Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/ooP2O7l31QcvvXQ1EZx2rBY2Xq0.roa
File:                     ooP2O7l31QcvvXQ1EZx2rBY2Xq0.roa (raw, json)
Hash identifier:          xzTk8sfshR/jSKHNjT1GDf2Y6ubQX/t+O20drLotzsQ=
Subject key identifier:   A2:83:F6:3B:B9:77:D5:07:2F:BD:74:35:11:9C:76:AC:16:36:5E:AD
Certificate issuer:       /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial:       018CCEC9DED0E1C6A07268DFBB7106D52B48
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/ooP2O7l31QcvvXQ1EZx2rBY2Xq0.roa
Signing time:             Wed 03 Jan 2024 10:06:25 +0000
ROA not before:           Wed 03 Jan 2024 10:06:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8896
IP address blocks:        185.126.184.0/22 maxlen: 22
                          212.33.128.0/19 maxlen: 19
                          185.15.216.0/24 maxlen: 24
                          185.15.216.0/22 maxlen: 22
                          89.221.96.0/20 maxlen: 20
                          45.138.239.0/24 maxlen: 24
                          45.138.238.0/24 maxlen: 24
                          45.138.236.0/22 maxlen: 22
                          185.92.52.0/22 maxlen: 22
                          77.241.96.0/20 maxlen: 20
                          2a00:1e18::/29 maxlen: 29
                          2a00:1e18::/32 maxlen: 32
                          2a00:1e19::/32 maxlen: 32
                          2a00:1e1c:3000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 17:48:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:c9:de:d0:e1:c6:a0:72:68:df:bb:71:06:d5:2b:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
        Validity
            Not Before: Jan  3 10:06:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a283f63bb977d5072fbd7435119c76ac16365ead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0a:b9:90:72:89:44:74:33:7b:34:6f:73:7d:
                    5c:21:da:ea:31:b7:61:b7:17:8b:56:b9:fd:9d:2e:
                    2b:fc:52:28:3d:91:90:bb:87:37:55:07:6e:f8:98:
                    b0:22:84:19:5a:88:cb:20:fa:60:2e:85:8f:65:13:
                    8a:11:62:b1:7d:80:23:50:e9:3f:ba:53:03:24:c6:
                    2e:34:6b:31:d4:c4:74:2a:4f:7c:7c:9a:60:16:c4:
                    57:61:99:67:f2:c6:3f:76:fe:9f:e4:c1:db:9a:d8:
                    f5:b8:9c:ac:8a:f2:91:11:2d:e9:38:a5:33:fc:84:
                    01:ee:30:f0:03:0d:d6:72:f8:5a:0f:c1:0a:02:7d:
                    e0:4b:fa:56:6c:f6:8d:f6:5d:d5:77:e4:58:cb:c6:
                    c3:b1:cd:38:0a:ef:78:49:ee:c7:cf:f2:38:34:3a:
                    90:ae:9d:3f:5d:72:f0:c3:34:97:ff:c0:47:b8:82:
                    99:3a:c6:c2:74:5e:a5:21:d1:f1:4d:ee:6f:81:ee:
                    46:08:02:1d:75:df:c8:9c:ee:9d:77:f6:0b:9c:46:
                    44:26:bd:3c:2d:ff:52:27:aa:23:63:42:24:1e:40:
                    09:8f:99:85:32:b1:71:1f:76:d9:56:b3:bd:87:78:
                    be:aa:6e:b4:62:1f:1b:8f:52:26:17:5a:31:f0:f4:
                    82:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:83:F6:3B:B9:77:D5:07:2F:BD:74:35:11:9C:76:AC:16:36:5E:AD
            X509v3 Authority Key Identifier:
                keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/ooP2O7l31QcvvXQ1EZx2rBY2Xq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.236.0/22
                  77.241.96.0/20
                  89.221.96.0/20
                  185.15.216.0/22
                  185.92.52.0/22
                  185.126.184.0/22
                  212.33.128.0/19
                IPv6:
                  2a00:1e18::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:a6:cd:3c:32:82:98:ad:5a:7d:54:4b:18:34:8e:7c:26:e5:
         bf:d3:ed:ba:ac:2e:98:2f:72:de:8a:d1:43:97:fe:25:43:f6:
         8f:96:7e:ce:b8:f9:e4:7a:44:2d:88:92:96:ba:00:b5:f4:4c:
         24:fe:6a:54:f0:4d:4b:12:73:05:cd:8f:8f:c7:51:26:55:2f:
         e8:8f:b8:d3:47:e4:d2:39:14:a3:7e:d8:4e:b3:c7:e2:e8:dd:
         96:db:88:86:6e:19:3e:57:bd:f7:0e:df:01:4b:52:c2:bf:1f:
         cc:2b:58:d7:b5:46:cc:8d:c3:f7:1c:25:ab:a8:a3:0d:c2:51:
         f6:6a:bf:6a:c8:0a:e9:df:41:59:32:70:05:f2:62:28:e3:c9:
         28:b8:21:02:e4:37:bf:90:da:53:10:3f:29:1b:36:c5:8f:a7:
         02:05:d1:2b:fe:b6:14:f6:17:53:cf:aa:b3:7a:17:ed:0c:0a:
         3a:b3:98:cd:25:cc:fa:ae:32:3f:53:1e:38:76:e1:32:f1:b0:
         31:f9:e5:14:45:a2:2d:ef:d4:96:86:ec:9a:a1:23:1a:10:4d:
         01:aa:67:6f:e7:80:62:3a:56:06:60:6a:bf:de:50:d4:2e:98:
         92:7a:c0:b4:5d:fb:3d:a3:17:08:66:11:f7:77:61:15:9a:4d:
         05:77:b6:fa
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzOyd7Q4cagcmjfu3EG1StIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjQwMTAzMTAwNjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjgzZjYzYmI5NzdkNTA3MmZiZDc0MzUxMTljNzZhYzE2MzY1ZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswq5kHKJRHQzezRvc31cIdrqMbdh
txeLVrn9nS4r/FIoPZGQu4c3VQdu+JiwIoQZWojLIPpgLoWPZROKEWKxfYAjUOk/
ulMDJMYuNGsx1MR0Kk98fJpgFsRXYZln8sY/dv6f5MHbmtj1uJysivKRES3pOKUz
/IQB7jDwAw3WcvhaD8EKAn3gS/pWbPaN9l3Vd+RYy8bDsc04Cu94Se7Hz/I4NDqQ
rp0/XXLwwzSX/8BHuIKZOsbCdF6lIdHxTe5vge5GCAIddd/InO6dd/YLnEZEJr08
Lf9SJ6ojY0IkHkAJj5mFMrFxH3bZVrO9h3i+qm60Yh8bj1ImF1ox8PSCXQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKKD9ju5d9UHL710NRGcdqwWNl6tMB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEvb29QMk83bDMxUWN2dlhRMUVaeDJyQlkyWHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLYrsAwQE
TfFgAwQEWd1gAwQCuQ/YAwQCuVw0AwQCuX64AwQF1CGAMA0EAgACMAcDBQMqAB4Y
MA0GCSqGSIb3DQEBCwUAA4IBAQBVps08MoKYrVp9VEsYNI58JuW/0+26rC6YL3Le
itFDl/4lQ/aPln7OuPnkekQtiJKWugC19Ewk/mpU8E1LEnMFzY+Px1EmVS/oj7jT
R+TSORSjfthOs8fi6N2W24iGbhk+V733Dt8BS1LCvx/MK1jXtUbMjcP3HCWrqKMN
wlH2ar9qyArp30FZMnAF8mIo48kouCEC5De/kNpTED8pGzbFj6cCBdEr/rYU9hdT
z6qzehftDAo6s5jNJcz6rjI/Ux44duEy8bAx+eUURaIt79SWhuyaoSMaEE0Bqmdv
54BiOlYGYGq/3lDULpiSesC0Xfs9oxcIZhH3d2EVmk0Fd7b6
-----END CERTIFICATE-----