Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/JP1X5AVHCPibnlRPCcUdDb_kF-s.roa
File:                     JP1X5AVHCPibnlRPCcUdDb_kF-s.roa (raw, json)
Hash identifier:          kb0IH9grLI+9I24msL4dA3rsKNa3NSXCf4RfND0EsGk=
Subject key identifier:   24:FD:57:E4:05:47:08:F8:9B:9E:54:4F:09:C5:1D:0D:BF:E4:17:EB
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       01932FA7DB43D6765A9532E5EC25160FEA0B
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/JP1X5AVHCPibnlRPCcUdDb_kF-s.roa
Signing time:             Fri 15 Nov 2024 11:49:09 +0000
ROA not before:           Fri 15 Nov 2024 11:49:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47376
IP address blocks:        103.215.220.0/22 maxlen: 22
                          103.215.220.0/24 maxlen: 24
                          103.215.221.0/24 maxlen: 24
                          103.215.222.0/24 maxlen: 24
                          103.215.223.0/24 maxlen: 24
                          185.221.239.0/24 maxlen: 24
                          195.28.11.0/24 maxlen: 24
                          195.238.231.0/24 maxlen: 24
                          195.238.240.0/24 maxlen: 24
                          195.238.247.0/24 maxlen: 24
                          2a05:63c0::/29 maxlen: 29
                          2a05:63c0::/30 maxlen: 30
                          2a05:63c0::/48 maxlen: 48
                          2a0f:c040::/29 maxlen: 29
                          2a10:ef04:1001::/48 maxlen: 48
                          2a10:ef04:1002::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 20 Nov 2024 17:48:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2f:a7:db:43:d6:76:5a:95:32:e5:ec:25:16:0f:ea:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Nov 15 11:49:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24fd57e4054708f89b9e544f09c51d0dbfe417eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:11:db:96:06:28:41:9e:0f:85:f5:26:c2:83:
                    d3:78:c3:df:3e:e5:9f:d8:62:91:65:a5:ea:bb:62:
                    4c:bc:a2:f3:9f:cd:69:95:6d:fb:c0:e0:36:28:ac:
                    2e:e2:60:13:22:0c:18:0b:86:13:9c:09:f8:84:d4:
                    a1:73:5e:99:e6:fe:8d:bd:f1:2f:e7:f3:91:cb:75:
                    a5:33:88:ec:16:4e:fb:75:25:04:d2:f3:90:2d:61:
                    4b:d0:66:23:10:2f:2b:17:1f:f9:89:6b:4d:2c:3d:
                    6e:f4:b8:68:68:9d:d3:e5:28:fa:ff:06:22:13:41:
                    98:2b:05:4c:c9:b7:b5:54:dd:f0:a9:77:b6:b6:cb:
                    64:d1:a5:1c:b0:93:c1:69:5d:0d:12:2c:96:03:12:
                    f1:6f:e7:00:99:9e:55:5a:fa:40:49:66:a9:97:72:
                    2f:82:dc:57:68:d8:20:14:28:9e:07:51:24:af:5c:
                    2f:d7:86:76:38:9a:94:0f:b3:3a:b7:fd:54:30:04:
                    d4:d9:11:38:73:54:0c:08:b1:42:a5:a8:1e:d9:b4:
                    9c:9b:6a:b5:b7:e2:37:f1:df:dd:8b:64:5b:18:d9:
                    70:04:df:1d:ff:71:fa:9c:b8:bc:d3:bb:21:25:07:
                    a4:9d:46:f0:63:35:5c:51:59:b5:bd:c8:ef:fd:ca:
                    fb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:FD:57:E4:05:47:08:F8:9B:9E:54:4F:09:C5:1D:0D:BF:E4:17:EB
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/JP1X5AVHCPibnlRPCcUdDb_kF-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.215.220.0/22
                  185.221.239.0/24
                  195.28.11.0/24
                  195.238.231.0/24
                  195.238.240.0/24
                  195.238.247.0/24
                IPv6:
                  2a05:63c0::/29
                  2a0f:c040::/29
                  2a10:ef04:1001::-2a10:ef04:1002:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4f:7b:c3:49:99:0d:9c:e0:26:0e:50:df:a0:45:f3:d9:28:db:
         05:48:8c:37:7f:71:08:ee:81:e8:c6:ec:30:3d:1a:fe:55:2f:
         5a:59:6f:32:a5:5b:41:95:55:a0:7b:84:33:02:bd:6c:a7:23:
         4f:7b:05:c7:ca:e4:f3:2f:1b:d6:2a:04:e5:84:57:8c:9c:ac:
         b6:d2:40:40:09:e7:f4:7d:d4:13:15:19:98:09:05:01:74:31:
         83:e3:43:08:c1:f9:e2:4a:a5:bc:23:35:f9:59:e7:31:b6:3f:
         0b:b9:6c:82:25:05:77:aa:bf:fa:30:84:ee:b5:81:b1:4f:f1:
         33:8e:4c:76:4e:4a:2d:7c:da:d5:74:6a:33:dd:e2:bd:ab:e3:
         24:c7:50:92:bc:c4:7f:80:b5:2f:d3:cb:70:ea:c1:da:9e:84:
         da:6c:b0:42:6f:39:50:bf:a8:e0:6b:b1:b3:96:01:9d:3b:5a:
         f9:8a:07:54:96:a6:d4:86:92:fb:ac:52:94:ef:72:02:a9:fd:
         5c:7d:69:3c:73:a5:8c:e8:f7:13:fa:15:98:c9:46:7a:71:95:
         c4:49:15:c0:0b:16:c7:95:32:b4:b3:67:38:f1:cf:12:d6:52:
         b9:38:26:23:f1:be:27:0f:75:b8:34:20:66:cd:3b:92:96:55:
         94:8c:5e:f0
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZMvp9tD1nZalTLl7CUWD+oLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjQxMTE1MTE0OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGZkNTdlNDA1NDcwOGY4OWI5ZTU0NGYwOWM1MWQwZGJmZTQxN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxHblgYoQZ4PhfUmwoPTeMPfPuWf
2GKRZaXqu2JMvKLzn81plW37wOA2KKwu4mATIgwYC4YTnAn4hNShc16Z5v6NvfEv
5/ORy3WlM4jsFk77dSUE0vOQLWFL0GYjEC8rFx/5iWtNLD1u9LhoaJ3T5Sj6/wYi
E0GYKwVMybe1VN3wqXe2tstk0aUcsJPBaV0NEiyWAxLxb+cAmZ5VWvpASWapl3Iv
gtxXaNggFCieB1Ekr1wv14Z2OJqUD7M6t/1UMATU2RE4c1QMCLFCpage2bScm2q1
t+I38d/di2RbGNlwBN8d/3H6nLi807shJQeknUbwYzVcUVm1vcjv/cr7YwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFCT9V+QFRwj4m55UTwnFHQ2/5BfrMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvSlAxWDVBVkhDUGlibmxSUENjVWREYl9rRi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjAqBAIAATAkAwQCZ9fcAwQA
ud3vAwQAwxwLAwQAw+7nAwQAw+7wAwQAw+73MCgEAgACMCIDBQMqBWPAAwUDKg/A
QDASAwcAKhDvBBABAwcAKhDvBBACMA0GCSqGSIb3DQEBCwUAA4IBAQBPe8NJmQ2c
4CYOUN+gRfPZKNsFSIw3f3EI7oHoxuwwPRr+VS9aWW8ypVtBlVWge4QzAr1spyNP
ewXHyuTzLxvWKgTlhFeMnKy20kBACef0fdQTFRmYCQUBdDGD40MIwfniSqW8IzX5
Wecxtj8LuWyCJQV3qr/6MITutYGxT/Ezjkx2TkotfNrVdGoz3eK9q+Mkx1CSvMR/
gLUv08tw6sHanoTabLBCbzlQv6jga7GzlgGdO1r5igdUlqbUhpL7rFKU73ICqf1c
fWk8c6WM6PcT+hWYyUZ6cZXESRXACxbHlTK0s2c48c8S1lK5OCYj8b4nD3W4NCBm
zTuSllWUjF7w
-----END CERTIFICATE-----