Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/InWq2UPhW7qRB5065y-HhHxNm4o.roa
File:                     InWq2UPhW7qRB5065y-HhHxNm4o.roa (raw, json)
Hash identifier:          0KBkkuVmJeLhwK3jNOlgnBWNy6DVjQlqgdo3YQ4dTH4=
Subject key identifier:   22:75:AA:D9:43:E1:5B:BA:91:07:9D:3A:E7:2F:87:84:7C:4D:9B:8A
Certificate issuer:       /CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
Certificate serial:       018CC49301874FDB305AD00176AB0526F846
Authority key identifier: 15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/InWq2UPhW7qRB5065y-HhHxNm4o.roa
Signing time:             Mon 01 Jan 2024 10:30:17 +0000
ROA not before:           Mon 01 Jan 2024 10:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33942
IP address blocks:        82.213.67.0/24 maxlen: 24
                          82.213.68.0/23 maxlen: 23
                          82.213.72.0/22 maxlen: 22
                          82.213.76.0/22 maxlen: 22
                          82.213.84.0/22 maxlen: 22
                          82.213.102.0/24 maxlen: 24
                          82.213.104.0/21 maxlen: 21
                          82.213.103.0/24 maxlen: 24
                          83.139.201.0/24 maxlen: 24
                          83.139.208.0/24 maxlen: 24
                          82.213.64.0/23 maxlen: 23
                          83.139.192.0/23 maxlen: 23
                          83.139.197.0/24 maxlen: 24
                          83.139.196.0/22 maxlen: 22
                          83.139.195.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 01:49:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:01:87:4f:db:30:5a:d0:01:76:ab:05:26:f8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
        Validity
            Not Before: Jan  1 10:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2275aad943e15bba91079d3ae72f87847c4d9b8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ec:dd:e8:c6:8e:c3:ca:b9:18:c9:07:8d:c1:
                    46:4d:7a:2f:16:60:2d:b0:b1:56:b8:6a:2c:ec:1f:
                    13:27:0d:c4:a0:68:f7:95:9b:75:37:43:23:0b:ce:
                    74:ca:a3:bb:08:05:71:bf:72:b5:ca:63:e8:51:90:
                    e8:89:db:7e:e0:11:4e:d2:0c:44:5b:bd:10:d8:1f:
                    60:d6:2a:de:de:1c:11:b8:84:e7:83:f5:b6:26:c6:
                    42:fb:b5:b9:25:c3:bd:2a:b3:4f:8f:46:1e:de:90:
                    d6:95:9e:19:ae:ee:36:56:01:e8:64:8d:80:7a:02:
                    a7:11:6a:af:26:f8:ce:93:8f:3e:ea:5f:c5:cc:db:
                    7b:00:0b:8d:c4:cd:38:7a:ef:14:f2:81:76:aa:59:
                    f0:41:2c:0f:8c:39:1c:48:21:13:9d:e4:ed:19:12:
                    fc:49:12:4e:6c:9a:68:bc:59:b3:f2:74:ad:bd:55:
                    2a:a0:0d:30:6e:5d:23:d0:71:a7:be:32:51:c7:4a:
                    4e:b3:10:75:46:31:6c:97:af:07:30:43:1b:8d:86:
                    1a:98:c8:87:a5:d0:93:f1:3f:39:47:c1:15:81:68:
                    2f:d5:b8:4b:79:25:5e:4c:dd:6f:d3:ef:cc:92:80:
                    3b:8f:3c:94:ad:89:fd:91:8f:f2:72:e9:e4:b1:dd:
                    7d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:75:AA:D9:43:E1:5B:BA:91:07:9D:3A:E7:2F:87:84:7C:4D:9B:8A
            X509v3 Authority Key Identifier:
                keyid:15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/InWq2UPhW7qRB5065y-HhHxNm4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.213.64.0/23
                  82.213.67.0-82.213.69.255
                  82.213.72.0/21
                  82.213.84.0/22
                  82.213.102.0-82.213.111.255
                  83.139.192.0/23
                  83.139.195.0-83.139.199.255
                  83.139.201.0/24
                  83.139.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:ef:75:f3:43:a6:3e:4f:2a:49:84:db:e7:e6:fa:c0:94:13:
         08:e3:62:b1:74:65:62:47:61:2f:76:25:93:05:39:02:76:f1:
         f5:cf:17:3b:21:df:1b:c0:15:39:72:07:3f:43:9d:e8:75:4f:
         47:52:95:d4:3c:01:27:ba:47:c6:b1:ef:3c:6f:29:d3:9f:52:
         87:87:4a:f7:0d:f7:b1:96:5c:08:45:f1:15:ad:b7:34:e6:9b:
         dc:16:70:55:0f:cc:be:33:6a:78:9f:97:c0:18:04:61:65:f0:
         04:fc:dc:ec:46:d9:0c:06:5c:96:5c:6e:96:b7:a3:bc:a2:d5:
         ab:75:4d:50:02:ba:de:72:c7:b6:8e:a5:58:dc:f3:2f:ba:a7:
         6b:35:fb:89:fa:ba:c2:4e:08:74:12:c0:b0:b4:75:10:b6:70:
         fe:da:5b:ef:b1:a3:a7:85:81:73:db:0a:dd:71:30:b8:5d:5c:
         b4:b6:ec:6c:72:80:a6:43:fe:39:28:56:c9:cd:af:5e:10:18:
         34:9d:df:1e:9d:70:04:a2:8b:2a:53:ce:5b:ed:87:0b:c8:f5:
         b0:2e:21:ea:39:07:1c:58:df:81:37:2c:33:cc:33:12:bf:a3:
         b1:e4:77:4b:79:dd:b4:6c:aa:52:e8:ad:3d:a6:a3:51:a7:d0:
         57:46:8c:f4
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYzEkwGHT9swWtABdqsFJvhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDFjODQ1ZjEzZGQ0YWQ2ZTlkYWU0NzBkNWZmNjljNWNj
YTM3NzEwHhcNMjQwMTAxMTAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjc1YWFkOTQzZTE1YmJhOTEwNzlkM2FlNzJmODc4NDdjNGQ5YjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgezd6MaOw8q5GMkHjcFGTXovFmAt
sLFWuGos7B8TJw3EoGj3lZt1N0MjC850yqO7CAVxv3K1ymPoUZDoidt+4BFO0gxE
W70Q2B9g1ire3hwRuITng/W2JsZC+7W5JcO9KrNPj0Ye3pDWlZ4Zru42VgHoZI2A
egKnEWqvJvjOk48+6l/FzNt7AAuNxM04eu8U8oF2qlnwQSwPjDkcSCETneTtGRL8
SRJObJpovFmz8nStvVUqoA0wbl0j0HGnvjJRx0pOsxB1RjFsl68HMEMbjYYamMiH
pdCT8T85R8EVgWgv1bhLeSVeTN1v0+/MkoA7jzyUrYn9kY/ycunksd19QQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFCJ1qtlD4Vu6kQedOucvh4R8TZuKMB8GA1UdIwQY
MBaAFBUByEXxPdStbp2uRw1f9pxcyjdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEt
ZWQ3OTE1NDM2YjI3LzEvSW5XcTJVUGhXN3FSQjUwNjV5LUhoSHhObTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEtZWQ3OTE1NDM2YjI3
LzEvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBUtVAMAwD
BABS1UMDBAFS1UQDBANS1UgDBAJS1VQwDAMEAVLVZgMEBFLVYAMEAVOLwDAMAwQA
U4vDAwQDU4vAAwQAU4vJAwQAU4vQMA0GCSqGSIb3DQEBCwUAA4IBAQA273XzQ6Y+
TypJhNvn5vrAlBMI42KxdGViR2EvdiWTBTkCdvH1zxc7Id8bwBU5cgc/Q53odU9H
UpXUPAEnukfGse88bynTn1KHh0r3DfexllwIRfEVrbc05pvcFnBVD8y+M2p4n5fA
GARhZfAE/NzsRtkMBlyWXG6Wt6O8otWrdU1QArrecse2jqVY3PMvuqdrNfuJ+rrC
Tgh0EsCwtHUQtnD+2lvvsaOnhYFz2wrdcTC4XVy0tuxscoCmQ/45KFbJza9eEBg0
nd8enXAEoosqU85b7YcLyPWwLiHqOQccWN+BNywzzDMSv6Ox5HdLed20bKpS6K09
pqNRp9BXRoz0
-----END CERTIFICATE-----