Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/lA6WnNZ9suZS5sde3vGhBu8MBHw.roa
File:                     lA6WnNZ9suZS5sde3vGhBu8MBHw.roa (raw, json)
Hash identifier:          uIfmFeYL/wlMoMUYj0bY2E9Jo5L5FKrtVu3Adm8zX8g=
Subject key identifier:   94:0E:96:9C:D6:7D:B2:E6:52:E6:C7:5E:DE:F1:A1:06:EF:0C:04:7C
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018FBFB6DAEB6CED2DEE3BEAF137CC94DBDB
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/lA6WnNZ9suZS5sde3vGhBu8MBHw.roa
Signing time:             Tue 28 May 2024 14:59:42 +0000
ROA not before:           Tue 28 May 2024 14:59:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        168.199.209.0/24 maxlen: 24
                          168.199.218.0/24 maxlen: 24
                          168.199.219.0/24 maxlen: 24
                          168.199.220.0/24 maxlen: 24
                          168.199.221.0/24 maxlen: 24
                          168.199.222.0/24 maxlen: 24
                          168.199.223.0/24 maxlen: 24
                          168.199.224.0/24 maxlen: 24
                          168.199.225.0/24 maxlen: 24
                          168.199.226.0/24 maxlen: 24
                          168.199.228.0/24 maxlen: 24
                          168.199.229.0/24 maxlen: 24
                          168.199.230.0/24 maxlen: 24
                          168.199.232.0/24 maxlen: 24
                          168.199.234.0/24 maxlen: 24
                          168.199.235.0/24 maxlen: 24
                          168.199.236.0/24 maxlen: 24
                          168.199.237.0/24 maxlen: 24
                          168.199.238.0/24 maxlen: 24
                          168.199.239.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 15 Jul 2024 03:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:b6:da:eb:6c:ed:2d:ee:3b:ea:f1:37:cc:94:db:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: May 28 14:59:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=940e969cd67db2e652e6c75edef1a106ef0c047c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:17:1b:20:85:de:ee:5b:15:48:f9:29:9e:21:
                    c7:70:de:61:e5:b1:7d:17:d5:df:e4:30:d4:bb:04:
                    24:85:64:5b:78:e9:82:1a:11:e0:eb:f6:7c:78:63:
                    60:2b:95:25:c2:49:c6:a9:0c:6f:fd:c4:7b:f0:d2:
                    97:3c:a2:89:3d:8b:dd:53:60:7b:0e:33:af:52:4a:
                    3b:8b:4d:83:69:9d:fb:a4:15:ea:ef:d9:e6:b8:16:
                    99:96:9c:3d:b3:84:78:d3:b1:23:50:8b:ca:cf:b1:
                    d5:93:ec:c9:2a:a6:19:cd:4b:8e:1e:61:8f:4b:c6:
                    15:77:6b:9b:77:65:a0:5f:0d:af:60:28:6e:e5:54:
                    92:8e:5b:09:eb:62:c8:20:8e:10:b8:f0:54:fd:41:
                    96:dc:c0:70:d8:5e:cc:79:78:07:cd:99:2a:48:11:
                    11:e6:e2:ac:bc:75:0c:6f:26:38:50:af:8e:e3:18:
                    31:ef:6c:25:ff:88:55:ee:fd:17:5a:cd:34:bf:4b:
                    48:69:de:2f:b6:fc:ee:85:a2:c4:53:39:43:f5:f6:
                    fb:1b:8b:08:aa:e6:f8:67:d9:df:c8:7f:a2:55:87:
                    65:a0:43:2d:b5:2f:56:5d:08:58:98:52:09:7c:4a:
                    cf:36:a1:7d:98:65:a7:3e:84:54:3f:99:59:e6:d5:
                    25:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:0E:96:9C:D6:7D:B2:E6:52:E6:C7:5E:DE:F1:A1:06:EF:0C:04:7C
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/lA6WnNZ9suZS5sde3vGhBu8MBHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.209.0/24
                  168.199.218.0-168.199.226.255
                  168.199.228.0-168.199.230.255
                  168.199.232.0/24
                  168.199.234.0-168.199.239.255

    Signature Algorithm: sha256WithRSAEncryption
         26:3d:c9:2e:f4:45:75:d4:7d:60:3e:e4:16:27:e0:00:01:a4:
         99:7b:eb:1b:fe:37:b9:4d:c0:8e:ce:56:47:ec:14:46:dd:c8:
         da:1e:1b:39:b6:ab:9c:f5:62:99:ef:a7:2e:81:d9:70:57:67:
         ce:7c:bb:c1:d0:4a:d8:65:38:32:aa:d8:6e:0b:af:86:f8:8a:
         19:35:86:23:ca:3d:d8:c5:23:82:fa:84:17:89:3f:cc:8a:71:
         a9:37:d3:d8:a5:52:95:9c:36:da:c6:0d:60:77:37:ca:ae:ad:
         c9:5d:80:5b:aa:15:91:84:95:b2:15:89:85:64:fe:3c:af:b5:
         37:a1:1b:4e:2d:cc:b5:81:fc:c9:ca:c1:dc:87:19:9a:f8:c4:
         2d:ed:1d:34:78:44:fc:da:2c:f4:80:0b:1f:f8:c3:38:f0:61:
         77:bc:3a:8b:8d:4b:a0:53:60:1d:b5:bc:c3:5c:51:99:8e:45:
         21:71:8f:3f:71:78:12:92:63:7f:96:0f:16:90:7b:11:5b:67:
         ff:a0:35:ea:8d:88:96:20:67:2c:06:58:ac:3e:30:17:27:a0:
         4b:77:bb:5d:98:1d:77:72:67:0d:dc:9c:79:f7:cf:84:8b:cc:
         58:a7:9c:fa:6c:60:40:b3:31:c1:35:b1:a0:74:e5:9b:f4:4b:
         ed:5a:bf:16
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY+/ttrrbO0t7jvq8TfMlNvbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwNTI4MTQ1OTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDBlOTY5Y2Q2N2RiMmU2NTJlNmM3NWVkZWYxYTEwNmVmMGMwNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxcbIIXe7lsVSPkpniHHcN5h5bF9
F9Xf5DDUuwQkhWRbeOmCGhHg6/Z8eGNgK5UlwknGqQxv/cR78NKXPKKJPYvdU2B7
DjOvUko7i02DaZ37pBXq79nmuBaZlpw9s4R407EjUIvKz7HVk+zJKqYZzUuOHmGP
S8YVd2ubd2WgXw2vYChu5VSSjlsJ62LIII4QuPBU/UGW3MBw2F7MeXgHzZkqSBER
5uKsvHUMbyY4UK+O4xgx72wl/4hV7v0XWs00v0tIad4vtvzuhaLEUzlD9fb7G4sI
qub4Z9nfyH+iVYdloEMttS9WXQhYmFIJfErPNqF9mGWnPoRUP5lZ5tUltQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJQOlpzWfbLmUubHXt7xoQbvDAR8MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvbEE2V25OWjlzdVpTNXNkZTN2R2hCdThNQkh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAqMfRMAwD
BAGox9oDBACox+IwDAMEAqjH5AMEAKjH5gMEAKjH6DAMAwQBqMfqAwQEqMfgMA0G
CSqGSIb3DQEBCwUAA4IBAQAmPcku9EV11H1gPuQWJ+AAAaSZe+sb/je5TcCOzlZH
7BRG3cjaHhs5tquc9WKZ76cugdlwV2fOfLvB0ErYZTgyqthuC6+G+IoZNYYjyj3Y
xSOC+oQXiT/MinGpN9PYpVKVnDbaxg1gdzfKrq3JXYBbqhWRhJWyFYmFZP48r7U3
oRtOLcy1gfzJysHchxma+MQt7R00eET82iz0gAsf+MM48GF3vDqLjUugU2AdtbzD
XFGZjkUhcY8/cXgSkmN/lg8WkHsRW2f/oDXqjYiWIGcsBlisPjAXJ6BLd7tdmB13
cmcN3Jx598+Ei8xYp5z6bGBAszHBNbGgdOWb9EvtWr8W
-----END CERTIFICATE-----