Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/ptAhB2XGXozSoyuZl99Q7n2Yvw0.roa
File:                     ptAhB2XGXozSoyuZl99Q7n2Yvw0.roa (raw, json)
Hash identifier:          1pUTius9TkrmcBV1499Gjy1oeAqs/QVPwZli6LhIsy0=
Subject key identifier:   A6:D0:21:07:65:C6:5E:8C:D2:A3:2B:99:97:DF:50:EE:7D:98:BF:0D
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       018CC726FB81A60E8C520E1FCCFA808B0F3C
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/ptAhB2XGXozSoyuZl99Q7n2Yvw0.roa
Signing time:             Mon 01 Jan 2024 22:31:09 +0000
ROA not before:           Mon 01 Jan 2024 22:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206924
IP address blocks:        91.198.241.0/24 maxlen: 24
                          185.230.223.0/24 maxlen: 24
                          2a0c:2f07:d::/48 maxlen: 48
                          2a0c:2f07:f::/48 maxlen: 48
                          2a0c:2f07:384::/48 maxlen: 48
                          2a0c:2f07:29::/48 maxlen: 48
                          2a0c:2f07:9459::/48 maxlen: 48
                          2a0c:2f07:ac1::/48 maxlen: 48
                          2a0c:2f07:4896::/48 maxlen: 48
                          2a0c:2f07:4663::/48 maxlen: 48
                          2a0c:2f07::/64 maxlen: 64
                          2a0c:2f07::/48 maxlen: 48
Validation:               Failed, certificate revoked on Mon 22 Jan 2024 19:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fb:81:a6:0e:8c:52:0e:1f:cc:fa:80:8b:0f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: Jan  1 22:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6d0210765c65e8cd2a32b9997df50ee7d98bf0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2f:e9:95:30:cd:a8:a5:13:97:06:49:69:57:
                    6b:b2:99:aa:e4:ce:f8:80:ca:bc:8c:df:ff:b4:43:
                    69:a8:c2:9f:b4:44:32:41:cf:fa:5d:b0:90:21:32:
                    1c:a6:cf:68:c4:e0:bc:ef:18:b7:b5:a9:b3:64:db:
                    8b:b8:82:16:a4:46:9e:65:70:04:02:e7:e9:05:23:
                    92:6e:54:0d:3a:a1:9e:57:a8:1f:30:af:20:5a:7e:
                    96:97:f0:fa:3b:92:13:28:0a:63:e2:d3:d3:42:2a:
                    53:96:07:44:89:78:62:61:3a:26:b0:fc:f9:e2:3a:
                    68:9f:00:93:6d:5e:9f:69:23:b4:c8:49:29:47:38:
                    8b:88:50:4d:da:13:35:7e:58:17:54:69:4c:77:b9:
                    f0:b1:58:95:12:02:95:4c:72:49:ee:5c:0f:2a:3e:
                    b4:c2:65:ee:e5:cd:bc:e6:26:f4:ce:83:f8:fa:7f:
                    45:d8:d8:27:d6:d8:9b:f7:99:57:03:e3:30:6f:76:
                    23:b8:bf:ba:6b:59:80:90:d0:64:14:3f:f7:76:08:
                    61:9a:b8:7d:18:24:5f:07:26:55:e1:5d:2f:ca:4e:
                    5e:60:6d:62:de:8e:f9:d4:61:a8:43:8a:cc:b5:8e:
                    40:99:b1:b4:61:7f:aa:e7:74:75:3e:8d:07:15:c4:
                    a7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D0:21:07:65:C6:5E:8C:D2:A3:2B:99:97:DF:50:EE:7D:98:BF:0D
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/ptAhB2XGXozSoyuZl99Q7n2Yvw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.241.0/24
                  185.230.223.0/24
                IPv6:
                  2a0c:2f07::/48
                  2a0c:2f07:d::/48
                  2a0c:2f07:f::/48
                  2a0c:2f07:29::/48
                  2a0c:2f07:384::/48
                  2a0c:2f07:ac1::/48
                  2a0c:2f07:4663::/48
                  2a0c:2f07:4896::/48
                  2a0c:2f07:9459::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:d1:a3:61:5b:8b:52:ef:ac:9f:14:21:88:1e:a9:59:fe:9e:
         be:2f:f8:99:65:85:bb:20:50:e4:d2:a6:7e:62:82:80:e9:90:
         ef:6a:76:6c:13:b5:da:f2:27:74:e6:23:da:e1:f6:49:04:14:
         3a:9f:92:a1:01:0f:86:8d:55:77:29:ee:96:e2:b3:4a:9e:a2:
         1b:dc:2f:03:b5:22:6f:03:da:94:e0:a3:75:1f:95:7e:e9:63:
         8e:09:86:89:d2:76:25:9c:42:ae:9a:80:74:59:03:a7:4c:0c:
         b4:fd:ce:d5:d9:ea:37:dc:a6:80:37:13:07:1a:f5:76:5e:0f:
         a5:ae:02:99:ea:f0:c8:b0:de:02:fa:81:09:c2:ce:0d:42:a2:
         73:73:f1:57:a8:12:37:c2:7d:0c:71:a6:a8:d5:52:07:54:e5:
         a2:4a:87:26:a7:ab:67:b9:b8:f2:31:38:c1:da:fd:3d:dc:b8:
         ab:12:56:24:6d:fc:4f:ae:65:bb:df:65:72:1c:a0:76:94:a3:
         1d:54:29:19:06:c7:de:5d:a3:a7:14:d9:aa:94:b5:5e:32:c8:
         ce:ab:3d:cc:d4:6f:70:89:52:11:10:d9:78:cf:1d:98:14:3c:
         77:11:b2:c1:f6:9c:f8:9c:09:49:60:d1:14:68:c5:a7:24:bc:
         e2:a0:57:79
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYzHJvuBpg6MUg4fzPqAiw88MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjQwMTAxMjIzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmQwMjEwNzY1YzY1ZThjZDJhMzJiOTk5N2RmNTBlZTdkOThiZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS/plTDNqKUTlwZJaVdrspmq5M74
gMq8jN//tENpqMKftEQyQc/6XbCQITIcps9oxOC87xi3tamzZNuLuIIWpEaeZXAE
AufpBSOSblQNOqGeV6gfMK8gWn6Wl/D6O5ITKApj4tPTQipTlgdEiXhiYTomsPz5
4jponwCTbV6faSO0yEkpRziLiFBN2hM1flgXVGlMd7nwsViVEgKVTHJJ7lwPKj60
wmXu5c285ib0zoP4+n9F2Ngn1tib95lXA+Mwb3YjuL+6a1mAkNBkFD/3dghhmrh9
GCRfByZV4V0vyk5eYG1i3o751GGoQ4rMtY5AmbG0YX+q53R1Po0HFcSnowIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFKbQIQdlxl6M0qMrmZffUO59mL8NMB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvcHRBaEIyWEdYb3pTb3l1Wmw5OVE3bjJZdncwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTASBAIAATAMAwQAW8bxAwQA
uebfMFcEAgACMFEDBwAqDC8HAAADBwAqDC8HAA0DBwAqDC8HAA8DBwAqDC8HACkD
BwAqDC8HA4QDBwAqDC8HCsEDBwAqDC8HRmMDBwAqDC8HSJYDBwAqDC8HlFkwDQYJ
KoZIhvcNAQELBQADggEBAGbRo2Fbi1LvrJ8UIYgeqVn+nr4v+JllhbsgUOTSpn5i
goDpkO9qdmwTtdryJ3TmI9rh9kkEFDqfkqEBD4aNVXcp7pbis0qeohvcLwO1Im8D
2pTgo3UflX7pY44JhonSdiWcQq6agHRZA6dMDLT9ztXZ6jfcpoA3Ewca9XZeD6Wu
Apnq8Miw3gL6gQnCzg1ConNz8VeoEjfCfQxxpqjVUgdU5aJKhyanq2e5uPIxOMHa
/T3cuKsSViRt/E+uZbvfZXIcoHaUox1UKRkGx95do6cU2aqUtV4yyM6rPczUb3CJ
UhEQ2XjPHZgUPHcRssH2nPicCUlg0RRoxackvOKgV3k=
-----END CERTIFICATE-----