Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/B-7ihFU7e7zlAl2p5j3iWa8WtIk.roa
File:                     B-7ihFU7e7zlAl2p5j3iWa8WtIk.roa (raw, json)
Hash identifier:          yLV7I1C5HtZLKzISZrbmvJMh7R5Uz6GrE36CtoYidOU=
Subject key identifier:   07:EE:E2:84:55:3B:7B:BC:E5:02:5D:A9:E6:3D:E2:59:AF:16:B4:89
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019026BFFE259B13428F3F01C0E304395A10
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/B-7ihFU7e7zlAl2p5j3iWa8WtIk.roa
Signing time:             Mon 17 Jun 2024 15:10:34 +0000
ROA not before:           Mon 17 Jun 2024 15:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        81.168.96.0/24 maxlen: 24
                          82.153.51.0/24 maxlen: 24
                          82.153.148.0/24 maxlen: 24
                          89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          109.176.201.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 17 Jul 2024 16:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:26:bf:fe:25:9b:13:42:8f:3f:01:c0:e3:04:39:5a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 17 15:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07eee284553b7bbce5025da9e63de259af16b489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:69:d8:59:61:f8:9f:e3:a6:45:93:2f:c6:20:
                    d8:54:4c:ac:b1:e3:54:a9:d6:35:0d:55:5e:e5:07:
                    ae:f2:44:67:a9:b6:68:8e:c6:7b:3a:50:aa:e1:2f:
                    a9:fa:ed:99:56:d5:b5:3c:62:3a:fa:9b:35:7e:cd:
                    a3:d1:38:98:fe:0c:d0:4c:33:5f:8f:2f:f0:c0:ec:
                    33:df:2a:a2:96:25:19:8b:22:98:b8:64:bb:1b:f2:
                    4d:a5:09:bf:19:fa:1e:e5:d0:e3:84:c3:94:af:e1:
                    a6:8d:31:07:9f:88:f5:09:5f:99:68:73:e7:63:73:
                    1f:49:05:b9:11:f3:8f:a1:15:80:3f:37:36:18:2e:
                    65:6c:42:39:97:48:e9:08:74:fe:f2:8c:70:37:1b:
                    94:68:b4:f9:34:39:8b:83:75:df:1c:21:23:86:01:
                    04:ba:e8:ee:7a:09:2c:c0:90:73:83:75:e7:e8:28:
                    5d:c4:25:ce:ff:dd:a1:c5:36:8c:04:a2:bd:2e:d6:
                    d2:dc:12:4f:c1:61:d5:cf:d9:fe:a9:c3:45:c9:55:
                    04:40:2d:63:64:9d:e4:f2:b5:c0:f8:89:72:fa:f2:
                    c4:34:68:80:6d:aa:06:cd:f1:6f:4b:6b:b0:0c:c1:
                    cd:3a:6d:cb:d2:c4:bd:4a:7a:80:10:34:2c:c4:1c:
                    1f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:EE:E2:84:55:3B:7B:BC:E5:02:5D:A9:E6:3D:E2:59:AF:16:B4:89
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/B-7ihFU7e7zlAl2p5j3iWa8WtIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.96.0/24
                  82.153.51.0/24
                  82.153.148.0/24
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  109.176.201.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         61:f5:88:e1:28:14:16:97:86:f0:52:42:8c:f0:df:a0:f0:8b:
         d6:e5:0a:07:90:e8:ac:e8:04:f0:cf:bd:ce:9c:10:9f:4f:f5:
         87:37:c2:b7:1b:7e:34:06:d4:b6:71:29:56:9c:a1:1c:89:2d:
         b9:64:12:7f:e0:2b:3f:f1:0a:45:d9:ba:a0:d3:eb:e6:30:78:
         9d:82:7d:72:84:cf:18:bf:13:23:63:de:db:65:90:c5:af:08:
         c9:58:13:69:f0:c1:a6:7e:84:22:09:46:23:f7:da:5a:12:9b:
         ea:6b:c9:f5:9d:1b:55:94:75:72:47:df:67:9f:1b:05:58:a8:
         99:c9:07:a1:70:a1:46:61:39:b3:9c:56:33:8a:e2:74:ea:d1:
         17:72:1a:86:2b:cf:d6:2c:78:69:a5:50:07:0f:08:62:a9:ff:
         04:91:d1:2f:ba:76:31:1f:bb:e0:4d:0b:3c:4c:6f:1b:fd:c2:
         19:9d:6b:90:2b:7a:eb:e4:12:80:ad:1f:84:b2:f9:71:fc:2a:
         b0:c5:49:de:64:8a:df:88:8b:53:24:9e:e1:44:91:c5:00:0f:
         8e:f2:8d:43:b3:1a:0d:a3:65:30:da:26:92:10:dd:30:10:a1:
         b9:8e:d4:2c:af:a8:1a:e7:9b:b4:2d:71:63:c3:9c:82:09:27:
         b2:49:4e:ba
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZAmv/4lmxNCjz8BwOMEOVoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNjE3MTUxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2VlZTI4NDU1M2I3YmJjZTUwMjVkYTllNjNkZTI1OWFmMTZiNDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGnYWWH4n+OmRZMvxiDYVEysseNU
qdY1DVVe5Qeu8kRnqbZojsZ7OlCq4S+p+u2ZVtW1PGI6+ps1fs2j0TiY/gzQTDNf
jy/wwOwz3yqiliUZiyKYuGS7G/JNpQm/Gfoe5dDjhMOUr+GmjTEHn4j1CV+ZaHPn
Y3MfSQW5EfOPoRWAPzc2GC5lbEI5l0jpCHT+8oxwNxuUaLT5NDmLg3XfHCEjhgEE
uujuegkswJBzg3Xn6ChdxCXO/92hxTaMBKK9LtbS3BJPwWHVz9n+qcNFyVUEQC1j
ZJ3k8rXA+Ily+vLENGiAbaoGzfFvS2uwDMHNOm3L0sS9SnqAEDQsxBwf1QIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFAfu4oRVO3u85QJdqeY94lmvFrSJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQi03aWhGVTdlN3psQWwycDVqM2lXYThXdElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQAUahgAwQA
UpkzAwQAUpmUAwQAWdVrMAwDBARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0D
BABZ1eMDBABtsMkDBADVgokwDAMEA9WCmAMEANWCmjANBgkqhkiG9w0BAQsFAAOC
AQEAYfWI4SgUFpeG8FJCjPDfoPCL1uUKB5DorOgE8M+9zpwQn0/1hzfCtxt+NAbU
tnEpVpyhHIktuWQSf+ArP/EKRdm6oNPr5jB4nYJ9coTPGL8TI2Pe22WQxa8IyVgT
afDBpn6EIglGI/faWhKb6mvJ9Z0bVZR1ckffZ58bBViomckHoXChRmE5s5xWM4ri
dOrRF3IahivP1ix4aaVQBw8IYqn/BJHRL7p2MR+74E0LPExvG/3CGZ1rkCt66+QS
gK0fhLL5cfwqsMVJ3mSK34iLUySe4USRxQAPjvKNQ7MaDaNlMNomkhDdMBChuY7U
LK+oGuebtC1xY8OcggknsklOug==
-----END CERTIFICATE-----