Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/OdjVpYnWiCkvdXmNrAVFCpH5m3I.roa
File:                     OdjVpYnWiCkvdXmNrAVFCpH5m3I.roa (raw, json)
Hash identifier:          +rcbvHREDrGp1J8R4VtrPYO1wLmtF4z23VB+puyrm68=
Subject key identifier:   39:D8:D5:A5:89:D6:88:29:2F:75:79:8D:AC:05:45:0A:91:F9:9B:72
Certificate issuer:       /CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
Certificate serial:       019243C4449BBEE6BA01E0DF315C22BA9412
Authority key identifier: FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/OdjVpYnWiCkvdXmNrAVFCpH5m3I.roa
Signing time:             Mon 30 Sep 2024 16:29:48 +0000
ROA not before:           Mon 30 Sep 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62651
IP address blocks:        176.67.82.0/24 maxlen: 24
                          176.67.85.0/24 maxlen: 24
                          176.67.86.0/24 maxlen: 24
                          176.67.87.0/24 maxlen: 24
                          185.91.120.0/23 maxlen: 23
                          2a05:e9c0:1000::/40 maxlen: 40
                          2a05:e9c0:1400::/40 maxlen: 40
                          2a05:e9c0:1800::/40 maxlen: 40
                          2a05:e9c0:3800::/40 maxlen: 40
                          2a05:e9c0:4400::/40 maxlen: 40
                          2a05:e9c0:5000::/40 maxlen: 40
                          2a05:e9c0:6800::/40 maxlen: 40

Validation:               Failed, certificate revoked on Mon 30 Sep 2024 22:12:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:43:c4:44:9b:be:e6:ba:01:e0:df:31:5c:22:ba:94:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
        Validity
            Not Before: Sep 30 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39d8d5a589d688292f75798dac05450a91f99b72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:90:2a:82:60:58:ca:5c:e5:20:ac:54:0d:4c:
                    f6:25:00:53:bf:72:08:d1:ff:0f:d1:1a:aa:22:75:
                    40:e5:b2:de:bf:01:b7:37:59:61:cd:c1:86:73:d7:
                    ab:bc:0c:95:0c:73:a5:64:66:36:1d:c5:32:08:a2:
                    7a:31:80:ab:3c:69:b4:0d:48:09:23:c2:fb:7c:db:
                    0a:f7:6b:c1:3c:7a:a3:4a:75:7d:3d:46:26:6c:27:
                    93:ac:9a:bd:d9:62:37:bf:f7:e7:ef:69:63:a7:61:
                    92:3f:e1:fa:ea:db:00:be:75:70:d7:db:42:d3:5a:
                    51:f3:df:2d:2a:3d:de:c1:03:ea:b2:f6:cf:12:a2:
                    6f:b7:1e:f7:33:ef:d6:5f:5a:32:af:89:a2:22:59:
                    4d:d3:c4:97:63:0c:60:5d:15:36:ba:17:e4:65:bc:
                    32:7b:e5:cd:0b:7a:ae:ee:a7:7a:d9:5e:aa:3d:57:
                    79:e1:78:33:90:df:50:ae:96:76:13:4c:37:a0:8e:
                    55:1b:5d:73:f2:cf:69:be:a2:cb:12:ca:54:a8:a0:
                    e1:69:61:08:66:c0:6b:dc:8b:6f:0e:b0:15:6f:93:
                    47:c5:28:3a:ed:c7:1a:03:27:ef:cf:ea:2e:03:7c:
                    a0:0f:07:9d:66:6b:4c:3d:62:49:d0:d0:ec:1f:fd:
                    ee:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D8:D5:A5:89:D6:88:29:2F:75:79:8D:AC:05:45:0A:91:F9:9B:72
            X509v3 Authority Key Identifier:
                keyid:FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/OdjVpYnWiCkvdXmNrAVFCpH5m3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.82.0/24
                  176.67.85.0-176.67.87.255
                  185.91.120.0/23
                IPv6:
                  2a05:e9c0:1000::/40
                  2a05:e9c0:1400::/40
                  2a05:e9c0:1800::/40
                  2a05:e9c0:3800::/40
                  2a05:e9c0:4400::/40
                  2a05:e9c0:5000::/40
                  2a05:e9c0:6800::/40

    Signature Algorithm: sha256WithRSAEncryption
         93:30:3f:77:b7:91:34:9b:73:d3:c9:1f:cd:87:ba:04:52:46:
         a4:fe:dd:dd:2f:d6:2d:b6:dd:9c:cf:ff:8a:2b:76:d4:16:f8:
         f1:5e:06:69:4c:cc:fd:9f:ee:74:5c:9c:21:7f:b9:30:bf:cf:
         24:85:ec:56:40:e3:0d:3d:98:bc:5d:fa:4d:cd:f6:cd:2c:b4:
         28:48:d2:32:f8:5d:b2:b8:4f:e8:ea:21:5b:94:5d:05:e0:93:
         c8:bc:b7:24:27:43:c4:7e:9d:38:a9:f8:a1:c5:f8:d6:c8:f2:
         b3:2c:51:df:6c:d9:31:d4:c6:50:e2:fb:65:9e:fd:d4:b4:c6:
         19:d1:cb:29:46:2b:7b:78:19:c8:68:03:cf:af:7a:cc:fa:62:
         4c:2b:c5:4c:4b:6d:5f:36:01:6b:cf:95:35:dc:7b:93:9f:c8:
         59:b1:23:70:e4:94:2c:8f:7e:f3:a5:1a:ab:e8:98:1b:a5:b8:
         8e:9e:58:7c:cd:de:32:23:53:db:0e:09:38:ce:a2:e5:7d:48:
         63:75:6a:75:2d:0a:84:fc:4d:27:45:cf:52:b3:72:a6:92:02:
         59:30:81:3b:f6:f8:93:0f:c9:3e:60:b5:cd:c9:c4:79:14:5a:
         55:ac:a9:ae:88:1c:81:b6:a9:01:60:6d:27:4e:94:3e:49:81:
         8d:ea:29:0a
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZJDxESbvua6AeDfMVwiupQSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlODE5OWU4MzQ1NTY3ZDg1MTZiNzg4ZmUyZTFkMzk3ZTI3
YzczYTQwHhcNMjQwOTMwMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ4ZDVhNTg5ZDY4ODI5MmY3NTc5OGRhYzA1NDUwYTkxZjk5YjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppAqgmBYylzlIKxUDUz2JQBTv3II
0f8P0RqqInVA5bLevwG3N1lhzcGGc9ervAyVDHOlZGY2HcUyCKJ6MYCrPGm0DUgJ
I8L7fNsK92vBPHqjSnV9PUYmbCeTrJq92WI3v/fn72ljp2GSP+H66tsAvnVw19tC
01pR898tKj3ewQPqsvbPEqJvtx73M+/WX1oyr4miIllN08SXYwxgXRU2uhfkZbwy
e+XNC3qu7qd62V6qPVd54XgzkN9QrpZ2E0w3oI5VG11z8s9pvqLLEspUqKDhaWEI
ZsBr3ItvDrAVb5NHxSg67ccaAyfvz+ouA3ygDwedZmtMPWJJ0NDsH/3u4QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFDnY1aWJ1ogpL3V5jawFRQqR+ZtyMB8GA1UdIwQY
MBaAFP6Bmeg0VWfYUWt4j+Lh05fifHOkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQt
ODQwY2NiMzRiM2Y1LzEvT2RqVnBZbldpQ2t2ZFhtTnJBVkZDcEg1bTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQtODQwY2NiMzRiM2Y1
LzEvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjAgBAIAATAaAwQAsENSMAwD
BACwQ1UDBAOwQ1ADBAG5W3gwPgQCAAIwOAMGACoF6cAQAwYAKgXpwBQDBgAqBenA
GAMGACoF6cA4AwYAKgXpwEQDBgAqBenAUAMGACoF6cBoMA0GCSqGSIb3DQEBCwUA
A4IBAQCTMD93t5E0m3PTyR/Nh7oEUkak/t3dL9Yttt2cz/+KK3bUFvjxXgZpTMz9
n+50XJwhf7kwv88khexWQOMNPZi8XfpNzfbNLLQoSNIy+F2yuE/o6iFblF0F4JPI
vLckJ0PEfp04qfihxfjWyPKzLFHfbNkx1MZQ4vtlnv3UtMYZ0cspRit7eBnIaAPP
r3rM+mJMK8VMS21fNgFrz5U13HuTn8hZsSNw5JQsj37zpRqr6JgbpbiOnlh8zd4y
I1PbDgk4zqLlfUhjdWp1LQqE/E0nRc9Ss3KmkgJZMIE79viTD8k+YLXNycR5FFpV
rKmuiByBtqkBYG0nTpQ+SYGN6ikK
-----END CERTIFICATE-----