Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/t2j3QWzjddeAZ-LMtDhFaC0vVuQ.roa
File:                     t2j3QWzjddeAZ-LMtDhFaC0vVuQ.roa (raw, json)
Hash identifier:          i4qbIyuiLZt2jGyiWVU0OMINIx9CgSdkGKm3XBK+f/w=
Subject key identifier:   B7:68:F7:41:6C:E3:75:D7:80:67:E2:CC:B4:38:45:68:2D:2F:56:E4
Certificate issuer:       /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial:       018CC801684E503EEBC3377622300B2DD426
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/t2j3QWzjddeAZ-LMtDhFaC0vVuQ.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43641
IP address blocks:        91.234.198.0/23 maxlen: 24
                          91.234.199.0/24 maxlen: 24
                          195.26.86.0/23 maxlen: 24
                          194.42.206.0/23 maxlen: 24
                          45.11.56.0/24 maxlen: 24
                          45.11.59.0/24 maxlen: 24
                          91.222.172.0/22 maxlen: 24
                          45.134.174.0/24 maxlen: 24
                          45.134.175.0/24 maxlen: 24
                          195.160.220.0/22 maxlen: 24
                          185.254.199.0/24 maxlen: 24
                          2a09:2dc1::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 07 May 2024 12:53:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:68:4e:50:3e:eb:c3:37:76:22:30:0b:2d:d4:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b768f7416ce375d78067e2ccb43845682d2f56e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f0:57:ca:27:cb:77:16:bd:4b:09:7f:3b:19:
                    db:58:8c:18:db:f7:94:c9:c5:3b:b0:2a:c3:ca:05:
                    14:d3:d8:1c:6a:b9:ad:0c:5c:cb:c6:9c:f3:97:d9:
                    02:3b:01:9a:1f:a3:76:af:2f:51:4b:cd:c9:6c:ce:
                    98:c7:7b:80:b1:ba:7d:c3:57:1b:c2:ca:a8:e2:0f:
                    10:d2:ea:b2:5e:1b:1f:f5:a6:af:71:22:35:17:e1:
                    8f:52:bf:13:f8:bc:ec:fb:bc:a0:92:b4:42:72:76:
                    d9:65:32:84:af:65:ba:53:a7:82:dc:4d:3c:4e:a6:
                    37:06:0b:87:5b:e7:47:d3:93:0d:e9:52:69:98:41:
                    57:56:3b:2f:0c:a8:01:d7:02:78:a6:b2:8a:25:a7:
                    83:16:e9:f3:92:3b:8c:cd:e3:f0:18:50:c4:60:1b:
                    d8:9e:52:d4:55:21:26:70:d9:b4:36:44:64:47:f6:
                    d8:89:68:a1:24:0b:0e:32:49:dc:49:e0:68:2b:cd:
                    26:c4:2c:27:27:e8:2c:f8:f9:8c:62:c7:1d:89:50:
                    8c:78:5c:53:b7:3f:53:11:16:4c:ea:a7:e9:20:44:
                    e8:ed:33:28:31:dd:b7:6e:60:66:93:ab:26:e6:d5:
                    11:8a:5a:7e:d9:7b:b6:e6:ed:b4:04:4e:98:b1:81:
                    5d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:68:F7:41:6C:E3:75:D7:80:67:E2:CC:B4:38:45:68:2D:2F:56:E4
            X509v3 Authority Key Identifier:
                keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/t2j3QWzjddeAZ-LMtDhFaC0vVuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.56.0/24
                  45.11.59.0/24
                  45.134.174.0/23
                  91.222.172.0/22
                  91.234.198.0/23
                  185.254.199.0/24
                  194.42.206.0/23
                  195.26.86.0/23
                  195.160.220.0/22
                IPv6:
                  2a09:2dc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:bd:09:26:46:a8:a1:08:c5:ab:40:90:c1:24:b9:30:94:44:
         c4:50:93:f4:50:bd:1e:87:3a:7d:c1:db:f3:ae:46:1e:c5:87:
         56:23:4f:68:c9:57:56:4f:b4:44:1b:e4:3a:6b:77:84:d2:06:
         cf:4f:c8:2c:ce:d7:a8:c3:fd:e6:ba:8e:80:d5:d5:91:90:03:
         23:4b:e7:96:b8:f5:98:89:88:2b:9c:6e:e7:2f:c1:be:bf:33:
         49:81:ec:fc:ef:d5:14:30:21:59:a1:bf:05:e7:5c:a6:d6:b6:
         48:8c:a8:f1:5d:38:6a:fa:b9:25:72:f1:a3:36:73:3a:a7:fa:
         b2:39:b9:58:05:14:65:38:f4:ed:1c:ba:e6:d9:48:10:4c:05:
         0e:48:68:67:de:cd:24:94:53:b4:8b:f6:a4:63:a1:2f:1c:1e:
         0c:0a:2a:54:35:60:51:ff:d6:01:58:05:c6:74:03:9e:4e:4a:
         d6:34:1f:a5:45:39:54:b8:d2:2a:cb:09:e9:14:c1:ef:c5:e9:
         96:a9:98:f1:88:ce:89:f5:8b:14:12:18:22:9d:50:9b:da:b5:
         81:b0:ba:99:67:5d:26:b9:8b:40:5b:63:45:ab:97:1a:94:66:
         1e:18:3a:8b:af:ea:73:70:9c:e7:d1:0c:bf:4e:92:00:30:55:
         68:5a:1c:19
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzIAWhOUD7rwzd2IjALLdQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzY4Zjc0MTZjZTM3NWQ3ODA2N2UyY2NiNDM4NDU2ODJkMmY1NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPBXyifLdxa9Swl/OxnbWIwY2/eU
ycU7sCrDygUU09gcarmtDFzLxpzzl9kCOwGaH6N2ry9RS83JbM6Yx3uAsbp9w1cb
wsqo4g8Q0uqyXhsf9aavcSI1F+GPUr8T+Lzs+7ygkrRCcnbZZTKEr2W6U6eC3E08
TqY3BguHW+dH05MN6VJpmEFXVjsvDKgB1wJ4prKKJaeDFunzkjuMzePwGFDEYBvY
nlLUVSEmcNm0NkRkR/bYiWihJAsOMkncSeBoK80mxCwnJ+gs+PmMYscdiVCMeFxT
tz9TERZM6qfpIETo7TMoMd23bmBmk6sm5tURilp+2Xu25u20BE6YsYFdFQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFLdo90Fs43XXgGfizLQ4RWgtL1bkMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvdDJqM1FXempkZGVBWi1MTXREaEZhQzB2VnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQALQs4AwQA
LQs7AwQBLYauAwQCW96sAwQBW+rGAwQAuf7HAwQBwirOAwQBwxpWAwQCw6DcMA0E
AgACMAcDBQAqCS3BMA0GCSqGSIb3DQEBCwUAA4IBAQBkvQkmRqihCMWrQJDBJLkw
lETEUJP0UL0ehzp9wdvzrkYexYdWI09oyVdWT7REG+Q6a3eE0gbPT8gszteow/3m
uo6A1dWRkAMjS+eWuPWYiYgrnG7nL8G+vzNJgez879UUMCFZob8F51ym1rZIjKjx
XThq+rklcvGjNnM6p/qyOblYBRRlOPTtHLrm2UgQTAUOSGhn3s0klFO0i/akY6Ev
HB4MCipUNWBR/9YBWAXGdAOeTkrWNB+lRTlUuNIqywnpFMHvxemWqZjxiM6J9YsU
EhginVCb2rWBsLqZZ10muYtAW2NFq5calGYeGDqLr+pzcJzn0Qy/TpIAMFVoWhwZ
-----END CERTIFICATE-----