Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/PTvk14Gv13V40sf6OFd-XWfWE3w.roa
File:                     PTvk14Gv13V40sf6OFd-XWfWE3w.roa (raw, json)
Hash identifier:          2ql4m7b2tno67yZTZX4berQQW0BLfNjJNN/gv30zx/k=
Subject key identifier:   3D:3B:E4:D7:81:AF:D7:75:78:D2:C7:FA:38:57:7E:5D:67:D6:13:7C
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       01916BD369BD463F15ADC4A74FDC61EC4283
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/PTvk14Gv13V40sf6OFd-XWfWE3w.roa
Signing time:             Mon 19 Aug 2024 18:08:22 +0000
ROA not before:           Mon 19 Aug 2024 18:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        213.182.196.0/24 maxlen: 24
                          213.182.197.0/24 maxlen: 24
                          213.182.198.0/24 maxlen: 24
                          213.182.200.0/24 maxlen: 24
                          213.182.201.0/24 maxlen: 24
                          213.182.203.0/24 maxlen: 24
                          213.182.205.0/24 maxlen: 24
                          213.182.206.0/24 maxlen: 24
                          213.182.208.0/24 maxlen: 24
                          213.182.212.0/24 maxlen: 24
                          213.182.214.0/24 maxlen: 24
                          213.182.217.0/24 maxlen: 24
                          213.182.219.0/24 maxlen: 24
                          213.182.220.0/24 maxlen: 24
                          213.182.222.0/24 maxlen: 24
                          213.182.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 22 Aug 2024 11:20:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6b:d3:69:bd:46:3f:15:ad:c4:a7:4f:dc:61:ec:42:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Aug 19 18:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d3be4d781afd77578d2c7fa38577e5d67d6137c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f2:2f:ca:1e:e1:d0:57:ba:cb:9f:f4:57:45:
                    40:cb:96:17:88:3a:2c:05:18:cb:57:83:e7:42:99:
                    6d:6e:5f:d1:1f:15:43:f8:0e:ab:22:46:27:17:3e:
                    58:43:6b:e6:de:9d:4a:2a:83:12:da:44:bb:d1:3f:
                    39:64:08:44:96:29:70:f7:89:d6:f4:18:8c:e9:7b:
                    23:fc:5c:3d:78:82:86:5a:4b:df:cb:1f:ac:f2:c7:
                    a4:11:df:8f:63:b7:4e:be:a3:4b:da:fc:31:84:eb:
                    8f:d3:7b:94:03:49:dc:6d:e1:17:07:2c:03:f8:c2:
                    d8:be:dd:86:89:27:a1:08:a5:96:ee:ca:17:1d:76:
                    71:e9:2c:a0:9d:e5:43:be:7a:b7:dd:47:69:c5:1a:
                    f1:4b:8f:52:97:e3:9a:cf:e1:13:61:a3:a5:15:ed:
                    9a:04:ec:bf:c7:35:14:09:db:08:95:30:27:cc:a3:
                    96:6f:d2:82:95:47:25:38:4d:ec:42:2a:19:b8:c9:
                    0e:57:37:93:e9:45:cb:a0:a7:e1:9d:e0:23:e8:1f:
                    20:dc:e1:50:c2:ea:76:09:cc:12:82:11:c4:8f:02:
                    80:d1:1b:45:74:8e:e9:23:0d:42:1f:5e:7e:f7:10:
                    af:d7:a5:c2:c8:3a:89:a0:b5:f9:f8:14:db:51:70:
                    3f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:3B:E4:D7:81:AF:D7:75:78:D2:C7:FA:38:57:7E:5D:67:D6:13:7C
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/PTvk14Gv13V40sf6OFd-XWfWE3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.196.0-213.182.198.255
                  213.182.200.0/23
                  213.182.203.0/24
                  213.182.205.0-213.182.206.255
                  213.182.208.0/24
                  213.182.212.0/24
                  213.182.214.0/24
                  213.182.217.0/24
                  213.182.219.0-213.182.220.255
                  213.182.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:b5:e9:9d:11:d6:d2:dd:68:51:35:49:95:73:ff:40:c1:28:
         fa:a7:63:cf:d5:1b:cc:69:dd:44:08:3c:b4:00:65:d8:fa:2e:
         be:37:dd:95:b3:83:c5:12:a9:ff:88:1c:b9:1c:bb:65:bf:bd:
         5a:e9:6d:b7:50:eb:55:3b:58:f9:41:15:4f:b6:fc:8e:d9:84:
         f2:8e:66:46:0d:3d:67:44:5c:6f:a8:c2:ca:06:b6:7e:30:78:
         91:8f:10:37:d7:a1:c9:26:ef:62:fa:44:a4:4e:4a:03:c3:48:
         56:26:1d:ea:69:db:5e:84:eb:2f:44:ec:6b:e0:13:d4:3c:0c:
         7c:fd:cb:ef:72:4a:93:0d:18:70:c6:2e:e1:2d:47:e0:7b:e0:
         b7:ee:3f:24:b0:aa:95:21:97:d1:d8:a1:5d:cc:c1:db:e4:b4:
         a7:8f:91:42:f8:66:e6:53:d2:fb:66:96:44:99:af:7f:39:29:
         2b:08:1f:b1:9d:e8:36:22:27:89:67:f4:f6:59:3f:17:ee:f6:
         4e:33:84:95:40:46:7a:ac:19:20:b4:9e:e4:e9:0a:23:7b:6c:
         4b:2e:3c:dd:b1:5a:8f:72:89:77:7d:03:85:42:55:dc:af:c7:
         df:ad:1a:eb:b0:a0:96:48:e6:aa:b6:4c:9f:9b:33:74:4c:f1:
         11:40:b0:78
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZFr02m9Rj8VrcSnT9xh7EKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwODE5MTgwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDNiZTRkNzgxYWZkNzc1NzhkMmM3ZmEzODU3N2U1ZDY3ZDYxMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vIvyh7h0Fe6y5/0V0VAy5YXiDos
BRjLV4PnQpltbl/RHxVD+A6rIkYnFz5YQ2vm3p1KKoMS2kS70T85ZAhElilw94nW
9BiM6Xsj/Fw9eIKGWkvfyx+s8sekEd+PY7dOvqNL2vwxhOuP03uUA0ncbeEXBywD
+MLYvt2GiSehCKWW7soXHXZx6SygneVDvnq33UdpxRrxS49Sl+Oaz+ETYaOlFe2a
BOy/xzUUCdsIlTAnzKOWb9KClUclOE3sQioZuMkOVzeT6UXLoKfhneAj6B8g3OFQ
wup2CcwSghHEjwKA0RtFdI7pIw1CH15+9xCv16XCyDqJoLX5+BTbUXA/SQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFD075NeBr9d1eNLH+jhXfl1n1hN8MB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvUFR2azE0R3YxM1Y0MHNmNk9GZC1YV2ZXRTN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUMAwDBALVtsQD
BADVtsYDBAHVtsgDBADVtsswDAMEANW2zQMEANW2zgMEANW20AMEANW21AMEANW2
1gMEANW22TAMAwQA1bbbAwQA1bbcAwQB1bbeMA0GCSqGSIb3DQEBCwUAA4IBAQCI
temdEdbS3WhRNUmVc/9AwSj6p2PP1RvMad1ECDy0AGXY+i6+N92Vs4PFEqn/iBy5
HLtlv71a6W23UOtVO1j5QRVPtvyO2YTyjmZGDT1nRFxvqMLKBrZ+MHiRjxA316HJ
Ju9i+kSkTkoDw0hWJh3qadtehOsvROxr4BPUPAx8/cvvckqTDRhwxi7hLUfge+C3
7j8ksKqVIZfR2KFdzMHb5LSnj5FC+GbmU9L7ZpZEma9/OSkrCB+xneg2IieJZ/T2
WT8X7vZOM4SVQEZ6rBkgtJ7k6Qoje2xLLjzdsVqPcol3fQOFQlXcr8ffrRrrsKCW
SOaqtkyfmzN0TPERQLB4
-----END CERTIFICATE-----