Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/L9-WnUUnu26Y50-Dpr6a68c6w6Q.roa
File:                     L9-WnUUnu26Y50-Dpr6a68c6w6Q.roa (raw, json)
Hash identifier:          Ahey5gatcakCqjccn5ALA9S7CLFsps8fRQYmsRq8WSo=
Subject key identifier:   2F:DF:96:9D:45:27:BB:6E:98:E7:4F:83:A6:BE:9A:EB:C7:3A:C3:A4
Certificate issuer:       /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial:       0190593D29936C6285791B7394A76497B2F0
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/L9-WnUUnu26Y50-Dpr6a68c6w6Q.roa
Signing time:             Thu 27 Jun 2024 10:28:18 +0000
ROA not before:           Thu 27 Jun 2024 10:28:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43641
IP address blocks:        45.11.56.0/24 maxlen: 24
                          45.11.59.0/24 maxlen: 24
                          45.134.174.0/24 maxlen: 24
                          45.134.175.0/24 maxlen: 24
                          91.222.172.0/22 maxlen: 24
                          91.234.198.0/23 maxlen: 24
                          91.234.199.0/24 maxlen: 24
                          176.97.120.0/23 maxlen: 23
                          176.97.125.0/24 maxlen: 24
                          176.97.126.0/23 maxlen: 23
                          176.97.126.0/24 maxlen: 24
                          185.254.199.0/24 maxlen: 24
                          194.42.206.0/23 maxlen: 24
                          195.26.86.0/23 maxlen: 24
                          195.160.220.0/22 maxlen: 24
                          2a09:2dc1::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 27 Jun 2024 10:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:59:3d:29:93:6c:62:85:79:1b:73:94:a7:64:97:b2:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
        Validity
            Not Before: Jun 27 10:28:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fdf969d4527bb6e98e74f83a6be9aebc73ac3a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9e:fa:e4:5a:8b:46:38:3a:9f:5a:4a:39:1e:
                    5d:a8:17:4c:fd:cb:cb:6e:a1:a9:83:65:c5:e3:d7:
                    af:69:1a:f4:4f:3d:33:10:14:dc:54:97:a0:bb:bf:
                    7f:7e:aa:38:88:25:b3:be:54:99:07:55:da:fc:c6:
                    66:6c:42:07:f2:b7:30:89:92:92:a4:27:7a:72:e9:
                    b3:56:67:de:7d:63:a8:61:54:dd:d1:26:d9:79:bf:
                    17:d4:ef:c4:ae:be:d7:da:c1:f9:ae:67:47:4b:68:
                    4d:a9:4d:89:4b:2a:b0:2a:d4:ad:1a:3d:26:b8:27:
                    94:1e:40:fc:fd:a9:56:26:dd:37:62:28:e1:c9:65:
                    e1:d7:d0:52:ca:0c:6e:43:fd:98:cc:56:a6:d6:ba:
                    1f:42:92:02:9e:a5:d7:e6:d9:6a:a2:b8:44:fe:f6:
                    41:09:e2:a3:77:2a:f2:3e:c7:45:de:a9:c8:63:9d:
                    33:27:27:9e:02:10:98:24:87:ba:83:af:ed:1f:0a:
                    74:d4:4b:01:b2:d3:c9:30:56:8d:61:37:82:85:a3:
                    c4:7a:2c:43:4d:9e:e8:dd:11:7a:96:d2:40:1e:96:
                    91:27:86:3d:67:f1:34:4a:0c:58:5a:ec:45:5f:df:
                    05:6e:39:22:b2:70:55:9e:e2:d4:5b:af:c1:f9:6e:
                    30:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:DF:96:9D:45:27:BB:6E:98:E7:4F:83:A6:BE:9A:EB:C7:3A:C3:A4
            X509v3 Authority Key Identifier:
                keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/L9-WnUUnu26Y50-Dpr6a68c6w6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.56.0/24
                  45.11.59.0/24
                  45.134.174.0/23
                  91.222.172.0/22
                  91.234.198.0/23
                  176.97.120.0/23
                  176.97.125.0-176.97.127.255
                  185.254.199.0/24
                  194.42.206.0/23
                  195.26.86.0/23
                  195.160.220.0/22
                IPv6:
                  2a09:2dc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:44:cb:df:26:c8:4f:37:1b:09:be:a6:e6:52:65:40:71:52:
         89:8b:73:99:17:ea:f7:e6:9c:42:f2:9e:1f:1b:6a:1e:b5:49:
         43:f3:cd:74:bf:c5:47:b1:4f:bf:de:45:31:bb:a4:a1:d4:7c:
         01:a5:1f:24:eb:b9:cc:f7:83:67:73:e2:69:46:00:b6:a0:a8:
         8f:57:5a:3a:2e:59:cc:cb:55:70:a1:9b:bb:ba:ae:a3:5e:cf:
         f3:b1:c7:30:38:3e:79:2e:6a:d6:a2:63:26:2b:8e:90:e5:97:
         0d:b1:62:d3:11:52:27:d1:52:53:f3:b0:f2:29:03:2e:5c:da:
         32:a0:de:85:3e:ee:89:38:e8:57:7d:0a:73:cd:03:2d:bd:07:
         b8:87:8a:fa:88:65:a8:ee:44:a2:50:be:f4:4a:57:15:fc:b7:
         4d:f7:10:02:8b:e8:4d:a0:0d:35:3e:c3:6e:a6:76:18:55:ae:
         32:ea:91:bf:f1:57:77:5a:cf:b4:db:93:af:30:48:6b:be:9e:
         dd:be:de:26:f1:5d:1b:0c:83:cc:40:70:8e:a9:67:7f:d3:30:
         90:57:15:df:5f:d5:b4:51:48:b2:48:39:de:9d:19:38:0d:8c:
         cb:af:d7:98:56:9f:d0:e1:1b:86:ba:fd:73:83:0f:8f:22:fa:
         91:15:f6:8f
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZBZPSmTbGKFeRtzlKdkl7LwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjQwNjI3MTAyODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmRmOTY5ZDQ1MjdiYjZlOThlNzRmODNhNmJlOWFlYmM3M2FjM2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0J765FqLRjg6n1pKOR5dqBdM/cvL
bqGpg2XF49evaRr0Tz0zEBTcVJegu79/fqo4iCWzvlSZB1Xa/MZmbEIH8rcwiZKS
pCd6cumzVmfefWOoYVTd0SbZeb8X1O/Err7X2sH5rmdHS2hNqU2JSyqwKtStGj0m
uCeUHkD8/alWJt03YijhyWXh19BSygxuQ/2YzFam1rofQpICnqXX5tlqorhE/vZB
CeKjdyryPsdF3qnIY50zJyeeAhCYJIe6g6/tHwp01EsBstPJMFaNYTeChaPEeixD
TZ7o3RF6ltJAHpaRJ4Y9Z/E0SgxYWuxFX98FbjkisnBVnuLUW6/B+W4wjQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFC/flp1FJ7tumOdPg6a+muvHOsOkMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvTDktV25VVW51MjZZNTAtRHByNmE2OGM2dzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQALQs4AwQA
LQs7AwQBLYauAwQCW96sAwQBW+rGAwQBsGF4MAwDBACwYX0DBAewYQADBAC5/scD
BAHCKs4DBAHDGlYDBALDoNwwDQQCAAIwBwMFACoJLcEwDQYJKoZIhvcNAQELBQAD
ggEBAFlEy98myE83Gwm+puZSZUBxUomLc5kX6vfmnELynh8bah61SUPzzXS/xUex
T7/eRTG7pKHUfAGlHyTrucz3g2dz4mlGALagqI9XWjouWczLVXChm7u6rqNez/Ox
xzA4PnkuataiYyYrjpDllw2xYtMRUifRUlPzsPIpAy5c2jKg3oU+7ok46Fd9CnPN
Ay29B7iHivqIZajuRKJQvvRKVxX8t033EAKL6E2gDTU+w26mdhhVrjLqkb/xV3da
z7Tbk68wSGu+nt2+3ibxXRsMg8xAcI6pZ3/TMJBXFd9f1bRRSLJIOd6dGTgNjMuv
15hWn9DhG4a6/XODD48i+pEV9o8=
-----END CERTIFICATE-----