Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/3IFvMVtNitaDzDZ2I33gYTpOiWY.roa
File:                     3IFvMVtNitaDzDZ2I33gYTpOiWY.roa (raw, json)
Hash identifier:          rYAsn+0/IzdtdEsGNAsauuUuyihIEB1rOR9zHtfZHAA=
Subject key identifier:   DC:81:6F:31:5B:4D:8A:D6:83:CC:36:76:23:7D:E0:61:3A:4E:89:66
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       018F738548E5610BB33ABF95E7B78A497848
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/3IFvMVtNitaDzDZ2I33gYTpOiWY.roa
Signing time:             Mon 13 May 2024 19:54:25 +0000
ROA not before:           Mon 13 May 2024 19:54:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203847
IP address blocks:        45.142.15.0/24 maxlen: 24
                          62.112.200.0/22 maxlen: 22
                          185.122.44.0/22 maxlen: 22
                          185.122.44.0/23 maxlen: 23
                          185.122.44.0/24 maxlen: 24
                          185.122.45.0/24 maxlen: 24
                          185.122.46.0/23 maxlen: 23
                          185.122.46.0/24 maxlen: 24
                          185.122.47.0/24 maxlen: 24
                          185.206.52.0/23 maxlen: 23
                          193.162.128.0/24 maxlen: 24
                          2a01:57e0:1::/48 maxlen: 48
                          2a01:57e0:200::/39 maxlen: 39
                          2a01:57e0:400::/39 maxlen: 39
Validation:               Failed, certificate revoked on Fri 04 Oct 2024 09:29:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:73:85:48:e5:61:0b:b3:3a:bf:95:e7:b7:8a:49:78:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: May 13 19:54:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc816f315b4d8ad683cc3676237de0613a4e8966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a8:68:c8:d8:2a:04:c5:f2:ed:f4:c0:06:82:
                    92:14:44:1e:32:31:9a:d8:d8:f7:71:1c:ba:2f:ae:
                    e3:03:49:4a:72:1a:3d:aa:f4:ef:16:42:fa:77:e2:
                    ee:59:b2:86:c0:d8:a0:96:c0:81:d3:a5:f5:fe:c3:
                    56:15:69:e8:4b:d6:ec:9d:11:f3:d8:1a:53:4b:f3:
                    41:a8:1a:fe:ac:1b:f1:1a:23:5e:d9:1c:61:a6:64:
                    ea:6a:21:29:b7:92:94:ff:23:a7:1b:52:c8:f6:a6:
                    c6:9a:0c:38:98:64:f2:86:3e:d4:fc:d6:ee:c0:3d:
                    83:58:e4:0e:fa:11:ca:bb:9b:04:95:1f:da:da:36:
                    bc:55:02:a1:66:d2:23:ed:09:f9:9f:ca:5b:e4:62:
                    14:6a:01:19:df:2f:e1:6c:35:34:32:8e:a8:9e:c7:
                    12:b5:0d:eb:e1:47:42:18:a4:1f:a8:8e:2c:af:5e:
                    5a:42:d0:d6:69:3e:be:1a:5a:20:88:0b:2b:df:20:
                    3e:15:0b:e4:83:65:2f:4d:4f:81:a2:cc:5f:7c:2e:
                    85:10:7f:0f:a0:74:74:43:01:6d:ab:03:ad:a7:b7:
                    fe:9a:be:4b:b2:3e:7e:2d:f9:41:a4:15:79:d3:60:
                    44:cd:81:61:0a:fd:d9:b5:f0:74:0a:f5:05:f4:52:
                    3f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:81:6F:31:5B:4D:8A:D6:83:CC:36:76:23:7D:E0:61:3A:4E:89:66
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/3IFvMVtNitaDzDZ2I33gYTpOiWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.15.0/24
                  62.112.200.0/22
                  185.122.44.0/22
                  185.206.52.0/23
                  193.162.128.0/24
                IPv6:
                  2a01:57e0:1::/48
                  2a01:57e0:200::-2a01:57e0:5ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         61:65:2f:aa:45:b0:b2:f0:c9:42:d5:e4:a8:69:2a:7c:18:9d:
         87:e1:12:da:f1:34:94:ef:2b:94:91:89:fd:66:19:41:7d:dd:
         4d:fe:30:28:94:25:ff:67:c8:14:67:ff:f8:6c:0b:95:5a:77:
         f2:ff:0a:79:7e:bf:e5:04:4e:21:9f:2e:0a:6e:26:05:8d:9c:
         55:59:e3:ce:80:dd:c9:5d:a0:a2:f9:50:ca:4b:f6:f7:14:d8:
         de:79:79:e0:76:9a:92:e3:b9:9f:ec:15:5f:7c:3d:c4:fd:a5:
         9e:16:19:2e:e8:44:73:40:fe:6d:7a:b0:44:9e:7d:b2:a7:6b:
         6e:ee:02:9e:c4:1e:fe:5b:77:b1:8f:36:a2:40:c6:e3:b9:ac:
         c9:19:5b:c2:5d:5b:ab:7d:a0:60:b4:75:25:83:e6:ed:fc:b0:
         d8:6d:e9:0f:f6:aa:90:24:2b:55:87:3c:37:70:79:66:3c:11:
         bd:e3:a1:9b:be:6c:68:5c:4c:07:28:ba:83:36:44:3a:51:2c:
         e8:8b:13:ef:0a:cf:92:ac:41:5c:f6:35:b9:cf:74:3d:59:38:
         b3:b1:99:35:07:f2:8b:1f:48:b7:73:56:45:17:69:3f:96:37:
         d9:a7:ec:d8:d0:bb:68:59:33:b9:be:de:0c:88:91:31:71:7e:
         79:48:62:44
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAY9zhUjlYQuzOr+V57eKSXhIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjQwNTEzMTk1NDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzgxNmYzMTViNGQ4YWQ2ODNjYzM2NzYyMzdkZTA2MTNhNGU4OTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6hoyNgqBMXy7fTABoKSFEQeMjGa
2Nj3cRy6L67jA0lKcho9qvTvFkL6d+LuWbKGwNiglsCB06X1/sNWFWnoS9bsnRHz
2BpTS/NBqBr+rBvxGiNe2RxhpmTqaiEpt5KU/yOnG1LI9qbGmgw4mGTyhj7U/Nbu
wD2DWOQO+hHKu5sElR/a2ja8VQKhZtIj7Qn5n8pb5GIUagEZ3y/hbDU0Mo6onscS
tQ3r4UdCGKQfqI4sr15aQtDWaT6+GlogiAsr3yA+FQvkg2UvTU+BosxffC6FEH8P
oHR0QwFtqwOtp7f+mr5Lsj5+LflBpBV502BEzYFhCv3ZtfB0CvUF9FI/EwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFNyBbzFbTYrWg8w2diN94GE6TolmMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvM0lGdk1WdE5pdGFEekRaMkkzM2dZVHBPaVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAkBAIAATAeAwQALY4PAwQC
PnDIAwQCuXosAwQBuc40AwQAwaKAMCEEAgACMBsDBwAqAVfgAAEwEAMGASoBV+AC
AwYBKgFX4AQwDQYJKoZIhvcNAQELBQADggEBAGFlL6pFsLLwyULV5KhpKnwYnYfh
EtrxNJTvK5SRif1mGUF93U3+MCiUJf9nyBRn//hsC5Vad/L/Cnl+v+UETiGfLgpu
JgWNnFVZ486A3cldoKL5UMpL9vcU2N55eeB2mpLjuZ/sFV98PcT9pZ4WGS7oRHNA
/m16sESefbKna27uAp7EHv5bd7GPNqJAxuO5rMkZW8JdW6t9oGC0dSWD5u38sNht
6Q/2qpAkK1WHPDdweWY8Eb3joZu+bGhcTAcouoM2RDpRLOiLE+8Kz5KsQVz2NbnP
dD1ZOLOxmTUH8osfSLdzVkUXaT+WN9mn7NjQu2hZM7m+3gyIkTFxfnlIYkQ=
-----END CERTIFICATE-----