Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HmVxB9-oCbyNCGDsUBJMy0gna7o.roa
File:                     HmVxB9-oCbyNCGDsUBJMy0gna7o.roa (raw, json)
Hash identifier:          JiWiJH59bI8IOkzj1bN941IBQqpsVXsxqAYcRtdbS70=
Subject key identifier:   1E:65:71:07:DF:A8:09:BC:8D:08:60:EC:50:12:4C:CB:48:27:6B:BA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0191B7B9A616749E731C7AC96F1B9040DD15
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HmVxB9-oCbyNCGDsUBJMy0gna7o.roa
Signing time:             Tue 03 Sep 2024 11:51:22 +0000
ROA not before:           Tue 03 Sep 2024 11:51:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        81.168.96.0/24 maxlen: 24
                          82.153.51.0/24 maxlen: 24
                          82.153.148.0/24 maxlen: 24
                          82.163.15.0/24 maxlen: 24
                          89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          109.176.242.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 05 Sep 2024 20:54:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b7:b9:a6:16:74:9e:73:1c:7a:c9:6f:1b:90:40:dd:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  3 11:51:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e657107dfa809bc8d0860ec50124ccb48276bba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:16:3b:28:2d:a2:c0:11:a2:5a:53:91:ab:49:
                    4e:71:40:c8:8d:b1:24:ec:cb:1c:cc:c8:7f:94:d1:
                    4d:4a:49:a9:44:80:18:a3:4d:82:d2:13:8b:1c:15:
                    fa:36:e0:b0:e5:2f:ca:54:a1:d4:96:90:30:ba:c4:
                    1c:62:27:38:c5:96:d2:46:e6:2f:db:e0:6e:0c:65:
                    86:e0:89:96:48:41:60:15:a5:47:e2:9f:7f:57:58:
                    8a:5d:1c:41:77:0e:18:d8:98:d0:c5:10:f5:df:34:
                    24:05:7c:f6:9a:b7:45:91:ea:86:9f:9a:c1:37:cc:
                    79:08:0f:cf:f3:3f:a4:78:b3:4b:2e:d1:a9:2b:2e:
                    4b:bf:4a:42:25:55:b6:1e:3a:62:d2:08:e3:8f:53:
                    30:64:d6:3e:d0:ad:6d:fe:00:00:e7:a4:9c:3b:29:
                    d9:04:99:15:fb:f8:c4:f5:e5:28:cd:ba:3b:c1:b6:
                    3d:ec:31:42:a2:95:19:39:98:8e:ce:fc:7e:a9:58:
                    88:0e:ef:24:a7:99:a0:16:70:d8:a3:8c:8f:a9:13:
                    4a:2f:ac:8c:16:11:9d:89:73:2f:6a:db:50:9a:6f:
                    61:df:f4:af:c7:85:1b:ff:e9:0b:05:36:b4:fe:b4:
                    fd:4a:2f:a5:3d:c5:f4:7f:4c:94:54:65:70:7b:cc:
                    19:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:65:71:07:DF:A8:09:BC:8D:08:60:EC:50:12:4C:CB:48:27:6B:BA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HmVxB9-oCbyNCGDsUBJMy0gna7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.96.0/24
                  82.153.51.0/24
                  82.153.148.0/24
                  82.163.15.0/24
                  89.213.107.0/24
                  89.213.112.0/23
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  109.176.242.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         6a:58:15:8d:fc:b4:75:75:df:ee:44:0b:61:81:aa:b5:98:9d:
         e4:05:2b:07:ba:26:34:ed:f3:b8:30:17:c4:e4:9c:24:23:c7:
         8e:fd:8a:c7:52:a7:07:7f:73:fa:bf:e6:ee:f5:b2:0f:4d:07:
         0a:3c:bb:41:28:b1:90:74:78:b8:c1:bd:04:67:d2:e9:c0:b7:
         54:c5:3b:29:73:d1:7a:9c:ab:d6:3b:7a:54:06:4f:6e:73:61:
         46:d5:37:34:78:0a:52:aa:17:7e:41:13:16:1b:ef:10:f6:8e:
         d6:2d:0a:05:4a:2d:3d:df:66:6c:bf:1a:df:ec:e8:c5:53:ae:
         a9:3b:fc:fa:d8:04:fd:26:df:11:f2:34:52:c1:e7:59:32:6c:
         ba:4a:20:e3:5c:79:7d:5d:b9:9b:0b:cc:6e:9c:e6:ec:08:00:
         35:97:71:47:44:d0:61:96:7b:c2:90:a3:3c:c1:d6:71:92:9d:
         0c:83:f5:64:1e:31:26:d6:93:a9:bd:ef:dc:97:76:01:9f:b9:
         cc:21:68:7c:28:76:60:21:32:ee:97:ce:6e:a3:32:9f:98:55:
         88:38:89:af:c2:bf:6d:be:74:7f:47:85:b1:c9:3a:04:06:ca:
         54:bb:1c:67:ee:61:d1:76:e2:91:4d:b3:c9:15:fb:14:f4:86:
         3c:1f:b9:6b
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZG3uaYWdJ5zHHrJbxuQQN0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTAzMTE1MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTY1NzEwN2RmYTgwOWJjOGQwODYwZWM1MDEyNGNjYjQ4Mjc2YmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxY7KC2iwBGiWlORq0lOcUDIjbEk
7MsczMh/lNFNSkmpRIAYo02C0hOLHBX6NuCw5S/KVKHUlpAwusQcYic4xZbSRuYv
2+BuDGWG4ImWSEFgFaVH4p9/V1iKXRxBdw4Y2JjQxRD13zQkBXz2mrdFkeqGn5rB
N8x5CA/P8z+keLNLLtGpKy5Lv0pCJVW2Hjpi0gjjj1MwZNY+0K1t/gAA56ScOynZ
BJkV+/jE9eUozbo7wbY97DFCopUZOZiOzvx+qViIDu8kp5mgFnDYo4yPqRNKL6yM
FhGdiXMvattQmm9h3/Svx4Ub/+kLBTa0/rT9Si+lPcX0f0yUVGVwe8wZeQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFB5lcQffqAm8jQhg7FASTMtIJ2u6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSG1WeEI5LW9DYnlOQ0dEc1VCSk15MGduYTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAUahgAwQA
UpkzAwQAUpmUAwQAUqMPAwQAWdVrAwQBWdVwAwQAWdV0AwQAWdV5AwQAWdWdAwQA
WdXjAwQAbbDyAwQA1YKJMAwDBAPVgpgDBADVgpowDQYJKoZIhvcNAQELBQADggEB
AGpYFY38tHV13+5EC2GBqrWYneQFKwe6JjTt87gwF8TknCQjx479isdSpwd/c/q/
5u71sg9NBwo8u0EosZB0eLjBvQRn0unAt1TFOylz0Xqcq9Y7elQGT25zYUbVNzR4
ClKqF35BExYb7xD2jtYtCgVKLT3fZmy/Gt/s6MVTrqk7/PrYBP0m3xHyNFLB51ky
bLpKIONceX1duZsLzG6c5uwIADWXcUdE0GGWe8KQozzB1nGSnQyD9WQeMSbWk6m9
79yXdgGfucwhaHwodmAhMu6Xzm6jMp+YVYg4ia/Cv22+dH9HhbHJOgQGylS7HGfu
YdF24pFNs8kV+xT0hjwfuWs=
-----END CERTIFICATE-----