Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/587460-eab7-40d9-a512-3e660d0252db/1/og3hW6bz2Fxo9MT-smevrhi1Cco.roa
File:                     og3hW6bz2Fxo9MT-smevrhi1Cco.roa (raw, json)
Hash identifier:          PPc6Fq8KFm9jv68ZLLEkYzaV2e+Ni3nh8JPzuZdVjpM=
Subject key identifier:   A2:0D:E1:5B:A6:F3:D8:5C:68:F4:C4:FE:B2:67:AF:AE:18:B5:09:CA
Certificate issuer:       /CN=e30f8894f308172ace92fbe6052eec23853eadad
Certificate serial:       0192D76CFC77C7CCAFB484175F6ABFFF6326
Authority key identifier: E3:0F:88:94:F3:08:17:2A:CE:92:FB:E6:05:2E:EC:23:85:3E:AD:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4w-IlPMIFyrOkvvmBS7sI4U-ra0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/587460-eab7-40d9-a512-3e660d0252db/1/og3hW6bz2Fxo9MT-smevrhi1Cco.roa
Signing time:             Tue 29 Oct 2024 08:38:16 +0000
ROA not before:           Tue 29 Oct 2024 08:38:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3920
IP address blocks:        37.49.224.0/24 maxlen: 24
                          37.49.225.0/24 maxlen: 24
                          37.49.226.0/24 maxlen: 24
                          37.49.227.0/24 maxlen: 24
                          37.49.228.0/24 maxlen: 24
                          37.49.229.0/24 maxlen: 24
                          77.247.111.0/24 maxlen: 24
                          117.18.118.0/24 maxlen: 24
                          117.55.202.0/24 maxlen: 24
                          117.55.203.0/24 maxlen: 24
                          185.53.91.0/24 maxlen: 24
                          185.209.15.0/24 maxlen: 24
                          212.237.231.0/24 maxlen: 24
                          2a13:adc0::/48 maxlen: 48
                          2a13:adc0:1::/48 maxlen: 48
                          2a13:adc0:2::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 13:48:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:6c:fc:77:c7:cc:af:b4:84:17:5f:6a:bf:ff:63:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30f8894f308172ace92fbe6052eec23853eadad
        Validity
            Not Before: Oct 29 08:38:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a20de15ba6f3d85c68f4c4feb267afae18b509ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3e:9d:89:38:9a:80:ed:fa:7f:1b:da:17:7c:
                    cd:63:fb:a9:b0:99:26:0a:9f:54:2a:08:22:63:17:
                    f3:1b:7a:03:d9:3b:30:e1:68:d0:75:21:73:6e:6b:
                    75:81:97:3d:88:07:bb:bb:b2:72:b5:72:cd:ff:6d:
                    3d:ca:ce:07:56:45:22:6f:25:b2:f4:d4:75:bf:b3:
                    5e:e5:9e:06:22:e4:09:0c:3f:32:76:59:2e:7c:d0:
                    ac:23:7c:4e:11:05:40:99:29:76:7c:b3:a5:5e:e9:
                    47:98:5d:40:db:44:70:26:3c:cb:a7:d3:43:da:99:
                    f0:57:51:3c:01:1f:4d:98:dc:69:a3:87:88:6e:3f:
                    b6:58:6a:45:76:e9:7b:03:d2:fa:d5:fc:28:a5:f6:
                    12:50:75:10:c4:43:15:a3:7c:07:c2:ba:47:45:f0:
                    db:0d:93:89:f0:d6:55:fa:9b:b9:83:23:9f:b5:bb:
                    ac:7e:ff:f9:30:10:4a:9c:fe:40:b6:91:1a:9e:df:
                    3c:8b:f7:90:9f:76:60:60:12:53:e3:b3:64:2b:44:
                    58:d5:bb:9d:66:37:e5:df:00:c1:90:76:45:1a:d2:
                    a6:4a:0e:b4:47:42:65:28:3e:b1:5e:c4:54:36:14:
                    4d:bf:a9:c8:a0:c2:55:3b:80:4d:b4:e4:3a:e9:a2:
                    e3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0D:E1:5B:A6:F3:D8:5C:68:F4:C4:FE:B2:67:AF:AE:18:B5:09:CA
            X509v3 Authority Key Identifier:
                keyid:E3:0F:88:94:F3:08:17:2A:CE:92:FB:E6:05:2E:EC:23:85:3E:AD:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4w-IlPMIFyrOkvvmBS7sI4U-ra0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/587460-eab7-40d9-a512-3e660d0252db/1/og3hW6bz2Fxo9MT-smevrhi1Cco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/587460-eab7-40d9-a512-3e660d0252db/1/4w-IlPMIFyrOkvvmBS7sI4U-ra0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.224.0-37.49.229.255
                  77.247.111.0/24
                  117.18.118.0/24
                  117.55.202.0/23
                  185.53.91.0/24
                  185.209.15.0/24
                  212.237.231.0/24
                IPv6:
                  2a13:adc0::-2a13:adc0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9d:6e:05:36:ba:81:c6:d5:28:2b:e7:15:36:9d:fa:c0:60:c8:
         60:4a:9a:e2:2f:86:20:8f:db:e2:10:dd:be:09:22:22:3a:7f:
         b6:cb:8f:de:f5:95:36:f1:a9:0b:14:a5:d6:e2:e6:aa:56:37:
         41:56:79:9d:c9:7f:94:2d:28:e0:5b:ad:a1:d4:76:ce:d4:69:
         4d:fe:45:6d:e9:d5:5f:69:a7:ac:1f:a3:02:6b:87:2b:4a:a0:
         b0:27:3e:0b:ff:de:11:a8:35:59:41:b1:9e:ef:e4:9c:c7:95:
         47:9b:86:f0:fa:0d:4e:ff:78:02:fa:84:d6:5d:3e:7a:a0:57:
         6b:5e:2c:d3:d7:aa:b7:00:83:ba:1e:7c:37:2f:7d:fd:e5:30:
         ef:3b:09:db:86:b7:51:09:8a:1a:3b:85:d7:3b:5a:99:19:9d:
         35:77:b2:df:5f:ca:89:34:67:22:84:d6:bb:4c:92:cb:0f:f8:
         fc:7b:5e:d3:de:bd:83:92:49:3e:62:56:24:f7:44:e1:2a:3e:
         1f:c1:be:17:88:66:b5:df:33:71:1c:9f:28:d6:70:3e:74:91:
         10:07:b7:d2:41:06:85:b8:40:d6:72:03:0a:c5:27:9a:2f:35:
         90:bc:3c:40:76:ac:cf:79:de:1d:d8:f1:06:b1:f1:42:f2:3d:
         c3:d3:aa:8c
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZLXbPx3x8yvtIQXX2q//2MmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGY4ODk0ZjMwODE3MmFjZTkyZmJlNjA1MmVlYzIzODUz
ZWFkYWQwHhcNMjQxMDI5MDgzODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBkZTE1YmE2ZjNkODVjNjhmNGM0ZmViMjY3YWZhZTE4YjUwOWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArj6diTiagO36fxvaF3zNY/upsJkm
Cp9UKggiYxfzG3oD2Tsw4WjQdSFzbmt1gZc9iAe7u7JytXLN/209ys4HVkUibyWy
9NR1v7Ne5Z4GIuQJDD8ydlkufNCsI3xOEQVAmSl2fLOlXulHmF1A20RwJjzLp9ND
2pnwV1E8AR9NmNxpo4eIbj+2WGpFdul7A9L61fwopfYSUHUQxEMVo3wHwrpHRfDb
DZOJ8NZV+pu5gyOftbusfv/5MBBKnP5AtpEant88i/eQn3ZgYBJT47NkK0RY1bud
Zjfl3wDBkHZFGtKmSg60R0JlKD6xXsRUNhRNv6nIoMJVO4BNtOQ66aLjkwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKIN4Vum89hcaPTE/rJnr64YtQnKMB8GA1UdIwQY
MBaAFOMPiJTzCBcqzpL75gUu7COFPq2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHctSWxQTUlGeXJPa3Z2bUJTN3NJNFUtcmEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81ODc0NjAtZWFiNy00MGQ5LWE1MTIt
M2U2NjBkMDI1MmRiLzEvb2czaFc2YnoyRnhvOU1ULXNtZXZyaGkxQ2NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81ODc0NjAtZWFiNy00MGQ5LWE1MTItM2U2NjBkMDI1MmRi
LzEvNHctSWxQTUlGeXJPa3Z2bUJTN3NJNFUtcmEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA4BAIAATAyMAwDBAUlMeAD
BAElMeQDBABN928DBAB1EnYDBAF1N8oDBAC5NVsDBAC50Q8DBADU7ecwGAQCAAIw
EjAQAwUGKhOtwAMHACoTrcAAAjANBgkqhkiG9w0BAQsFAAOCAQEAnW4FNrqBxtUo
K+cVNp36wGDIYEqa4i+GII/b4hDdvgkiIjp/tsuP3vWVNvGpCxSl1uLmqlY3QVZ5
ncl/lC0o4FutodR2ztRpTf5FbenVX2mnrB+jAmuHK0qgsCc+C//eEag1WUGxnu/k
nMeVR5uG8PoNTv94AvqE1l0+eqBXa14s09eqtwCDuh58Ny99/eUw7zsJ24a3UQmK
GjuF1ztamRmdNXey31/KiTRnIoTWu0ySyw/4/Hte0969g5JJPmJWJPdE4So+H8G+
F4hmtd8zcRyfKNZwPnSREAe30kEGhbhA1nIDCsUnmi81kLw8QHasz3neHdjxBrHx
QvI9w9OqjA==
-----END CERTIFICATE-----