Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kCJeMq-7tPU4L2MsbuqEkPP4ZN8.roa
File:                     kCJeMq-7tPU4L2MsbuqEkPP4ZN8.roa (raw, json)
Hash identifier:          M7OtnHXCQyGc9TVTNWYqIwI795M1tHsDpCfbdQf4llU=
Subject key identifier:   90:22:5E:32:AF:BB:B4:F5:38:2F:63:2C:6E:EA:84:90:F3:F8:64:DF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F73AAD31AFD20145FFB67BBBCFE969125
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kCJeMq-7tPU4L2MsbuqEkPP4ZN8.roa
Signing time:             Mon 13 May 2024 20:35:25 +0000
ROA not before:           Mon 13 May 2024 20:35:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        82.153.51.0/24 maxlen: 24
                          82.153.148.0/24 maxlen: 24
                          89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 14 May 2024 06:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:73:aa:d3:1a:fd:20:14:5f:fb:67:bb:bc:fe:96:91:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 13 20:35:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90225e32afbbb4f5382f632c6eea8490f3f864df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3c:eb:35:22:5b:a2:ca:38:87:82:22:a1:04:
                    a2:2d:f2:6f:9a:65:b2:3d:0a:8a:bd:ce:95:d0:93:
                    79:49:f5:67:ae:52:6f:f4:f6:f5:a5:dc:f6:e4:fa:
                    6e:f9:fd:ad:f7:3f:5a:b3:b9:93:90:bb:cd:88:b5:
                    1d:e0:e7:cd:70:3f:78:88:bd:30:77:dd:59:4a:e4:
                    17:53:66:41:64:0f:4d:50:b4:71:a5:f5:1f:f7:28:
                    f1:b5:71:6f:89:b8:50:df:7e:b8:9a:e7:00:3e:b6:
                    7a:0a:e2:ec:a3:e0:cd:63:72:9c:e9:55:78:ab:f2:
                    aa:ce:7f:fc:12:9b:c9:dc:3e:15:36:94:56:fd:3a:
                    3e:eb:ca:56:00:55:34:79:e9:21:86:16:f1:e4:57:
                    c9:9f:c4:ec:3b:fb:46:5b:e9:75:b5:a8:53:fc:3a:
                    46:c0:f5:e6:36:b1:8c:33:90:54:1b:e5:f2:45:5c:
                    fc:26:92:f7:d3:ed:e4:5c:d0:2d:bd:96:20:3a:c1:
                    68:6b:a7:ba:e3:d1:93:8d:bf:bf:44:44:f0:40:aa:
                    4f:96:62:a7:1e:cc:82:0d:59:03:da:e8:05:92:39:
                    d5:0d:f0:b2:46:e1:20:6d:10:27:76:c8:a3:a8:11:
                    c1:9e:49:a7:d5:b4:56:c3:6b:8a:84:1a:9b:07:5b:
                    8b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:22:5E:32:AF:BB:B4:F5:38:2F:63:2C:6E:EA:84:90:F3:F8:64:DF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kCJeMq-7tPU4L2MsbuqEkPP4ZN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.51.0/24
                  82.153.148.0/24
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         aa:32:7d:29:2d:d4:ab:2a:e0:62:83:04:ad:4e:12:c1:80:32:
         32:1e:4b:54:be:e1:d2:61:3b:3f:fb:d6:7f:ef:cd:5e:1e:50:
         4a:fb:be:c0:9b:7b:14:cd:78:40:92:ed:3a:df:2d:4a:b0:29:
         b5:1f:62:00:4b:b5:ba:a3:d0:a3:73:75:bf:42:5c:bb:a9:84:
         cd:c6:d2:a2:a0:df:60:57:cc:41:87:3b:d8:7d:40:4c:44:87:
         e3:90:b2:f0:34:bb:42:ea:a2:d4:89:9b:99:a4:86:77:bf:f5:
         31:c6:2b:23:ce:03:a2:f5:9a:70:4e:c1:0e:de:f6:48:ca:40:
         0e:08:31:83:21:64:6c:c3:35:bd:f2:4c:c3:91:98:2d:ca:db:
         b0:bf:4c:2f:b3:b8:eb:10:20:30:a1:82:0f:b8:ad:d3:ea:08:
         c1:0d:ec:f0:92:17:5d:3f:47:74:23:b2:e2:d3:db:af:57:3b:
         0b:e2:b5:0b:9d:8a:2d:10:05:87:b3:5e:96:63:0b:c0:5d:2b:
         9e:36:b9:83:3b:bd:ed:95:13:0b:05:19:99:ea:5f:67:05:48:
         6e:83:eb:76:72:c4:d2:29:2b:33:88:f5:0d:76:77:fc:81:5f:
         8b:02:75:43:d4:98:89:7f:76:00:c6:33:09:75:9a:42:2c:99:
         bf:01:d4:9d
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAY9zqtMa/SAUX/tnu7z+lpElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTEzMjAzNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDIyNWUzMmFmYmJiNGY1MzgyZjYzMmM2ZWVhODQ5MGYzZjg2NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTzrNSJboso4h4IioQSiLfJvmmWy
PQqKvc6V0JN5SfVnrlJv9Pb1pdz25Ppu+f2t9z9as7mTkLvNiLUd4OfNcD94iL0w
d91ZSuQXU2ZBZA9NULRxpfUf9yjxtXFvibhQ3364mucAPrZ6CuLso+DNY3Kc6VV4
q/Kqzn/8EpvJ3D4VNpRW/To+68pWAFU0eekhhhbx5FfJn8TsO/tGW+l1tahT/DpG
wPXmNrGMM5BUG+XyRVz8JpL30+3kXNAtvZYgOsFoa6e649GTjb+/RETwQKpPlmKn
HsyCDVkD2ugFkjnVDfCyRuEgbRAndsijqBHBnkmn1bRWw2uKhBqbB1uLaQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFJAiXjKvu7T1OC9jLG7qhJDz+GTfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva0NKZU1xLTd0UFU0TDJNc2J1cUVrUFA0Wk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAUpkzAwQA
UpmUAwQAWdVrMAwDBARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0DBABZ1eMD
BADVgokwDAMEA9WCmAMEANWCmjANBgkqhkiG9w0BAQsFAAOCAQEAqjJ9KS3Uqyrg
YoMErU4SwYAyMh5LVL7h0mE7P/vWf+/NXh5QSvu+wJt7FM14QJLtOt8tSrAptR9i
AEu1uqPQo3N1v0Jcu6mEzcbSoqDfYFfMQYc72H1ATESH45Cy8DS7Quqi1ImbmaSG
d7/1McYrI84DovWacE7BDt72SMpADggxgyFkbMM1vfJMw5GYLcrbsL9ML7O46xAg
MKGCD7it0+oIwQ3s8JIXXT9HdCOy4tPbr1c7C+K1C52KLRAFh7NelmMLwF0rnja5
gzu97ZUTCwUZmepfZwVIboPrdnLE0ikrM4j1DXZ3/IFfiwJ1Q9SYiX92AMYzCXWa
QiyZvwHUnQ==
-----END CERTIFICATE-----