Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/2MGmXGmr9mdkJ7ygRcvtcBZqXRs.roa
File:                     2MGmXGmr9mdkJ7ygRcvtcBZqXRs.roa (raw, json)
Hash identifier:          1J07UtjwaljNzU97C0NfTSyr4dxA0Q3HmNxy89agkgI=
Subject key identifier:   D8:C1:A6:5C:69:AB:F6:67:64:27:BC:A0:45:CB:ED:70:16:6A:5D:1B
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       01905ADB43769FD0B9F8DC42EF01C359497D
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/2MGmXGmr9mdkJ7ygRcvtcBZqXRs.roa
Signing time:             Thu 27 Jun 2024 18:00:37 +0000
ROA not before:           Thu 27 Jun 2024 18:00:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64200
IP address blocks:        45.67.147.0/24 maxlen: 24
                          63.246.136.0/24 maxlen: 24
                          63.246.139.0/24 maxlen: 24
                          63.246.142.0/24 maxlen: 24
                          63.246.145.0/24 maxlen: 24
                          63.246.146.0/23 maxlen: 23
                          63.246.149.0/24 maxlen: 24
                          63.246.158.0/23 maxlen: 23
                          185.171.124.0/24 maxlen: 24
                          185.171.125.0/24 maxlen: 24
                          185.171.127.0/24 maxlen: 24
                          185.198.88.0/24 maxlen: 24
                          185.205.206.0/24 maxlen: 24
                          192.145.68.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 09 Jul 2024 19:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5a:db:43:76:9f:d0:b9:f8:dc:42:ef:01:c3:59:49:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jun 27 18:00:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8c1a65c69abf6676427bca045cbed70166a5d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2c:0c:d4:5c:57:bb:6d:5b:14:d6:22:68:58:
                    18:b6:ff:bb:85:a1:76:51:cb:5c:a4:a3:57:df:09:
                    8e:6d:f3:ec:19:4a:01:64:b4:90:01:17:ae:43:7e:
                    66:5c:2e:b4:24:96:7e:fa:b6:3f:33:d9:da:43:1b:
                    b8:bc:c1:0e:e0:46:aa:d5:ba:d8:14:f3:f0:73:3e:
                    47:92:31:a4:c3:47:6d:5b:42:d7:a2:3e:a7:23:28:
                    0b:d7:ca:17:00:79:73:c8:ac:dc:cd:17:7d:e5:4b:
                    49:dd:c1:f4:46:22:a6:49:62:8d:e7:e9:ce:81:b7:
                    0d:7a:e3:6b:42:c6:20:91:13:ca:1f:e1:25:a0:9a:
                    f0:6b:38:94:cb:6c:e0:e6:61:f2:d6:46:c4:21:39:
                    aa:d2:05:79:20:52:3d:2d:bc:8b:00:29:c1:2b:d5:
                    38:f3:cb:c2:7f:59:6d:d7:57:1f:9f:14:6f:46:3a:
                    55:f6:5a:e8:07:36:a2:45:a4:65:4c:65:d0:ab:83:
                    6e:f6:dc:1c:90:79:e8:f6:73:f4:40:7d:ec:53:a1:
                    33:62:e6:a6:bb:dc:4f:fe:6b:f9:c5:44:19:fb:13:
                    b4:bd:68:ca:c8:25:69:8d:3d:13:b6:cd:c3:9c:e3:
                    f0:4e:b9:3a:8e:10:ff:5d:38:5a:91:cb:11:ec:3a:
                    58:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C1:A6:5C:69:AB:F6:67:64:27:BC:A0:45:CB:ED:70:16:6A:5D:1B
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/2MGmXGmr9mdkJ7ygRcvtcBZqXRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.147.0/24
                  63.246.136.0/24
                  63.246.139.0/24
                  63.246.142.0/24
                  63.246.145.0-63.246.147.255
                  63.246.149.0/24
                  63.246.158.0/23
                  185.171.124.0/23
                  185.171.127.0/24
                  185.198.88.0/24
                  185.205.206.0/24
                  192.145.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:be:e1:f1:6f:a6:39:c0:b7:d6:4e:6d:f1:21:91:e6:d1:b7:
         ce:c6:cd:82:90:bc:37:33:0a:cd:ac:f4:89:fe:b5:f8:c1:c0:
         6f:4d:1e:bb:a6:8c:4d:c9:07:54:a7:36:83:31:d5:89:3b:81:
         fa:9c:35:39:61:4a:3a:5f:d0:c3:64:53:7e:50:97:0b:50:cf:
         a2:12:f6:7b:db:bd:e5:d2:68:9f:1c:31:25:f1:bc:5e:16:1b:
         40:25:a3:8f:28:6f:1b:bf:32:3a:8d:71:c0:8b:c2:a6:d7:93:
         5a:e8:48:6e:36:9f:e4:c6:eb:8f:91:df:d9:e0:88:d5:53:ac:
         a1:72:2e:f1:b8:24:ec:90:b3:02:e9:26:c4:96:ef:70:71:12:
         83:47:df:d2:c8:dd:52:1e:72:3b:42:96:d6:2e:21:cc:c9:29:
         a3:ab:f2:85:70:1a:c7:04:79:96:0d:a1:7a:44:57:0e:22:1a:
         e6:4f:88:89:fc:91:19:94:5a:ab:81:bd:50:8a:48:45:04:8e:
         e7:d3:07:51:8c:90:ea:2b:d1:37:0c:f3:51:68:a6:17:0c:d8:
         d6:a7:c7:41:23:d3:ea:d4:3b:c0:7f:28:c5:53:da:30:32:69:
         3e:29:53:49:e0:66:da:65:9c:16:d3:d0:4c:d1:1c:31:18:c7:
         24:0c:da:6e
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZBa20N2n9C5+NxC7wHDWUl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwNjI3MTgwMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGMxYTY1YzY5YWJmNjY3NjQyN2JjYTA0NWNiZWQ3MDE2NmE1ZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSwM1FxXu21bFNYiaFgYtv+7haF2
UctcpKNX3wmObfPsGUoBZLSQAReuQ35mXC60JJZ++rY/M9naQxu4vMEO4Eaq1brY
FPPwcz5HkjGkw0dtW0LXoj6nIygL18oXAHlzyKzczRd95UtJ3cH0RiKmSWKN5+nO
gbcNeuNrQsYgkRPKH+EloJrwaziUy2zg5mHy1kbEITmq0gV5IFI9LbyLACnBK9U4
88vCf1lt11cfnxRvRjpV9lroBzaiRaRlTGXQq4Nu9twckHno9nP0QH3sU6EzYuam
u9xP/mv5xUQZ+xO0vWjKyCVpjT0Tts3DnOPwTrk6jhD/XThakcsR7DpYFQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFNjBplxpq/ZnZCe8oEXL7XAWal0bMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvMk1HbVhHbXI5bWRrSjd5Z1JjdnRjQlpxWFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALUOTAwQA
P/aIAwQAP/aLAwQAP/aOMAwDBAA/9pEDBAI/9pADBAA/9pUDBAE/9p4DBAG5q3wD
BAC5q38DBAC5xlgDBAC5zc4DBADAkUQwDQYJKoZIhvcNAQELBQADggEBAJm+4fFv
pjnAt9ZObfEhkebRt87GzYKQvDczCs2s9In+tfjBwG9NHrumjE3JB1SnNoMx1Yk7
gfqcNTlhSjpf0MNkU35QlwtQz6IS9nvbveXSaJ8cMSXxvF4WG0Alo48obxu/MjqN
ccCLwqbXk1roSG42n+TG64+R39ngiNVTrKFyLvG4JOyQswLpJsSW73BxEoNH39LI
3VIecjtCltYuIczJKaOr8oVwGscEeZYNoXpEVw4iGuZPiIn8kRmUWquBvVCKSEUE
jufTB1GMkOor0TcM81FophcM2Nanx0Ej0+rUO8B/KMVT2jAyaT4pU0ngZtplnBbT
0EzRHDEYxyQM2m4=
-----END CERTIFICATE-----