Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/uOGL2rLff8XC3-4Fw889noZ7_u4.roa
File:                     uOGL2rLff8XC3-4Fw889noZ7_u4.roa (raw, json)
Hash identifier:          0T4rvEtBfhFKuj9Eh8gFJtBe9OTDvBape0krpTpmiQM=
Subject key identifier:   B8:E1:8B:DA:B2:DF:7F:C5:C2:DF:EE:05:C3:CF:3D:9E:86:7B:FE:EE
Certificate issuer:       /CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
Certificate serial:       0190502C8985C697128ED0EE75D4AFEA7AA1
Authority key identifier: 19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/uOGL2rLff8XC3-4Fw889noZ7_u4.roa
Signing time:             Tue 25 Jun 2024 16:13:34 +0000
ROA not before:           Tue 25 Jun 2024 16:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        31.24.224.0/21 maxlen: 24
                          37.123.112.0/21 maxlen: 24
                          46.23.64.0/20 maxlen: 24
                          77.92.64.0/19 maxlen: 24
                          82.163.72.0/21 maxlen: 24
                          83.170.64.0/18 maxlen: 24
                          88.202.176.0/20 maxlen: 24
                          88.202.224.0/21 maxlen: 24
                          91.109.240.0/21 maxlen: 24
                          109.123.64.0/18 maxlen: 24
                          176.67.160.0/20 maxlen: 24
                          176.67.169.0/24 maxlen: 24
                          176.67.172.0/22 maxlen: 24
                          185.7.224.0/22 maxlen: 24
                          2a02:2498::/32 maxlen: 48
                          2a02:2498:8000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Thu 18 Jul 2024 09:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:50:2c:89:85:c6:97:12:8e:d0:ee:75:d4:af:ea:7a:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
        Validity
            Not Before: Jun 25 16:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8e18bdab2df7fc5c2dfee05c3cf3d9e867bfeee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f5:57:86:2f:23:9a:1e:7b:33:b9:17:e0:e0:
                    3a:4d:9b:79:9f:8c:27:61:b4:16:ad:bc:b1:62:37:
                    2a:f7:2f:b3:23:8c:2a:c1:18:9c:a3:fc:71:31:5d:
                    f2:0d:86:8b:03:20:a6:a7:8a:8c:84:4e:4f:a6:c8:
                    93:43:2c:cb:fc:c7:97:9e:dc:cf:2a:43:70:f6:b9:
                    89:2b:ee:c5:d4:55:8e:0f:e6:b9:b6:e2:6b:98:44:
                    2a:f2:a3:f3:22:94:b3:e0:a4:71:cc:06:cd:27:f0:
                    d7:80:df:76:3f:c3:5d:68:c1:2f:5b:ee:76:64:20:
                    ff:ef:40:10:64:05:0b:eb:58:7d:d6:1d:ec:1e:3a:
                    8f:a6:11:0f:63:b0:7f:58:fb:de:86:03:09:d5:f7:
                    33:8d:ca:19:54:d4:58:d6:c9:a6:30:1b:0c:97:e6:
                    88:bf:5f:ae:2a:66:5f:f2:09:97:c0:16:78:a3:16:
                    a7:55:06:f7:89:82:53:fd:7e:6e:bb:ab:74:22:06:
                    eb:e3:3f:13:be:93:1d:05:3b:cf:b3:0c:5c:c2:4d:
                    88:a9:2c:a8:7b:3f:77:fb:5e:09:c7:a9:00:bd:4c:
                    50:3a:2f:29:3b:96:63:67:32:a3:bf:81:87:e9:e9:
                    d7:af:1d:c2:f3:cb:04:2a:4f:d8:c1:38:02:f9:d2:
                    b4:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E1:8B:DA:B2:DF:7F:C5:C2:DF:EE:05:C3:CF:3D:9E:86:7B:FE:EE
            X509v3 Authority Key Identifier:
                keyid:19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/uOGL2rLff8XC3-4Fw889noZ7_u4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.224.0/21
                  37.123.112.0/21
                  46.23.64.0/20
                  77.92.64.0/19
                  82.163.72.0/21
                  83.170.64.0/18
                  88.202.176.0/20
                  88.202.224.0/21
                  91.109.240.0/21
                  109.123.64.0/18
                  176.67.160.0/20
                  185.7.224.0/22
                IPv6:
                  2a02:2498::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:bc:a7:fd:38:2c:48:dc:d1:7c:9c:19:5a:a8:f3:d6:c4:8c:
         f3:49:8a:d8:1c:b0:04:ee:2e:76:5e:9e:68:f0:87:6c:ce:b9:
         9a:75:c1:61:7c:40:b0:b0:d6:03:2a:f0:60:b3:29:02:73:86:
         52:52:11:bf:88:3e:56:91:11:66:18:48:f8:81:9c:e9:a7:c7:
         3c:1e:c7:b3:31:7d:ad:84:fc:5e:a3:0b:61:b9:fc:f5:65:ac:
         39:0a:76:ee:87:31:cb:17:5c:cc:55:c0:e0:5e:50:ac:63:98:
         50:05:57:3d:2b:e2:b5:15:c4:d6:f5:c9:ce:ea:0b:30:3a:26:
         01:0f:f5:8e:f7:3c:33:0e:76:4f:53:bb:1e:b9:6c:e0:5a:92:
         d5:83:04:08:d1:39:12:66:0c:8d:9f:1b:c2:e8:b2:79:51:6c:
         84:7a:4e:69:49:8f:27:10:1a:48:3e:cd:83:6a:9b:04:6e:ac:
         e3:7e:c8:ba:2e:bf:13:56:02:ec:73:f8:1b:29:68:fc:f8:f8:
         2f:88:27:a8:89:2a:c6:cd:f3:7b:52:3a:aa:fd:f0:11:a2:d2:
         16:6c:64:36:d7:2b:eb:fb:49:e4:6e:7a:15:a2:48:6b:59:d7:
         b3:d8:0f:e3:b2:ba:a3:c8:a7:02:da:d7:dd:28:2e:63:00:b6:
         90:41:32:3e
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZBQLImFxpcSjtDuddSv6nqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmZmZjI4OWYyZGFkMGZjMDg0NTZiMGJhZDU0ZDdiYTQ0
OWE0OTIwHhcNMjQwNjI1MTYxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGUxOGJkYWIyZGY3ZmM1YzJkZmVlMDVjM2NmM2Q5ZTg2N2JmZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvVXhi8jmh57M7kX4OA6TZt5n4wn
YbQWrbyxYjcq9y+zI4wqwRico/xxMV3yDYaLAyCmp4qMhE5PpsiTQyzL/MeXntzP
KkNw9rmJK+7F1FWOD+a5tuJrmEQq8qPzIpSz4KRxzAbNJ/DXgN92P8NdaMEvW+52
ZCD/70AQZAUL61h91h3sHjqPphEPY7B/WPvehgMJ1fczjcoZVNRY1smmMBsMl+aI
v1+uKmZf8gmXwBZ4oxanVQb3iYJT/X5uu6t0Igbr4z8TvpMdBTvPswxcwk2IqSyo
ez93+14Jx6kAvUxQOi8pO5ZjZzKjv4GH6enXrx3C88sEKk/YwTgC+dK0twIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFLjhi9qy33/Fwt/uBcPPPZ6Ge/7uMB8GA1UdIwQY
MBaAFBn//yifLa0PwIRWsLrVTXukSaSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMt
ZDUyNTcxOGFhNDRhLzEvdU9HTDJyTGZmOFhDMy00Rnc4ODlub1o3X3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMtZDUyNTcxOGFhNDRh
LzEvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDHxjgAwQD
JXtwAwQELhdAAwQFTVxAAwQDUqNIAwQGU6pAAwQEWMqwAwQDWMrgAwQDW23wAwQG
bXtAAwQEsEOgAwQCuQfgMA0EAgACMAcDBQAqAiSYMA0GCSqGSIb3DQEBCwUAA4IB
AQBTvKf9OCxI3NF8nBlaqPPWxIzzSYrYHLAE7i52Xp5o8IdszrmadcFhfECwsNYD
KvBgsykCc4ZSUhG/iD5WkRFmGEj4gZzpp8c8HsezMX2thPxeowthufz1Zaw5Cnbu
hzHLF1zMVcDgXlCsY5hQBVc9K+K1FcTW9cnO6gswOiYBD/WO9zwzDnZPU7seuWzg
WpLVgwQI0TkSZgyNnxvC6LJ5UWyEek5pSY8nEBpIPs2DapsEbqzjfsi6Lr8TVgLs
c/gbKWj8+PgviCeoiSrGzfN7Ujqq/fARotIWbGQ21yvr+0nkbnoVokhrWdez2A/j
srqjyKcC2tfdKC5jALaQQTI+
-----END CERTIFICATE-----