Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cFhheeymBx7UgcYBFTMufmUE5mU.roa
File:                     cFhheeymBx7UgcYBFTMufmUE5mU.roa (raw, json)
Hash identifier:          GpN3TwGZShs1iAHMeaVPtgr637h/I1SiVDTD5kiue10=
Subject key identifier:   70:58:61:79:EC:A6:07:1E:D4:81:C6:01:15:33:2E:7E:65:04:E6:65
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019108E313B935450D1EFA8E4449BFDF912B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cFhheeymBx7UgcYBFTMufmUE5mU.roa
Signing time:             Wed 31 Jul 2024 13:03:05 +0000
ROA not before:           Wed 31 Jul 2024 13:03:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        82.152.4.0/24 maxlen: 24
                          82.152.5.0/24 maxlen: 24
                          82.153.153.0/24 maxlen: 24
                          82.153.156.0/24 maxlen: 24
                          82.153.200.0/24 maxlen: 24
                          82.163.0.0/24 maxlen: 24
                          109.176.193.0/24 maxlen: 24
                          109.176.244.0/24 maxlen: 24
                          212.38.79.0/24 maxlen: 24
                          213.130.151.0/24 maxlen: 24
                          213.210.63.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.233.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 01 Sep 2024 13:44:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:08:e3:13:b9:35:45:0d:1e:fa:8e:44:49:bf:df:91:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 31 13:03:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70586179eca6071ed481c60115332e7e6504e665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:89:4d:d8:63:3b:c1:18:d1:d3:f3:c5:bc:98:
                    99:eb:6b:11:c8:e5:d7:b6:3e:6c:20:24:d4:9b:31:
                    51:0b:34:a2:e4:b7:59:24:ad:89:1a:ea:df:84:23:
                    a3:45:f0:02:74:71:2e:87:67:e6:07:99:e9:66:ae:
                    64:16:6b:d7:43:01:55:5c:9b:d0:6d:3b:27:a4:b5:
                    2f:57:71:f0:e5:73:ec:ed:ea:53:3d:7e:4d:90:0d:
                    5d:e4:fa:bc:97:84:4a:e6:81:94:0e:db:54:1b:40:
                    c3:21:4f:63:17:2a:c3:c3:ba:af:5c:b7:94:d6:b0:
                    70:41:f1:d1:b8:ff:c5:bb:e3:06:df:c3:fc:a3:b8:
                    5f:0b:0a:a7:de:b7:51:cc:74:99:19:5b:91:85:23:
                    82:a8:4b:e4:e4:11:3f:87:25:5d:14:11:83:9c:cd:
                    e9:e3:c5:30:20:04:91:17:ce:a2:bd:c3:a3:11:48:
                    69:c7:94:bc:34:33:84:fc:b1:75:9f:d9:62:b6:0d:
                    b1:62:42:57:02:47:01:48:db:b9:7d:64:9e:44:71:
                    a1:a8:99:14:29:d8:6a:99:c7:1b:a4:58:ef:34:21:
                    32:eb:12:92:b5:62:0f:22:de:32:c3:7e:6a:86:18:
                    27:6e:bd:81:a7:c3:59:b8:3b:18:57:9f:0f:2f:40:
                    93:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:58:61:79:EC:A6:07:1E:D4:81:C6:01:15:33:2E:7E:65:04:E6:65
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cFhheeymBx7UgcYBFTMufmUE5mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.4.0/23
                  82.153.153.0/24
                  82.153.156.0/24
                  82.153.200.0/24
                  82.163.0.0/24
                  109.176.193.0/24
                  109.176.244.0/24
                  212.38.79.0/24
                  213.130.151.0/24
                  213.210.63.0/24
                  213.218.211.0/24
                  213.218.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:05:5d:7e:de:ee:4d:68:63:0c:db:a4:85:5b:c4:6a:a2:5f:
         8c:7c:95:d7:3a:84:d8:26:ad:c4:0b:67:6b:e3:a0:00:33:71:
         dc:06:68:45:bc:bd:e1:92:92:bd:f8:2c:ec:88:21:72:f3:da:
         ff:6e:8c:e1:ec:ea:ee:bf:8d:7d:0e:2a:5d:f7:92:5d:c7:d0:
         cb:72:fc:5f:cb:be:d5:e6:1e:be:2a:7d:91:88:69:81:c0:56:
         52:93:1e:b5:25:26:38:19:ed:8d:05:f0:bb:00:55:1c:a2:cb:
         ea:d6:be:52:bf:72:a6:d1:e4:f1:3b:a2:6e:da:b7:90:1a:8d:
         1d:42:62:19:09:40:58:44:ff:35:51:7f:de:39:28:fd:7a:f4:
         43:ad:2e:30:92:99:0b:ce:c8:38:1f:e3:40:24:7a:f9:3e:ca:
         01:9a:e8:56:29:24:30:7e:cb:11:33:cc:19:e2:a9:8d:78:1b:
         0c:7d:ba:04:83:7c:e6:49:d6:be:58:66:1a:c6:f1:49:18:50:
         3e:66:55:63:14:75:a0:82:0c:b8:e5:74:22:21:7e:47:db:32:
         23:de:c9:c6:5d:5f:18:3c:0e:2c:fa:9e:3b:6b:4e:b0:45:1a:
         f3:42:c3:e3:cf:bf:96:9e:1a:6a:61:40:45:90:8f:90:71:97:
         6b:37:6e:26
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZEI4xO5NUUNHvqOREm/35ErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzMxMTMwMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDU4NjE3OWVjYTYwNzFlZDQ4MWM2MDExNTMzMmU3ZTY1MDRlNjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IlN2GM7wRjR0/PFvJiZ62sRyOXX
tj5sICTUmzFRCzSi5LdZJK2JGurfhCOjRfACdHEuh2fmB5npZq5kFmvXQwFVXJvQ
bTsnpLUvV3Hw5XPs7epTPX5NkA1d5Pq8l4RK5oGUDttUG0DDIU9jFyrDw7qvXLeU
1rBwQfHRuP/Fu+MG38P8o7hfCwqn3rdRzHSZGVuRhSOCqEvk5BE/hyVdFBGDnM3p
48UwIASRF86ivcOjEUhpx5S8NDOE/LF1n9litg2xYkJXAkcBSNu5fWSeRHGhqJkU
KdhqmccbpFjvNCEy6xKStWIPIt4yw35qhhgnbr2Bp8NZuDsYV58PL0CTnwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHBYYXnspgce1IHGARUzLn5lBOZlMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY0ZoaGVleW1CeDdVZ2NZQkZUTXVmbVVFNW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQBUpgEAwQA
UpmZAwQAUpmcAwQAUpnIAwQAUqMAAwQAbbDBAwQAbbD0AwQA1CZPAwQA1YKXAwQA
1dI/AwQA1drTAwQA1drpMA0GCSqGSIb3DQEBCwUAA4IBAQBjBV1+3u5NaGMM26SF
W8Rqol+MfJXXOoTYJq3EC2dr46AAM3HcBmhFvL3hkpK9+CzsiCFy89r/bozh7Oru
v419Dipd95Jdx9DLcvxfy77V5h6+Kn2RiGmBwFZSkx61JSY4Ge2NBfC7AFUcosvq
1r5Sv3Km0eTxO6Ju2reQGo0dQmIZCUBYRP81UX/eOSj9evRDrS4wkpkLzsg4H+NA
JHr5PsoBmuhWKSQwfssRM8wZ4qmNeBsMfboEg3zmSda+WGYaxvFJGFA+ZlVjFHWg
ggy45XQiIX5H2zIj3snGXV8YPA4s+p47a06wRRrzQsPjz7+WnhpqYUBFkI+QcZdr
N24m
-----END CERTIFICATE-----