Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/Zig2bAf18gqp882k6vU2CX8RV9Q.roa
File:                     Zig2bAf18gqp882k6vU2CX8RV9Q.roa (raw, json)
Hash identifier:          OngI+8HQuPWhQAvwSBysjVrEHz5g+MNixMUV17Ku/7k=
Subject key identifier:   66:28:36:6C:07:F5:F2:0A:A9:F3:CD:A4:EA:F5:36:09:7F:11:57:D4
Certificate issuer:       /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial:       018ED1AAF958582B805BD06CE7FCE2F2340A
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/Zig2bAf18gqp882k6vU2CX8RV9Q.roa
Signing time:             Fri 12 Apr 2024 09:37:06 +0000
ROA not before:           Fri 12 Apr 2024 09:37:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6698
IP address blocks:        45.11.57.0/24 maxlen: 24
                          45.12.0.0/24 maxlen: 24
                          45.12.1.0/24 maxlen: 24
                          45.12.3.0/24 maxlen: 24
                          91.208.115.0/24 maxlen: 24
                          128.0.104.0/24 maxlen: 24
                          176.97.112.0/23 maxlen: 24
                          176.97.114.0/24 maxlen: 24
                          176.119.31.0/24 maxlen: 24
                          185.254.199.0/24 maxlen: 24
                          194.42.204.0/24 maxlen: 24
                          195.66.210.0/24 maxlen: 24
                          195.128.248.0/23 maxlen: 24
                          2a09:2dc2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 17 May 2024 09:31:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:aa:f9:58:58:2b:80:5b:d0:6c:e7:fc:e2:f2:34:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
        Validity
            Not Before: Apr 12 09:37:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6628366c07f5f20aa9f3cda4eaf536097f1157d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:8e:d9:bc:db:54:9f:6d:12:4d:78:67:08:4b:
                    f6:c4:ba:50:a1:96:2c:96:9f:f7:f0:06:f0:75:54:
                    d5:66:58:7e:a0:f2:2b:ac:c3:39:fd:a8:7c:d7:dd:
                    89:73:88:c1:50:14:13:da:b0:93:b0:70:30:fa:0f:
                    18:80:83:c6:a2:98:53:3a:a9:97:ca:56:d9:14:7e:
                    b5:9c:cc:57:44:a2:4f:ba:b2:1d:9c:7b:0c:fa:6a:
                    90:da:ad:d8:42:d9:cc:77:a7:26:4d:ff:6e:10:31:
                    99:39:b8:14:03:cc:99:78:1c:b1:f7:30:72:df:c6:
                    e0:f6:3a:b9:4d:ab:3b:ab:e8:5b:0d:ba:6e:b8:03:
                    f6:df:f3:51:b5:30:02:13:4a:06:fe:77:ad:79:14:
                    55:4b:6d:aa:4f:92:1b:b0:5b:a0:c0:24:73:d7:84:
                    7b:07:41:e8:fb:37:f7:40:f5:49:d4:3d:e4:93:3e:
                    b3:72:4b:0c:c5:d6:39:fc:48:c8:87:4b:09:22:35:
                    26:0b:e5:25:15:7c:5b:cc:aa:42:7f:3c:4e:db:74:
                    3c:19:9c:16:e6:6c:b8:0d:15:67:9f:3e:1b:5f:c6:
                    4a:8d:c0:6a:ee:8c:be:c9:8f:0a:61:68:2f:20:b8:
                    fa:ae:89:4e:8a:7a:6b:ef:78:51:4b:9c:b9:32:85:
                    05:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:28:36:6C:07:F5:F2:0A:A9:F3:CD:A4:EA:F5:36:09:7F:11:57:D4
            X509v3 Authority Key Identifier:
                keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/Zig2bAf18gqp882k6vU2CX8RV9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.57.0/24
                  45.12.0.0/23
                  45.12.3.0/24
                  91.208.115.0/24
                  128.0.104.0/24
                  176.97.112.0-176.97.114.255
                  176.119.31.0/24
                  185.254.199.0/24
                  194.42.204.0/24
                  195.66.210.0/24
                  195.128.248.0/23
                IPv6:
                  2a09:2dc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:99:d5:78:44:13:48:10:13:1d:23:b4:d3:0c:41:ef:72:6d:
         6b:68:cd:ec:8b:ca:c3:c7:e1:d7:9d:66:ef:75:6b:cc:44:c5:
         84:d5:01:e3:bc:a3:9d:89:02:ed:68:0e:a5:be:15:d4:4c:58:
         6a:31:c0:8b:80:7c:49:c9:c8:c1:68:d1:7d:ec:a4:0e:7b:0d:
         d3:87:e0:22:fc:31:3a:a4:2b:ba:d5:95:15:5f:df:ea:69:e8:
         f2:60:44:74:76:53:8d:c4:40:95:1b:6d:b9:95:9f:41:9d:cf:
         f6:9b:90:e7:c2:4c:e4:d4:40:66:97:3b:f3:3e:79:00:30:55:
         a4:0e:87:91:66:85:a0:26:ba:af:54:62:d5:7e:90:e0:31:4b:
         f6:9f:dd:73:1c:dd:6c:67:c8:2a:f3:2a:d8:4e:cd:ad:6b:bb:
         71:42:24:26:95:bb:a8:d8:f2:70:05:5f:05:3f:4d:83:15:14:
         50:69:62:b3:0f:15:b3:9b:25:1d:71:76:80:f7:93:ea:43:f1:
         15:ea:9f:89:35:c4:c4:bc:da:26:69:43:53:1a:ff:f8:e7:e2:
         33:4b:74:e6:41:32:59:5e:e9:4e:44:24:69:c1:46:1b:98:9a:
         9b:64:10:91:30:76:14:62:ee:27:49:ec:9a:10:aa:90:4e:25:
         24:3a:53:f0
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAY7RqvlYWCuAW9Bs5/zi8jQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjQwNDEyMDkzNzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjI4MzY2YzA3ZjVmMjBhYTlmM2NkYTRlYWY1MzYwOTdmMTE1N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiY7ZvNtUn20STXhnCEv2xLpQoZYs
lp/38AbwdVTVZlh+oPIrrMM5/ah8192Jc4jBUBQT2rCTsHAw+g8YgIPGophTOqmX
ylbZFH61nMxXRKJPurIdnHsM+mqQ2q3YQtnMd6cmTf9uEDGZObgUA8yZeByx9zBy
38bg9jq5Tas7q+hbDbpuuAP23/NRtTACE0oG/neteRRVS22qT5IbsFugwCRz14R7
B0Ho+zf3QPVJ1D3kkz6zcksMxdY5/EjIh0sJIjUmC+UlFXxbzKpCfzxO23Q8GZwW
5my4DRVnnz4bX8ZKjcBq7oy+yY8KYWgvILj6rolOinpr73hRS5y5MoUFmQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFGYoNmwH9fIKqfPNpOr1Ngl/EVfUMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvWmlnMmJBZjE4Z3FwODgyazZ2VTJDWDhSVjlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQALQs5AwQB
LQwAAwQALQwDAwQAW9BzAwQAgABoMAwDBASwYXADBACwYXIDBACwdx8DBAC5/scD
BADCKswDBADDQtIDBAHDgPgwDQQCAAIwBwMFACoJLcIwDQYJKoZIhvcNAQELBQAD
ggEBAB2Z1XhEE0gQEx0jtNMMQe9ybWtozeyLysPH4dedZu91a8xExYTVAeO8o52J
Au1oDqW+FdRMWGoxwIuAfEnJyMFo0X3spA57DdOH4CL8MTqkK7rVlRVf3+pp6PJg
RHR2U43EQJUbbbmVn0Gdz/abkOfCTOTUQGaXO/M+eQAwVaQOh5FmhaAmuq9UYtV+
kOAxS/af3XMc3WxnyCrzKthOza1ru3FCJCaVu6jY8nAFXwU/TYMVFFBpYrMPFbOb
JR1xdoD3k+pD8RXqn4k1xMS82iZpQ1Ma//jn4jNLdOZBMlle6U5EJGnBRhuYmptk
EJEwdhRi7idJ7JoQqpBOJSQ6U/A=
-----END CERTIFICATE-----