Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/nZBLHZ8ocp1EPfG7n-vTRg4nLtE.roa
File:                     nZBLHZ8ocp1EPfG7n-vTRg4nLtE.roa (raw, json)
Hash identifier:          uaG24IkgVhWyROQ03bdnofoSv7EybW2qeBwqBrisgMA=
Subject key identifier:   9D:90:4B:1D:9F:28:72:9D:44:3D:F1:BB:9F:EB:D3:46:0E:27:2E:D1
Certificate issuer:       /CN=3692fedf59c60d3254e37a9c8ecde11c9ba1282a
Certificate serial:       0193F36FB6F1B6D6847210F565CFB817B5B8
Authority key identifier: 36:92:FE:DF:59:C6:0D:32:54:E3:7A:9C:8E:CD:E1:1C:9B:A1:28:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/nZBLHZ8ocp1EPfG7n-vTRg4nLtE.roa
Signing time:             Mon 23 Dec 2024 12:13:24 +0000
ROA not before:           Mon 23 Dec 2024 12:13:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        62.201.192.0/24 maxlen: 24
                          62.201.199.0/24 maxlen: 24
                          62.201.200.0/24 maxlen: 24
                          62.201.201.0/24 maxlen: 24
                          62.201.203.0/24 maxlen: 24
                          62.201.204.0/24 maxlen: 24
                          62.201.205.0/24 maxlen: 24
                          62.201.207.0/24 maxlen: 24
                          62.201.208.0/24 maxlen: 24
                          62.201.237.0/24 maxlen: 24
                          62.201.248.0/24 maxlen: 24
                          185.90.106.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 03:48:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f3:6f:b6:f1:b6:d6:84:72:10:f5:65:cf:b8:17:b5:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3692fedf59c60d3254e37a9c8ecde11c9ba1282a
        Validity
            Not Before: Dec 23 12:13:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d904b1d9f28729d443df1bb9febd3460e272ed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:41:be:d9:a1:fe:d8:c5:d9:a7:52:b0:ad:b5:
                    1a:0a:40:e9:c6:72:02:96:ce:26:85:1e:9f:ad:52:
                    a3:bb:49:e5:3d:f3:0c:8c:dc:25:43:c8:64:cc:f0:
                    97:b5:5c:72:52:3b:c6:b1:1e:7a:20:63:28:24:15:
                    6e:06:ef:b6:9c:fe:85:82:af:2e:18:47:35:da:fc:
                    fa:4a:20:69:f0:96:da:50:d1:f8:27:7d:55:98:3f:
                    af:f4:5d:5d:08:82:77:7d:9d:ed:bc:37:6a:2d:b1:
                    ac:21:d6:60:cd:22:ea:71:ab:9e:31:b8:a7:2b:67:
                    89:5f:bf:50:e7:72:ee:af:f9:68:cc:f8:c4:66:3e:
                    34:0c:7a:cb:2e:74:68:2f:f4:da:f5:16:53:ed:75:
                    95:9c:39:47:8b:68:0c:ba:c9:6a:97:8b:8d:67:ea:
                    22:18:fb:a5:9a:af:5d:17:e7:74:26:c4:0a:e1:0e:
                    a2:96:47:48:dd:5c:db:ed:89:89:66:64:04:58:98:
                    89:1c:18:78:f3:9a:e6:30:00:e0:c8:32:8f:0c:19:
                    51:36:88:0e:8b:92:89:42:83:27:56:c2:07:34:10:
                    6d:4e:0a:e5:b5:a3:3a:8b:49:b4:50:d1:88:7d:a0:
                    c0:0f:ed:11:77:3d:aa:aa:12:32:2f:d3:50:b3:1b:
                    64:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:90:4B:1D:9F:28:72:9D:44:3D:F1:BB:9F:EB:D3:46:0E:27:2E:D1
            X509v3 Authority Key Identifier:
                keyid:36:92:FE:DF:59:C6:0D:32:54:E3:7A:9C:8E:CD:E1:1C:9B:A1:28:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/nZBLHZ8ocp1EPfG7n-vTRg4nLtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/NpL-31nGDTJU43qcjs3hHJuhKCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.192.0/24
                  62.201.199.0-62.201.201.255
                  62.201.203.0-62.201.205.255
                  62.201.207.0-62.201.208.255
                  62.201.237.0/24
                  62.201.248.0/24
                  185.90.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:38:e8:6b:85:cf:c8:8b:32:b5:1f:8e:73:ec:f9:cb:65:2c:
         9f:77:6e:89:44:99:b1:4e:bb:eb:8b:4c:49:e9:cd:f5:9b:6f:
         d0:7c:13:f9:8b:31:d9:7e:1f:93:1d:76:8c:46:94:df:7d:19:
         7f:ca:fc:cf:64:86:df:8a:81:8b:2c:ae:cc:de:67:3c:54:ef:
         e7:1a:b7:bf:56:a8:29:fb:8e:40:c2:96:18:df:15:b0:16:21:
         22:37:d4:b9:4d:be:0a:eb:e8:9c:66:fb:ef:e3:88:38:e8:bf:
         98:e7:2e:44:68:b2:18:49:1a:fd:ba:fb:1e:66:78:f6:d2:6f:
         3f:10:db:82:0f:d0:0b:b4:8e:26:b6:23:d3:f1:c5:0c:1e:58:
         34:52:c0:c7:8d:4d:75:ee:5f:4c:bc:71:0c:12:d7:68:ea:b5:
         a9:e0:bf:63:31:bf:fb:9a:41:f3:d5:15:5a:ec:77:02:e8:04:
         bf:4e:ca:0c:f9:cf:d1:8a:7b:42:b3:37:42:bd:c2:9e:1d:bd:
         d6:b9:5b:9e:77:29:78:74:18:21:50:15:16:4c:46:20:ff:30:
         da:14:81:f9:c1:8e:6c:72:d3:aa:d3:a8:a0:ba:73:99:33:47:
         10:04:75:e7:63:33:3c:63:b6:9a:05:ef:bd:4c:cf:0f:de:5d:
         be:6d:e3:9b
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZPzb7bxttaEchD1Zc+4F7W4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTJmZWRmNTljNjBkMzI1NGUzN2E5YzhlY2RlMTFjOWJh
MTI4MmEwHhcNMjQxMjIzMTIxMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDkwNGIxZDlmMjg3MjlkNDQzZGYxYmI5ZmViZDM0NjBlMjcyZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0G+2aH+2MXZp1KwrbUaCkDpxnIC
ls4mhR6frVKju0nlPfMMjNwlQ8hkzPCXtVxyUjvGsR56IGMoJBVuBu+2nP6Fgq8u
GEc12vz6SiBp8JbaUNH4J31VmD+v9F1dCIJ3fZ3tvDdqLbGsIdZgzSLqcaueMbin
K2eJX79Q53Lur/lozPjEZj40DHrLLnRoL/Ta9RZT7XWVnDlHi2gMuslql4uNZ+oi
GPulmq9dF+d0JsQK4Q6ilkdI3Vzb7YmJZmQEWJiJHBh485rmMADgyDKPDBlRNogO
i5KJQoMnVsIHNBBtTgrltaM6i0m0UNGIfaDAD+0Rdz2qqhIyL9NQsxtkiQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFJ2QSx2fKHKdRD3xu5/r00YOJy7RMB8GA1UdIwQY
MBaAFDaS/t9Zxg0yVON6nI7N4RyboSgqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBMLTMxbkdEVEpVNDNxY2pzM2hISnVoS0NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81YzVhZDAtZDJkYS00MGRiLTk1ZDEt
ZTdiZTVlMzBhZDJkLzEvblpCTEhaOG9jcDFFUGZHN24tdlRSZzRuTHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81YzVhZDAtZDJkYS00MGRiLTk1ZDEtZTdiZTVlMzBhZDJk
LzEvTnBMLTMxbkdEVEpVNDNxY2pzM2hISnVoS0NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAPsnAMAwD
BAA+yccDBAE+ycgwDAMEAD7JywMEAT7JzDAMAwQAPsnPAwQAPsnQAwQAPsntAwQA
Psn4AwQAuVpqMA0GCSqGSIb3DQEBCwUAA4IBAQDSOOhrhc/IizK1H45z7PnLZSyf
d26JRJmxTrvri0xJ6c31m2/QfBP5izHZfh+THXaMRpTffRl/yvzPZIbfioGLLK7M
3mc8VO/nGre/Vqgp+45AwpYY3xWwFiEiN9S5Tb4K6+icZvvv44g46L+Y5y5EaLIY
SRr9uvseZnj20m8/ENuCD9ALtI4mtiPT8cUMHlg0UsDHjU117l9MvHEMEtdo6rWp
4L9jMb/7mkHz1RVa7HcC6AS/TsoM+c/RintCszdCvcKeHb3WuVuedyl4dBghUBUW
TEYg/zDaFIH5wY5sctOq06igunOZM0cQBHXnYzM8Y7aaBe+9TM8P3l2+beOb
-----END CERTIFICATE-----