Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u3D8kHL85-YBh7hlDag687e2hPg.roa
File:                     u3D8kHL85-YBh7hlDag687e2hPg.roa (raw, json)
Hash identifier:          pqKJq3E9a5DqJwF9dCknbCzjUlvN85lefmlesweaipA=
Subject key identifier:   BB:70:FC:90:72:FC:E7:E6:01:87:B8:65:0D:A8:3A:F3:B7:B6:84:F8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01910E0306AD0560687547E9C13B17B161FF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u3D8kHL85-YBh7hlDag687e2hPg.roa
Signing time:             Thu 01 Aug 2024 12:56:04 +0000
ROA not before:           Thu 01 Aug 2024 12:56:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        81.168.123.0/24 maxlen: 24
                          82.152.178.0/24 maxlen: 24
                          82.153.10.0/24 maxlen: 24
                          82.153.243.0/24 maxlen: 24
                          89.213.46.0/23 maxlen: 24
                          89.213.63.0/24 maxlen: 24
                          109.176.28.0/24 maxlen: 24
                          109.176.212.0/23 maxlen: 24
                          109.176.214.0/23 maxlen: 24
                          213.130.157.0/24 maxlen: 24
                          213.130.158.0/24 maxlen: 24
                          213.130.159.0/24 maxlen: 24
                          217.145.73.0/24 maxlen: 24
                          217.145.74.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 28 Aug 2024 16:18:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:03:06:ad:05:60:68:75:47:e9:c1:3b:17:b1:61:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  1 12:56:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb70fc9072fce7e60187b8650da83af3b7b684f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:39:69:6c:52:94:91:71:67:70:f4:48:09:59:
                    3a:ea:49:98:ad:06:ad:8a:b0:8b:e2:78:ef:63:d2:
                    37:d4:d1:a2:fc:77:62:41:68:20:75:52:60:9a:64:
                    10:51:e3:ff:8a:c0:30:ec:53:ee:0d:73:cf:0e:bd:
                    9e:82:a1:d8:d1:cd:82:de:39:7b:bb:e6:b1:59:46:
                    a1:97:7a:fa:68:7a:33:36:21:fe:2f:bb:9a:46:c8:
                    b3:6b:29:e0:2d:a7:2b:ac:e0:10:70:3a:d4:eb:0e:
                    72:1b:7d:55:da:c6:6b:41:e2:b0:0f:88:0f:43:3e:
                    d0:99:3e:ac:17:f6:44:f8:6e:03:7a:2f:ba:fb:68:
                    3d:fd:62:51:8c:0e:32:17:e2:3e:7b:89:8e:f0:8c:
                    86:b5:6b:56:ea:5d:e7:39:b3:e1:43:5f:be:d4:24:
                    30:55:3b:37:93:ca:ec:a7:41:35:ce:b4:94:c4:b8:
                    bf:88:4d:ec:df:86:0e:4b:9b:f3:9a:89:5d:1a:4c:
                    5f:f0:fc:24:12:12:7b:53:02:4c:e3:7d:7e:01:ea:
                    a7:11:c4:65:a1:b4:61:b7:39:fd:98:72:0e:9e:d6:
                    67:d0:60:cd:a9:e5:51:7f:69:8e:05:12:37:91:15:
                    f3:e1:b3:45:ab:81:f1:e7:e4:a5:6f:f2:bd:ea:b7:
                    2c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:70:FC:90:72:FC:E7:E6:01:87:B8:65:0D:A8:3A:F3:B7:B6:84:F8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u3D8kHL85-YBh7hlDag687e2hPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.123.0/24
                  82.152.178.0/24
                  82.153.10.0/24
                  82.153.243.0/24
                  89.213.46.0/23
                  89.213.63.0/24
                  109.176.28.0/24
                  109.176.212.0/22
                  213.130.157.0-213.130.159.255
                  217.145.73.0-217.145.74.255

    Signature Algorithm: sha256WithRSAEncryption
         23:28:c8:b8:3a:51:7d:87:38:21:b8:0f:49:a6:44:f3:54:20:
         63:10:e9:e0:e5:90:0f:2d:2e:bd:3a:ba:47:db:ff:97:6a:62:
         cd:05:5a:3b:ca:42:2f:ea:58:6c:20:76:f5:72:5b:05:85:00:
         be:3f:11:37:fb:63:18:77:18:d4:f9:18:7c:aa:e2:58:02:8c:
         c4:a6:b1:78:c6:62:c6:0f:a8:d4:19:0f:ab:74:42:a4:82:72:
         63:0a:80:f3:6a:75:7d:71:17:56:fb:87:ac:50:41:95:c4:b6:
         55:16:82:d4:56:30:fa:fe:f1:d5:01:7f:e0:27:17:f0:09:34:
         71:3d:bf:08:74:5a:e6:0e:4a:57:3a:9d:12:5a:97:55:ec:ca:
         28:0b:76:08:f7:22:1d:b8:29:93:cd:6b:43:f7:07:7d:db:48:
         35:e4:d8:b6:3d:7c:dd:5d:5d:54:7a:da:b4:92:52:44:9c:04:
         dd:ec:c7:43:b9:03:14:28:d0:2d:64:24:5b:8d:ea:34:1c:d7:
         0c:eb:f4:12:47:79:72:3b:94:f5:06:c2:27:de:2c:72:73:c4:
         41:1f:8e:61:df:18:62:9e:59:d5:d0:d2:38:70:2e:b8:2f:8f:
         a9:18:ba:ae:a2:3f:64:a6:dd:28:e8:22:30:01:a5:d4:cb:b4:
         c5:2d:e9:33
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZEOAwatBWBodUfpwTsXsWH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODAxMTI1NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjcwZmM5MDcyZmNlN2U2MDE4N2I4NjUwZGE4M2FmM2I3YjY4NGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTlpbFKUkXFncPRICVk66kmYrQat
irCL4njvY9I31NGi/HdiQWggdVJgmmQQUeP/isAw7FPuDXPPDr2egqHY0c2C3jl7
u+axWUahl3r6aHozNiH+L7uaRsizayngLacrrOAQcDrU6w5yG31V2sZrQeKwD4gP
Qz7QmT6sF/ZE+G4Dei+6+2g9/WJRjA4yF+I+e4mO8IyGtWtW6l3nObPhQ1++1CQw
VTs3k8rsp0E1zrSUxLi/iE3s34YOS5vzmoldGkxf8PwkEhJ7UwJM431+AeqnEcRl
obRhtzn9mHIOntZn0GDNqeVRf2mOBRI3kRXz4bNFq4Hx5+Slb/K96rcsLQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFLtw/JBy/OfmAYe4ZQ2oOvO3toT4MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdTNEOGtITDg1LVlCaDdobERhZzY4N2UyaFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAUah7AwQA
UpiyAwQAUpkKAwQAUpnzAwQBWdUuAwQAWdU/AwQAbbAcAwQCbbDUMAwDBADVgp0D
BAXVgoAwDAMEANmRSQMEANmRSjANBgkqhkiG9w0BAQsFAAOCAQEAIyjIuDpRfYc4
IbgPSaZE81QgYxDp4OWQDy0uvTq6R9v/l2pizQVaO8pCL+pYbCB29XJbBYUAvj8R
N/tjGHcY1PkYfKriWAKMxKaxeMZixg+o1BkPq3RCpIJyYwqA82p1fXEXVvuHrFBB
lcS2VRaC1FYw+v7x1QF/4CcX8Ak0cT2/CHRa5g5KVzqdElqXVezKKAt2CPciHbgp
k81rQ/cHfdtINeTYtj183V1dVHratJJSRJwE3ezHQ7kDFCjQLWQkW43qNBzXDOv0
Ekd5cjuU9QbCJ94scnPEQR+OYd8YYp5Z1dDSOHAuuC+PqRi6rqI/ZKbdKOgiMAGl
1Mu0xS3pMw==
-----END CERTIFICATE-----