Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/dMNGmMr6_nfbGwdoGS3bSH9OUZk.roa
File:                     dMNGmMr6_nfbGwdoGS3bSH9OUZk.roa (raw, json)
Hash identifier:          nt/QOL6hRVCdlV9mVa7W70AZq6mEM+RGbEtVrT+hq9c=
Subject key identifier:   74:C3:46:98:CA:FA:FE:77:DB:1B:07:68:19:2D:DB:48:7F:4E:51:99
Certificate issuer:       /CN=9907c7b89656dd339cb98fb7c2b0371c5926a641
Certificate serial:       01934A6456473CCD3798E823189BB60C5DE0
Authority key identifier: 99:07:C7:B8:96:56:DD:33:9C:B9:8F:B7:C2:B0:37:1C:59:26:A6:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mQfHuJZW3TOcuY-3wrA3HFkmpkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/dMNGmMr6_nfbGwdoGS3bSH9OUZk.roa
Signing time:             Wed 20 Nov 2024 16:25:09 +0000
ROA not before:           Wed 20 Nov 2024 16:25:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199483
IP address blocks:        31.14.0.0/22 maxlen: 24
                          91.209.103.0/24 maxlen: 24
                          185.15.24.0/22 maxlen: 24
                          185.15.24.0/24 maxlen: 24
                          185.15.25.0/24 maxlen: 24
                          185.15.26.0/24 maxlen: 24
                          185.15.27.0/24 maxlen: 24
                          185.167.0.0/22 maxlen: 24
                          185.221.88.0/22 maxlen: 24
                          185.221.88.0/23 maxlen: 23
                          185.221.90.0/24 maxlen: 24
                          185.221.91.0/24 maxlen: 24
                          193.164.151.0/24 maxlen: 24
                          2a02:f840::/29 maxlen: 48
                          2a02:f840::/32 maxlen: 32
                          2a02:f840:1::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:48:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:64:56:47:3c:cd:37:98:e8:23:18:9b:b6:0c:5d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9907c7b89656dd339cb98fb7c2b0371c5926a641
        Validity
            Not Before: Nov 20 16:25:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74c34698cafafe77db1b0768192ddb487f4e5199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:28:27:02:5c:9c:0a:d1:33:b7:b4:67:30:a5:
                    75:5e:2d:6f:f7:85:8a:6f:52:f6:23:3b:98:0f:ff:
                    1f:22:09:59:6b:ad:2c:c4:bb:7e:71:f6:87:8f:33:
                    f6:90:d1:9d:2a:bc:d8:34:cd:98:f0:66:42:2f:be:
                    be:0f:87:5d:bc:b6:c0:a8:1c:db:1a:38:68:fc:6d:
                    59:47:af:10:9e:ce:c8:42:6e:f5:39:0b:26:99:de:
                    0d:17:48:ec:01:51:24:63:93:b4:92:97:6a:18:77:
                    ec:50:62:18:18:3d:6c:f0:c1:ca:51:fb:6b:f5:ac:
                    f5:eb:c7:8c:61:5e:9b:98:1a:5b:3f:4b:d3:5d:1f:
                    41:6f:d6:33:93:4e:91:f8:0e:0a:a6:a9:ad:ef:f0:
                    60:2d:88:34:b5:90:04:82:47:af:f4:27:33:30:20:
                    05:dd:b6:2a:27:85:48:20:fa:e4:53:41:2a:c7:e6:
                    fc:d0:c0:8f:df:ca:6c:09:dc:a7:74:54:59:c7:1c:
                    0d:b8:49:58:e1:08:e9:8b:2d:83:12:36:d7:aa:e2:
                    c4:af:fb:1a:ac:ab:e2:52:bd:05:36:1f:f3:8b:b9:
                    5c:ad:ed:53:11:99:93:af:1b:59:3c:9b:b0:ff:74:
                    d0:1b:26:2b:e8:ac:0e:5a:3d:1f:71:60:6a:9d:e0:
                    05:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:C3:46:98:CA:FA:FE:77:DB:1B:07:68:19:2D:DB:48:7F:4E:51:99
            X509v3 Authority Key Identifier:
                keyid:99:07:C7:B8:96:56:DD:33:9C:B9:8F:B7:C2:B0:37:1C:59:26:A6:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mQfHuJZW3TOcuY-3wrA3HFkmpkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/dMNGmMr6_nfbGwdoGS3bSH9OUZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/mQfHuJZW3TOcuY-3wrA3HFkmpkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.0.0/22
                  91.209.103.0/24
                  185.15.24.0/22
                  185.167.0.0/22
                  185.221.88.0/22
                  193.164.151.0/24
                IPv6:
                  2a02:f840::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:f3:9b:70:a4:97:15:46:1b:fd:ae:61:60:f6:37:5c:7c:60:
         bc:ca:cf:d2:2f:a1:42:2d:d9:ec:c5:61:1e:d5:28:fc:70:0f:
         f1:c7:50:6f:b6:cf:c9:97:84:ae:bc:57:ce:8a:32:dd:b5:f1:
         31:ee:be:9c:57:40:fc:a9:e8:9d:46:9e:8f:37:d7:2c:8c:30:
         fb:51:5e:6a:7f:29:a8:c6:c5:f4:e9:91:0c:f5:1c:51:24:00:
         5b:c0:ea:ae:06:79:5e:14:fd:d2:aa:ec:9f:9f:1c:10:d4:09:
         85:fd:34:f9:1a:6d:6e:86:6b:73:a2:95:00:ff:6c:af:19:ca:
         84:70:07:83:92:86:10:58:a5:f2:3a:55:93:bf:bf:01:b7:9a:
         8b:3f:66:32:97:b8:e0:5d:78:17:33:f4:8c:69:0e:17:31:f6:
         f4:84:07:55:94:c8:46:7b:7c:98:ff:fe:ec:d1:c5:63:d1:6e:
         de:c3:fd:eb:b0:a4:0a:d3:ef:c2:90:b5:a7:d6:bf:0f:4e:46:
         1b:6d:41:b0:37:e5:32:68:4d:65:50:a8:6e:8b:83:94:32:4f:
         90:c8:9f:8a:a9:9b:b1:d8:75:c9:7d:1f:64:ec:30:cc:82:ca:
         d1:b0:14:66:a1:4e:5e:b4:9b:28:5c:aa:15:f7:c2:19:35:23:
         8b:9c:fe:87
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZNKZFZHPM03mOgjGJu2DF3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MDdjN2I4OTY1NmRkMzM5Y2I5OGZiN2MyYjAzNzFjNTky
NmE2NDEwHhcNMjQxMTIwMTYyNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGMzNDY5OGNhZmFmZTc3ZGIxYjA3NjgxOTJkZGI0ODdmNGU1MTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArignAlycCtEzt7RnMKV1Xi1v94WK
b1L2IzuYD/8fIglZa60sxLt+cfaHjzP2kNGdKrzYNM2Y8GZCL76+D4ddvLbAqBzb
Gjho/G1ZR68Qns7IQm71OQsmmd4NF0jsAVEkY5O0kpdqGHfsUGIYGD1s8MHKUftr
9az168eMYV6bmBpbP0vTXR9Bb9Yzk06R+A4Kpqmt7/BgLYg0tZAEgkev9CczMCAF
3bYqJ4VIIPrkU0Eqx+b80MCP38psCdyndFRZxxwNuElY4Qjpiy2DEjbXquLEr/sa
rKviUr0FNh/zi7lcre1TEZmTrxtZPJuw/3TQGyYr6KwOWj0fcWBqneAFawIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFHTDRpjK+v532xsHaBkt20h/TlGZMB8GA1UdIwQY
MBaAFJkHx7iWVt0znLmPt8KwNxxZJqZBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVFmSHVKWlczVE9jdVktM3dyQTNIRmttcGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83ZGQyODktNmNiNS00MzcxLTg0NmMt
OTNkZWM3MzVmNzE3LzEvZE1OR21NcjZfbmZiR3dkb0dTM2JTSDlPVVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83ZGQyODktNmNiNS00MzcxLTg0NmMtOTNkZWM3MzVmNzE3
LzEvbVFmSHVKWlczVE9jdVktM3dyQTNIRmttcGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCHw4AAwQA
W9FnAwQCuQ8YAwQCuacAAwQCud1YAwQAwaSXMA0EAgACMAcDBQMqAvhAMA0GCSqG
SIb3DQEBCwUAA4IBAQBp85twpJcVRhv9rmFg9jdcfGC8ys/SL6FCLdnsxWEe1Sj8
cA/xx1Bvts/Jl4SuvFfOijLdtfEx7r6cV0D8qeidRp6PN9csjDD7UV5qfymoxsX0
6ZEM9RxRJABbwOquBnleFP3SquyfnxwQ1AmF/TT5Gm1uhmtzopUA/2yvGcqEcAeD
koYQWKXyOlWTv78Bt5qLP2Yyl7jgXXgXM/SMaQ4XMfb0hAdVlMhGe3yY//7s0cVj
0W7ew/3rsKQK0+/CkLWn1r8PTkYbbUGwN+UyaE1lUKhui4OUMk+QyJ+KqZux2HXJ
fR9k7DDMgsrRsBRmoU5etJsoXKoV98IZNSOLnP6H
-----END CERTIFICATE-----