.0.0/15
                  87.216.0.0/13
                  146.158.128.0/17
                  185.4.188.0/22
                  188.76.0.0/14
                  212.9.64.0/19
                  212.106.192.0/18
                  213.179.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         73:49:72:9e:1b:f4:fc:00:f4:a2:16:96:b6:13:a6:93:f1:0f:
         24:3d:af:98:3f:c0:a5:5f:2c:b0:fd:ed:10:4a:74:8f:bb:db:
         6d:8c:b5:51:8e:dc:e3:40:98:0b:f6:59:2f:0d:00:f8:e8:2c:
         85:2a:e1:d1:8f:2d:58:a9:65:c0:47:f5:85:70:e4:6d:ff:cb:
         9c:b1:b8:06:24:54:f1:84:ba:2c:2c:f1:1f:05:9f:b8:b5:f7:
         6b:19:f8:3d:2a:a8:0e:3e:66:a7:d7:b0:ee:67:0b:e5:bd:52:
         b1:17:6a:db:7c:08:ec:c4:05:12:2e:81:c1:4f:26:5f:45:0a:
         61:34:ee:50:9b:6b:8b:ad:da:b1:4e:07:b3:21:0a:5d:31:6c:
         d3:80:00:f4:18:46:58:d0:71:a7:8c:26:57:c1:52:00:25:e4:
         41:6c:d2:85:a2:ff:41:36:ed:09:ee:1b:25:63:bd:f3:51:a6:
         ee:7e:a4:94:1b:e5:92:c4:42:75:1e:d0:0a:3a:36:9a:d7:a6:
         9f:e8:fc:9b:4b:42:8d:4f:9f:0a:65:36:d3:d8:4d:3d:69:25:
         7d:e1:38:b8:15:8a:37:3c:11:ec:c4:db:4e:ff:ac:03:81:47:
         7c:e0:f4:e5:05:15:79:9d:c6:54:77:3a:a2:9b:80:d8:e0:67:
         eb:02:c5:d4
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAY2nGmcyGEznISkzLkGI70lPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MjA4YThiODViY2I4MDdjYWQ2NDEzODU0MzI2M2FjYjIw
NDQ0OGIwHhcNMjQwMjE0MTAxMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjcwYmFlZDRlZThiZTdjZTBkNWIyYjkzOGZlMjY0Y2FkZWJkNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYzhKAX45T/RHha355eeHonEMNsU
fujBcgHW6UDeRSteI096zGXB5kD4lOOu1/HPoIq1pD4sqrr5wEsEpl4gWc6PuaRk
6q3VqdLve7E7tWhd5xuflNtRNwHLkeSCney9B2KrfMnrOuAV8cTWgFD3SS2MEauZ
jWvoCCUvd+HIL1lvu4FUkP27AjkwRpR+lomtSGIjwAmkf/FvvkN0Q/YS9m7ozgiE
/kLr/2959LdJIb2HAryXVqZLdUpfEXex4LpxRhMGbrqDzeCEZSVPADaDhDTtlXo1
2Dqw0Qn+0QWTmeGLIz2V9COdisfQHdJtjdOo4EJzzQzZ3KEvAtie2RiFzQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFMZwuu1O6L584NWyuTj+Jkyt69TkMB8GA1UdIwQY
MBaAFMcgiouFvLgHytZBOFQyY6yyBESLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHlDS2k0Vzh1QWZLMWtFNFZESmpyTElFUklzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8yNzlhM2EtZTdhMC00MDY1LWI2ZDgt
MGY2YzQxMmNmM2RmLzEveG5DNjdVN292bnpnMWJLNU9QNG1USzNyMU9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8yNzlhM2EtZTdhMC00MDY1LWI2ZDgtMGY2YzQxMmNmM2Rm
LzEveHlDS2k0Vzh1QWZLMWtFNFZESmpyTElFUklzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAATBDAwMAJQsDAwEl
DgMEByUjgAMEAiVhfAMDAT4OAwMDV9gDBAeSnoADBAK5BLwDAwK8TAMEBdQJQAME
BtRqwAMEBdWzYDANBgkqhkiG9w0BAQsFAAOCAQEAc0lynhv0/AD0ohaWthOmk/EP
JD2vmD/ApV8ssP3tEEp0j7vbbYy1UY7c40CYC/ZZLw0A+OgshSrh0Y8tWKllwEf1
hXDkbf/LnLG4BiRU8YS6LCzxHwWfuLX3axn4PSqoDj5mp9ew7mcL5b1SsRdq23wI
7MQFEi6BwU8mX0UKYTTuUJtri63asU4HsyEKXTFs04AA9BhGWNBxp4wmV8FSACXk
QWzShaL/QTbtCe4bJWO981Gm7n6klBvlksRCdR7QCjo2mtemn+j8m0tCjU+fCmU2
09hNPWklfeE4uBWKNzwR7MTbTv+sA4FHfOD05QUVeZ3GVHc6opuA2OBn6wLF1A==
-----END CERTIFICATE-----