Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/u3FaQeWrf9TPMETX39elv1IC9aU.roa
File:                     u3FaQeWrf9TPMETX39elv1IC9aU.roa (raw, json)
Hash identifier:          P/otESFK2vYh7plp14GZN999ABNajNeA8xZmmKduTAg=
Subject key identifier:   BB:71:5A:41:E5:AB:7F:D4:CF:30:44:D7:DF:D7:A5:BF:52:02:F5:A5
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       01964E78A0E83469D83B3EAB3CE237DE8D91
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/u3FaQeWrf9TPMETX39elv1IC9aU.roa
Signing time:             Sat 19 Apr 2025 14:34:10 +0000
ROA not before:           Sat 19 Apr 2025 14:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        45.139.6.0/23 maxlen: 24
                          46.249.110.0/24 maxlen: 24
                          82.115.0.0/24 maxlen: 24
                          82.115.9.0/24 maxlen: 24
                          82.115.28.0/23 maxlen: 24
                          89.251.10.0/24 maxlen: 24
                          159.255.32.0/22 maxlen: 22
                          159.255.36.0/22 maxlen: 22
                          178.173.232.0/21 maxlen: 24
                          185.231.172.0/22 maxlen: 24
                          188.253.8.0/21 maxlen: 24
                          202.133.90.0/23 maxlen: 24
                          213.173.32.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Thu 24 Apr 2025 15:33:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4e:78:a0:e8:34:69:d8:3b:3e:ab:3c:e2:37:de:8d:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Apr 19 14:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb715a41e5ab7fd4cf3044d7dfd7a5bf5202f5a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:75:82:76:f6:30:33:5a:0b:01:d6:73:0f:f6:
                    11:1c:b4:74:06:53:91:ba:31:85:15:fc:bc:33:3f:
                    f8:97:ce:d3:49:1e:90:02:66:18:28:cb:ad:93:f7:
                    2a:e8:a3:8a:f3:79:1a:e0:f9:a5:52:19:4d:d6:d1:
                    60:4f:da:36:8c:40:79:af:26:78:a6:94:e8:c9:37:
                    fb:b3:42:49:79:74:ae:79:43:ab:b5:02:8b:f8:a1:
                    9b:ef:cd:67:61:50:8e:2d:98:58:5a:51:c3:b6:d9:
                    b8:5d:98:b7:58:96:39:35:7a:0a:28:3e:f0:26:6e:
                    cf:19:ce:7d:83:14:9e:63:e8:ff:46:04:f1:dd:a3:
                    5c:b3:dd:f7:08:a8:2a:05:64:df:90:cd:a3:68:d2:
                    a9:cf:0c:ec:a2:19:b7:8e:30:6f:a4:ee:5f:35:b4:
                    a9:9c:67:34:95:c0:70:ee:1e:96:2c:0e:c8:b4:70:
                    d0:6e:ce:17:8c:aa:a3:68:ee:0c:04:0a:5e:9a:44:
                    7b:a5:15:38:9f:1d:a9:09:2b:94:60:38:fc:21:40:
                    87:06:8d:d0:d3:82:69:7b:15:53:6c:4c:c2:6b:f4:
                    e0:b4:93:02:a3:23:7a:2f:90:6b:54:d0:1d:a6:a4:
                    1c:b4:72:c2:0e:2e:6c:2b:b6:72:7f:e7:d0:d4:b0:
                    f7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:71:5A:41:E5:AB:7F:D4:CF:30:44:D7:DF:D7:A5:BF:52:02:F5:A5
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/u3FaQeWrf9TPMETX39elv1IC9aU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.6.0/23
                  46.249.110.0/24
                  82.115.0.0/24
                  82.115.9.0/24
                  82.115.28.0/23
                  89.251.10.0/24
                  159.255.32.0/21
                  178.173.232.0/21
                  185.231.172.0/22
                  188.253.8.0/21
                  202.133.90.0/23
                  213.173.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:30:e3:c3:1f:25:b6:29:dc:ca:49:0d:7b:2a:7f:58:b0:47:
         4e:84:56:1a:1a:35:4a:b7:4a:ff:20:61:ac:76:f6:9f:31:11:
         a8:36:da:67:35:80:19:c5:5f:48:78:53:3e:73:81:ce:79:fe:
         97:fa:4c:4b:01:43:cd:d7:d3:5c:64:e7:6f:d7:9c:f9:26:3c:
         06:6d:07:b5:ef:79:ab:5b:81:8f:b2:c3:90:8a:65:54:4b:1d:
         0a:a0:9f:4c:99:4c:c3:d6:f8:6b:74:2d:8a:8f:c5:15:69:29:
         ff:90:51:01:0d:6d:a1:e3:64:fb:7f:6f:d3:ba:73:82:52:a3:
         14:55:f5:5c:2e:fe:11:ff:23:d8:35:77:f3:16:94:ff:47:64:
         2c:24:aa:18:47:cb:51:1e:64:0f:46:4b:66:45:01:eb:15:7a:
         7e:74:6d:41:e5:6a:3f:da:93:95:84:62:9d:62:5a:f5:15:2a:
         2c:69:c5:0f:aa:42:63:c3:5c:48:c1:8d:01:d8:ea:7d:bc:f4:
         a8:a8:c3:4b:39:eb:f2:23:76:83:63:c6:84:91:db:38:a2:3d:
         09:ac:22:b4:90:a9:4b:16:19:f7:36:2a:61:1c:f7:11:11:b2:
         d8:be:10:e4:d3:b8:a5:2b:47:11:ce:22:f2:1f:87:65:d8:d9:
         d0:ed:a3:77
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZZOeKDoNGnYOz6rPOI33o2RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNDE5MTQzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjcxNWE0MWU1YWI3ZmQ0Y2YzMDQ0ZDdkZmQ3YTViZjUyMDJmNWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13WCdvYwM1oLAdZzD/YRHLR0BlOR
ujGFFfy8Mz/4l87TSR6QAmYYKMutk/cq6KOK83ka4PmlUhlN1tFgT9o2jEB5ryZ4
ppToyTf7s0JJeXSueUOrtQKL+KGb781nYVCOLZhYWlHDttm4XZi3WJY5NXoKKD7w
Jm7PGc59gxSeY+j/RgTx3aNcs933CKgqBWTfkM2jaNKpzwzsohm3jjBvpO5fNbSp
nGc0lcBw7h6WLA7ItHDQbs4XjKqjaO4MBApemkR7pRU4nx2pCSuUYDj8IUCHBo3Q
04JpexVTbEzCa/TgtJMCoyN6L5BrVNAdpqQctHLCDi5sK7Zyf+fQ1LD3CwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLtxWkHlq3/UzzBE19/Xpb9SAvWlMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvdTNGYVFlV3JmOVRQTUVUWDM5ZWx2MUlDOWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQBLYsGAwQA
LvluAwQAUnMAAwQAUnMJAwQBUnMcAwQAWfsKAwQDn/8gAwQDsq3oAwQCueesAwQD
vP0IAwQByoVaAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQByMOPDHyW2KdzKSQ17
Kn9YsEdOhFYaGjVKt0r/IGGsdvafMRGoNtpnNYAZxV9IeFM+c4HOef6X+kxLAUPN
19NcZOdv15z5JjwGbQe173mrW4GPssOQimVUSx0KoJ9MmUzD1vhrdC2Kj8UVaSn/
kFEBDW2h42T7f2/TunOCUqMUVfVcLv4R/yPYNXfzFpT/R2QsJKoYR8tRHmQPRktm
RQHrFXp+dG1B5Wo/2pOVhGKdYlr1FSosacUPqkJjw1xIwY0B2Op9vPSoqMNLOevy
I3aDY8aEkds4oj0JrCK0kKlLFhn3NiphHPcREbLYvhDk07ilK0cRziLyH4dl2NnQ
7aN3
-----END CERTIFICATE-----