Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Tt6iD2Icw4h3MHxv6ZwGti3ESpI.roa
File:                     Tt6iD2Icw4h3MHxv6ZwGti3ESpI.roa (raw, json)
Hash identifier:          kbNbRiUGcaOYmTHTg065BqXzAgoIxMkJuWpnlqoy6JI=
Subject key identifier:   4E:DE:A2:0F:62:1C:C3:88:77:30:7C:6F:E9:9C:06:B6:2D:C4:4A:92
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0191458365177C0B90C150F01721E968440A
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Tt6iD2Icw4h3MHxv6ZwGti3ESpI.roa
Signing time:             Mon 12 Aug 2024 07:35:24 +0000
ROA not before:           Mon 12 Aug 2024 07:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        213.182.196.0/24 maxlen: 24
                          213.182.197.0/24 maxlen: 24
                          213.182.198.0/24 maxlen: 24
                          213.182.200.0/24 maxlen: 24
                          213.182.203.0/24 maxlen: 24
                          213.182.204.0/24 maxlen: 24
                          213.182.206.0/24 maxlen: 24
                          213.182.208.0/24 maxlen: 24
                          213.182.209.0/24 maxlen: 24
                          213.182.217.0/24 maxlen: 24
                          213.182.219.0/24 maxlen: 24
                          213.182.220.0/24 maxlen: 24
                          213.182.222.0/24 maxlen: 24
                          213.182.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 13 Aug 2024 07:12:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:83:65:17:7c:0b:90:c1:50:f0:17:21:e9:68:44:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Aug 12 07:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4edea20f621cc38877307c6fe99c06b62dc44a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bf:f9:db:6d:a4:4a:71:5c:f2:50:13:02:50:
                    6e:2b:10:ba:df:eb:a0:c3:bb:fa:f3:ad:60:3e:ef:
                    90:21:f7:03:58:79:b2:f0:6f:7c:22:42:7a:b5:ee:
                    8a:5e:18:19:f1:a6:9e:b9:d4:64:df:e2:f3:63:4b:
                    a4:6f:59:01:ed:54:62:04:88:b2:61:97:13:fa:c9:
                    b7:94:c3:45:7b:e7:e4:30:82:21:6d:02:d1:54:e6:
                    a1:59:f7:3d:91:2d:14:62:67:14:47:11:9a:63:b0:
                    9d:b6:6d:d9:aa:05:9d:d4:c7:32:a5:e8:d7:8c:9c:
                    1d:65:67:7f:3c:d2:f2:95:ed:37:dd:ca:ca:7e:e8:
                    aa:0a:ad:cd:1f:d6:25:87:93:b0:e0:23:ec:14:f3:
                    1b:ae:a5:44:4f:f1:76:fa:b2:63:ac:22:4a:1c:c3:
                    19:8e:a9:cb:f3:21:90:04:0d:c2:a0:82:1b:06:b9:
                    43:2f:f6:72:94:ae:51:51:c0:a9:a8:3c:39:b4:c9:
                    eb:09:0a:9f:a1:62:bf:03:ff:d1:3f:61:05:b6:b0:
                    fe:06:8f:e3:4c:73:57:79:1a:8d:23:9e:b1:3c:ef:
                    87:79:1e:d4:10:ab:52:3e:da:13:20:5d:e9:5b:2a:
                    e6:fe:08:66:b4:ec:b5:04:96:33:00:20:71:bb:9f:
                    c8:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:DE:A2:0F:62:1C:C3:88:77:30:7C:6F:E9:9C:06:B6:2D:C4:4A:92
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Tt6iD2Icw4h3MHxv6ZwGti3ESpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.196.0-213.182.198.255
                  213.182.200.0/24
                  213.182.203.0-213.182.204.255
                  213.182.206.0/24
                  213.182.208.0/23
                  213.182.217.0/24
                  213.182.219.0-213.182.220.255
                  213.182.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:a8:bb:7b:b7:24:85:3c:6b:0a:ec:71:9e:6f:0b:ea:89:ba:
         dc:05:f4:f5:35:66:c0:53:85:e3:cd:a0:2c:76:d1:3b:7b:08:
         b9:78:9d:fd:ca:21:c2:94:bc:e9:1b:9c:28:01:c5:d7:7c:34:
         4c:66:28:4a:4c:b0:8f:ac:d8:be:dc:35:95:2f:bc:c7:51:55:
         96:74:60:ae:75:a3:41:0f:ba:b3:87:08:62:a9:21:2e:1c:f5:
         8f:c3:35:36:a6:c5:7e:e6:03:92:b1:d2:61:fb:3c:4e:00:04:
         68:8e:82:9b:63:de:dd:24:d9:af:21:65:04:ba:7a:a3:70:49:
         1d:99:74:d7:dd:c1:fa:d6:00:d2:a4:60:fb:ba:eb:dd:c7:93:
         52:11:12:c2:4d:40:7c:82:55:0f:8b:3f:26:a7:c3:a4:31:75:
         b3:09:75:78:9c:cb:f6:b9:98:2e:22:13:8a:be:d9:f2:79:c9:
         73:b6:c0:43:4c:91:02:49:d4:54:78:ff:b1:83:59:65:b6:ea:
         37:53:01:ab:ce:77:03:79:37:b3:c0:80:69:11:ac:1f:5b:f4:
         5f:95:e4:ae:ba:39:11:46:35:7d:e6:c7:c7:e7:4c:9d:b1:a3:
         bf:ea:c2:a1:b2:5c:f8:cb:22:31:54:d8:98:53:90:1e:da:48:
         9c:0e:c6:3c
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZFFg2UXfAuQwVDwFyHpaEQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwODEyMDczNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWRlYTIwZjYyMWNjMzg4NzczMDdjNmZlOTljMDZiNjJkYzQ0YTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL/5222kSnFc8lATAlBuKxC63+ug
w7v6861gPu+QIfcDWHmy8G98IkJ6te6KXhgZ8aaeudRk3+LzY0ukb1kB7VRiBIiy
YZcT+sm3lMNFe+fkMIIhbQLRVOahWfc9kS0UYmcURxGaY7Cdtm3ZqgWd1McypejX
jJwdZWd/PNLyle033crKfuiqCq3NH9Ylh5Ow4CPsFPMbrqVET/F2+rJjrCJKHMMZ
jqnL8yGQBA3CoIIbBrlDL/ZylK5RUcCpqDw5tMnrCQqfoWK/A//RP2EFtrD+Bo/j
THNXeRqNI56xPO+HeR7UEKtSPtoTIF3pWyrm/ghmtOy1BJYzACBxu5/IgQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFE7eog9iHMOIdzB8b+mcBrYtxEqSMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvVHQ2aUQySWN3NGgzTUh4djZad0d0aTNFU3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBALVtsQD
BADVtsYDBADVtsgwDAMEANW2ywMEANW2zAMEANW2zgMEAdW20AMEANW22TAMAwQA
1bbbAwQA1bbcAwQB1bbeMA0GCSqGSIb3DQEBCwUAA4IBAQBOqLt7tySFPGsK7HGe
bwvqibrcBfT1NWbAU4XjzaAsdtE7ewi5eJ39yiHClLzpG5woAcXXfDRMZihKTLCP
rNi+3DWVL7zHUVWWdGCudaNBD7qzhwhiqSEuHPWPwzU2psV+5gOSsdJh+zxOAARo
joKbY97dJNmvIWUEunqjcEkdmXTX3cH61gDSpGD7uuvdx5NSERLCTUB8glUPiz8m
p8OkMXWzCXV4nMv2uZguIhOKvtnyeclztsBDTJECSdRUeP+xg1lltuo3UwGrzncD
eTezwIBpEawfW/RfleSuujkRRjV95sfH50ydsaO/6sKhslz4yyIxVNiYU5Ae2kic
DsY8
-----END CERTIFICATE-----