Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Lb0Qtg3OMMCta5wciz3xpLFxfL4.roa
File:                     Lb0Qtg3OMMCta5wciz3xpLFxfL4.roa (raw, json)
Hash identifier:          qnoLyosWNZovzXC5PYsyeURjrzEbIAwBaxQqCvsWwzU=
Subject key identifier:   2D:BD:10:B6:0D:CE:30:C0:AD:6B:9C:1C:8B:3D:F1:A4:B1:71:7C:BE
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0191840234899BF61EDBC903108E108668D9
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Lb0Qtg3OMMCta5wciz3xpLFxfL4.roa
Signing time:             Sat 24 Aug 2024 10:50:22 +0000
ROA not before:           Sat 24 Aug 2024 10:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        195.216.160.0/24 maxlen: 24
                          213.182.196.0/24 maxlen: 24
                          213.182.197.0/24 maxlen: 24
                          213.182.198.0/24 maxlen: 24
                          213.182.200.0/24 maxlen: 24
                          213.182.201.0/24 maxlen: 24
                          213.182.203.0/24 maxlen: 24
                          213.182.205.0/24 maxlen: 24
                          213.182.206.0/24 maxlen: 24
                          213.182.212.0/24 maxlen: 24
                          213.182.213.0/24 maxlen: 24
                          213.182.214.0/24 maxlen: 24
                          213.182.215.0/24 maxlen: 24
                          213.182.217.0/24 maxlen: 24
                          213.182.219.0/24 maxlen: 24
                          213.182.220.0/24 maxlen: 24
                          213.182.221.0/24 maxlen: 24
                          213.182.222.0/24 maxlen: 24
                          213.182.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 25 Aug 2024 16:57:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:84:02:34:89:9b:f6:1e:db:c9:03:10:8e:10:86:68:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Aug 24 10:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dbd10b60dce30c0ad6b9c1c8b3df1a4b1717cbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:99:a3:7a:03:0c:d8:b0:d2:42:ca:84:ec:a0:
                    c8:38:ae:63:94:36:87:20:0d:69:2e:e0:1f:ad:10:
                    b2:de:9e:f6:96:7f:eb:95:0d:90:8f:86:9f:7e:3d:
                    71:4e:7f:66:da:ac:05:24:1b:4a:7d:aa:8f:fb:80:
                    f9:13:11:e3:51:4a:fa:df:11:82:86:ba:a4:7a:b6:
                    a9:ff:06:2f:64:7b:e5:f8:a2:ba:8e:9b:bf:07:8e:
                    f8:ae:cf:44:a1:96:5e:04:02:09:48:dd:cd:83:d1:
                    88:19:0f:cc:fb:f4:db:fb:7c:77:35:a0:53:66:29:
                    70:58:b0:28:c8:3a:c9:13:23:8c:b7:cb:70:dc:74:
                    45:62:dc:78:98:14:7c:59:ad:0a:c4:da:6f:b5:76:
                    e2:4e:d1:37:78:92:2e:37:b1:e7:1f:ec:61:b1:74:
                    a0:18:f4:17:e4:ae:f9:41:b3:db:77:f5:fe:21:4c:
                    ba:9b:80:6a:fb:a9:4e:c5:5a:1e:15:38:65:fa:58:
                    54:72:c8:1f:7c:14:36:1d:af:ce:fb:76:ee:09:bf:
                    90:6b:70:e8:bc:de:3c:62:bc:ec:b8:76:3c:a1:a4:
                    78:01:5f:a8:af:fe:7b:34:52:4d:80:a3:4f:b5:ef:
                    ab:c4:0d:41:83:4a:ee:1a:53:18:fe:de:f4:e3:1f:
                    d8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:BD:10:B6:0D:CE:30:C0:AD:6B:9C:1C:8B:3D:F1:A4:B1:71:7C:BE
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Lb0Qtg3OMMCta5wciz3xpLFxfL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.160.0/24
                  213.182.196.0-213.182.198.255
                  213.182.200.0/23
                  213.182.203.0/24
                  213.182.205.0-213.182.206.255
                  213.182.212.0/22
                  213.182.217.0/24
                  213.182.219.0-213.182.223.255

    Signature Algorithm: sha256WithRSAEncryption
         4c:08:74:37:c1:98:48:02:09:35:c6:32:bc:31:d3:b5:f5:d0:
         5b:eb:f5:eb:dc:bb:b8:48:9b:2e:bc:44:39:60:bd:ce:65:39:
         b5:06:6c:41:53:ee:1e:36:95:bb:2e:2a:42:07:aa:c9:df:07:
         d5:8a:94:a7:60:c9:6f:98:06:a0:ff:8b:84:f8:a6:45:25:b5:
         28:69:a7:f1:a3:1c:43:f1:5f:e9:27:90:90:f3:08:2b:d2:df:
         1d:78:01:fe:b6:eb:85:22:57:73:ce:aa:8b:5b:4a:6f:51:bc:
         07:9c:7b:24:8d:fd:fb:49:c5:85:dc:19:c7:04:df:c8:1c:9b:
         23:1d:23:f9:07:74:70:b4:10:b4:38:00:d0:dd:1e:99:32:7d:
         e8:56:8a:bd:8c:c6:06:d8:2a:11:4a:d0:8f:f7:1d:c1:c4:b2:
         0f:6d:5e:83:59:7a:05:34:cc:80:84:f7:c3:06:a6:01:d1:01:
         23:87:68:4b:c8:45:35:9d:74:e2:d9:4c:60:ec:ca:8b:bd:e2:
         5d:26:d7:ac:33:9a:ee:49:bb:4d:c0:d1:00:42:8a:93:00:0d:
         fa:a0:03:ab:dc:6a:96:b1:eb:1a:3d:8f:e0:53:dc:be:46:60:
         dc:39:1b:16:27:b5:74:19:60:06:0d:9c:d1:2a:b1:76:f3:81:
         85:08:e9:0a
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZGEAjSJm/Ye28kDEI4QhmjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwODI0MTA1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGJkMTBiNjBkY2UzMGMwYWQ2YjljMWM4YjNkZjFhNGIxNzE3Y2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppmjegMM2LDSQsqE7KDIOK5jlDaH
IA1pLuAfrRCy3p72ln/rlQ2Qj4affj1xTn9m2qwFJBtKfaqP+4D5ExHjUUr63xGC
hrqkerap/wYvZHvl+KK6jpu/B474rs9EoZZeBAIJSN3Ng9GIGQ/M+/Tb+3x3NaBT
ZilwWLAoyDrJEyOMt8tw3HRFYtx4mBR8Wa0KxNpvtXbiTtE3eJIuN7HnH+xhsXSg
GPQX5K75QbPbd/X+IUy6m4Bq+6lOxVoeFThl+lhUcsgffBQ2Ha/O+3buCb+Qa3Do
vN48YrzsuHY8oaR4AV+or/57NFJNgKNPte+rxA1Bg0ruGlMY/t704x/YAQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFC29ELYNzjDArWucHIs98aSxcXy+MB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvTGIwUXRnM09NTUN0YTV3Y2l6M3hwTEZ4Zkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAw9igMAwD
BALVtsQDBADVtsYDBAHVtsgDBADVtsswDAMEANW2zQMEANW2zgMEAtW21AMEANW2
2TAMAwQA1bbbAwQF1bbAMA0GCSqGSIb3DQEBCwUAA4IBAQBMCHQ3wZhIAgk1xjK8
MdO19dBb6/Xr3Lu4SJsuvEQ5YL3OZTm1BmxBU+4eNpW7LipCB6rJ3wfVipSnYMlv
mAag/4uE+KZFJbUoaafxoxxD8V/pJ5CQ8wgr0t8deAH+tuuFIldzzqqLW0pvUbwH
nHskjf37ScWF3BnHBN/IHJsjHSP5B3RwtBC0OADQ3R6ZMn3oVoq9jMYG2CoRStCP
9x3BxLIPbV6DWXoFNMyAhPfDBqYB0QEjh2hLyEU1nXTi2Uxg7MqLveJdJtesM5ru
SbtNwNEAQoqTAA36oAOr3GqWsesaPY/gU9y+RmDcORsWJ7V0GWAGDZzRKrF284GF
COkK
-----END CERTIFICATE-----