Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/mUQtLnmc0dq_a6apjgiBjUPcLbs.roa
File:                     mUQtLnmc0dq_a6apjgiBjUPcLbs.roa (raw, json)
Hash identifier:          jHsH91JY3lbbYvfB3ZJqvisZeDVbGBtEV7KmohQGA/o=
Subject key identifier:   99:44:2D:2E:79:9C:D1:DA:BF:6B:A6:A9:8E:08:81:8D:43:DC:2D:BB
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0196D3D2D08EAD074B66148AD38B95E53A28
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/mUQtLnmc0dq_a6apjgiBjUPcLbs.roa
Signing time:             Thu 15 May 2025 12:02:10 +0000
ROA not before:           Thu 15 May 2025 12:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        84.21.188.0/24 maxlen: 24
                          2a06:a600::/29 maxlen: 29
                          2a06:b5c0::/29 maxlen: 29
                          2a06:bf40::/29 maxlen: 29
                          2a0e:1a84::/32 maxlen: 32
                          2a0e:f600:5f::/48 maxlen: 48
                          2a0f:1e84:20::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Wed 21 May 2025 10:23:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:d2:d0:8e:ad:07:4b:66:14:8a:d3:8b:95:e5:3a:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 15 12:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99442d2e799cd1dabf6ba6a98e08818d43dc2dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a1:3b:5b:36:db:76:fe:6f:e6:84:b1:df:d7:
                    7d:59:5c:07:ea:5b:7e:33:24:d4:da:2d:29:c0:c6:
                    5f:70:5f:fa:b7:3f:c2:95:d9:19:d5:3b:2a:f0:78:
                    84:71:ed:5f:ab:a8:ec:b4:9a:9a:12:6c:84:97:8d:
                    d6:80:c7:2b:e2:b4:21:66:dd:2f:e6:53:ac:f6:f7:
                    62:14:15:ef:c9:57:6f:67:61:17:98:0c:7e:07:ee:
                    5f:c3:84:84:ad:93:9a:8a:1b:8b:70:7f:1b:d3:3d:
                    dd:a5:c8:42:5a:8c:f1:a0:6f:57:33:b2:48:f4:7a:
                    52:f7:03:fc:91:04:0c:d9:58:18:af:92:d8:3c:70:
                    ac:96:7b:8d:ff:84:fb:e2:b7:bd:e9:cd:79:96:7c:
                    52:cf:30:d4:72:4f:e5:ad:d0:6b:1f:d0:dd:8a:7a:
                    03:5a:6d:7d:f0:f0:5c:be:53:0d:81:61:ef:3b:91:
                    22:07:90:9d:40:fa:e3:be:26:22:27:d1:fd:98:e0:
                    e7:7d:8b:49:ba:5c:99:f7:94:f2:14:5c:4e:f1:fb:
                    7f:d3:51:5b:eb:56:1b:4e:fc:f2:4b:62:aa:c0:58:
                    5f:43:74:52:bd:0a:05:12:fd:71:2c:92:07:7c:76:
                    c5:5b:dd:b6:cd:ce:a0:28:14:e6:9b:4c:c9:06:37:
                    72:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:44:2D:2E:79:9C:D1:DA:BF:6B:A6:A9:8E:08:81:8D:43:DC:2D:BB
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/mUQtLnmc0dq_a6apjgiBjUPcLbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.188.0/24
                IPv6:
                  2a06:a600::/29
                  2a06:b5c0::/29
                  2a06:bf40::/29
                  2a0e:1a84::/32
                  2a0e:f600:5f::/48
                  2a0f:1e84:20::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:ce:76:34:28:ed:dc:1f:ef:84:77:2f:61:b2:1a:33:37:98:
         1d:7d:7b:a4:17:54:51:3e:3f:9a:ee:c9:62:a3:64:83:1c:3b:
         69:e2:f4:a2:da:17:72:62:1a:0f:a3:7b:28:b6:8c:31:2d:3f:
         50:1f:a6:e4:98:27:d8:7b:3c:b4:b6:3c:ed:15:58:33:ac:74:
         ac:bb:4a:8c:9b:45:cf:b2:71:c4:7b:d2:c6:38:64:69:80:0d:
         da:55:2a:50:b8:ee:d7:53:8a:e3:3e:31:7f:8b:e7:9c:94:57:
         5e:3d:4a:34:1b:25:05:40:d2:89:e7:d5:7a:59:93:67:38:02:
         cc:31:2a:75:17:02:30:ae:ec:aa:fd:84:1b:db:41:1b:05:44:
         92:dd:41:2e:51:84:43:ee:0d:f4:7f:55:8a:74:4c:a1:fe:a2:
         ba:ff:d4:f2:78:a2:43:da:34:5f:42:40:63:e1:3b:d0:4f:ef:
         7e:a9:ce:bf:a3:ec:c9:e5:b4:7d:84:d9:41:25:c2:63:c5:76:
         c4:e0:6f:b0:6b:12:92:27:7e:82:e9:de:41:91:e8:21:4a:94:
         db:a4:4d:86:06:da:0e:0c:1b:bb:3c:59:49:86:89:da:6f:d6:
         a7:32:e0:0b:0e:2f:0d:6d:b5:b4:81:2a:de:ae:43:d1:35:6b:
         02:19:6c:85
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZbT0tCOrQdLZhSK04uV5TooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNTE1MTIwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTQ0MmQyZTc5OWNkMWRhYmY2YmE2YTk4ZTA4ODE4ZDQzZGMyZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaE7Wzbbdv5v5oSx39d9WVwH6lt+
MyTU2i0pwMZfcF/6tz/CldkZ1Tsq8HiEce1fq6jstJqaEmyEl43WgMcr4rQhZt0v
5lOs9vdiFBXvyVdvZ2EXmAx+B+5fw4SErZOaihuLcH8b0z3dpchCWozxoG9XM7JI
9HpS9wP8kQQM2VgYr5LYPHCslnuN/4T74re96c15lnxSzzDUck/lrdBrH9DdinoD
Wm198PBcvlMNgWHvO5EiB5CdQPrjviYiJ9H9mODnfYtJulyZ95TyFFxO8ft/01Fb
61YbTvzyS2KqwFhfQ3RSvQoFEv1xLJIHfHbFW922zc6gKBTmm0zJBjdyYQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFJlELS55nNHav2umqY4IgY1D3C27MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvbVVRdExubWMwZHFfYTZhcGpnaUJqVVBjTGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTAMBAIAATAGAwQAVBW8ME0E
AgACMEcDBQMqBqYAAwUDKga1wAMFAyoGv0ADBQAqDhqEAwcAKg72AABfAwcAKg8e
hAAgAwcAKg99AAABAwcAKg+8AKHEAwUDKhMrQDANBgkqhkiG9w0BAQsFAAOCAQEA
Os52NCjt3B/vhHcvYbIaMzeYHX17pBdUUT4/mu7JYqNkgxw7aeL0otoXcmIaD6N7
KLaMMS0/UB+m5Jgn2Hs8tLY87RVYM6x0rLtKjJtFz7JxxHvSxjhkaYAN2lUqULju
11OK4z4xf4vnnJRXXj1KNBslBUDSiefVelmTZzgCzDEqdRcCMK7sqv2EG9tBGwVE
kt1BLlGEQ+4N9H9VinRMof6iuv/U8niiQ9o0X0JAY+E70E/vfqnOv6PsyeW0fYTZ
QSXCY8V2xOBvsGsSkid+guneQZHoIUqU26RNhgbaDgwbuzxZSYaJ2m/WpzLgCw4v
DW21tIEq3q5D0TVrAhlshQ==
-----END CERTIFICATE-----