Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/82e656-14a3-4e3a-9d6e-af406086b89b/1/0QRTR2eYNlvsQm6aVWWHT0lwRF0.roa
File:                     0QRTR2eYNlvsQm6aVWWHT0lwRF0.roa (raw, json)
Hash identifier:          mlcCcy+ChP9Whh+5dcQ6qsZ1T2EPjqj18YXw0EoA/Qo=
Subject key identifier:   D1:04:53:47:67:98:36:5B:EC:42:6E:9A:55:65:87:4F:49:70:44:5D
Certificate issuer:       /CN=3f7954d88c0ae3f6398697bfdfc1956a753e83d8
Certificate serial:       018CC9BC4B5CC644DE46558D2DFD0721D119
Authority key identifier: 3F:79:54:D8:8C:0A:E3:F6:39:86:97:BF:DF:C1:95:6A:75:3E:83:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P3lU2IwK4_Y5hpe_38GVanU-g9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/82e656-14a3-4e3a-9d6e-af406086b89b/1/0QRTR2eYNlvsQm6aVWWHT0lwRF0.roa
Signing time:             Tue 02 Jan 2024 10:33:29 +0000
ROA not before:           Tue 02 Jan 2024 10:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41765
IP address blocks:        185.84.112.0/22 maxlen: 24
                          185.233.48.10/32 maxlen: 32
                          193.33.46.0/23 maxlen: 23
                          31.172.164.0/22 maxlen: 22
                          185.4.63.0/24 maxlen: 24
                          193.57.96.0/24 maxlen: 24
                          185.233.48.0/24 maxlen: 24
                          185.233.48.0/22 maxlen: 22
                          185.233.50.0/23 maxlen: 23
                          188.65.168.0/21 maxlen: 21
                          45.8.233.0/24 maxlen: 24
                          45.8.234.0/24 maxlen: 24
                          45.8.235.0/24 maxlen: 24
                          193.37.150.0/24 maxlen: 24
                          2a02:2288::/29 maxlen: 29
                          2a02:2288::/32 maxlen: 32
                          2a0c:d500::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:48:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:4b:5c:c6:44:de:46:55:8d:2d:fd:07:21:d1:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f7954d88c0ae3f6398697bfdfc1956a753e83d8
        Validity
            Not Before: Jan  2 10:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d10453476798365bec426e9a5565874f4970445d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:97:78:59:8d:a4:7b:a8:6f:6c:55:3d:a4:e5:
                    26:fc:3a:ae:1f:37:5b:6e:b3:58:50:35:34:8b:24:
                    9e:c2:4d:9f:28:69:bf:c6:ec:97:dd:9f:43:ed:7a:
                    8c:90:8c:48:42:16:14:12:5a:31:28:d0:88:57:53:
                    a7:a4:3b:52:96:5a:92:e6:dd:7b:e5:c9:e5:35:03:
                    ac:6f:3c:df:b2:96:29:39:b5:50:99:80:10:5e:b5:
                    c3:7b:66:dc:e3:bb:7a:9e:12:fe:e3:1b:3d:6f:01:
                    c3:f5:1f:67:51:7e:ac:48:3c:03:11:d5:dd:5c:25:
                    60:70:0d:af:3f:c2:df:7c:54:43:8c:b3:cc:73:ea:
                    f3:0b:8c:5c:9c:e4:5a:02:34:9c:4c:ae:c7:9e:37:
                    c3:22:b4:6b:b9:c5:fe:8e:b0:5d:a1:0d:23:9f:79:
                    59:d6:b8:60:4f:e3:23:fe:00:74:0b:2f:d1:1d:ec:
                    fc:dc:e0:dc:b2:45:67:16:4b:f5:70:28:65:e2:3b:
                    f7:58:0b:58:18:e5:83:61:9f:3d:6a:79:61:d4:a3:
                    f8:2b:7b:4e:7c:19:01:d7:d6:cb:0a:ab:33:47:cb:
                    ce:95:05:1a:7d:be:0b:22:05:55:e5:fa:02:cd:34:
                    f5:3e:5e:05:5d:7a:7f:0c:d9:88:8d:79:74:77:da:
                    f5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:04:53:47:67:98:36:5B:EC:42:6E:9A:55:65:87:4F:49:70:44:5D
            X509v3 Authority Key Identifier:
                keyid:3F:79:54:D8:8C:0A:E3:F6:39:86:97:BF:DF:C1:95:6A:75:3E:83:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P3lU2IwK4_Y5hpe_38GVanU-g9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/82e656-14a3-4e3a-9d6e-af406086b89b/1/0QRTR2eYNlvsQm6aVWWHT0lwRF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/82e656-14a3-4e3a-9d6e-af406086b89b/1/P3lU2IwK4_Y5hpe_38GVanU-g9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.164.0/22
                  45.8.233.0-45.8.235.255
                  185.4.63.0/24
                  185.84.112.0/22
                  185.233.48.0/22
                  188.65.168.0/21
                  193.33.46.0/23
                  193.37.150.0/24
                  193.57.96.0/24
                IPv6:
                  2a02:2288::/29
                  2a0c:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:a3:a8:39:98:af:2a:13:ce:a7:b7:97:61:c9:e4:62:e7:fc:
         2a:e4:49:46:91:a7:89:3b:d4:d8:22:27:e1:14:67:67:8e:5b:
         65:ce:ca:c2:eb:fb:a1:04:da:a1:18:0b:4e:a5:a4:39:41:e4:
         dd:7d:9a:85:84:3e:c8:ea:5e:7e:87:dd:dd:ba:4c:ee:51:d6:
         25:9b:1b:86:4b:d7:3b:ee:93:15:e7:8f:e9:3a:80:64:b7:75:
         27:7e:39:0f:09:cf:e2:5f:15:54:6c:33:fa:c3:95:47:ca:d6:
         27:04:dc:a2:9d:3e:a7:5a:3d:5e:98:bb:67:67:62:d8:65:98:
         fb:6e:63:b5:01:89:22:55:2e:0d:06:16:d9:f8:0e:b8:0a:92:
         55:fa:3b:2f:4c:1b:58:06:30:d6:be:2c:30:1b:0b:f3:48:d6:
         35:6b:17:bc:5a:a4:e3:a7:d6:e1:ba:49:31:3c:65:6b:b4:10:
         ff:f8:84:f5:3e:16:53:1d:dd:89:c9:74:54:86:35:0d:e5:8f:
         dd:db:db:5a:a8:8c:16:ab:34:0b:c6:fd:ad:3c:62:d5:fc:a3:
         7b:d2:fa:e4:c5:d4:21:0c:dc:d8:56:4f:1e:32:16:0e:f3:20:
         b4:4e:b4:d5:ba:3c:78:e7:79:34:80:66:a1:88:2d:bc:70:b2:
         aa:3c:69:fd
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzJvEtcxkTeRlWNLf0HIdEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNzk1NGQ4OGMwYWUzZjYzOTg2OTdiZmRmYzE5NTZhNzUz
ZTgzZDgwHhcNMjQwMTAyMTAzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTA0NTM0NzY3OTgzNjViZWM0MjZlOWE1NTY1ODc0ZjQ5NzA0NDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5d4WY2ke6hvbFU9pOUm/DquHzdb
brNYUDU0iySewk2fKGm/xuyX3Z9D7XqMkIxIQhYUEloxKNCIV1OnpDtSllqS5t17
5cnlNQOsbzzfspYpObVQmYAQXrXDe2bc47t6nhL+4xs9bwHD9R9nUX6sSDwDEdXd
XCVgcA2vP8LffFRDjLPMc+rzC4xcnORaAjScTK7HnjfDIrRrucX+jrBdoQ0jn3lZ
1rhgT+Mj/gB0Cy/RHez83ODcskVnFkv1cChl4jv3WAtYGOWDYZ89anlh1KP4K3tO
fBkB19bLCqszR8vOlQUafb4LIgVV5foCzTT1Pl4FXXp/DNmIjXl0d9r1MwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFNEEU0dnmDZb7EJumlVlh09JcERdMB8GA1UdIwQY
MBaAFD95VNiMCuP2OYaXv9/BlWp1PoPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDNsVTJJd0s0X1k1aHBlXzM4R1ZhblUtZzlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84MmU2NTYtMTRhMy00ZTNhLTlkNmUt
YWY0MDYwODZiODliLzEvMFFSVFIyZVlObHZzUW02YVZXV0hUMGx3UkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84MmU2NTYtMTRhMy00ZTNhLTlkNmUtYWY0MDYwODZiODli
LzEvUDNsVTJJd0s0X1k1aHBlXzM4R1ZhblUtZzlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQCH6ykMAwD
BAAtCOkDBAItCOgDBAC5BD8DBAK5VHADBAK56TADBAO8QagDBAHBIS4DBADBJZYD
BADBOWAwFAQCAAIwDgMFAyoCIogDBQMqDNUAMA0GCSqGSIb3DQEBCwUAA4IBAQBK
o6g5mK8qE86nt5dhyeRi5/wq5ElGkaeJO9TYIifhFGdnjltlzsrC6/uhBNqhGAtO
paQ5QeTdfZqFhD7I6l5+h93dukzuUdYlmxuGS9c77pMV54/pOoBkt3UnfjkPCc/i
XxVUbDP6w5VHytYnBNyinT6nWj1emLtnZ2LYZZj7bmO1AYkiVS4NBhbZ+A64CpJV
+jsvTBtYBjDWviwwGwvzSNY1axe8WqTjp9bhukkxPGVrtBD/+IT1PhZTHd2JyXRU
hjUN5Y/d29taqIwWqzQLxv2tPGLV/KN70vrkxdQhDNzYVk8eMhYO8yC0TrTVujx4
53k0gGahiC28cLKqPGn9
-----END CERTIFICATE-----