Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/nAUivBthkgwzX45P4yH_fa2JPew.roa
File:                     nAUivBthkgwzX45P4yH_fa2JPew.roa (raw, json)
Hash identifier:          lunssccoos8jSl0xs9rAuxfOZ6vTM0RXwJyxuWn7uc8=
Subject key identifier:   9C:05:22:BC:1B:61:92:0C:33:5F:8E:4F:E3:21:FF:7D:AD:89:3D:EC
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       018E7FFCE9A8C2146E05F6BF58AAF70D3D70
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/nAUivBthkgwzX45P4yH_fa2JPew.roa
Signing time:             Wed 27 Mar 2024 12:57:45 +0000
ROA not before:           Wed 27 Mar 2024 12:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7342
IP address blocks:        81.19.193.0/24 maxlen: 24
                          81.19.204.0/24 maxlen: 24
                          81.19.206.0/24 maxlen: 24
                          81.19.207.0/24 maxlen: 24
                          193.109.220.0/24 maxlen: 24
                          217.30.81.0/24 maxlen: 24
                          217.30.82.0/24 maxlen: 24
                          217.30.84.0/24 maxlen: 24
                          217.30.87.0/24 maxlen: 24
                          2a10:eec0::/48 maxlen: 48
                          2a10:eec0:3::/48 maxlen: 48
                          2a10:eec0:4::/48 maxlen: 48
                          2a10:eec0:7::/48 maxlen: 48
                          2a10:eec0:c::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 04 Apr 2024 14:52:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:fc:e9:a8:c2:14:6e:05:f6:bf:58:aa:f7:0d:3d:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Mar 27 12:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c0522bc1b61920c335f8e4fe321ff7dad893dec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f9:17:6a:cc:e4:65:2b:1d:9d:05:76:1b:f1:
                    2c:8a:82:ce:a6:ed:a0:73:6b:84:a5:9a:83:e3:44:
                    c5:bf:95:26:ee:8f:92:cc:41:9b:25:48:68:98:50:
                    f6:5b:80:fc:a3:44:0c:c7:c2:41:b2:1f:2f:f8:0a:
                    07:a6:8a:fc:4a:89:e0:7d:a7:83:66:e9:b5:bc:cb:
                    fe:0f:d3:7b:59:65:8b:34:7d:32:b6:50:79:ab:57:
                    68:fb:0c:31:8b:20:5c:58:7b:ec:e4:6e:8b:7f:8c:
                    fd:9b:e2:d4:f5:04:47:dd:6b:2a:67:df:d4:2c:4a:
                    65:3d:85:2b:d7:ca:7a:4d:31:27:12:c4:56:00:d1:
                    e8:2d:df:40:04:57:b1:a9:41:b0:80:b5:8d:b2:39:
                    5f:ac:fe:07:32:a4:aa:5e:57:86:65:87:9c:97:5b:
                    ca:bf:bd:55:83:a6:08:a9:50:82:ae:7b:a6:d2:ed:
                    25:52:de:9a:09:68:14:d5:e8:9e:67:86:41:10:93:
                    65:14:f8:82:1d:7c:0a:ce:13:b9:ff:cc:ad:c6:04:
                    a9:a6:b3:c3:31:ac:c0:6b:94:74:03:8a:cd:ca:9c:
                    98:89:d9:70:30:0f:0c:e6:d4:75:08:6b:e2:70:f3:
                    46:b9:3d:f6:51:bc:2c:e7:57:15:46:64:23:a2:12:
                    b3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:05:22:BC:1B:61:92:0C:33:5F:8E:4F:E3:21:FF:7D:AD:89:3D:EC
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/nAUivBthkgwzX45P4yH_fa2JPew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.193.0/24
                  81.19.204.0/24
                  81.19.206.0/23
                  193.109.220.0/24
                  217.30.81.0-217.30.82.255
                  217.30.84.0/24
                  217.30.87.0/24
                IPv6:
                  2a10:eec0::/48
                  2a10:eec0:3::-2a10:eec0:4:ffff:ffff:ffff:ffff:ffff
                  2a10:eec0:7::/48
                  2a10:eec0:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:6e:b5:53:e2:ea:1d:e5:b7:3e:b5:d0:ac:e6:2b:9e:b5:e8:
         ea:38:0d:54:73:da:2c:27:79:76:94:8f:7a:99:8e:94:62:11:
         bf:8e:69:75:8f:e6:1b:99:99:ae:ed:26:2e:c1:c8:60:55:dd:
         75:ae:40:0c:7e:71:05:dc:20:4b:4e:0c:ce:6e:6e:0b:f9:38:
         b3:c5:c8:61:f7:63:aa:ba:19:ee:f6:12:d2:90:30:83:31:41:
         02:56:83:02:e5:56:a5:b7:84:9b:72:a2:7c:3e:de:05:43:5b:
         8d:ef:60:b3:44:a1:fd:44:67:87:05:13:23:a7:31:4b:21:ed:
         90:16:f1:16:1f:38:0a:b7:dd:0e:4d:77:47:17:08:3b:62:95:
         a2:56:6a:53:b7:6c:28:d1:d6:c8:bd:87:4d:f5:08:3d:a1:07:
         6e:26:b2:2a:6b:27:69:33:86:da:e4:f4:64:79:fb:a1:54:eb:
         51:ba:23:c7:77:93:36:7e:6c:40:4a:ff:c1:2d:eb:e4:1d:1a:
         4e:42:18:84:08:28:c2:83:97:2a:1c:38:da:7d:63:18:9a:88:
         18:71:24:6b:14:43:a5:8c:2b:47:7c:77:0a:ed:ce:55:49:5d:
         8d:0a:78:56:12:1b:51:71:fe:4a:58:c2:ad:77:20:af:f2:2a:
         47:3b:67:92
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAY5//OmowhRuBfa/WKr3DT1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwMzI3MTI1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzA1MjJiYzFiNjE5MjBjMzM1ZjhlNGZlMzIxZmY3ZGFkODkzZGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvkXaszkZSsdnQV2G/EsioLOpu2g
c2uEpZqD40TFv5Um7o+SzEGbJUhomFD2W4D8o0QMx8JBsh8v+AoHpor8SongfaeD
Zum1vMv+D9N7WWWLNH0ytlB5q1do+wwxiyBcWHvs5G6Lf4z9m+LU9QRH3WsqZ9/U
LEplPYUr18p6TTEnEsRWANHoLd9ABFexqUGwgLWNsjlfrP4HMqSqXleGZYecl1vK
v71Vg6YIqVCCrnum0u0lUt6aCWgU1eieZ4ZBEJNlFPiCHXwKzhO5/8ytxgSpprPD
MazAa5R0A4rNypyYidlwMA8M5tR1CGvicPNGuT32Ubws51cVRmQjohKzQQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFJwFIrwbYZIMM1+OT+Mh/32tiT3sMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvbkFVaXZCdGhrZ3d6WDQ1UDR5SF9mYTJKUGV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwOAQCAAEwMgMEAFETwQME
AFETzAMEAVETzgMEAMFt3DAMAwQA2R5RAwQA2R5SAwQA2R5UAwQA2R5XMDUEAgAC
MC8DBwAqEO7AAAAwEgMHACoQ7sAAAwMHACoQ7sAABAMHACoQ7sAABwMHACoQ7sAA
DDANBgkqhkiG9w0BAQsFAAOCAQEAnW61U+LqHeW3PrXQrOYrnrXo6jgNVHPaLCd5
dpSPepmOlGIRv45pdY/mG5mZru0mLsHIYFXdda5ADH5xBdwgS04Mzm5uC/k4s8XI
YfdjqroZ7vYS0pAwgzFBAlaDAuVWpbeEm3KifD7eBUNbje9gs0Sh/URnhwUTI6cx
SyHtkBbxFh84CrfdDk13RxcIO2KVolZqU7dsKNHWyL2HTfUIPaEHbiayKmsnaTOG
2uT0ZHn7oVTrUbojx3eTNn5sQEr/wS3r5B0aTkIYhAgowoOXKhw42n1jGJqIGHEk
axRDpYwrR3x3Cu3OVUldjQp4VhIbUXH+SljCrXcgr/IqRztnkg==
-----END CERTIFICATE-----