Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/9680c7-57d7-49c6-8b63-40153c5d0a47/1/zMCUzkKrYxaLgP3YlTYlw2-C5Jw.roa
File:                     zMCUzkKrYxaLgP3YlTYlw2-C5Jw.roa (raw, json)
Hash identifier:          J66lFSYQplloShhepa0ZaOt7p04RqrFIDV7EnfGoSFk=
Subject key identifier:   CC:C0:94:CE:42:AB:63:16:8B:80:FD:D8:95:36:25:C3:6F:82:E4:9C
Certificate issuer:       /CN=ff8208b129c53e87c3f0d0ed1bca85730140f390
Certificate serial:       018FE7D243747932AE97630CC4F1630D29FC
Authority key identifier: FF:82:08:B1:29:C5:3E:87:C3:F0:D0:ED:1B:CA:85:73:01:40:F3:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IIsSnFPofD8NDtG8qFcwFA85A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/9680c7-57d7-49c6-8b63-40153c5d0a47/1/zMCUzkKrYxaLgP3YlTYlw2-C5Jw.roa
Signing time:             Wed 05 Jun 2024 09:54:27 +0000
ROA not before:           Wed 05 Jun 2024 09:54:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211309
IP address blocks:        46.227.152.0/21 maxlen: 21
                          81.88.64.0/21 maxlen: 21
                          81.95.80.0/20 maxlen: 20
                          82.148.168.0/21 maxlen: 21
                          82.148.176.0/20 maxlen: 20
                          89.207.136.0/21 maxlen: 21
                          109.169.112.0/21 maxlen: 21
                          178.174.112.0/20 maxlen: 20
                          185.176.244.0/23 maxlen: 23
                          185.176.244.0/24 maxlen: 24
                          185.176.245.0/24 maxlen: 24
                          185.178.4.0/22 maxlen: 22
                          185.190.36.0/24 maxlen: 24
                          2a0a:2780::/31 maxlen: 31
                          2a0a:2780::/32 maxlen: 32
                          2a0a:2781::/32 maxlen: 32
                          2a10:d640::/29 maxlen: 29
Validation:               Failed, certificate revoked on Fri 27 Sep 2024 21:45:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e7:d2:43:74:79:32:ae:97:63:0c:c4:f1:63:0d:29:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff8208b129c53e87c3f0d0ed1bca85730140f390
        Validity
            Not Before: Jun  5 09:54:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccc094ce42ab63168b80fdd8953625c36f82e49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:79:09:b1:8d:3c:1e:df:3e:c0:9f:86:ba:5b:
                    1a:d9:66:9d:20:3c:9d:b7:9b:52:f6:43:27:b5:a1:
                    e8:d8:b0:1d:62:44:5e:3d:3c:31:16:69:23:f4:03:
                    0a:80:83:b5:ef:1c:49:87:46:8d:9a:03:1f:82:de:
                    80:6e:7f:d4:aa:fb:73:26:27:a9:c9:92:07:76:7f:
                    1a:51:44:76:9f:3b:0a:bf:23:16:34:77:9d:a6:b3:
                    f7:7c:8f:7a:77:7c:e4:56:42:58:ea:b7:40:16:d3:
                    22:48:21:a8:31:d4:c8:f9:54:4c:8d:0f:21:1e:25:
                    59:dc:64:b7:26:96:a5:7e:cc:41:5e:14:c6:8b:eb:
                    6b:71:e3:e7:bf:1a:d1:7f:05:72:bc:a6:6a:c4:92:
                    11:21:18:4f:b0:33:ef:79:ea:46:3c:cd:9a:ef:e9:
                    f2:b3:5c:7f:7e:73:5b:b5:08:40:24:72:6d:83:66:
                    1b:1f:39:90:5b:66:b8:63:19:84:1d:9d:3a:44:79:
                    ee:71:ca:90:60:d8:32:05:7e:9b:9f:74:d0:21:da:
                    34:48:bd:5c:f1:a7:5e:78:29:50:b6:db:65:01:38:
                    e7:07:22:2d:06:a3:ad:c8:9b:e4:58:ab:a9:dc:d3:
                    62:28:07:c6:4d:a5:64:ee:0e:49:31:41:57:b0:a4:
                    f9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C0:94:CE:42:AB:63:16:8B:80:FD:D8:95:36:25:C3:6F:82:E4:9C
            X509v3 Authority Key Identifier:
                keyid:FF:82:08:B1:29:C5:3E:87:C3:F0:D0:ED:1B:CA:85:73:01:40:F3:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IIsSnFPofD8NDtG8qFcwFA85A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/9680c7-57d7-49c6-8b63-40153c5d0a47/1/zMCUzkKrYxaLgP3YlTYlw2-C5Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/9680c7-57d7-49c6-8b63-40153c5d0a47/1/_4IIsSnFPofD8NDtG8qFcwFA85A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.227.152.0/21
                  81.88.64.0/21
                  81.95.80.0/20
                  82.148.168.0-82.148.191.255
                  89.207.136.0/21
                  109.169.112.0/21
                  178.174.112.0/20
                  185.176.244.0/23
                  185.178.4.0/22
                  185.190.36.0/24
                IPv6:
                  2a0a:2780::/31
                  2a10:d640::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:ee:c2:b5:81:77:14:18:77:24:92:69:3a:a7:31:38:29:a8:
         6a:44:85:1b:cb:17:e8:23:7c:55:12:53:b7:d0:d1:43:8a:d0:
         48:31:98:64:e8:d5:0b:8b:47:d4:e3:8f:5c:c3:48:6e:e9:dc:
         df:aa:5e:35:d1:f3:32:ad:ed:47:57:0c:97:fa:ec:87:07:ec:
         65:b2:f9:b7:77:dc:3c:14:1e:3a:ee:86:3a:ef:15:82:5d:4d:
         09:67:fd:dc:bf:ce:9a:c6:4d:20:bc:44:8d:69:06:3c:01:99:
         4e:be:8e:0d:dc:df:05:79:0c:d1:e8:49:c0:bc:ed:de:61:3e:
         e2:f3:80:27:71:0f:be:cf:ae:31:73:e8:2c:63:bf:34:31:d3:
         63:ac:1a:40:1b:68:6f:16:9f:83:9b:ee:c9:dd:5d:e4:92:c6:
         09:2c:e5:c6:61:8b:42:b1:b4:d5:12:5e:5e:34:e6:66:2b:29:
         32:58:9e:1f:d2:92:55:db:8f:9d:82:b8:c2:52:3f:a5:a5:e9:
         fe:e8:ef:10:a8:04:c2:ed:6b:05:26:85:87:74:9b:b8:ff:fd:
         c8:72:23:aa:d3:b8:bb:00:17:4c:9a:6f:bd:82:18:39:2b:5f:
         40:4c:60:01:ff:75:43:fa:7c:e6:c9:49:1f:c7:64:4b:ee:78:
         10:cd:fa:6b
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY/n0kN0eTKul2MMxPFjDSn8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIwOGIxMjljNTNlODdjM2YwZDBlZDFiY2E4NTczMDE0
MGYzOTAwHhcNMjQwNjA1MDk1NDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2MwOTRjZTQyYWI2MzE2OGI4MGZkZDg5NTM2MjVjMzZmODJlNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXkJsY08Ht8+wJ+Gulsa2WadIDyd
t5tS9kMntaHo2LAdYkRePTwxFmkj9AMKgIO17xxJh0aNmgMfgt6Abn/UqvtzJiep
yZIHdn8aUUR2nzsKvyMWNHedprP3fI96d3zkVkJY6rdAFtMiSCGoMdTI+VRMjQ8h
HiVZ3GS3JpalfsxBXhTGi+trcePnvxrRfwVyvKZqxJIRIRhPsDPveepGPM2a7+ny
s1x/fnNbtQhAJHJtg2YbHzmQW2a4YxmEHZ06RHnuccqQYNgyBX6bn3TQIdo0SL1c
8adeeClQtttlATjnByItBqOtyJvkWKup3NNiKAfGTaVk7g5JMUFXsKT5PwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFMzAlM5Cq2MWi4D92JU2JcNvguScMB8GA1UdIwQY
MBaAFP+CCLEpxT6Hw/DQ7RvKhXMBQPOQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJSXNTbkZQb2ZEOE5EdEc4cUZjd0ZBODVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS85NjgwYzctNTdkNy00OWM2LThiNjMt
NDAxNTNjNWQwYTQ3LzEvek1DVXprS3JZeGFMZ1AzWWxUWWx3Mi1DNUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS85NjgwYzctNTdkNy00OWM2LThiNjMtNDAxNTNjNWQwYTQ3
LzEvXzRJSXNTbkZQb2ZEOE5EdEc4cUZjd0ZBODVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBKBAIAATBEAwQDLuOYAwQD
UVhAAwQEUV9QMAwDBANSlKgDBAZSlIADBANZz4gDBANtqXADBASyrnADBAG5sPQD
BAK5sgQDBAC5viQwFAQCAAIwDgMFASoKJ4ADBQMqENZAMA0GCSqGSIb3DQEBCwUA
A4IBAQBx7sK1gXcUGHckkmk6pzE4KahqRIUbyxfoI3xVElO30NFDitBIMZhk6NUL
i0fU449cw0hu6dzfql410fMyre1HVwyX+uyHB+xlsvm3d9w8FB467oY67xWCXU0J
Z/3cv86axk0gvESNaQY8AZlOvo4N3N8FeQzR6EnAvO3eYT7i84AncQ++z64xc+gs
Y780MdNjrBpAG2hvFp+Dm+7J3V3kksYJLOXGYYtCsbTVEl5eNOZmKykyWJ4f0pJV
24+dgrjCUj+lpen+6O8QqATC7WsFJoWHdJu4//3IciOq07i7ABdMmm+9ghg5K19A
TGAB/3VD+nzmyUkfx2RL7ngQzfpr
-----END CERTIFICATE-----