Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7QRIgq6_aKUDC-767njm27of7P8.roa
File:                     7QRIgq6_aKUDC-767njm27of7P8.roa (raw, json)
Hash identifier:          cgM19ssVZJZP0+lbbPXzBcYAJdeTYw85VYhbDwhEsDE=
Subject key identifier:   ED:04:48:82:AE:BF:68:A5:03:0B:EE:FA:EE:78:E6:DB:BA:1F:EC:FF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01943AEED95506128822864FDCA2E1FF6E76
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7QRIgq6_aKUDC-767njm27of7P8.roa
Signing time:             Mon 06 Jan 2025 09:25:19 +0000
ROA not before:           Mon 06 Jan 2025 09:25:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        81.168.96.0/24 maxlen: 24
                          82.153.51.0/24 maxlen: 24
                          82.153.148.0/24 maxlen: 24
                          82.163.15.0/24 maxlen: 24
                          89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 21 Jan 2025 10:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3a:ee:d9:55:06:12:88:22:86:4f:dc:a2:e1:ff:6e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  6 09:25:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed044882aebf68a5030beefaee78e6dbba1fecff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:57:9f:22:e0:d1:8e:88:82:b6:ec:77:33:62:
                    73:07:89:db:36:30:e6:b6:66:44:11:7b:5e:7c:a3:
                    01:b8:07:df:3e:93:87:76:7d:cd:65:ad:8c:a5:54:
                    43:ef:ff:ee:c2:80:9f:bb:3d:e5:e4:00:2d:74:67:
                    5a:3d:ca:1b:33:c4:4a:67:57:6f:a0:13:a6:c3:af:
                    aa:15:cd:ad:16:4e:30:4f:dd:d2:af:2d:29:13:a0:
                    b3:ce:9f:94:2c:9a:21:30:ed:49:6a:3e:fb:86:be:
                    d1:50:86:2c:21:86:2c:d6:dd:87:da:e3:15:dd:cd:
                    c1:fd:78:aa:84:75:89:42:11:f6:48:5a:12:37:60:
                    99:10:58:54:e5:bb:38:89:b1:20:00:d8:af:08:fc:
                    25:3e:0a:b1:e3:b9:3b:43:8f:ad:91:c4:0c:ca:17:
                    06:09:af:c8:f8:f7:35:b5:19:d4:de:2b:ee:70:cf:
                    8c:df:3c:3c:51:f9:fb:ef:f6:a4:79:e7:b6:48:92:
                    37:ab:b7:1e:72:d0:2e:38:4a:b1:f6:a8:eb:4e:85:
                    4b:c2:ec:32:e6:80:73:ba:ae:95:ee:7f:70:a9:3d:
                    2e:c6:52:65:f9:15:2f:80:c4:f5:4a:67:44:d6:94:
                    e0:a0:e9:ac:39:22:30:34:2b:53:2b:96:f3:9a:bc:
                    74:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:04:48:82:AE:BF:68:A5:03:0B:EE:FA:EE:78:E6:DB:BA:1F:EC:FF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7QRIgq6_aKUDC-767njm27of7P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.96.0/24
                  82.153.51.0/24
                  82.153.148.0/24
                  82.163.15.0/24
                  89.213.107.0/24
                  89.213.112.0/23
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  109.176.242.0/24
                  213.130.137.0/24
                  213.130.152.0/24
                  213.130.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:63:fc:a1:69:7b:8b:6d:32:f7:6c:df:15:a5:fd:d0:28:c8:
         2d:ba:54:7f:2e:53:2a:37:63:a4:62:7f:32:89:d0:8e:db:8b:
         4a:2a:61:70:02:cd:59:e4:5f:dd:b7:76:88:5e:b3:b7:a1:66:
         90:ae:8b:3b:c9:97:cc:c3:4a:c2:09:c6:6d:22:94:ec:df:63:
         00:38:7b:45:18:87:70:12:e6:df:71:81:6e:eb:be:4b:66:95:
         eb:39:7d:99:71:82:b8:13:49:14:c7:f0:1f:47:75:9a:90:25:
         4e:c4:4b:e7:25:30:c5:20:ca:47:5b:d6:29:91:09:a8:24:59:
         25:9b:c3:fa:d2:d5:8d:34:de:43:49:22:cb:35:a6:61:e2:4a:
         1d:bf:58:83:7f:94:b2:b5:25:87:93:6d:38:d4:44:2c:95:25:
         37:e8:5a:3f:f3:12:fb:f0:57:ad:a0:51:bb:6b:cf:e5:6c:bf:
         4f:30:8f:ac:62:cf:c8:34:72:16:d3:a2:67:2c:9f:94:00:6d:
         e5:49:b8:a6:c0:77:2d:3f:10:2a:ee:8c:ea:e5:55:7d:f8:5d:
         19:f4:7f:f1:f7:8b:3c:e9:c2:73:cd:99:8a:93:b2:d8:5d:17:
         82:e7:8d:3b:19:61:01:54:51:c0:22:38:fa:a9:b9:dc:ce:40:
         08:dc:2d:f0
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZQ67tlVBhKIIoZP3KLh/252MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTA2MDkyNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDA0NDg4MmFlYmY2OGE1MDMwYmVlZmFlZTc4ZTZkYmJhMWZlY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lefIuDRjoiCtux3M2JzB4nbNjDm
tmZEEXtefKMBuAffPpOHdn3NZa2MpVRD7//uwoCfuz3l5AAtdGdaPcobM8RKZ1dv
oBOmw6+qFc2tFk4wT93Sry0pE6Czzp+ULJohMO1Jaj77hr7RUIYsIYYs1t2H2uMV
3c3B/XiqhHWJQhH2SFoSN2CZEFhU5bs4ibEgANivCPwlPgqx47k7Q4+tkcQMyhcG
Ca/I+Pc1tRnU3ivucM+M3zw8Ufn77/akeee2SJI3q7cectAuOEqx9qjrToVLwuwy
5oBzuq6V7n9wqT0uxlJl+RUvgMT1SmdE1pTgoOmsOSIwNCtTK5bzmrx08wIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFO0ESIKuv2ilAwvu+u545tu6H+z/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN1FSSWdxNl9hS1VEQy03Njduam0yN29mN1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAUahgAwQA
UpkzAwQAUpmUAwQAUqMPAwQAWdVrAwQBWdVwAwQAWdV0AwQAWdV5AwQAWdWdAwQA
WdXjAwQAbbDyAwQA1YKJAwQA1YKYAwQA1YKaMA0GCSqGSIb3DQEBCwUAA4IBAQCQ
Y/yhaXuLbTL3bN8Vpf3QKMgtulR/LlMqN2OkYn8yidCO24tKKmFwAs1Z5F/dt3aI
XrO3oWaQros7yZfMw0rCCcZtIpTs32MAOHtFGIdwEubfcYFu675LZpXrOX2ZcYK4
E0kUx/AfR3WakCVOxEvnJTDFIMpHW9YpkQmoJFklm8P60tWNNN5DSSLLNaZh4kod
v1iDf5SytSWHk2041EQslSU36Fo/8xL78FetoFG7a8/lbL9PMI+sYs/INHIW06Jn
LJ+UAG3lSbimwHctPxAq7ozq5VV9+F0Z9H/x94s86cJzzZmKk7LYXReC5407GWEB
VFHAIjj6qbnczkAI3C3w
-----END CERTIFICATE-----