Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/dJJsWbcTf29TxL4C1QDXdgVGi6g.roa
File:                     dJJsWbcTf29TxL4C1QDXdgVGi6g.roa (raw, json)
Hash identifier:          QTir2y2zkatQ++kvz8SfyukKFyoob7zYavjJkFZ3x4Y=
Subject key identifier:   74:92:6C:59:B7:13:7F:6F:53:C4:BE:02:D5:00:D7:76:05:46:8B:A8
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       01924248538AE59AC50EA64A711C05935D6E
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/dJJsWbcTf29TxL4C1QDXdgVGi6g.roa
Signing time:             Mon 30 Sep 2024 09:34:48 +0000
ROA not before:           Mon 30 Sep 2024 09:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41313
IP address blocks:        46.35.160.0/19 maxlen: 24
                          79.110.120.0/21 maxlen: 24
                          80.95.16.0/21 maxlen: 24
                          93.152.234.0/23 maxlen: 24
                          93.175.244.0/22 maxlen: 24
                          95.158.128.0/18 maxlen: 24
                          151.252.192.0/20 maxlen: 24
                          185.18.228.0/22 maxlen: 24
                          185.40.164.0/22 maxlen: 24
                          212.21.128.0/19 maxlen: 24
                          2a00:e200::/32 maxlen: 48
                          2a0d:3b40::/29 maxlen: 48
Validation:               Failed, certificate revoked on Sun 22 Dec 2024 08:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:48:53:8a:e5:9a:c5:0e:a6:4a:71:1c:05:93:5d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Sep 30 09:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74926c59b7137f6f53c4be02d500d77605468ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:58:8f:1c:a6:67:a5:f0:a5:4b:bd:5c:43:a4:
                    9e:cb:5c:3c:5a:c7:3b:92:f4:ac:f8:03:7f:4c:74:
                    cb:33:6f:83:b3:85:39:96:1c:69:54:d2:4b:59:69:
                    5a:d3:c0:fd:6c:b8:d1:99:62:ae:fa:c6:aa:69:26:
                    06:3a:08:e4:53:2a:2d:5b:83:92:4f:dc:19:99:39:
                    d2:d8:70:b8:e6:02:75:6d:10:06:36:96:ce:9d:e6:
                    eb:23:e7:92:a2:14:bf:00:0e:d9:89:1d:d0:79:0e:
                    d2:4b:43:c3:2d:c7:14:f1:8f:6c:e9:9b:cd:3f:9a:
                    22:fb:e7:90:69:df:eb:e7:61:9d:b3:70:86:5d:ed:
                    8d:b3:93:2d:7f:b1:75:9e:1b:66:e1:34:be:0a:7b:
                    11:b8:fb:24:2a:94:4b:e2:3f:ca:bd:ef:43:5b:0a:
                    a9:f4:df:ed:c2:53:a7:e9:b5:64:8b:ea:72:0e:6c:
                    30:70:59:24:9c:5e:31:64:31:b8:8b:b7:00:cd:64:
                    6c:19:0b:d6:02:5c:61:f0:8b:e7:79:63:ca:29:d6:
                    ff:cb:ce:fe:1a:9a:c1:eb:82:85:4f:49:8f:c1:1a:
                    b8:54:5f:80:9b:5c:5d:44:3e:45:10:11:04:a0:17:
                    35:05:2d:5c:85:b2:bc:af:31:bb:22:89:f5:a9:59:
                    1b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:92:6C:59:B7:13:7F:6F:53:C4:BE:02:D5:00:D7:76:05:46:8B:A8
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/dJJsWbcTf29TxL4C1QDXdgVGi6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.35.160.0/19
                  79.110.120.0/21
                  80.95.16.0/21
                  93.152.234.0/23
                  93.175.244.0/22
                  95.158.128.0/18
                  151.252.192.0/20
                  185.18.228.0/22
                  185.40.164.0/22
                  212.21.128.0/19
                IPv6:
                  2a00:e200::/32
                  2a0d:3b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:45:fd:27:9a:ea:af:ef:87:8a:79:65:e3:37:e6:36:c7:56:
         9a:61:5a:cb:b8:d1:c6:ab:f6:8a:97:d1:7a:d7:a0:5c:1c:94:
         e7:56:e9:b1:69:8a:4d:bc:ce:e1:c0:61:1d:0c:28:c0:f7:e9:
         14:5c:c7:42:81:6e:2b:79:bf:29:f4:1f:50:14:7f:23:9b:2a:
         d6:07:c4:77:95:9f:34:4e:e8:31:39:75:ba:af:85:5d:27:a5:
         d5:a9:5a:ac:d5:22:ac:ae:d4:5d:dd:3b:52:33:35:dd:d5:6f:
         3e:58:ac:93:26:0f:8f:77:d8:53:8a:3f:51:12:62:6c:56:da:
         f6:63:2a:46:85:12:de:00:c1:05:10:aa:eb:4f:1d:70:95:50:
         96:95:4f:75:ce:e8:9c:d1:28:a1:9f:9a:e7:b1:15:ac:bc:7f:
         cf:c2:cb:43:1e:e8:0e:57:b0:e6:1b:c4:84:29:61:f4:8f:13:
         6c:37:72:1c:4f:5d:f9:16:a6:c4:4b:ab:78:79:ac:44:da:9e:
         66:e7:99:7d:14:ae:c3:3b:da:14:71:d3:8f:c2:09:12:cf:29:
         9e:8f:7f:c9:90:ae:c2:5b:d3:1c:97:aa:da:63:db:23:b1:7a:
         48:b3:e6:64:1d:78:ee:65:e4:e1:cb:1d:69:ad:84:0f:aa:72:
         71:c7:17:0e
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZJCSFOK5ZrFDqZKcRwFk11uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwOTMwMDkzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDkyNmM1OWI3MTM3ZjZmNTNjNGJlMDJkNTAwZDc3NjA1NDY4YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtViPHKZnpfClS71cQ6Sey1w8Wsc7
kvSs+AN/THTLM2+Ds4U5lhxpVNJLWWla08D9bLjRmWKu+saqaSYGOgjkUyotW4OS
T9wZmTnS2HC45gJ1bRAGNpbOnebrI+eSohS/AA7ZiR3QeQ7SS0PDLccU8Y9s6ZvN
P5oi++eQad/r52Gds3CGXe2Ns5Mtf7F1nhtm4TS+CnsRuPskKpRL4j/Kve9DWwqp
9N/twlOn6bVki+pyDmwwcFkknF4xZDG4i7cAzWRsGQvWAlxh8IvneWPKKdb/y87+
GprB64KFT0mPwRq4VF+Am1xdRD5FEBEEoBc1BS1chbK8rzG7Ion1qVkbawIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFHSSbFm3E39vU8S+AtUA13YFRouoMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvZEpKc1diY1RmMjlUeEw0QzFRRFhkZ1ZHaTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQFLiOgAwQD
T254AwQDUF8QAwQBXZjqAwQCXa/0AwQGX56AAwQEl/zAAwQCuRLkAwQCuSikAwQF
1BWAMBQEAgACMA4DBQAqAOIAAwUDKg07QDANBgkqhkiG9w0BAQsFAAOCAQEAf0X9
J5rqr++Hinll4zfmNsdWmmFay7jRxqv2ipfRetegXByU51bpsWmKTbzO4cBhHQwo
wPfpFFzHQoFuK3m/KfQfUBR/I5sq1gfEd5WfNE7oMTl1uq+FXSel1alarNUirK7U
Xd07UjM13dVvPliskyYPj3fYU4o/URJibFba9mMqRoUS3gDBBRCq608dcJVQlpVP
dc7onNEooZ+a57EVrLx/z8LLQx7oDlew5hvEhClh9I8TbDdyHE9d+RamxEureHms
RNqeZueZfRSuwzvaFHHTj8IJEs8pno9/yZCuwlvTHJeq2mPbI7F6SLPmZB147mXk
4csdaa2ED6pycccXDg==
-----END CERTIFICATE-----