Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/P3nAGLxIrW3EEo6gz8rIAdrAisE.roa
File:                     P3nAGLxIrW3EEo6gz8rIAdrAisE.roa (raw, json)
Hash identifier:          mn/4Uk1uybItPw6lV13kOSB6MMiky13PRBR8hdPlg4M=
Subject key identifier:   3F:79:C0:18:BC:48:AD:6D:C4:12:8E:A0:CF:CA:C8:01:DA:C0:8A:C1
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       0192D63121EBBEBDF39489153DAA90FB5C98
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/P3nAGLxIrW3EEo6gz8rIAdrAisE.roa
Signing time:             Tue 29 Oct 2024 02:53:16 +0000
ROA not before:           Tue 29 Oct 2024 02:53:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61400
IP address blocks:        185.39.205.0/24 maxlen: 24
                          2a09:6281::/32 maxlen: 32
                          2a09:6282::/32 maxlen: 32
                          2a09:6283::/32 maxlen: 32
                          2a09:e2c0::/32 maxlen: 32
                          2a09:e2c1::/32 maxlen: 32
                          2a09:e2c2::/32 maxlen: 32
                          2a09:e2c3::/32 maxlen: 32
                          2a09:e2c4::/32 maxlen: 32
                          2a09:e2c5::/32 maxlen: 32
                          2a09:e2c6::/32 maxlen: 32
                          2a09:e2c7::/32 maxlen: 32
                          2a10:4102::/32 maxlen: 32
                          2a10:4106::/32 maxlen: 32
                          2a12:c300::/30 maxlen: 30
                          2a12:c300::/32 maxlen: 32
                          2a12:c301::/32 maxlen: 32
                          2a12:c302::/32 maxlen: 32
                          2a12:c303::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 19 Dec 2024 04:55:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d6:31:21:eb:be:bd:f3:94:89:15:3d:aa:90:fb:5c:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Oct 29 02:53:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f79c018bc48ad6dc4128ea0cfcac801dac08ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:33:ef:fa:57:29:8c:d3:d1:7a:56:01:37:3c:
                    6e:c8:90:e0:97:c2:4e:ec:b5:e2:d9:85:11:4f:70:
                    7c:9d:dd:8f:17:df:f2:8f:46:80:df:81:74:08:70:
                    6a:ca:c4:24:40:da:65:47:60:0a:35:a0:0f:ed:0b:
                    e8:a3:cb:63:04:21:eb:66:0f:cb:06:84:28:44:45:
                    38:8a:93:94:e8:3b:81:2a:29:cd:ba:d5:5a:9a:c0:
                    f5:0b:43:63:5d:9d:f5:42:de:87:0f:5f:05:61:d4:
                    14:a2:cf:2d:fd:70:d3:9b:1d:d6:54:ef:85:43:97:
                    53:3b:82:bc:32:a6:2c:c9:ea:d4:ba:9f:39:85:ae:
                    1a:85:6d:56:5b:fd:c7:82:00:ab:cf:30:26:c5:12:
                    18:67:3c:86:2a:11:78:8b:81:73:71:1f:ee:3f:e7:
                    25:06:36:d7:aa:9c:33:60:dc:bd:8b:8b:3d:e1:fa:
                    01:1d:8e:20:33:78:5e:89:c6:f9:85:40:f5:39:89:
                    81:be:05:6e:84:51:13:0a:d3:34:4d:8b:b9:00:97:
                    6d:04:5d:74:08:ee:13:b8:7c:cd:64:6d:96:54:bc:
                    5d:3a:a1:90:f3:24:b4:5d:07:bb:02:fc:71:28:cf:
                    d3:d1:f7:12:68:99:38:b5:80:ce:f1:a1:a4:93:9c:
                    9c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:79:C0:18:BC:48:AD:6D:C4:12:8E:A0:CF:CA:C8:01:DA:C0:8A:C1
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/P3nAGLxIrW3EEo6gz8rIAdrAisE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.205.0/24
                IPv6:
                  2a09:6281::-2a09:6283:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:e2c0::/29
                  2a10:4102::/32
                  2a10:4106::/32
                  2a12:c300::/30

    Signature Algorithm: sha256WithRSAEncryption
         39:11:f4:35:b7:5e:5a:bc:6c:26:a0:b1:1b:55:05:a6:59:3d:
         b1:9e:70:10:02:43:0f:7d:68:2b:ce:bb:74:0d:33:72:75:57:
         9d:81:58:e9:56:d7:86:14:69:74:65:f9:43:85:d0:34:e6:8d:
         89:a0:e0:a3:f0:e8:cd:43:54:1f:c6:17:17:19:e4:d0:b4:79:
         e7:7f:ef:24:ac:1a:a4:5e:ba:c1:23:8b:58:ed:c2:0e:64:92:
         76:62:8f:d0:0a:f1:8d:cc:dc:66:68:05:f6:4a:22:20:33:42:
         14:62:02:0c:e6:69:8f:bf:81:e7:a3:71:1d:56:7f:0f:1b:09:
         16:68:fe:84:0c:ee:15:31:b5:7d:83:82:9d:f3:ac:98:8f:fb:
         5b:fa:47:60:fe:fb:46:a2:c3:f7:6a:20:82:85:00:0e:89:3f:
         a8:1c:2f:f5:f1:61:82:bc:9d:f2:99:54:99:a9:59:de:68:e3:
         e9:f6:ee:a6:0e:74:64:b5:d4:63:7e:34:2d:91:23:8a:ed:45:
         6a:77:85:a6:38:32:3a:4e:5f:c9:6a:20:e4:d8:83:1c:03:85:
         3b:22:ff:8f:6e:ef:69:a9:c6:ce:4b:56:13:82:2b:22:ec:a6:
         5a:ef:b6:f0:8b:c5:d4:1b:71:3d:04:71:27:4a:45:0f:17:71:
         3a:20:56:d8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZLWMSHrvr3zlIkVPaqQ+1yYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQxMDI5MDI1MzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjc5YzAxOGJjNDhhZDZkYzQxMjhlYTBjZmNhYzgwMWRhYzA4YWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDPv+lcpjNPRelYBNzxuyJDgl8JO
7LXi2YURT3B8nd2PF9/yj0aA34F0CHBqysQkQNplR2AKNaAP7Qvoo8tjBCHrZg/L
BoQoREU4ipOU6DuBKinNutVamsD1C0NjXZ31Qt6HD18FYdQUos8t/XDTmx3WVO+F
Q5dTO4K8MqYsyerUup85ha4ahW1WW/3HggCrzzAmxRIYZzyGKhF4i4FzcR/uP+cl
BjbXqpwzYNy9i4s94foBHY4gM3heicb5hUD1OYmBvgVuhFETCtM0TYu5AJdtBF10
CO4TuHzNZG2WVLxdOqGQ8yS0XQe7AvxxKM/T0fcSaJk4tYDO8aGkk5yctQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFD95wBi8SK1txBKOoM/KyAHawIrBMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvUDNuQUdMeElyVzNFRW82Z3o4cklBZHJBaXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAMBAIAATAGAwQAuSfNMDIE
AgACMCwwDgMFACoJYoEDBQIqCWKAAwUDKgniwAMFACoQQQIDBQAqEEEGAwUCKhLD
ADANBgkqhkiG9w0BAQsFAAOCAQEAORH0NbdeWrxsJqCxG1UFplk9sZ5wEAJDD31o
K867dA0zcnVXnYFY6VbXhhRpdGX5Q4XQNOaNiaDgo/DozUNUH8YXFxnk0LR553/v
JKwapF66wSOLWO3CDmSSdmKP0ArxjczcZmgF9koiIDNCFGICDOZpj7+B56NxHVZ/
DxsJFmj+hAzuFTG1fYOCnfOsmI/7W/pHYP77RqLD92oggoUADok/qBwv9fFhgryd
8plUmalZ3mjj6fbupg50ZLXUY340LZEjiu1FaneFpjgyOk5fyWog5NiDHAOFOyL/
j27vaanGzktWE4IrIuymWu+28IvF1BtxPQRxJ0pFDxdxOiBW2A==
-----END CERTIFICATE-----