Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/7Ip42zCpA2uWBFHwuKIxzoRPyEY.roa
File:                     7Ip42zCpA2uWBFHwuKIxzoRPyEY.roa (raw, json)
Hash identifier:          pfJqCYmZIVtQIpkvYQuEIeKN86FhfHat53ePGGvKHTg=
Subject key identifier:   EC:8A:78:DB:30:A9:03:6B:96:04:51:F0:B8:A2:31:CE:84:4F:C8:46
Certificate issuer:       /CN=5e1bf6a319da2489816aedba1b4fd0cc7ddf3e1e
Certificate serial:       01923CF1737A11B6819EC3CA3EC1B9B654B6
Authority key identifier: 5E:1B:F6:A3:19:DA:24:89:81:6A:ED:BA:1B:4F:D0:CC:7D:DF:3E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/7Ip42zCpA2uWBFHwuKIxzoRPyEY.roa
Signing time:             Sun 29 Sep 2024 08:41:49 +0000
ROA not before:           Sun 29 Sep 2024 08:41:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39386
IP address blocks:        37.224.192.0/24 maxlen: 24
                          84.235.0.0/17 maxlen: 17
                          84.235.0.0/24 maxlen: 24
                          84.235.14.0/24 maxlen: 24
                          84.235.56.0/23 maxlen: 23
                          84.235.95.0/24 maxlen: 24
                          84.235.108.0/24 maxlen: 24
                          84.235.109.0/24 maxlen: 24
                          84.235.110.0/24 maxlen: 24
                          84.235.111.0/24 maxlen: 24
                          84.235.120.0/22 maxlen: 22
                          84.235.122.0/23 maxlen: 23
                          178.86.50.0/24 maxlen: 24
                          193.19.244.0/24 maxlen: 24
                          212.118.154.0/24 maxlen: 24
                          2001:16a0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Mon 28 Oct 2024 08:13:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:3c:f1:73:7a:11:b6:81:9e:c3:ca:3e:c1:b9:b6:54:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e1bf6a319da2489816aedba1b4fd0cc7ddf3e1e
        Validity
            Not Before: Sep 29 08:41:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec8a78db30a9036b960451f0b8a231ce844fc846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c0:6f:94:47:a3:1c:75:87:8f:a3:bc:84:67:
                    32:ac:6c:34:54:1d:e0:ce:be:85:29:ee:1e:68:82:
                    9e:08:75:2f:24:e3:6d:22:8d:5a:f7:5f:3d:08:85:
                    32:5b:16:3d:39:c7:83:1f:82:02:74:8e:12:ea:64:
                    f6:54:96:cd:98:67:a9:48:96:54:cb:dc:a6:4a:19:
                    69:0c:3d:ef:20:89:26:42:20:4a:67:49:9d:24:73:
                    d0:ff:1d:e2:f7:b2:ba:01:e3:5b:0e:de:bf:fd:d9:
                    18:f3:9a:46:4d:9f:08:75:6a:01:fa:ad:ae:81:90:
                    d3:25:ee:1b:00:de:3b:99:63:e9:c9:af:22:ee:0e:
                    66:25:4d:36:f4:6b:97:b8:e9:ba:67:ad:58:a0:2d:
                    85:63:91:c8:b5:3d:35:ff:23:06:cf:34:27:58:87:
                    3d:c7:4b:36:40:01:52:fe:6c:82:b4:26:71:ad:46:
                    f7:2f:02:47:c7:df:85:4a:d1:e4:13:d4:21:a9:10:
                    64:e4:1c:8e:da:a2:9b:ef:91:75:06:a2:41:9e:88:
                    ff:11:64:f1:71:92:2d:a2:4b:8d:04:68:5e:82:3c:
                    7d:77:65:66:70:90:90:b3:23:d5:60:30:6c:d5:75:
                    72:3c:24:9a:5d:a3:3b:9d:02:0f:42:c4:21:d7:14:
                    bc:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:8A:78:DB:30:A9:03:6B:96:04:51:F0:B8:A2:31:CE:84:4F:C8:46
            X509v3 Authority Key Identifier:
                keyid:5E:1B:F6:A3:19:DA:24:89:81:6A:ED:BA:1B:4F:D0:CC:7D:DF:3E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/7Ip42zCpA2uWBFHwuKIxzoRPyEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/Xhv2oxnaJImBau26G0_QzH3fPh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.224.192.0/24
                  84.235.0.0/17
                  178.86.50.0/24
                  193.19.244.0/24
                  212.118.154.0/24
                IPv6:
                  2001:16a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:c5:7e:4e:ce:70:f5:e1:08:74:b2:c1:6f:95:13:ba:5b:e4:
         37:88:d7:d5:46:e3:20:ae:fd:7d:c5:11:c9:f7:13:97:f4:ff:
         eb:0e:0b:14:10:56:50:f9:ee:d9:9e:ec:5c:e2:5b:ea:38:cc:
         d5:09:ce:13:bc:7f:44:fd:e9:ac:3f:79:ea:81:68:23:12:c7:
         34:28:6a:ae:d8:d1:10:3b:f7:b7:f8:90:65:20:84:ec:94:ca:
         62:29:03:ac:d5:41:86:52:0f:f4:55:82:9a:ec:4c:3f:ff:61:
         60:fd:74:96:ae:bc:54:f1:c8:e0:1c:c5:90:bd:27:29:19:90:
         1a:5d:44:a5:ce:5f:36:df:42:18:d7:20:8c:8a:f6:7a:da:8d:
         6f:c1:0e:5c:0e:dd:c5:9c:c9:41:c9:f6:e3:10:b1:35:17:15:
         5d:d5:e8:cf:c1:96:c8:c0:e9:41:76:e0:47:d8:fa:7a:ba:d2:
         32:2a:4e:50:97:a5:14:67:e6:69:58:0f:03:e7:1a:f4:99:24:
         67:b0:f4:9b:d8:35:58:f6:06:80:ba:84:32:a8:98:7f:27:2c:
         2d:df:43:87:71:db:49:02:3b:0d:c2:26:56:aa:22:a9:9c:3f:
         4b:5e:27:d2:e3:3f:bc:bf:7e:a3:0c:ec:17:9f:16:c3:70:8e:
         21:93:ac:e4
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZI88XN6EbaBnsPKPsG5tlS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMWJmNmEzMTlkYTI0ODk4MTZhZWRiYTFiNGZkMGNjN2Rk
ZjNlMWUwHhcNMjQwOTI5MDg0MTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzhhNzhkYjMwYTkwMzZiOTYwNDUxZjBiOGEyMzFjZTg0NGZjODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMBvlEejHHWHj6O8hGcyrGw0VB3g
zr6FKe4eaIKeCHUvJONtIo1a9189CIUyWxY9OceDH4ICdI4S6mT2VJbNmGepSJZU
y9ymShlpDD3vIIkmQiBKZ0mdJHPQ/x3i97K6AeNbDt6//dkY85pGTZ8IdWoB+q2u
gZDTJe4bAN47mWPpya8i7g5mJU029GuXuOm6Z61YoC2FY5HItT01/yMGzzQnWIc9
x0s2QAFS/myCtCZxrUb3LwJHx9+FStHkE9QhqRBk5ByO2qKb75F1BqJBnoj/EWTx
cZItokuNBGhegjx9d2VmcJCQsyPVYDBs1XVyPCSaXaM7nQIPQsQh1xS8fwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFOyKeNswqQNrlgRR8LiiMc6ET8hGMB8GA1UdIwQY
MBaAFF4b9qMZ2iSJgWrtuhtP0Mx93z4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGh2Mm94bmFKSW1CYXUyNkcwX1F6SDNmUGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84OGZkZDEtOGI3Yi00MTAxLWFjNjYt
YjU5MDk1N2Q5NDE1LzEvN0lwNDJ6Q3BBMnVXQkZId3VLSXh6b1JQeUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84OGZkZDEtOGI3Yi00MTAxLWFjNjYtYjU5MDk1N2Q5NDE1
LzEvWGh2Mm94bmFKSW1CYXUyNkcwX1F6SDNmUGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAJeDAAwQH
VOsAAwQAslYyAwQAwRP0AwQA1HaaMA0EAgACMAcDBQMgARagMA0GCSqGSIb3DQEB
CwUAA4IBAQAIxX5OznD14Qh0ssFvlRO6W+Q3iNfVRuMgrv19xRHJ9xOX9P/rDgsU
EFZQ+e7Znuxc4lvqOMzVCc4TvH9E/emsP3nqgWgjEsc0KGqu2NEQO/e3+JBlIITs
lMpiKQOs1UGGUg/0VYKa7Ew//2Fg/XSWrrxU8cjgHMWQvScpGZAaXUSlzl8230IY
1yCMivZ62o1vwQ5cDt3FnMlByfbjELE1FxVd1ejPwZbIwOlBduBH2Pp6utIyKk5Q
l6UUZ+ZpWA8D5xr0mSRnsPSb2DVY9gaAuoQyqJh/Jywt30OHcdtJAjsNwiZWqiKp
nD9LXifS4z+8v36jDOwXnxbDcI4hk6zk
-----END CERTIFICATE-----