Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/SKuJi-k0Q8tff6MTHrOgcZqQCGg.roa
File:                     SKuJi-k0Q8tff6MTHrOgcZqQCGg.roa (raw, json)
Hash identifier:          9ZFdVp+/MNNq3ZckhjG0Oh8EuBy8kko5zLZ8PjN/r7c=
Subject key identifier:   48:AB:89:8B:E9:34:43:CB:5F:7F:A3:13:1E:B3:A0:71:9A:90:08:68
Certificate issuer:       /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial:       01900250979884449E59195046D54CBDD58A
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/SKuJi-k0Q8tff6MTHrOgcZqQCGg.roa
Signing time:             Mon 10 Jun 2024 13:22:34 +0000
ROA not before:           Mon 10 Jun 2024 13:22:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6698
IP address blocks:        45.11.57.0/24 maxlen: 24
                          45.12.0.0/24 maxlen: 24
                          45.12.1.0/24 maxlen: 24
                          45.12.3.0/24 maxlen: 24
                          91.208.115.0/24 maxlen: 24
                          128.0.104.0/24 maxlen: 24
                          176.97.112.0/23 maxlen: 24
                          176.97.114.0/24 maxlen: 24
                          176.97.115.0/24 maxlen: 24
                          176.97.122.0/23 maxlen: 23
                          176.97.124.0/24 maxlen: 24
                          176.119.31.0/24 maxlen: 24
                          185.254.199.0/24 maxlen: 24
                          194.42.204.0/24 maxlen: 24
                          195.66.210.0/24 maxlen: 24
                          195.128.248.0/23 maxlen: 24
                          2a09:2dc2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 04 Oct 2024 09:15:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:02:50:97:98:84:44:9e:59:19:50:46:d5:4c:bd:d5:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
        Validity
            Not Before: Jun 10 13:22:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48ab898be93443cb5f7fa3131eb3a0719a900868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4c:bd:5c:d2:5d:db:4e:e9:38:1c:6b:3c:25:
                    c9:12:9c:3d:f6:66:70:4f:73:2e:36:83:2f:ce:90:
                    17:7e:12:ec:e4:d2:c1:0b:2f:cc:ac:5d:33:d5:61:
                    03:4e:77:17:87:c7:0c:0e:fa:7d:5c:e7:e8:63:c1:
                    f4:33:2f:d6:1c:aa:b6:af:b0:c7:0b:9c:1b:2f:46:
                    77:0e:77:f5:34:81:29:2c:91:07:e8:91:7b:21:3b:
                    12:12:3b:95:a4:ea:a9:dd:85:cb:00:be:da:b9:6e:
                    63:10:fe:da:00:4a:6e:4e:0e:42:56:3d:4d:36:a0:
                    c4:c2:f4:dc:f5:3f:2a:62:37:cc:82:80:bf:57:9a:
                    ce:b4:cb:6a:6d:e9:cb:27:41:12:d2:ef:b2:d5:f4:
                    d7:60:5e:d6:52:3e:ae:ec:53:33:b2:0f:54:1b:21:
                    a1:62:64:04:39:6e:47:73:f6:f1:c9:72:92:a2:f1:
                    84:55:fa:eb:96:d8:88:83:07:1e:00:4b:f5:0a:10:
                    86:69:65:af:dc:64:60:4c:93:d2:7e:35:aa:4b:d5:
                    51:e5:c6:16:4e:1c:6e:7c:a6:15:53:62:f1:f5:9d:
                    51:23:55:6d:5c:86:fd:e0:5b:92:a2:a4:90:e6:15:
                    57:bb:fe:97:0c:76:17:41:3c:88:ff:ff:23:51:ab:
                    76:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:AB:89:8B:E9:34:43:CB:5F:7F:A3:13:1E:B3:A0:71:9A:90:08:68
            X509v3 Authority Key Identifier:
                keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/SKuJi-k0Q8tff6MTHrOgcZqQCGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.57.0/24
                  45.12.0.0/23
                  45.12.3.0/24
                  91.208.115.0/24
                  128.0.104.0/24
                  176.97.112.0/22
                  176.97.122.0-176.97.124.255
                  176.119.31.0/24
                  185.254.199.0/24
                  194.42.204.0/24
                  195.66.210.0/24
                  195.128.248.0/23
                IPv6:
                  2a09:2dc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:a5:29:ca:95:3f:e5:fe:46:dc:fb:a9:e8:46:08:bf:24:86:
         73:4f:e7:b2:bd:05:ed:f4:df:57:f9:0d:5e:9a:9c:a5:6d:39:
         e8:6b:43:eb:91:78:1e:cd:8f:fb:8e:85:08:4c:e8:e0:aa:db:
         7f:e0:4a:41:f1:1b:13:82:38:b5:6e:4e:33:99:79:5a:88:af:
         f6:19:34:08:0f:f8:a4:bf:76:7c:68:39:8a:fa:d9:2a:b8:b4:
         22:27:46:e5:be:7b:70:f9:b8:6e:3b:3f:0b:d3:bc:e2:c3:c2:
         9d:1a:e7:07:be:84:c9:d2:49:0a:25:39:e3:7a:f4:4c:d4:a0:
         59:dc:df:b9:49:a4:ed:5a:b4:4c:a1:47:82:67:df:0c:df:fa:
         58:45:fd:08:39:f3:cf:5e:16:8f:9b:db:7f:da:ec:05:22:f9:
         7f:91:40:da:43:05:e1:aa:67:5c:d3:c3:fa:6a:bb:ae:c3:51:
         76:c4:7a:ea:13:94:88:c9:40:37:01:4f:23:01:41:09:d4:ee:
         30:8a:43:1f:1c:c0:71:36:1d:3a:59:2a:28:29:90:43:08:9c:
         7b:7e:d4:39:99:8b:49:d4:9e:42:a7:e1:d2:1b:54:2e:03:db:
         74:f7:cc:31:d6:d8:3e:f4:a5:80:3c:10:88:72:c7:69:86:32:
         11:93:1e:62
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZACUJeYhESeWRlQRtVMvdWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjQwNjEwMTMyMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGFiODk4YmU5MzQ0M2NiNWY3ZmEzMTMxZWIzYTA3MTlhOTAwODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0y9XNJd207pOBxrPCXJEpw99mZw
T3MuNoMvzpAXfhLs5NLBCy/MrF0z1WEDTncXh8cMDvp9XOfoY8H0My/WHKq2r7DH
C5wbL0Z3Dnf1NIEpLJEH6JF7ITsSEjuVpOqp3YXLAL7auW5jEP7aAEpuTg5CVj1N
NqDEwvTc9T8qYjfMgoC/V5rOtMtqbenLJ0ES0u+y1fTXYF7WUj6u7FMzsg9UGyGh
YmQEOW5Hc/bxyXKSovGEVfrrltiIgwceAEv1ChCGaWWv3GRgTJPSfjWqS9VR5cYW
ThxufKYVU2Lx9Z1RI1VtXIb94FuSoqSQ5hVXu/6XDHYXQTyI//8jUat2tQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFEiriYvpNEPLX3+jEx6zoHGakAhoMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvU0t1SmktazBROHRmZjZNVEhyT2djWnFRQ0dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBWBAIAATBQAwQALQs5AwQB
LQwAAwQALQwDAwQAW9BzAwQAgABoAwQCsGFwMAwDBAGwYXoDBACwYXwDBACwdx8D
BAC5/scDBADCKswDBADDQtIDBAHDgPgwDQQCAAIwBwMFACoJLcIwDQYJKoZIhvcN
AQELBQADggEBAEulKcqVP+X+Rtz7qehGCL8khnNP57K9Be3031f5DV6anKVtOehr
Q+uReB7Nj/uOhQhM6OCq23/gSkHxGxOCOLVuTjOZeVqIr/YZNAgP+KS/dnxoOYr6
2Sq4tCInRuW+e3D5uG47PwvTvOLDwp0a5we+hMnSSQolOeN69EzUoFnc37lJpO1a
tEyhR4Jn3wzf+lhF/Qg5889eFo+b23/a7AUi+X+RQNpDBeGqZ1zTw/pqu67DUXbE
euoTlIjJQDcBTyMBQQnU7jCKQx8cwHE2HTpZKigpkEMInHt+1DmZi0nUnkKn4dIb
VC4D23T3zDHW2D70pYA8EIhyx2mGMhGTHmI=
-----END CERTIFICATE-----