Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/i61xGb_BY-dycod9jHkFhPvaI78.roa
File:                     i61xGb_BY-dycod9jHkFhPvaI78.roa (raw, json)
Hash identifier:          RF2BDJIWzYrtyOcGRc1YuXZzfkRSfaGIIExAIIk+foE=
Subject key identifier:   8B:AD:71:19:BF:C1:63:E7:72:72:87:7D:8C:79:05:84:FB:DA:23:BF
Certificate issuer:       /CN=9e30294b7e4645aaedb54672d48065b1b1cebc62
Certificate serial:       019368DACCBE7BFB6C06717200ABCBADAEA1
Authority key identifier: 9E:30:29:4B:7E:46:45:AA:ED:B5:46:72:D4:80:65:B1:B1:CE:BC:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njApS35GRarttUZy1IBlsbHOvGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/i61xGb_BY-dycod9jHkFhPvaI78.roa
Signing time:             Tue 26 Nov 2024 14:23:09 +0000
ROA not before:           Tue 26 Nov 2024 14:23:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206123
IP address blocks:        45.131.168.0/22 maxlen: 24
                          93.115.211.0/24 maxlen: 24
                          93.115.253.0/24 maxlen: 24
                          109.106.16.0/23 maxlen: 24
                          109.106.18.0/23 maxlen: 24
                          109.237.72.0/22 maxlen: 24
                          171.22.12.0/22 maxlen: 24
                          185.123.128.0/22 maxlen: 24
                          185.195.196.0/22 maxlen: 24
                          185.211.92.0/22 maxlen: 24
                          185.254.118.0/23 maxlen: 24
                          2a0a:5ec0::/29 maxlen: 29
                          2a0d:c340::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 03:49:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:68:da:cc:be:7b:fb:6c:06:71:72:00:ab:cb:ad:ae:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e30294b7e4645aaedb54672d48065b1b1cebc62
        Validity
            Not Before: Nov 26 14:23:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bad7119bfc163e77272877d8c790584fbda23bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:50:ec:80:8a:ac:ba:81:e4:03:6d:21:88:99:
                    68:ac:ab:46:e9:d1:11:a2:ab:90:2a:bd:ba:15:97:
                    88:38:ef:5b:af:a8:32:a8:78:b2:92:cf:6e:7f:3a:
                    46:22:8d:59:9b:19:af:9e:7b:70:3a:12:f3:4b:db:
                    36:a5:cd:09:b1:25:66:e0:0e:0a:4e:e2:97:77:13:
                    d6:7c:cc:c9:24:a8:66:af:af:75:1e:2f:2f:1f:bf:
                    77:cf:a8:9d:2b:35:0d:cd:f2:89:59:c1:d2:86:b8:
                    e5:e0:09:5f:47:97:49:95:72:12:ee:8e:10:a4:c4:
                    4b:5a:43:3d:02:e8:be:2f:7a:57:37:da:cb:78:23:
                    7d:5f:86:7b:e7:09:37:3b:dd:81:de:22:8a:8d:68:
                    c8:1e:51:d6:7f:0e:79:e7:a8:9f:9c:7d:2b:23:ee:
                    e1:2f:a0:f8:24:bb:a2:1e:71:27:3d:25:c0:36:4d:
                    f7:55:ad:f7:27:86:3a:2b:77:55:43:7e:a1:9f:f7:
                    d5:1c:f7:69:88:62:b4:50:86:e6:74:1b:12:93:0f:
                    25:9f:22:e6:0a:fb:f9:42:81:9d:22:a1:ab:b4:41:
                    c8:ad:70:c4:da:2b:73:41:84:13:44:8d:e4:84:7c:
                    e5:19:00:a7:e1:99:87:a6:06:7c:66:c3:64:82:ea:
                    46:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AD:71:19:BF:C1:63:E7:72:72:87:7D:8C:79:05:84:FB:DA:23:BF
            X509v3 Authority Key Identifier:
                keyid:9E:30:29:4B:7E:46:45:AA:ED:B5:46:72:D4:80:65:B1:B1:CE:BC:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njApS35GRarttUZy1IBlsbHOvGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/i61xGb_BY-dycod9jHkFhPvaI78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/njApS35GRarttUZy1IBlsbHOvGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.168.0/22
                  93.115.211.0/24
                  93.115.253.0/24
                  109.106.16.0/22
                  109.237.72.0/22
                  171.22.12.0/22
                  185.123.128.0/22
                  185.195.196.0/22
                  185.211.92.0/22
                  185.254.118.0/23
                IPv6:
                  2a0a:5ec0::/29
                  2a0d:c340::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:00:bb:d4:ff:fd:23:5b:5b:f0:47:9f:57:f9:01:1b:33:7e:
         fa:17:a6:e1:34:ee:c4:55:4c:8b:0a:ce:36:26:43:62:0c:87:
         8d:d4:0d:07:03:0c:92:8c:81:64:67:d0:a5:52:76:3f:ed:07:
         39:bf:9e:d9:4c:09:8b:be:c6:2e:45:75:32:91:d9:e0:e0:cd:
         3f:0b:ba:69:1e:d9:b2:c3:df:33:9a:16:94:9b:eb:f6:12:10:
         e1:37:af:b8:7d:e9:e0:a9:84:cf:ee:17:7d:92:aa:3c:cf:6b:
         e5:9d:4f:5e:42:5e:90:9f:74:f9:a2:67:05:b5:7c:5b:5b:a7:
         9d:5a:45:c9:18:aa:de:69:c8:8e:28:6f:d8:c8:bf:ec:9f:48:
         3e:37:d4:4d:d3:bb:62:62:47:96:f5:c8:d6:92:aa:ee:22:1b:
         9a:3b:6f:e2:bc:2a:52:35:54:e5:86:84:6c:8f:2f:73:b5:bc:
         4b:f1:a5:ab:c0:16:2f:84:3e:d0:57:bb:23:7b:69:0d:1f:b8:
         d3:08:98:a9:c0:5b:12:a6:fb:7a:a7:60:c8:a7:05:ab:ff:e0:
         12:59:36:b7:94:ce:c0:72:ee:f7:68:a6:e4:d7:00:22:28:3a:
         9b:33:94:fb:02:88:32:ca:f4:80:83:31:4d:49:49:29:ba:f3:
         25:45:64:0e
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZNo2sy+e/tsBnFyAKvLra6hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzAyOTRiN2U0NjQ1YWFlZGI1NDY3MmQ0ODA2NWIxYjFj
ZWJjNjIwHhcNMjQxMTI2MTQyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFkNzExOWJmYzE2M2U3NzI3Mjg3N2Q4Yzc5MDU4NGZiZGEyM2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VDsgIqsuoHkA20hiJlorKtG6dER
oquQKr26FZeIOO9br6gyqHiyks9ufzpGIo1ZmxmvnntwOhLzS9s2pc0JsSVm4A4K
TuKXdxPWfMzJJKhmr691Hi8vH793z6idKzUNzfKJWcHShrjl4AlfR5dJlXIS7o4Q
pMRLWkM9Aui+L3pXN9rLeCN9X4Z75wk3O92B3iKKjWjIHlHWfw5556ifnH0rI+7h
L6D4JLuiHnEnPSXANk33Va33J4Y6K3dVQ36hn/fVHPdpiGK0UIbmdBsSkw8lnyLm
Cvv5QoGdIqGrtEHIrXDE2itzQYQTRI3khHzlGQCn4ZmHpgZ8ZsNkgupGdQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFIutcRm/wWPncnKHfYx5BYT72iO/MB8GA1UdIwQY
MBaAFJ4wKUt+RkWq7bVGctSAZbGxzrxiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpBcFMzNUdSYXJ0dFVaeTFJQmxzYkhPdkdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC80NGU4OTMtOTI0Ny00NTJlLTlmNjct
NjkxMzM4N2I4MDgzLzEvaTYxeEdiX0JZLWR5Y29kOWpIa0ZoUHZhSTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC80NGU4OTMtOTI0Ny00NTJlLTlmNjctNjkxMzM4N2I4MDgz
LzEvbmpBcFMzNUdSYXJ0dFVaeTFJQmxzYkhPdkdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQCLYOoAwQA
XXPTAwQAXXP9AwQCbWoQAwQCbe1IAwQCqxYMAwQCuXuAAwQCucPEAwQCudNcAwQB
uf52MBQEAgACMA4DBQMqCl7AAwUDKg3DQDANBgkqhkiG9w0BAQsFAAOCAQEAKAC7
1P/9I1tb8EefV/kBGzN++hem4TTuxFVMiwrONiZDYgyHjdQNBwMMkoyBZGfQpVJ2
P+0HOb+e2UwJi77GLkV1MpHZ4ODNPwu6aR7ZssPfM5oWlJvr9hIQ4TevuH3p4KmE
z+4XfZKqPM9r5Z1PXkJekJ90+aJnBbV8W1unnVpFyRiq3mnIjihv2Mi/7J9IPjfU
TdO7YmJHlvXI1pKq7iIbmjtv4rwqUjVU5YaEbI8vc7W8S/Glq8AWL4Q+0Fe7I3tp
DR+40wiYqcBbEqb7eqdgyKcFq//gElk2t5TOwHLu92im5NcAIig6mzOU+wKIMsr0
gIMxTUlJKbrzJUVkDg==
-----END CERTIFICATE-----