Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QG5qY_b5GvkXgmkvZT1fzggDU_o.roa
File:                     QG5qY_b5GvkXgmkvZT1fzggDU_o.roa (raw, json)
Hash identifier:          DBRaJIAET1TcdL9dNm116ADwrcNMSCzQqEIc4TO8LJA=
Subject key identifier:   40:6E:6A:63:F6:F9:1A:F9:17:82:69:2F:65:3D:5F:CE:08:03:53:FA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190BC60BCA33129F6D07193D666813466E7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QG5qY_b5GvkXgmkvZT1fzggDU_o.roa
Signing time:             Tue 16 Jul 2024 16:29:34 +0000
ROA not before:           Tue 16 Jul 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        80.240.88.0/21 maxlen: 24
                          82.152.12.0/24 maxlen: 24
                          82.152.174.0/23 maxlen: 23
                          82.153.208.0/22 maxlen: 22
                          82.163.24.0/21 maxlen: 24
                          89.213.58.0/24 maxlen: 24
                          89.213.60.0/23 maxlen: 24
                          89.213.143.0/24 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.198.0/23 maxlen: 24
                          89.213.200.0/23 maxlen: 24
                          89.213.202.0/23 maxlen: 24
                          89.213.204.0/23 maxlen: 24
Validation:               Failed, certificate revoked on Mon 22 Jul 2024 19:30:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bc:60:bc:a3:31:29:f6:d0:71:93:d6:66:81:34:66:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 16 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=406e6a63f6f91af91782692f653d5fce080353fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d4:d5:ce:96:90:76:b9:1c:06:40:17:66:f2:
                    8f:f1:1a:72:49:4d:a0:67:6c:91:0f:31:88:a8:cb:
                    c2:03:13:73:d3:ca:0b:23:14:49:38:e9:02:2f:2e:
                    15:c8:bb:5a:3a:48:28:27:ff:da:83:a0:13:f4:8b:
                    5f:8d:dd:34:43:5a:d1:5b:eb:36:34:0e:30:a2:d6:
                    98:d8:d3:78:cc:fc:d0:bc:85:f9:c6:01:0c:fe:2a:
                    a4:d1:87:85:43:55:8d:c5:0a:bb:c9:ca:36:71:a3:
                    d8:1d:28:74:c0:e4:02:19:52:d0:c5:ce:aa:13:d6:
                    e0:3f:56:66:f7:b2:cd:f3:a3:c1:b0:04:1b:ad:cb:
                    48:65:dd:3a:d9:ca:e3:80:88:3f:27:54:eb:9d:9d:
                    22:17:e7:ad:91:99:1c:01:49:2c:6c:50:3c:82:4a:
                    d3:9f:e8:4f:b1:89:5c:5a:17:dc:14:9d:e1:bf:af:
                    fc:d0:45:2a:08:8d:4a:20:55:48:42:fd:e5:50:3c:
                    d2:a0:4e:a9:97:b6:5a:2b:df:d0:78:e1:46:31:43:
                    1e:a1:32:4a:e3:79:b6:5f:5b:5e:76:fb:a0:a7:18:
                    37:60:b0:e0:39:13:c9:a3:dc:b2:f6:70:d9:4a:11:
                    92:ee:69:f4:65:13:e4:a9:63:fe:94:56:1c:6e:98:
                    f6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:6E:6A:63:F6:F9:1A:F9:17:82:69:2F:65:3D:5F:CE:08:03:53:FA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QG5qY_b5GvkXgmkvZT1fzggDU_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.88.0/21
                  82.152.12.0/24
                  82.152.174.0/23
                  82.153.208.0/22
                  82.163.24.0/21
                  89.213.58.0/24
                  89.213.60.0/23
                  89.213.143.0/24
                  89.213.147.0/24
                  89.213.181.0/24
                  89.213.198.0-89.213.205.255

    Signature Algorithm: sha256WithRSAEncryption
         a5:92:c8:49:71:61:b3:c4:50:62:46:33:01:d7:a8:64:26:ff:
         5b:6f:87:6b:62:1f:d0:7d:6d:39:77:09:05:e4:3c:3a:cc:c3:
         96:5e:f6:e8:f8:29:d9:48:08:93:26:f8:8b:13:1f:99:d1:a8:
         09:da:1c:67:41:89:20:73:df:b9:b9:9c:84:7a:e9:ea:56:99:
         5d:18:5b:37:c8:e7:6d:e9:80:26:b8:b7:32:f1:1a:15:77:a9:
         59:97:b9:e7:c9:a3:69:ac:18:e7:e4:c9:95:20:ec:68:09:e7:
         d2:62:fd:60:63:2b:cc:2c:39:bf:d9:82:55:36:8b:3f:b5:0c:
         a8:ba:b8:a6:8f:12:41:d9:e1:00:a1:d5:96:df:5a:61:c3:3d:
         55:67:64:ef:bd:80:03:3c:d2:9b:e6:ab:d8:cd:26:a2:0e:1d:
         94:f9:f8:62:2a:71:59:90:5e:06:0c:4a:dd:3d:8b:bf:6b:47:
         16:a0:e4:92:89:94:7a:1e:51:96:3b:07:b3:ad:19:f7:d6:b3:
         d9:ad:f1:3f:41:04:e5:88:c9:86:5c:ce:da:79:6d:7c:43:b8:
         ae:97:6a:23:16:87:fb:7c:df:0d:12:62:5f:64:5f:c3:e7:ed:
         ea:7c:44:05:27:64:e3:1d:7b:00:04:0c:9f:30:37:18:eb:35:
         02:86:9b:fa
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZC8YLyjMSn20HGT1maBNGbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzE2MTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDZlNmE2M2Y2ZjkxYWY5MTc4MjY5MmY2NTNkNWZjZTA4MDM1M2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdTVzpaQdrkcBkAXZvKP8RpySU2g
Z2yRDzGIqMvCAxNz08oLIxRJOOkCLy4VyLtaOkgoJ//ag6AT9Itfjd00Q1rRW+s2
NA4wotaY2NN4zPzQvIX5xgEM/iqk0YeFQ1WNxQq7yco2caPYHSh0wOQCGVLQxc6q
E9bgP1Zm97LN86PBsAQbrctIZd062crjgIg/J1TrnZ0iF+etkZkcAUksbFA8gkrT
n+hPsYlcWhfcFJ3hv6/80EUqCI1KIFVIQv3lUDzSoE6pl7ZaK9/QeOFGMUMeoTJK
43m2X1tedvugpxg3YLDgORPJo9yy9nDZShGS7mn0ZRPkqWP+lFYcbpj24wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFEBuamP2+Rr5F4JpL2U9X84IA1P6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUUc1cVlfYjVHdmtYZ21rdlpUMWZ6Z2dEVV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQDUPBYAwQA
UpgMAwQBUpiuAwQCUpnQAwQDUqMYAwQAWdU6AwQBWdU8AwQAWdWPAwQAWdWTAwQA
WdW1MAwDBAFZ1cYDBAFZ1cwwDQYJKoZIhvcNAQELBQADggEBAKWSyElxYbPEUGJG
MwHXqGQm/1tvh2tiH9B9bTl3CQXkPDrMw5Ze9uj4KdlICJMm+IsTH5nRqAnaHGdB
iSBz37m5nIR66epWmV0YWzfI523pgCa4tzLxGhV3qVmXuefJo2msGOfkyZUg7GgJ
59Ji/WBjK8wsOb/ZglU2iz+1DKi6uKaPEkHZ4QCh1ZbfWmHDPVVnZO+9gAM80pvm
q9jNJqIOHZT5+GIqcVmQXgYMSt09i79rRxag5JKJlHoeUZY7B7OtGffWs9mt8T9B
BOWIyYZcztp5bXxDuK6XaiMWh/t83w0SYl9kX8Pn7ep8RAUnZOMdewAEDJ8wNxjr
NQKGm/o=
-----END CERTIFICATE-----