Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FSbPKQRhhVUo451dxzae3-3FnDE.roa
File:                     FSbPKQRhhVUo451dxzae3-3FnDE.roa (raw, json)
Hash identifier:          0yIZT9FXWKp3eO7U81EOxlL3Ly5lNNB/nEtBl4Uenqw=
Subject key identifier:   15:26:CF:29:04:61:85:55:28:E3:9D:5D:C7:36:9E:DF:ED:C5:9C:31
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01941C6C8008B1DFBBE05E2AB1355FA7EA0B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FSbPKQRhhVUo451dxzae3-3FnDE.roa
Signing time:             Tue 31 Dec 2024 11:14:20 +0000
ROA not before:           Tue 31 Dec 2024 11:14:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207046
IP address blocks:        45.134.84.0/22 maxlen: 24
                          178.212.225.0/24 maxlen: 24
                          185.221.16.0/23 maxlen: 23
                          185.224.220.0/22 maxlen: 22
                          185.227.206.0/24 maxlen: 24
                          185.227.207.0/24 maxlen: 24
                          185.239.141.0/24 maxlen: 24
                          185.247.4.0/22 maxlen: 24
                          185.247.5.0/24 maxlen: 24
                          185.247.6.0/23 maxlen: 24
                          185.247.7.0/24 maxlen: 24
                          185.249.204.0/22 maxlen: 22
                          185.250.182.0/23 maxlen: 24
                          194.113.28.0/22 maxlen: 24
                          194.146.220.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 13:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1c:6c:80:08:b1:df:bb:e0:5e:2a:b1:35:5f:a7:ea:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec 31 11:14:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1526cf290461855528e39d5dc7369edfedc59c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d9:c0:02:95:b0:07:5d:8c:d5:53:a9:8a:19:
                    20:1b:4c:fc:08:b2:6d:ad:55:1f:19:51:5d:e9:0f:
                    4c:bf:37:5c:52:93:ec:49:b0:1f:45:38:aa:52:36:
                    e8:7c:8d:10:66:fa:39:42:6b:05:74:5d:9b:b7:32:
                    93:e6:67:0a:d0:a0:48:d3:80:ba:64:35:21:be:2d:
                    23:ab:e2:32:9c:66:85:29:46:a6:c4:7f:be:d3:66:
                    91:ea:df:e4:f5:4c:58:f6:68:ec:b6:a2:30:7f:8b:
                    b7:43:a4:ea:87:57:a7:fd:38:2f:15:02:c7:bf:01:
                    ba:08:64:8e:02:35:53:c7:48:bc:00:a8:38:ac:50:
                    09:5a:70:bc:c3:10:57:17:1b:c7:7d:2b:71:aa:f3:
                    f8:5e:b7:90:7e:69:7f:8c:92:e0:5a:b2:3d:73:0a:
                    b9:a9:f9:6a:0a:e6:38:f5:fd:37:6f:d0:1f:e0:d6:
                    7d:02:e9:22:04:3a:93:38:e2:e1:7a:83:55:68:31:
                    89:e9:0c:99:e7:8a:b2:7e:a2:f5:ba:c2:09:d1:a0:
                    d7:ae:c6:89:7c:65:b9:0e:d7:90:11:ea:4d:8d:f5:
                    ec:a0:ca:3a:b2:b7:9b:0e:09:44:42:c3:1f:6c:5d:
                    aa:48:a3:ad:bc:f3:d1:52:0f:22:6c:cc:29:24:f3:
                    84:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:26:CF:29:04:61:85:55:28:E3:9D:5D:C7:36:9E:DF:ED:C5:9C:31
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FSbPKQRhhVUo451dxzae3-3FnDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.84.0/22
                  178.212.225.0/24
                  185.221.16.0/23
                  185.224.220.0/22
                  185.227.206.0/23
                  185.239.141.0/24
                  185.247.4.0/22
                  185.249.204.0/22
                  185.250.182.0/23
                  194.113.28.0/22
                  194.146.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:42:67:44:ee:4f:bc:05:7e:94:68:24:47:a9:62:83:fc:bc:
         cd:d1:1a:b7:51:0f:5b:62:27:fc:25:c6:14:7d:6f:5e:b1:68:
         b2:51:69:ba:cd:15:8e:d3:87:3f:dc:c0:79:df:a7:f0:3e:62:
         b0:f6:9f:1b:12:6e:56:84:12:06:b9:4e:dd:c3:d2:ff:d9:c0:
         42:af:d0:df:20:a3:49:bd:5e:54:97:39:4b:d0:64:a3:e0:f8:
         0b:89:6d:f2:06:f0:d2:cd:5a:0c:ff:68:a2:69:58:8a:67:0c:
         d7:1f:57:3e:a2:c2:3a:c9:c3:5e:9b:7a:2f:11:39:7e:4c:78:
         0c:35:e3:d8:a4:7f:8b:68:e1:0a:88:82:16:fc:f5:b6:bb:dd:
         81:72:f8:dd:c1:f0:fa:fc:37:7a:b4:57:48:ce:90:5a:f1:4c:
         9e:47:f6:a6:6c:ff:33:b2:7d:54:a4:4d:a1:b7:41:d8:77:91:
         5b:18:c5:e0:f0:f3:55:8b:fd:89:57:c8:51:b4:a3:45:be:97:
         32:5c:c9:af:02:20:28:cd:d7:78:9d:55:d8:6a:ee:00:a0:e5:
         01:4f:f1:b0:6f:cc:fa:a6:2e:34:fd:ab:fe:b7:69:2d:36:34:
         30:3a:cc:80:8b:df:4b:1a:ce:b1:c5:01:37:6e:02:40:22:c0:
         06:b9:fc:00
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQcbIAIsd+74F4qsTVfp+oLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMjMxMTExNDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTI2Y2YyOTA0NjE4NTU1MjhlMzlkNWRjNzM2OWVkZmVkYzU5YzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09nAApWwB12M1VOpihkgG0z8CLJt
rVUfGVFd6Q9MvzdcUpPsSbAfRTiqUjbofI0QZvo5QmsFdF2btzKT5mcK0KBI04C6
ZDUhvi0jq+IynGaFKUamxH++02aR6t/k9UxY9mjstqIwf4u3Q6Tqh1en/TgvFQLH
vwG6CGSOAjVTx0i8AKg4rFAJWnC8wxBXFxvHfStxqvP4XreQfml/jJLgWrI9cwq5
qflqCuY49f03b9Af4NZ9AukiBDqTOOLheoNVaDGJ6QyZ54qyfqL1usIJ0aDXrsaJ
fGW5DteQEepNjfXsoMo6srebDglEQsMfbF2qSKOtvPPRUg8ibMwpJPOEuwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFBUmzykEYYVVKOOdXcc2nt/txZwxMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRlNiUEtRUmhoVlVvNDUxZHh6YWUzLTNGbkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLYZUAwQA
stThAwQBud0QAwQCueDcAwQBuePOAwQAue+NAwQCufcEAwQCufnMAwQBufq2AwQC
wnEcAwQCwpLcMA0GCSqGSIb3DQEBCwUAA4IBAQAQQmdE7k+8BX6UaCRHqWKD/LzN
0Rq3UQ9bYif8JcYUfW9esWiyUWm6zRWO04c/3MB536fwPmKw9p8bEm5WhBIGuU7d
w9L/2cBCr9DfIKNJvV5UlzlL0GSj4PgLiW3yBvDSzVoM/2iiaViKZwzXH1c+osI6
ycNem3ovETl+THgMNePYpH+LaOEKiIIW/PW2u92BcvjdwfD6/Dd6tFdIzpBa8Uye
R/ambP8zsn1UpE2ht0HYd5FbGMXg8PNVi/2JV8hRtKNFvpcyXMmvAiAozdd4nVXY
au4AoOUBT/Gwb8z6pi40/av+t2ktNjQwOsyAi99LGs6xxQE3bgJAIsAGufwA
-----END CERTIFICATE-----