Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/2I26dd8LGs57xeiLaaEgqJe98E8.roa
File:                     2I26dd8LGs57xeiLaaEgqJe98E8.roa (raw, json)
Hash identifier:          xVEOJNq5yeHyGPjqqsFYB4r72KLwwmuHWZ9C7p+AdjQ=
Subject key identifier:   D8:8D:BA:75:DF:0B:1A:CE:7B:C5:E8:8B:69:A1:20:A8:97:BD:F0:4F
Certificate issuer:       /CN=c11c58337cd4d74cd9219d8778dee5b29f08a461
Certificate serial:       018D468D4400B2910E9F82E35C9E8756E5FF
Authority key identifier: C1:1C:58:33:7C:D4:D7:4C:D9:21:9D:87:78:DE:E5:B2:9F:08:A4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRxYM3zU10zZIZ2HeN7lsp8IpGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/2I26dd8LGs57xeiLaaEgqJe98E8.roa
Signing time:             Fri 26 Jan 2024 16:14:39 +0000
ROA not before:           Fri 26 Jan 2024 16:14:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50821
IP address blocks:        46.39.96.0/19 maxlen: 19
                          79.142.240.0/20 maxlen: 20
                          89.255.224.0/20 maxlen: 20
                          109.238.128.0/20 maxlen: 20
                          145.14.96.0/19 maxlen: 19
                          145.40.16.0/20 maxlen: 20
                          147.28.64.0/19 maxlen: 19
                          178.16.208.0/20 maxlen: 20
                          178.251.128.0/21 maxlen: 21
                          185.54.196.0/22 maxlen: 22
                          185.81.108.0/22 maxlen: 22
                          212.100.96.0/19 maxlen: 19
                          217.69.144.0/20 maxlen: 20
                          2001:1ba8::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 27 Jan 2024 16:27:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:46:8d:44:00:b2:91:0e:9f:82:e3:5c:9e:87:56:e5:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11c58337cd4d74cd9219d8778dee5b29f08a461
        Validity
            Not Before: Jan 26 16:14:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d88dba75df0b1ace7bc5e88b69a120a897bdf04f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:94:4f:7b:38:8b:c7:63:a4:32:d6:2b:0f:4a:
                    c0:d5:68:7e:0e:36:e2:03:f9:76:f3:43:3a:10:9b:
                    76:42:aa:68:46:cd:92:41:aa:ed:23:d0:9b:ac:3c:
                    10:90:1f:98:a9:eb:fa:d1:0f:68:94:95:39:65:7a:
                    79:9a:44:fb:98:ed:da:af:2a:9a:56:54:40:99:dd:
                    5e:ba:35:81:a5:c2:b5:36:0a:7c:be:c1:72:56:26:
                    3b:11:7a:71:c3:1c:4e:85:8f:30:4c:64:38:40:c4:
                    70:a1:b7:1a:b6:9a:e8:c1:6b:81:91:f4:6b:30:ec:
                    55:6d:0b:df:0b:aa:be:1f:67:6f:f6:0a:e3:e5:34:
                    8f:27:51:0b:ea:ba:0c:d8:f1:cc:05:83:7c:a6:b7:
                    10:55:ff:f2:30:18:4b:66:af:0d:45:c6:74:f6:22:
                    71:50:0d:d2:86:8f:58:3d:17:37:1a:67:1e:26:00:
                    1a:7a:e4:2a:04:de:61:18:3f:f1:bc:2a:38:9a:e9:
                    22:ea:5e:46:5f:3a:c8:e8:85:ca:b0:d1:50:73:a1:
                    a2:d4:3e:83:84:78:48:40:44:a2:97:dc:e3:e4:d1:
                    f6:39:98:44:bc:b5:2e:25:dc:cd:14:eb:dc:6d:87:
                    dd:76:38:22:a9:6c:3b:ae:ce:b5:3b:a8:48:f1:7b:
                    23:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:8D:BA:75:DF:0B:1A:CE:7B:C5:E8:8B:69:A1:20:A8:97:BD:F0:4F
            X509v3 Authority Key Identifier:
                keyid:C1:1C:58:33:7C:D4:D7:4C:D9:21:9D:87:78:DE:E5:B2:9F:08:A4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRxYM3zU10zZIZ2HeN7lsp8IpGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/2I26dd8LGs57xeiLaaEgqJe98E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/wRxYM3zU10zZIZ2HeN7lsp8IpGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.39.96.0/19
                  79.142.240.0/20
                  89.255.224.0/20
                  109.238.128.0/20
                  145.14.96.0/19
                  145.40.16.0/20
                  147.28.64.0/19
                  178.16.208.0/20
                  178.251.128.0/21
                  185.54.196.0/22
                  185.81.108.0/22
                  212.100.96.0/19
                  217.69.144.0/20
                IPv6:
                  2001:1ba8::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:ce:a8:ce:2a:cb:b8:61:24:41:6b:a9:cf:62:df:de:ed:a4:
         6a:04:53:5b:7d:80:c4:0d:da:24:62:e7:e5:57:d3:43:de:a3:
         f6:44:e0:58:ad:97:fa:26:98:b3:e7:01:fd:18:e5:ab:ae:63:
         42:f5:4a:9d:8b:e0:78:01:8b:77:9a:57:18:0d:38:e5:06:71:
         6d:16:98:8d:63:79:31:20:6b:39:12:28:e0:7a:ec:36:d0:07:
         0b:4c:ee:d5:67:75:7a:9d:c2:00:0e:f9:a6:5d:d2:d3:8a:2a:
         b6:c5:86:02:bd:72:bf:e2:9f:52:28:bc:8c:6e:87:a3:50:81:
         e8:a7:a7:88:e5:bf:6d:05:bc:63:f8:52:cb:b2:ce:4d:74:13:
         2f:3a:2c:ba:99:03:4e:85:4d:3f:60:80:1b:71:ee:64:61:64:
         15:53:e7:a3:a2:c6:f4:15:f3:94:22:07:e0:30:b3:af:55:c9:
         fa:1d:d6:ad:05:78:b9:f0:aa:4a:27:1c:06:d4:aa:d1:c1:01:
         b6:75:ec:22:63:e3:47:12:7f:24:44:e2:2e:6a:2d:c5:29:61:
         a5:a3:b6:91:c3:8b:a9:35:44:da:6c:77:98:46:21:0a:58:5e:
         50:82:bb:82:5e:f1:f5:b3:e2:04:0a:d5:f7:cc:50:e4:74:f6:
         43:53:96:67
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAY1GjUQAspEOn4LjXJ6HVuX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMWM1ODMzN2NkNGQ3NGNkOTIxOWQ4Nzc4ZGVlNWIyOWYw
OGE0NjEwHhcNMjQwMTI2MTYxNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODhkYmE3NWRmMGIxYWNlN2JjNWU4OGI2OWExMjBhODk3YmRmMDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpRPeziLx2OkMtYrD0rA1Wh+Djbi
A/l280M6EJt2QqpoRs2SQartI9CbrDwQkB+Yqev60Q9olJU5ZXp5mkT7mO3aryqa
VlRAmd1eujWBpcK1Ngp8vsFyViY7EXpxwxxOhY8wTGQ4QMRwobcatprowWuBkfRr
MOxVbQvfC6q+H2dv9grj5TSPJ1EL6roM2PHMBYN8prcQVf/yMBhLZq8NRcZ09iJx
UA3Sho9YPRc3GmceJgAaeuQqBN5hGD/xvCo4muki6l5GXzrI6IXKsNFQc6Gi1D6D
hHhIQESil9zj5NH2OZhEvLUuJdzNFOvcbYfddjgiqWw7rs61O6hI8Xsj6wIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFNiNunXfCxrOe8Xoi2mhIKiXvfBPMB8GA1UdIwQY
MBaAFMEcWDN81NdM2SGdh3je5bKfCKRhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1J4WU0zelUxMHpaSVoySGVON2xzcDhJcEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wYmRjYTMtMjgzYS00OTQyLTg1OTIt
YzM5NDU0MWY3NzBlLzEvMkkyNmRkOExHczU3eGVpTGFhRWdxSmU5OEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wYmRjYTMtMjgzYS00OTQyLTg1OTItYzM5NDU0MWY3NzBl
LzEvd1J4WU0zelUxMHpaSVoySGVON2xzcDhJcEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQFLidgAwQE
T47wAwQEWf/gAwQEbe6AAwQFkQ5gAwQEkSgQAwQFkxxAAwQEshDQAwQDsvuAAwQC
uTbEAwQCuVFsAwQF1GRgAwQE2UWQMA0EAgACMAcDBQMgARuoMA0GCSqGSIb3DQEB
CwUAA4IBAQBJzqjOKsu4YSRBa6nPYt/e7aRqBFNbfYDEDdokYuflV9ND3qP2ROBY
rZf6Jpiz5wH9GOWrrmNC9Uqdi+B4AYt3mlcYDTjlBnFtFpiNY3kxIGs5Eijgeuw2
0AcLTO7VZ3V6ncIADvmmXdLTiiq2xYYCvXK/4p9SKLyMboejUIHop6eI5b9tBbxj
+FLLss5NdBMvOiy6mQNOhU0/YIAbce5kYWQVU+ejosb0FfOUIgfgMLOvVcn6Hdat
BXi58KpKJxwG1KrRwQG2dewiY+NHEn8kROIuai3FKWGlo7aRw4upNUTabHeYRiEK
WF5QgruCXvH1s+IECtX3zFDkdPZDU5Zn
-----END CERTIFICATE-----