Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/Z82yqh2H1xy-nVHqooN8HYbMF2E.roa
File:                     Z82yqh2H1xy-nVHqooN8HYbMF2E.roa (raw, json)
Hash identifier:          3nO3R+w8SaiyuKf1StkvX9FUP2uKb6OIfey4UF0lQZo=
Subject key identifier:   67:CD:B2:AA:1D:87:D7:1C:BE:9D:51:EA:A2:83:7C:1D:86:CC:17:61
Certificate issuer:       /CN=a0d3216cccc863eca0c3dd189941b1b9ea37cacd
Certificate serial:       0190DE66379C6822A6EE267755EAA1C7BDD9
Authority key identifier: A0:D3:21:6C:CC:C8:63:EC:A0:C3:DD:18:99:41:B1:B9:EA:37:CA:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oNMhbMzIY-ygw90YmUGxueo3ys0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/Z82yqh2H1xy-nVHqooN8HYbMF2E.roa
Signing time:             Tue 23 Jul 2024 07:02:39 +0000
ROA not before:           Tue 23 Jul 2024 07:02:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210403
IP address blocks:        78.24.248.0/21 maxlen: 24
                          78.138.45.0/24 maxlen: 24
                          78.138.58.0/24 maxlen: 24
                          185.98.131.0/24 maxlen: 24
                          185.135.132.0/24 maxlen: 24
                          185.238.116.0/24 maxlen: 24
                          193.203.239.0/24 maxlen: 24
                          194.126.193.0/24 maxlen: 24
                          213.156.132.0/22 maxlen: 24
                          213.255.195.0/24 maxlen: 24
                          2a00:7ee0:40::/44 maxlen: 48
                          2a00:7ee0:4000::/36 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Aug 2024 14:32:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:de:66:37:9c:68:22:a6:ee:26:77:55:ea:a1:c7:bd:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0d3216cccc863eca0c3dd189941b1b9ea37cacd
        Validity
            Not Before: Jul 23 07:02:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67cdb2aa1d87d71cbe9d51eaa2837c1d86cc1761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c3:53:4e:7c:a1:60:a3:bc:0d:55:a4:7d:ef:
                    09:5f:cc:0e:97:68:f3:26:07:54:2e:0e:79:a0:27:
                    3d:b4:75:45:0e:a9:10:ff:ac:3c:63:e1:51:dd:2c:
                    f0:75:f9:c5:2c:9b:c7:6c:84:01:aa:a1:f6:18:10:
                    ee:a5:a6:cf:9b:4b:20:7b:79:60:ad:4e:53:06:8b:
                    6f:35:1e:b6:3b:58:7a:24:dc:21:15:4c:f2:1e:66:
                    a0:9c:04:f2:df:a4:b5:1f:43:9c:b2:a1:b8:c1:c3:
                    e7:dc:db:e8:a7:ec:72:ad:72:71:72:e9:77:f1:d8:
                    61:a3:70:ad:ce:87:0c:3a:c1:6d:49:a7:90:bd:f0:
                    e0:84:a7:e8:ff:fd:2b:95:28:92:e4:e8:65:de:ff:
                    0f:02:da:23:a0:ca:3d:7d:5f:39:dd:3b:7d:d4:7e:
                    5b:27:a3:93:51:17:e3:d0:56:50:6b:51:3a:45:cf:
                    5e:92:1c:d0:8e:ce:ea:b0:c9:c9:3d:9f:1e:ae:bb:
                    01:f3:92:fe:e5:50:aa:5b:5f:60:04:d1:0b:1b:79:
                    f3:a2:bb:e5:7d:23:86:ba:27:92:75:bd:b9:1f:0d:
                    05:fb:ef:6a:9f:e9:42:a3:b0:54:0c:a6:39:f4:86:
                    d5:72:00:7c:59:3d:81:0c:d6:5f:c9:aa:df:4c:32:
                    2a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:CD:B2:AA:1D:87:D7:1C:BE:9D:51:EA:A2:83:7C:1D:86:CC:17:61
            X509v3 Authority Key Identifier:
                keyid:A0:D3:21:6C:CC:C8:63:EC:A0:C3:DD:18:99:41:B1:B9:EA:37:CA:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNMhbMzIY-ygw90YmUGxueo3ys0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/Z82yqh2H1xy-nVHqooN8HYbMF2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/oNMhbMzIY-ygw90YmUGxueo3ys0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.248.0/21
                  78.138.45.0/24
                  78.138.58.0/24
                  185.98.131.0/24
                  185.135.132.0/24
                  185.238.116.0/24
                  193.203.239.0/24
                  194.126.193.0/24
                  213.156.132.0/22
                  213.255.195.0/24
                IPv6:
                  2a00:7ee0:40::/44
                  2a00:7ee0:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         81:d1:a1:96:f4:b3:e1:fa:b1:eb:23:b7:4e:0f:78:07:97:c6:
         cc:33:68:84:0e:17:cd:f2:ce:58:0f:99:9e:b2:5b:31:98:8c:
         bb:0e:c9:cc:3c:15:16:55:8e:64:8f:15:f8:1a:aa:76:e6:2f:
         d2:f8:6b:0b:d8:e4:c8:0a:83:ad:9a:a7:20:fb:6c:9b:44:f2:
         39:29:91:15:57:af:cc:f9:9d:97:fc:13:37:1c:7f:6d:ed:ff:
         1f:bf:a2:5b:0f:b0:81:ef:f2:c4:66:03:71:39:83:62:79:bf:
         6c:44:01:4b:53:70:21:4e:d7:0d:4b:fe:16:11:f1:7b:39:43:
         c9:33:93:4a:37:af:68:33:ed:2f:52:ce:88:61:e6:ab:e4:cf:
         25:71:5f:9d:3b:2f:c5:ce:bb:84:d7:9b:83:72:39:93:de:02:
         b4:db:b2:85:c8:c5:e3:b4:07:39:8f:6a:04:c2:69:f1:6a:d5:
         40:63:93:9e:c1:92:00:13:69:16:4b:37:c9:0e:17:82:90:04:
         78:a8:6f:34:40:98:f5:b8:ba:31:70:29:15:17:90:a4:f2:4f:
         f7:63:8e:f9:f2:81:3a:cf:a3:01:de:8b:bc:5e:05:f2:60:c9:
         11:10:d2:58:4b:3a:5d:a0:77:86:55:00:e4:73:10:18:16:3c:
         b1:76:12:f3
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZDeZjecaCKm7iZ3Veqhx73ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZDMyMTZjY2NjODYzZWNhMGMzZGQxODk5NDFiMWI5ZWEz
N2NhY2QwHhcNMjQwNzIzMDcwMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NkYjJhYTFkODdkNzFjYmU5ZDUxZWFhMjgzN2MxZDg2Y2MxNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MNTTnyhYKO8DVWkfe8JX8wOl2jz
JgdULg55oCc9tHVFDqkQ/6w8Y+FR3SzwdfnFLJvHbIQBqqH2GBDupabPm0sge3lg
rU5TBotvNR62O1h6JNwhFUzyHmagnATy36S1H0OcsqG4wcPn3Nvop+xyrXJxcul3
8dhho3CtzocMOsFtSaeQvfDghKfo//0rlSiS5Ohl3v8PAtojoMo9fV853Tt91H5b
J6OTURfj0FZQa1E6Rc9ekhzQjs7qsMnJPZ8errsB85L+5VCqW19gBNELG3nzorvl
fSOGuieSdb25Hw0F++9qn+lCo7BUDKY59IbVcgB8WT2BDNZfyarfTDIqlwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFGfNsqodh9ccvp1R6qKDfB2GzBdhMB8GA1UdIwQY
MBaAFKDTIWzMyGPsoMPdGJlBsbnqN8rNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb05NaGJNeklZLXlndzkwWW1VR3h1ZW8zeXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hNWIyZDEtY2JhMC00YTU0LWI0Mzgt
MGQ0NGMwNGE4NDQ4LzEvWjgyeXFoMkgxeHktblZIcW9vTjhIWWJNRjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hNWIyZDEtY2JhMC00YTU0LWI0MzgtMGQ0NGMwNGE4NDQ4
LzEvb05NaGJNeklZLXlndzkwWW1VR3h1ZW8zeXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBCBAIAATA8AwQDThj4AwQA
TootAwQAToo6AwQAuWKDAwQAuYeEAwQAue50AwQAwcvvAwQAwn7BAwQC1ZyEAwQA
1f/DMBcEAgACMBEDBwQqAH7gAEADBgQqAH7gQDANBgkqhkiG9w0BAQsFAAOCAQEA
gdGhlvSz4fqx6yO3Tg94B5fGzDNohA4XzfLOWA+ZnrJbMZiMuw7JzDwVFlWOZI8V
+BqqduYv0vhrC9jkyAqDrZqnIPtsm0TyOSmRFVevzPmdl/wTNxx/be3/H7+iWw+w
ge/yxGYDcTmDYnm/bEQBS1NwIU7XDUv+FhHxezlDyTOTSjevaDPtL1LOiGHmq+TP
JXFfnTsvxc67hNebg3I5k94CtNuyhcjF47QHOY9qBMJp8WrVQGOTnsGSABNpFks3
yQ4XgpAEeKhvNECY9bi6MXApFReQpPJP92OO+fKBOs+jAd6LvF4F8mDJERDSWEs6
XaB3hlUA5HMQGBY8sXYS8w==
-----END CERTIFICATE-----