Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Vr_BqkGvY0Weoc6jsh17xTzO-kg.roa
File:                     Vr_BqkGvY0Weoc6jsh17xTzO-kg.roa (raw, json)
Hash identifier:          Y+vSPY5d1WLOBWt+lbhvsONctUP+4+dPp5v3B0US0y8=
Subject key identifier:   56:BF:C1:AA:41:AF:63:45:9E:A1:CE:A3:B2:1D:7B:C5:3C:CE:FA:48
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190C16CFD60B34C6FB72B6F36B4261F7E06
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Vr_BqkGvY0Weoc6jsh17xTzO-kg.roa
Signing time:             Wed 17 Jul 2024 16:01:03 +0000
ROA not before:           Wed 17 Jul 2024 16:01:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        81.168.96.0/24 maxlen: 24
                          82.153.51.0/24 maxlen: 24
                          82.153.148.0/24 maxlen: 24
                          89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 07 Aug 2024 12:59:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c1:6c:fd:60:b3:4c:6f:b7:2b:6f:36:b4:26:1f:7e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 17 16:01:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56bfc1aa41af63459ea1cea3b21d7bc53ccefa48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:23:a8:1f:b8:95:06:f7:a2:07:41:6f:ac:e0:
                    c8:aa:91:cc:e8:0d:eb:c5:22:ad:af:a8:88:c1:77:
                    1d:e0:b6:07:14:8c:e7:36:f6:8d:34:65:f2:fb:80:
                    fe:9e:3f:d4:84:c7:bd:5e:36:13:2a:e6:63:ed:73:
                    42:b9:d8:ea:6f:a2:bf:6e:f1:0d:e4:48:39:43:2b:
                    bc:89:aa:6e:be:f1:69:69:dc:95:a0:7e:d9:3f:68:
                    14:ac:24:d4:bc:b7:39:f8:db:0c:c2:40:5e:60:a7:
                    82:c0:40:a4:3f:61:9b:02:8a:05:50:58:fc:ef:93:
                    3a:0a:70:a7:7e:e9:3a:1e:69:47:73:80:f4:63:11:
                    8b:be:f5:21:bd:18:fe:ad:f0:ee:e3:b8:fb:5e:8c:
                    88:b8:b9:00:38:fa:f3:36:a5:d2:4e:de:a2:f6:82:
                    61:ad:dc:c9:c2:ed:9a:da:56:e7:d1:2c:49:7e:c9:
                    3e:fc:a6:41:97:16:b5:41:e6:86:58:3f:a7:3f:e0:
                    47:d5:3c:30:fe:aa:d4:b0:97:4d:ef:90:0d:9c:b8:
                    5c:37:7a:ab:78:95:a1:5d:e2:7f:c0:f4:38:49:bc:
                    b4:d9:50:2e:17:ff:cd:60:ec:8e:8d:e9:5c:57:cb:
                    a3:04:81:e4:f9:54:41:42:8a:43:e1:33:d9:cd:32:
                    aa:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:BF:C1:AA:41:AF:63:45:9E:A1:CE:A3:B2:1D:7B:C5:3C:CE:FA:48
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Vr_BqkGvY0Weoc6jsh17xTzO-kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.96.0/24
                  82.153.51.0/24
                  82.153.148.0/24
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         95:3a:74:11:03:a7:34:42:8a:91:1c:94:7c:64:a5:3f:bc:82:
         19:fb:0a:56:5f:9b:47:c2:18:e1:55:f5:31:60:16:15:a8:e4:
         8b:62:ee:8a:13:2e:34:04:34:86:e0:63:55:48:9e:44:30:42:
         45:27:ae:13:df:09:c5:97:fb:f2:fe:bb:53:0e:5f:27:21:6d:
         f7:fc:4d:d9:c0:a5:64:9b:63:c8:f8:2d:75:70:47:3d:d8:69:
         ff:28:54:f5:59:08:43:36:37:72:a7:34:8c:ce:82:d2:26:10:
         a8:9b:8a:be:ff:a0:df:83:f9:cf:b7:fa:fa:c0:43:ce:f7:d0:
         e6:11:74:88:c6:d2:b4:a8:01:c5:5e:0b:39:aa:71:e2:cd:bd:
         aa:18:3e:5c:6e:d5:26:f9:1a:97:0a:a9:c7:e0:27:2f:32:f3:
         c3:17:ff:80:52:5f:f8:44:e5:68:92:b5:3e:84:f5:bd:27:26:
         4b:14:5f:c6:0f:98:12:42:0a:fa:1c:23:47:67:c8:6f:00:87:
         83:08:18:42:7c:b3:64:c8:a8:94:03:ff:26:9f:c7:ba:ba:23:
         85:c2:09:3b:a6:71:50:ba:1d:42:37:4e:9c:0f:44:ac:bf:80:
         ad:ed:8a:46:b0:ca:63:55:b0:b6:6d:30:a0:65:1d:e9:d9:fd:
         4a:a3:4c:e7
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZDBbP1gs0xvtytvNrQmH34GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzE3MTYwMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmJmYzFhYTQxYWY2MzQ1OWVhMWNlYTNiMjFkN2JjNTNjY2VmYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSOoH7iVBveiB0FvrODIqpHM6A3r
xSKtr6iIwXcd4LYHFIznNvaNNGXy+4D+nj/UhMe9XjYTKuZj7XNCudjqb6K/bvEN
5Eg5Qyu8iapuvvFpadyVoH7ZP2gUrCTUvLc5+NsMwkBeYKeCwECkP2GbAooFUFj8
75M6CnCnfuk6HmlHc4D0YxGLvvUhvRj+rfDu47j7XoyIuLkAOPrzNqXSTt6i9oJh
rdzJwu2a2lbn0SxJfsk+/KZBlxa1QeaGWD+nP+BH1Tww/qrUsJdN75ANnLhcN3qr
eJWhXeJ/wPQ4Sby02VAuF//NYOyOjelcV8ujBIHk+VRBQopD4TPZzTKq5wIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFFa/wapBr2NFnqHOo7Ide8U8zvpIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVnJfQnFrR3ZZMFdlb2M2anNoMTd4VHpPLWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAUahgAwQA
UpkzAwQAUpmUAwQAWdVrMAwDBARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0D
BABZ1eMDBADVgokwDAMEA9WCmAMEANWCmjANBgkqhkiG9w0BAQsFAAOCAQEAlTp0
EQOnNEKKkRyUfGSlP7yCGfsKVl+bR8IY4VX1MWAWFajki2LuihMuNAQ0huBjVUie
RDBCRSeuE98JxZf78v67Uw5fJyFt9/xN2cClZJtjyPgtdXBHPdhp/yhU9VkIQzY3
cqc0jM6C0iYQqJuKvv+g34P5z7f6+sBDzvfQ5hF0iMbStKgBxV4LOapx4s29qhg+
XG7VJvkalwqpx+AnLzLzwxf/gFJf+ETlaJK1PoT1vScmSxRfxg+YEkIK+hwjR2fI
bwCHgwgYQnyzZMiolAP/Jp/HurojhcIJO6ZxULodQjdOnA9ErL+Are2KRrDKY1Ww
tm0woGUd6dn9SqNM5w==
-----END CERTIFICATE-----