Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ToMapRU1_o-C41B85kgtgelpzwo.roa
File:                     ToMapRU1_o-C41B85kgtgelpzwo.roa (raw, json)
Hash identifier:          OVz4ygEK01FUIcvwrHKZWNdkHxAfaIl332BsCg/l6AU=
Subject key identifier:   4E:83:1A:A5:15:35:FE:8F:82:E3:50:7C:E6:48:2D:81:E9:69:CF:0A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EC70E149C47738E419B804492D09680E6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ToMapRU1_o-C41B85kgtgelpzwo.roa
Signing time:             Wed 10 Apr 2024 08:09:32 +0000
ROA not before:           Wed 10 Apr 2024 08:09:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        82.152.52.0/23 maxlen: 24
                          82.152.55.0/24 maxlen: 24
                          82.163.22.0/23 maxlen: 24
                          89.213.210.0/23 maxlen: 24
                          89.213.248.0/23 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          109.176.25.0/24 maxlen: 24
                          109.176.27.0/24 maxlen: 24
                          212.38.88.0/23 maxlen: 24
                          213.210.40.0/23 maxlen: 24
                          213.210.48.0/23 maxlen: 24
                          213.210.62.0/23 maxlen: 24
                          213.218.226.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 26 Apr 2024 07:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:0e:14:9c:47:73:8e:41:9b:80:44:92:d0:96:80:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 10 08:09:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e831aa51535fe8f82e3507ce6482d81e969cf0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3f:75:93:dc:5a:40:f7:c6:c6:3f:78:02:7b:
                    7d:16:0e:d5:62:2c:64:dc:84:c1:ee:32:42:3a:0b:
                    99:2a:9e:db:9d:13:59:5c:c7:b1:18:94:60:e5:e9:
                    f7:51:d8:95:cf:de:a4:12:1e:84:1e:35:80:ec:43:
                    5a:09:65:79:6b:9f:9d:6f:01:60:90:b6:6a:f5:cc:
                    a6:22:77:b7:00:c4:c7:73:60:d5:aa:8c:ac:78:a6:
                    b0:ad:dc:50:2d:2c:b5:a0:6d:e1:3a:a8:2d:56:3b:
                    d3:b1:0b:80:aa:e0:48:22:88:56:05:a6:da:d1:00:
                    78:15:9d:3e:b8:fa:d3:d6:d7:9c:0b:77:31:96:04:
                    90:97:1a:fa:92:a8:c3:fc:53:4f:c2:44:1b:bb:58:
                    6e:4f:52:52:42:eb:91:d0:41:90:9f:b6:f5:90:79:
                    6f:5f:5a:5a:d5:d0:3a:ba:04:f1:ab:8c:b2:c8:d6:
                    17:89:fa:01:41:9c:1f:be:30:bb:37:a0:02:74:b0:
                    65:39:c3:aa:33:44:de:3c:5d:cc:3f:91:77:be:d6:
                    ff:69:98:ce:31:90:76:79:f3:55:a2:f8:34:48:8a:
                    4e:8b:c4:2f:e6:e7:ad:7f:b9:aa:29:83:d1:92:52:
                    09:e5:e3:77:97:32:a7:f9:ff:c6:04:16:e4:99:71:
                    a6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:83:1A:A5:15:35:FE:8F:82:E3:50:7C:E6:48:2D:81:E9:69:CF:0A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ToMapRU1_o-C41B85kgtgelpzwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.52.0/23
                  82.152.55.0/24
                  82.163.22.0/23
                  89.213.210.0/23
                  89.213.248.0/23
                  109.176.16.0/21
                  109.176.25.0/24
                  109.176.27.0/24
                  212.38.88.0/23
                  213.210.40.0/23
                  213.210.48.0/23
                  213.210.62.0/23
                  213.218.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ff:31:79:64:34:54:f6:ad:e3:9e:46:ba:4f:c4:bf:7b:a8:
         bd:9f:ce:a4:ef:bd:59:be:58:41:83:e4:6e:d4:42:05:4c:ab:
         59:07:cf:f3:40:39:f3:46:2a:2e:01:32:d3:74:fa:6b:67:94:
         b8:bd:03:f6:7a:96:e5:83:eb:b7:41:2f:34:f6:34:5e:65:e5:
         67:e7:fa:10:70:66:69:cc:79:15:90:b5:a5:b3:50:fc:4b:89:
         37:40:5c:f0:e0:aa:e3:10:1b:df:f5:b7:5b:cb:2c:16:ab:64:
         5b:82:b5:bb:29:d1:bf:70:c7:99:a4:d5:21:aa:44:6c:91:c8:
         e6:10:7a:28:9c:6d:34:46:be:78:ec:09:9a:03:65:ec:21:be:
         37:df:22:00:28:19:65:7d:e6:13:4e:ce:cd:c0:de:c0:21:0e:
         6a:fc:89:56:f4:92:f9:53:e7:02:17:ca:7d:90:3f:7a:dd:8e:
         44:d5:e4:2e:06:cb:31:19:22:5d:56:2a:a6:06:a7:f6:eb:26:
         c8:04:03:19:e2:4f:b7:63:1d:e7:37:05:0e:5a:f1:0e:ce:7b:
         62:97:d8:1b:4f:d7:a7:21:83:5b:27:8b:bb:c4:48:c4:7c:8a:
         c5:a7:06:fc:a1:67:f8:d3:17:18:b6:c4:8d:cc:a8:dd:26:0d:
         41:23:e6:12
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY7HDhScR3OOQZuARJLQloDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDEwMDgwOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTgzMWFhNTE1MzVmZThmODJlMzUwN2NlNjQ4MmQ4MWU5NjljZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkj91k9xaQPfGxj94Ant9Fg7VYixk
3ITB7jJCOguZKp7bnRNZXMexGJRg5en3UdiVz96kEh6EHjWA7ENaCWV5a5+dbwFg
kLZq9cymIne3AMTHc2DVqoyseKawrdxQLSy1oG3hOqgtVjvTsQuAquBIIohWBaba
0QB4FZ0+uPrT1tecC3cxlgSQlxr6kqjD/FNPwkQbu1huT1JSQuuR0EGQn7b1kHlv
X1pa1dA6ugTxq4yyyNYXifoBQZwfvjC7N6ACdLBlOcOqM0TePF3MP5F3vtb/aZjO
MZB2efNVovg0SIpOi8Qv5uetf7mqKYPRklIJ5eN3lzKn+f/GBBbkmXGm6wIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFE6DGqUVNf6PguNQfOZILYHpac8KMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVG9NYXBSVTFfby1DNDFCODVrZ3RnZWxwendvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBUpg0AwQA
Upg3AwQBUqMWAwQBWdXSAwQBWdX4AwQDbbAQAwQAbbAZAwQAbbAbAwQB1CZYAwQB
1dIoAwQB1dIwAwQB1dI+AwQA1driMA0GCSqGSIb3DQEBCwUAA4IBAQBW/zF5ZDRU
9q3jnka6T8S/e6i9n86k771ZvlhBg+Ru1EIFTKtZB8/zQDnzRiouATLTdPprZ5S4
vQP2epblg+u3QS809jReZeVn5/oQcGZpzHkVkLWls1D8S4k3QFzw4KrjEBvf9bdb
yywWq2RbgrW7KdG/cMeZpNUhqkRskcjmEHoonG00Rr547AmaA2XsIb433yIAKBll
feYTTs7NwN7AIQ5q/IlW9JL5U+cCF8p9kD963Y5E1eQuBssxGSJdViqmBqf26ybI
BAMZ4k+3Yx3nNwUOWvEOzntil9gbT9enIYNbJ4u7xEjEfIrFpwb8oWf40xcYtsSN
zKjdJg1BI+YS
-----END CERTIFICATE-----