Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oGPvdslw4CSMaZsShmlBd-IfdlA.roa
File:                     oGPvdslw4CSMaZsShmlBd-IfdlA.roa (raw, json)
Hash identifier:          zynpSAqLPiHojbmVUv4WhCHHSJtKUFsu6ruMblyuQYA=
Subject key identifier:   A0:63:EF:76:C9:70:E0:24:8C:69:9B:12:86:69:41:77:E2:1F:76:50
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0194651523FB94DCC7EB69EC446D7DCC5685
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oGPvdslw4CSMaZsShmlBd-IfdlA.roa
Signing time:             Tue 14 Jan 2025 13:51:11 +0000
ROA not before:           Tue 14 Jan 2025 13:51:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        45.139.6.0/23 maxlen: 24
                          46.249.110.0/24 maxlen: 24
                          82.115.1.0/24 maxlen: 24
                          82.115.2.0/23 maxlen: 24
                          82.115.28.0/23 maxlen: 24
                          89.251.10.0/24 maxlen: 24
                          159.255.32.0/22 maxlen: 22
                          159.255.36.0/22 maxlen: 22
                          178.173.232.0/21 maxlen: 24
                          185.231.172.0/22 maxlen: 24
                          188.253.8.0/21 maxlen: 24
                          202.133.90.0/23 maxlen: 24
                          212.90.100.0/22 maxlen: 24
                          213.173.32.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Wed 15 Jan 2025 07:39:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:65:15:23:fb:94:dc:c7:eb:69:ec:44:6d:7d:cc:56:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan 14 13:51:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a063ef76c970e0248c699b1286694177e21f7650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:67:a6:9d:70:7f:2d:35:a2:88:c2:1c:22:3e:
                    d7:e3:1d:0b:33:ea:21:ea:8c:c3:c7:90:e0:f5:bf:
                    73:ff:7c:61:e0:57:cd:54:c1:a5:ff:04:63:e1:48:
                    52:6e:9f:62:94:76:a2:01:3e:c7:5b:34:aa:9b:f9:
                    13:55:34:97:8a:41:0a:8f:b9:a1:75:de:7e:7b:00:
                    b6:fb:17:be:a7:9f:63:69:8c:f1:26:57:f8:c7:98:
                    3a:ad:bb:41:d2:aa:64:41:e5:3d:f8:b6:8b:91:34:
                    d1:f0:80:52:0d:60:8f:7f:86:9c:a8:07:79:09:ef:
                    9f:a0:43:2d:cd:e9:77:49:ae:06:6c:29:f2:90:48:
                    8f:76:01:08:ac:87:bb:ca:3b:25:be:0d:1e:2d:ff:
                    1a:b2:53:64:c7:53:20:2c:88:bf:c9:d0:bf:8d:15:
                    bd:f5:65:7e:90:d2:99:1d:98:65:6f:f0:fb:61:6c:
                    f4:f7:1f:ad:6f:ba:a9:5b:84:92:d8:3b:9b:ac:24:
                    0f:61:d9:c4:e9:05:d2:58:54:23:c3:77:ea:a9:29:
                    4f:ea:39:99:de:ba:bf:21:c9:67:3a:93:d3:02:8b:
                    43:c6:0d:aa:f7:3f:2e:3e:59:78:ff:f7:42:ec:dd:
                    e9:65:bb:bd:e3:f6:7a:16:19:f3:47:af:21:93:78:
                    9e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:63:EF:76:C9:70:E0:24:8C:69:9B:12:86:69:41:77:E2:1F:76:50
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oGPvdslw4CSMaZsShmlBd-IfdlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.6.0/23
                  46.249.110.0/24
                  82.115.1.0-82.115.3.255
                  82.115.28.0/23
                  89.251.10.0/24
                  159.255.32.0/21
                  178.173.232.0/21
                  185.231.172.0/22
                  188.253.8.0/21
                  202.133.90.0/23
                  212.90.100.0/22
                  213.173.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:08:93:73:8d:b5:39:f8:06:ab:ea:dd:70:40:77:96:b7:eb:
         13:aa:17:f8:a8:cf:f5:7e:3f:a8:98:10:57:ce:8b:55:d6:c4:
         fa:d5:85:a7:4d:d5:c9:15:02:3f:e5:7a:52:c5:ef:7c:6f:79:
         1c:82:49:d8:11:97:8f:9d:e2:35:a4:cf:19:0c:e7:d6:22:eb:
         33:4d:29:c0:d3:44:30:a7:1d:bc:c0:86:95:ba:eb:56:27:13:
         79:05:59:ed:f4:81:bc:e4:8c:de:e0:90:80:97:3c:b2:98:69:
         d5:36:10:69:5a:5f:85:2f:99:87:2f:3e:97:73:d3:94:25:22:
         99:f0:26:3b:4f:4a:93:ab:92:d0:0e:e8:84:42:14:b0:7f:2a:
         28:fa:32:ad:59:b7:c3:bb:a6:b8:4b:4f:cb:8a:f0:7b:26:22:
         d2:2b:78:65:09:aa:e8:e9:cb:c0:73:72:6e:2f:1a:cc:7d:64:
         1b:ab:01:d2:cb:ec:7d:28:9b:2d:68:28:e9:6d:3d:c6:92:67:
         9b:1c:54:1c:ef:55:3a:15:24:b8:a9:2f:e3:51:88:f1:07:47:
         fb:37:56:35:9b:18:8d:2b:6b:a4:92:b6:84:be:22:97:21:99:
         24:a2:44:95:1f:ea:a5:54:d4:16:ea:fb:6a:af:39:9e:a1:8e:
         cf:d5:8c:60
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZRlFSP7lNzH62nsRG19zFaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTE0MTM1MTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDYzZWY3NmM5NzBlMDI0OGM2OTliMTI4NjY5NDE3N2UyMWY3NjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2emnXB/LTWiiMIcIj7X4x0LM+oh
6ozDx5Dg9b9z/3xh4FfNVMGl/wRj4UhSbp9ilHaiAT7HWzSqm/kTVTSXikEKj7mh
dd5+ewC2+xe+p59jaYzxJlf4x5g6rbtB0qpkQeU9+LaLkTTR8IBSDWCPf4acqAd5
Ce+foEMtzel3Sa4GbCnykEiPdgEIrIe7yjslvg0eLf8aslNkx1MgLIi/ydC/jRW9
9WV+kNKZHZhlb/D7YWz09x+tb7qpW4SS2DubrCQPYdnE6QXSWFQjw3fqqSlP6jmZ
3rq/IclnOpPTAotDxg2q9z8uPll4//dC7N3pZbu94/Z6FhnzR68hk3ieJQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFKBj73bJcOAkjGmbEoZpQXfiH3ZQMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvb0dQdmRzbHc0Q1NNYVpzU2htbEJkLUlmZGxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQBLYsGAwQA
LvluMAwDBABScwEDBAJScwADBAFScxwDBABZ+woDBAOf/yADBAOyregDBAK556wD
BAO8/QgDBAHKhVoDBALUWmQDBALVrSAwDQYJKoZIhvcNAQELBQADggEBAHYIk3ON
tTn4Bqvq3XBAd5a36xOqF/ioz/V+P6iYEFfOi1XWxPrVhadN1ckVAj/lelLF73xv
eRyCSdgRl4+d4jWkzxkM59Yi6zNNKcDTRDCnHbzAhpW661YnE3kFWe30gbzkjN7g
kICXPLKYadU2EGlaX4UvmYcvPpdz05QlIpnwJjtPSpOrktAO6IRCFLB/Kij6Mq1Z
t8O7prhLT8uK8HsmItIreGUJqujpy8Bzcm4vGsx9ZBurAdLL7H0omy1oKOltPcaS
Z5scVBzvVToVJLipL+NRiPEHR/s3VjWbGI0ra6SStoS+IpchmSSiRJUf6qVU1Bbq
+2qvOZ6hjs/VjGA=
-----END CERTIFICATE-----