Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ieVNIYYU5dVB6T3ZadzjtRtbItE.roa
File:                     ieVNIYYU5dVB6T3ZadzjtRtbItE.roa (raw, json)
Hash identifier:          8aNoc9k1mmU5Fv5KC+s2LHMOTnMsiBiM1o1epgeedJo=
Subject key identifier:   89:E5:4D:21:86:14:E5:D5:41:E9:3D:D9:69:DC:E3:B5:1B:5B:22:D1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F75E61C665A58698ADB2F41EDE0C14CA4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ieVNIYYU5dVB6T3ZadzjtRtbItE.roa
Signing time:             Tue 14 May 2024 06:59:25 +0000
ROA not before:           Tue 14 May 2024 06:59:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        81.168.96.0/24 maxlen: 24
                          82.153.51.0/24 maxlen: 24
                          82.153.148.0/24 maxlen: 24
                          89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 21 Jun 2024 14:31:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:75:e6:1c:66:5a:58:69:8a:db:2f:41:ed:e0:c1:4c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 14 06:59:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89e54d218614e5d541e93dd969dce3b51b5b22d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:34:2e:df:08:b2:af:1f:44:94:1b:44:e4:d0:
                    37:b6:b8:0b:1a:fd:89:d6:dd:e4:e2:df:e0:55:28:
                    38:17:79:ad:fb:87:54:4d:c5:d5:ae:20:1c:03:c3:
                    df:62:01:69:58:9c:69:3b:ac:d2:de:f4:c9:a7:87:
                    39:c2:00:25:2e:e8:75:2c:48:84:a6:06:2e:a6:99:
                    17:19:d0:40:8b:10:7b:81:39:ed:96:e8:9a:81:b0:
                    76:33:52:be:86:ac:8b:1f:b5:4f:fc:22:17:48:3b:
                    0f:79:73:30:c7:f8:91:65:dd:0f:76:b0:93:81:9f:
                    24:5f:0b:e1:ce:3a:99:bd:f1:88:46:d3:a9:88:fb:
                    2f:e3:78:65:2f:8c:2f:ff:a1:a9:8f:64:f1:bf:b4:
                    c3:85:e0:c7:83:61:e4:70:c8:d2:0d:96:77:15:83:
                    28:7a:76:9b:78:9e:d3:94:a6:87:e6:d9:97:b3:f4:
                    08:43:11:53:ba:c3:a7:cf:59:d5:af:11:92:30:6c:
                    95:c5:a4:43:21:6e:35:ab:0b:35:b7:af:5a:93:42:
                    7b:5f:67:8f:f9:f7:9f:54:b9:ba:fb:53:a0:0c:c8:
                    b1:ad:97:e3:80:df:ab:eb:8d:29:fe:78:d8:1f:a6:
                    64:a1:7a:df:dd:79:b1:14:0d:e6:fb:c8:58:3c:b1:
                    94:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E5:4D:21:86:14:E5:D5:41:E9:3D:D9:69:DC:E3:B5:1B:5B:22:D1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ieVNIYYU5dVB6T3ZadzjtRtbItE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.96.0/24
                  82.153.51.0/24
                  82.153.148.0/24
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         15:82:0d:4d:69:42:46:1f:8e:dc:6c:00:68:88:3d:7c:4a:ab:
         13:63:67:c0:d6:06:6f:0f:62:3e:ee:bc:99:fb:94:f0:72:5f:
         f8:78:7b:43:12:74:7c:ce:85:19:9a:d8:60:d7:3b:ca:e6:4d:
         de:5d:7b:57:49:c3:21:ca:2e:04:c4:c8:6c:80:75:d6:5c:7c:
         6d:69:97:a2:1c:63:21:b7:25:7a:8b:b0:dd:93:63:60:3c:0c:
         5e:1d:47:29:32:d7:3f:7c:9b:45:82:ab:97:32:81:f8:a2:53:
         4e:68:98:f7:80:c7:bc:71:85:83:63:ab:f8:ea:1f:71:2a:3e:
         3d:13:2d:12:8d:73:5d:b9:40:97:61:4c:88:8b:11:f8:c3:2b:
         4d:03:86:fe:fa:bd:16:76:2a:93:99:c8:32:81:1a:b5:f3:f8:
         33:4b:1e:ee:81:97:78:c7:5b:54:2b:9a:4a:11:8f:57:a9:8f:
         4e:54:dd:c2:f2:da:c5:a0:86:32:6b:97:b3:82:6d:e9:4b:60:
         dd:36:0c:ae:63:ef:55:01:bd:72:f9:38:ae:08:fb:05:53:ff:
         3f:a8:97:13:1b:c7:10:8f:c3:88:71:3c:54:72:a9:49:53:8e:
         82:4b:c1:f4:41:2b:0c:1d:f1:0c:30:b3:8a:bc:68:14:f3:a2:
         30:08:47:20
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY915hxmWlhpitsvQe3gwUykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTE0MDY1OTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWU1NGQyMTg2MTRlNWQ1NDFlOTNkZDk2OWRjZTNiNTFiNWIyMmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTQu3wiyrx9ElBtE5NA3trgLGv2J
1t3k4t/gVSg4F3mt+4dUTcXVriAcA8PfYgFpWJxpO6zS3vTJp4c5wgAlLuh1LEiE
pgYuppkXGdBAixB7gTntluiagbB2M1K+hqyLH7VP/CIXSDsPeXMwx/iRZd0PdrCT
gZ8kXwvhzjqZvfGIRtOpiPsv43hlL4wv/6Gpj2Txv7TDheDHg2HkcMjSDZZ3FYMo
enabeJ7TlKaH5tmXs/QIQxFTusOnz1nVrxGSMGyVxaRDIW41qws1t69ak0J7X2eP
+fefVLm6+1OgDMixrZfjgN+r640p/njYH6ZkoXrf3XmxFA3m+8hYPLGUDwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFInlTSGGFOXVQek92Wnc47UbWyLRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaWVWTklZWVU1ZFZCNlQzWmFkemp0UnRiSXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAUahgAwQA
UpkzAwQAUpmUAwQAWdVrMAwDBARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0D
BABZ1eMDBADVgokwDAMEA9WCmAMEANWCmjANBgkqhkiG9w0BAQsFAAOCAQEAFYIN
TWlCRh+O3GwAaIg9fEqrE2NnwNYGbw9iPu68mfuU8HJf+Hh7QxJ0fM6FGZrYYNc7
yuZN3l17V0nDIcouBMTIbIB11lx8bWmXohxjIbcleouw3ZNjYDwMXh1HKTLXP3yb
RYKrlzKB+KJTTmiY94DHvHGFg2Or+OofcSo+PRMtEo1zXblAl2FMiIsR+MMrTQOG
/vq9FnYqk5nIMoEatfP4M0se7oGXeMdbVCuaShGPV6mPTlTdwvLaxaCGMmuXs4Jt
6Utg3TYMrmPvVQG9cvk4rgj7BVP/P6iXExvHEI/DiHE8VHKpSVOOgkvB9EErDB3x
DDCzirxoFPOiMAhHIA==
-----END CERTIFICATE-----