Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15angZ6PzfcAN2a5kIo3eH8iTP4.roa
File:                     15angZ6PzfcAN2a5kIo3eH8iTP4.roa (raw, json)
Hash identifier:          cwxaP7TVLR8ADnj8yD6idNw787rikeedawpfgRR9Gag=
Subject key identifier:   D7:96:A7:81:9E:8F:CD:F7:00:37:66:B9:90:8A:37:78:7F:22:4C:FE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01917B0BE66AC90A2B11BF6083CD89382558
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15angZ6PzfcAN2a5kIo3eH8iTP4.roa
Signing time:             Thu 22 Aug 2024 17:04:22 +0000
ROA not before:           Thu 22 Aug 2024 17:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        81.168.96.0/24 maxlen: 24
                          82.153.51.0/24 maxlen: 24
                          82.153.148.0/24 maxlen: 24
                          89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 07 Sep 2024 18:21:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7b:0b:e6:6a:c9:0a:2b:11:bf:60:83:cd:89:38:25:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 22 17:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d796a7819e8fcdf7003766b9908a37787f224cfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:91:64:5d:07:9e:0b:b8:cd:c5:76:80:78:d2:
                    73:34:37:40:69:d7:ac:79:d5:e1:70:28:b3:7c:6a:
                    59:07:d2:5e:eb:9c:0c:1e:8c:52:7a:d1:a4:1a:78:
                    39:22:25:fd:ba:cd:e4:8f:bf:79:91:b4:5e:40:28:
                    c9:e4:1c:b4:12:96:cc:70:94:2c:4e:86:c4:33:52:
                    ac:f2:58:d0:b4:6f:98:fa:8d:de:a8:5e:bd:5b:7c:
                    92:14:01:b0:3c:a8:5a:e8:bc:d8:22:bb:46:ec:92:
                    73:7f:7c:c7:68:19:ee:f6:ea:3d:a7:70:fc:4c:8d:
                    77:64:4e:23:f3:4a:38:c5:f9:c3:39:eb:d7:7c:e8:
                    6a:f7:d3:34:ee:4e:e6:f2:6f:dd:4e:00:38:46:95:
                    de:99:f5:43:e9:2b:91:f6:bf:aa:97:29:0e:f8:d5:
                    bd:97:23:86:cc:ee:d4:e2:d3:aa:de:20:63:cc:69:
                    f2:9d:96:b7:20:ce:74:f4:9b:11:04:d4:47:be:5a:
                    54:33:8f:3f:98:d9:1b:69:67:51:fa:52:f2:d9:d7:
                    bb:51:bd:77:65:73:1c:90:32:9c:39:49:c1:5c:8b:
                    29:71:af:a7:56:ff:a6:5c:9a:ab:67:4f:62:ce:e6:
                    f5:16:d7:20:24:bd:06:6f:c9:14:01:4a:74:42:b0:
                    02:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:96:A7:81:9E:8F:CD:F7:00:37:66:B9:90:8A:37:78:7F:22:4C:FE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15angZ6PzfcAN2a5kIo3eH8iTP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.96.0/24
                  82.153.51.0/24
                  82.153.148.0/24
                  89.213.107.0/24
                  89.213.112.0/23
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         73:9a:d2:23:98:2b:dc:e3:b1:ec:41:c1:12:5d:0f:9c:5c:e9:
         0b:74:14:c5:79:5f:1b:bc:27:a3:f1:4f:9a:18:4b:1c:e1:fe:
         f1:7f:e3:a3:d7:38:77:5e:06:8d:40:e6:c4:62:9d:e3:c8:a9:
         3b:4b:60:8a:06:5e:49:af:01:02:08:b4:b1:09:b8:2b:ab:0a:
         70:54:d6:9e:c7:a1:8a:ab:56:fa:af:48:a3:15:ba:b8:0f:7b:
         c4:61:07:34:e9:f9:de:65:72:9d:89:c3:d4:b4:1e:86:c6:51:
         c7:38:ff:06:98:5d:35:49:b1:83:fc:09:b9:19:68:22:56:d4:
         65:24:75:da:2e:7c:5f:98:15:3f:09:ca:a4:7e:db:2c:a4:20:
         2e:a1:05:23:c6:72:34:e1:56:bc:50:64:bf:f3:da:fb:f0:e9:
         db:18:31:2f:03:0b:d4:07:d7:75:92:4a:7b:36:bb:20:6d:44:
         88:4e:0e:3f:a6:fa:f3:e1:6d:29:6f:83:99:2c:e0:08:02:fa:
         83:ab:e9:4e:92:54:1d:f4:01:52:48:39:1d:c1:69:51:2b:69:
         a4:f7:d4:f3:86:2b:15:1e:2d:fa:27:2c:d5:48:e9:5e:14:47:
         54:fb:e4:6d:48:8f:c0:f0:21:1e:d5:dc:fb:bd:36:ad:9f:fc:
         c4:11:6d:31
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZF7C+ZqyQorEb9gg82JOCVYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODIyMTcwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzk2YTc4MTllOGZjZGY3MDAzNzY2Yjk5MDhhMzc3ODdmMjI0Y2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZFkXQeeC7jNxXaAeNJzNDdAades
edXhcCizfGpZB9Je65wMHoxSetGkGng5IiX9us3kj795kbReQCjJ5By0EpbMcJQs
TobEM1Ks8ljQtG+Y+o3eqF69W3ySFAGwPKha6LzYIrtG7JJzf3zHaBnu9uo9p3D8
TI13ZE4j80o4xfnDOevXfOhq99M07k7m8m/dTgA4RpXemfVD6SuR9r+qlykO+NW9
lyOGzO7U4tOq3iBjzGnynZa3IM509JsRBNRHvlpUM48/mNkbaWdR+lLy2de7Ub13
ZXMckDKcOUnBXIspca+nVv+mXJqrZ09izub1FtcgJL0Gb8kUAUp0QrACawIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFNeWp4Gej833ADdmuZCKN3h/Ikz+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMTVhbmdaNlB6ZmNBTjJhNWtJbzNlSDhpVFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUahgAwQA
UpkzAwQAUpmUAwQAWdVrAwQBWdVwAwQAWdV0AwQAWdV5AwQAWdWdAwQAWdXjAwQA
1YKJMAwDBAPVgpgDBADVgpowDQYJKoZIhvcNAQELBQADggEBAHOa0iOYK9zjsexB
wRJdD5xc6Qt0FMV5Xxu8J6PxT5oYSxzh/vF/46PXOHdeBo1A5sRinePIqTtLYIoG
XkmvAQIItLEJuCurCnBU1p7HoYqrVvqvSKMVurgPe8RhBzTp+d5lcp2Jw9S0HobG
Ucc4/waYXTVJsYP8CbkZaCJW1GUkddoufF+YFT8JyqR+2yykIC6hBSPGcjThVrxQ
ZL/z2vvw6dsYMS8DC9QH13WSSns2uyBtRIhODj+m+vPhbSlvg5ks4AgC+oOr6U6S
VB30AVJIOR3BaVEraaT31POGKxUeLfonLNVI6V4UR1T75G1Ij8DwIR7V3Pu9Nq2f
/MQRbTE=
-----END CERTIFICATE-----