Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/ac7Kc5uGsEHApk3UWA8glmid4ik.roa
File:                     ac7Kc5uGsEHApk3UWA8glmid4ik.roa (raw, json)
Hash identifier:          sA7IKjKwmP7C1U2w8vB/oq78Vys5uiUaAB6bTZlCU8U=
Subject key identifier:   69:CE:CA:73:9B:86:B0:41:C0:A6:4D:D4:58:0F:20:96:68:9D:E2:29
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       019121B12C1F9C87D17A823FD3B1649A3128
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/ac7Kc5uGsEHApk3UWA8glmid4ik.roa
Signing time:             Mon 05 Aug 2024 08:39:04 +0000
ROA not before:           Mon 05 Aug 2024 08:39:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12444
IP address blocks:        84.17.67.0/24 maxlen: 24
                          84.17.68.0/24 maxlen: 24
                          84.17.70.0/24 maxlen: 24
                          84.17.71.0/24 maxlen: 24
                          84.17.75.0/24 maxlen: 24
                          84.17.76.0/24 maxlen: 24
                          84.17.78.0/24 maxlen: 24
                          84.17.79.0/24 maxlen: 24
                          84.17.84.0/24 maxlen: 24
                          84.17.86.0/24 maxlen: 24
                          84.17.87.0/24 maxlen: 24
                          84.17.89.0/24 maxlen: 24
                          84.17.90.0/24 maxlen: 24
                          84.17.91.0/24 maxlen: 24
                          84.17.93.0/24 maxlen: 24
                          185.118.176.0/24 maxlen: 24
                          185.118.177.0/24 maxlen: 24
                          185.118.178.0/24 maxlen: 24
                          185.118.179.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 10 Sep 2024 07:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:21:b1:2c:1f:9c:87:d1:7a:82:3f:d3:b1:64:9a:31:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Aug  5 08:39:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69ceca739b86b041c0a64dd4580f2096689de229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:37:42:1f:e7:a8:a0:2e:2c:da:dc:63:40:1d:
                    cc:75:1a:5c:99:20:7f:a7:b7:8d:49:17:cd:e6:70:
                    9e:b9:80:2f:bd:02:6b:81:1b:7b:ba:ee:9b:6d:39:
                    1c:0e:2f:e5:b0:b1:55:0e:f2:c7:a9:aa:69:90:69:
                    85:38:79:aa:82:49:fb:f7:7b:7e:8a:88:c2:fc:7a:
                    f7:a1:80:bc:3b:1f:66:3b:bb:bc:eb:c4:3e:05:46:
                    ac:b9:d6:c6:27:e3:03:48:5c:fc:25:f4:f7:57:6e:
                    6d:72:dd:1b:7d:e2:3d:e8:3f:96:f9:68:16:77:bc:
                    e7:8e:0d:dc:ba:f0:17:24:73:ee:ea:f1:c6:42:22:
                    55:72:b1:cd:43:2c:ba:64:e6:ee:bd:7b:aa:74:c4:
                    0d:9e:2a:3d:80:74:32:ad:5a:2d:a7:3e:00:f4:c2:
                    51:65:a9:2e:b7:2a:c0:b4:44:da:74:f6:5f:e6:80:
                    29:f2:c6:c5:6d:6f:40:6d:b8:20:8d:64:f0:af:28:
                    b3:5d:77:f9:09:4b:37:db:e7:c7:54:c2:a0:db:37:
                    fc:f6:2b:26:63:0c:0d:72:2f:ad:e5:c2:a5:8c:92:
                    ac:46:0e:9b:f3:a1:04:c2:4e:4c:87:d9:aa:40:16:
                    ba:dd:46:27:dc:ee:94:34:ea:38:77:a5:83:38:07:
                    05:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:CE:CA:73:9B:86:B0:41:C0:A6:4D:D4:58:0F:20:96:68:9D:E2:29
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/ac7Kc5uGsEHApk3UWA8glmid4ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.67.0-84.17.68.255
                  84.17.70.0/23
                  84.17.75.0-84.17.76.255
                  84.17.78.0/23
                  84.17.84.0/24
                  84.17.86.0/23
                  84.17.89.0-84.17.91.255
                  84.17.93.0/24
                  185.118.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:d0:5d:3f:37:f3:0f:00:8c:43:a2:84:88:4c:19:08:88:56:
         3c:b9:d4:e2:ac:28:8e:2c:65:31:e9:1d:ac:66:d8:17:36:09:
         ff:fe:11:8b:ee:60:fd:e7:b1:fe:bb:5d:36:77:3e:1c:55:44:
         1d:91:a9:c1:0c:aa:a3:ed:26:7c:99:95:c8:fb:5a:af:f6:fc:
         69:03:4f:7e:ad:26:51:48:ca:ad:68:b9:28:40:8c:7a:67:a4:
         53:09:de:88:3f:8f:2b:cf:f5:a6:68:65:79:a6:7a:24:d5:d6:
         ac:df:e7:54:df:c0:89:c1:8b:61:d2:5c:d0:ce:4b:da:8d:60:
         9b:80:bb:76:9a:03:be:13:e8:59:07:96:17:db:ca:26:50:93:
         89:66:62:ac:29:55:3b:1b:f8:43:79:6d:87:dc:5f:e7:32:93:
         d5:b8:4d:39:ae:ad:02:a3:6b:74:95:f7:d3:4f:e5:94:11:30:
         34:1e:41:9f:c8:c8:81:e1:d3:8e:e8:79:72:dc:9a:34:41:32:
         b6:86:44:10:54:3a:90:04:be:85:6e:00:09:f7:71:34:44:ee:
         32:83:43:6d:2b:2d:50:48:39:0a:13:7c:df:a5:0b:da:fc:b2:
         db:09:7f:96:d3:4a:81:cb:67:1f:b3:e7:86:bb:e2:e3:a6:f6:
         e0:59:9e:22
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZEhsSwfnIfReoI/07FkmjEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwODA1MDgzOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWNlY2E3MzliODZiMDQxYzBhNjRkZDQ1ODBmMjA5NjY4OWRlMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TdCH+eooC4s2txjQB3MdRpcmSB/
p7eNSRfN5nCeuYAvvQJrgRt7uu6bbTkcDi/lsLFVDvLHqappkGmFOHmqgkn793t+
iojC/Hr3oYC8Ox9mO7u868Q+BUasudbGJ+MDSFz8JfT3V25tct0bfeI96D+W+WgW
d7znjg3cuvAXJHPu6vHGQiJVcrHNQyy6ZObuvXuqdMQNnio9gHQyrVotpz4A9MJR
ZakutyrAtETadPZf5oAp8sbFbW9AbbggjWTwryizXXf5CUs32+fHVMKg2zf89ism
YwwNci+t5cKljJKsRg6b86EEwk5Mh9mqQBa63UYn3O6UNOo4d6WDOAcFRwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFGnOynObhrBBwKZN1FgPIJZoneIpMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvYWM3S2M1dUdzRUhBcGszVVdBOGdsbWlkNGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBABUEUMD
BABUEUQDBAFUEUYwDAMEAFQRSwMEAFQRTAMEAVQRTgMEAFQRVAMEAVQRVjAMAwQA
VBFZAwQCVBFYAwQAVBFdAwQCuXawMA0GCSqGSIb3DQEBCwUAA4IBAQAB0F0/N/MP
AIxDooSITBkIiFY8udTirCiOLGUx6R2sZtgXNgn//hGL7mD957H+u102dz4cVUQd
kanBDKqj7SZ8mZXI+1qv9vxpA09+rSZRSMqtaLkoQIx6Z6RTCd6IP48rz/WmaGV5
pnok1das3+dU38CJwYth0lzQzkvajWCbgLt2mgO+E+hZB5YX28omUJOJZmKsKVU7
G/hDeW2H3F/nMpPVuE05rq0Co2t0lffTT+WUETA0HkGfyMiB4dOO6Hly3Jo0QTK2
hkQQVDqQBL6FbgAJ93E0RO4yg0NtKy1QSDkKE3zfpQva/LLbCX+W00qBy2cfs+eG
u+LjpvbgWZ4i
-----END CERTIFICATE-----