Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/doJsPf8qqifYO13LXwmOcsmKD68.roa
File:                     doJsPf8qqifYO13LXwmOcsmKD68.roa (raw, json)
Hash identifier:          mEgxBTq+wWGAIEvHiBxOe/j4i9LBHaNttPWGCARl65k=
Subject key identifier:   76:82:6C:3D:FF:2A:AA:27:D8:3B:5D:CB:5F:09:8E:72:C9:8A:0F:AF
Certificate issuer:       /CN=c1acf260d23263a7c6bb6c59c19eebc6759b60be
Certificate serial:       0193877C4AA73E8202980D47C0BD15FB3D45
Authority key identifier: C1:AC:F2:60:D2:32:63:A7:C6:BB:6C:59:C1:9E:EB:C6:75:9B:60:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wazyYNIyY6fGu2xZwZ7rxnWbYL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/doJsPf8qqifYO13LXwmOcsmKD68.roa
Signing time:             Mon 02 Dec 2024 13:08:09 +0000
ROA not before:           Mon 02 Dec 2024 13:08:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13280
IP address blocks:        31.200.128.0/18 maxlen: 24
                          62.40.32.0/19 maxlen: 24
                          80.233.0.0/17 maxlen: 24
                          83.136.40.0/21 maxlen: 24
                          89.204.160.0/19 maxlen: 24
                          89.204.160.0/20 maxlen: 24
                          89.204.192.0/18 maxlen: 24
                          92.251.128.0/17 maxlen: 24
                          92.251.240.0/21 maxlen: 24
                          95.83.192.0/18 maxlen: 24
                          95.83.229.0/24 maxlen: 24
                          178.167.128.0/17 maxlen: 24
                          185.60.124.0/22 maxlen: 24
                          213.191.224.0/19 maxlen: 24
                          2a00:8680::/32 maxlen: 32
                          2a02:6880::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 03:49:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:87:7c:4a:a7:3e:82:02:98:0d:47:c0:bd:15:fb:3d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1acf260d23263a7c6bb6c59c19eebc6759b60be
        Validity
            Not Before: Dec  2 13:08:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76826c3dff2aaa27d83b5dcb5f098e72c98a0faf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:42:2b:2a:0d:29:5e:c0:6f:72:7d:cb:98:d5:
                    06:15:90:4c:d7:f2:17:0d:2e:31:02:ed:29:74:3b:
                    e8:4d:c8:de:12:80:90:79:59:9f:21:a0:37:3c:d1:
                    c7:ea:c6:ae:2d:9f:94:96:e1:5b:e9:e2:22:9b:91:
                    8e:4d:bc:02:99:58:69:ee:4a:56:c3:c7:36:40:43:
                    01:c3:22:ad:76:f1:64:e0:23:4e:a8:88:e6:61:43:
                    30:13:d4:90:58:aa:8e:eb:89:67:95:52:ab:c6:c1:
                    c3:cd:5a:e8:7f:df:e9:21:1d:2c:51:aa:13:a6:0f:
                    4e:43:e0:ba:cf:32:7f:11:6e:cb:03:60:6e:53:dd:
                    2e:7b:45:9b:25:78:cb:9a:1b:86:90:1b:eb:61:a8:
                    09:db:25:86:65:a9:e9:ce:b8:1a:8f:82:a2:cd:aa:
                    ec:d3:b5:7a:16:60:37:81:d0:df:ce:28:c3:14:27:
                    a5:23:af:41:2c:a2:ae:64:c5:1e:6f:4c:43:4e:3c:
                    69:a2:4c:69:c8:6a:fc:a5:36:f3:ff:df:3b:90:ef:
                    8b:1b:b6:45:a3:c8:8a:4d:13:4d:66:ec:c6:42:4c:
                    b4:fd:0f:5e:78:af:12:af:5a:13:da:35:dc:d6:eb:
                    7b:a2:2a:25:77:77:9b:36:74:ed:0a:17:3a:f0:00:
                    e1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:82:6C:3D:FF:2A:AA:27:D8:3B:5D:CB:5F:09:8E:72:C9:8A:0F:AF
            X509v3 Authority Key Identifier:
                keyid:C1:AC:F2:60:D2:32:63:A7:C6:BB:6C:59:C1:9E:EB:C6:75:9B:60:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wazyYNIyY6fGu2xZwZ7rxnWbYL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/doJsPf8qqifYO13LXwmOcsmKD68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/wazyYNIyY6fGu2xZwZ7rxnWbYL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.200.128.0/18
                  62.40.32.0/19
                  80.233.0.0/17
                  83.136.40.0/21
                  89.204.160.0-89.204.255.255
                  92.251.128.0/17
                  95.83.192.0/18
                  178.167.128.0/17
                  185.60.124.0/22
                  213.191.224.0/19
                IPv6:
                  2a00:8680::/32
                  2a02:6880::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:4a:21:b3:4a:af:3f:e2:ae:f4:a6:90:d3:a9:48:ab:4e:e6:
         e1:c4:37:f9:6b:e7:1b:a9:24:0c:84:7b:dd:2e:78:14:4b:e2:
         53:9d:ab:05:02:c9:50:76:63:f1:b5:a4:77:2a:e1:9f:b5:c5:
         61:3b:e8:33:18:1d:3d:e9:f8:4f:73:f7:f2:44:8b:91:ec:1b:
         bb:fa:42:7c:8e:1d:e1:6e:d8:eb:51:1c:e1:77:85:0b:fb:48:
         2d:b1:2e:41:cf:7c:d2:02:ed:56:fd:8b:bc:b0:b7:a0:a8:38:
         f1:c1:eb:6c:96:47:7a:d0:f7:d7:ad:3b:f9:72:04:95:45:25:
         2d:1f:19:e0:15:e7:9d:f2:a1:25:81:75:19:fd:f6:85:63:e9:
         18:1a:02:16:1b:70:43:e7:5f:79:3a:2e:bc:da:fd:95:e5:e3:
         22:36:1a:6a:e5:72:dc:e5:11:2b:1a:d3:3b:d8:60:5e:5c:a6:
         35:e3:2e:0a:6f:12:bd:ce:cf:63:d1:81:7e:44:6d:e4:3c:68:
         a5:e0:09:ce:2e:11:85:95:fd:6c:0a:9f:d6:a8:18:c0:7f:a7:
         05:8f:7a:30:a9:96:5e:54:df:cf:0d:6a:69:85:cc:8b:38:37:
         fc:4c:36:35:17:2c:5f:c0:c6:10:82:65:44:e8:b4:45:13:99:
         41:a5:86:b7
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZOHfEqnPoICmA1HwL0V+z1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWNmMjYwZDIzMjYzYTdjNmJiNmM1OWMxOWVlYmM2NzU5
YjYwYmUwHhcNMjQxMjAyMTMwODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjgyNmMzZGZmMmFhYTI3ZDgzYjVkY2I1ZjA5OGU3MmM5OGEwZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0IrKg0pXsBvcn3LmNUGFZBM1/IX
DS4xAu0pdDvoTcjeEoCQeVmfIaA3PNHH6sauLZ+UluFb6eIim5GOTbwCmVhp7kpW
w8c2QEMBwyKtdvFk4CNOqIjmYUMwE9SQWKqO64lnlVKrxsHDzVrof9/pIR0sUaoT
pg9OQ+C6zzJ/EW7LA2BuU90ue0WbJXjLmhuGkBvrYagJ2yWGZanpzrgaj4Kizars
07V6FmA3gdDfzijDFCelI69BLKKuZMUeb0xDTjxpokxpyGr8pTbz/987kO+LG7ZF
o8iKTRNNZuzGQky0/Q9eeK8Sr1oT2jXc1ut7oiold3ebNnTtChc68ADhkQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFHaCbD3/Kqon2Dtdy18JjnLJig+vMB8GA1UdIwQY
MBaAFMGs8mDSMmOnxrtsWcGe68Z1m2C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2F6eVlOSXlZNmZHdTJ4WndaN3J4bldiWUw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9kMGMxN2EtMTliNy00MTQyLWI5NDEt
ZmZkNjQ2ZDA1ZjY3LzEvZG9Kc1BmOHFxaWZZTzEzTFh3bU9jc21LRDY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9kMGMxN2EtMTliNy00MTQyLWI5NDEtZmZkNjQ2ZDA1ZjY3
LzEvd2F6eVlOSXlZNmZHdTJ4WndaN3J4bldiWUw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBJBAIAATBDAwQGH8iAAwQF
PiggAwQHUOkAAwQDU4goMAsDBAVZzKADAwBZzAMEB1z7gAMEBl9TwAMEB7KngAME
Ark8fAMEBdW/4DAUBAIAAjAOAwUAKgCGgAMFACoCaIAwDQYJKoZIhvcNAQELBQAD
ggEBACdKIbNKrz/irvSmkNOpSKtO5uHEN/lr5xupJAyEe90ueBRL4lOdqwUCyVB2
Y/G1pHcq4Z+1xWE76DMYHT3p+E9z9/JEi5HsG7v6QnyOHeFu2OtRHOF3hQv7SC2x
LkHPfNIC7Vb9i7ywt6CoOPHB62yWR3rQ99etO/lyBJVFJS0fGeAV553yoSWBdRn9
9oVj6RgaAhYbcEPnX3k6Lrza/ZXl4yI2GmrlctzlESsa0zvYYF5cpjXjLgpvEr3O
z2PRgX5EbeQ8aKXgCc4uEYWV/WwKn9aoGMB/pwWPejCpll5U388NammFzIs4N/xM
NjUXLF/AxhCCZUTotEUTmUGlhrc=
-----END CERTIFICATE-----