Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/rMN_R8_3AecjXRKILNOogNYbNd0.roa
File:                     rMN_R8_3AecjXRKILNOogNYbNd0.roa (raw, json)
Hash identifier:          ER/w22DC4X6d15UId7LPYJSStCBi3Hm9tkg7FUIxH6g=
Subject key identifier:   AC:C3:7F:47:CF:F7:01:E7:23:5D:12:88:2C:D3:A8:80:D6:1B:35:DD
Certificate issuer:       /CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
Certificate serial:       018DF93EA637B6C32033C1890C5D3FCA5641
Authority key identifier: 92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/rMN_R8_3AecjXRKILNOogNYbNd0.roa
Signing time:             Fri 01 Mar 2024 09:00:49 +0000
ROA not before:           Fri 01 Mar 2024 09:00:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136787
IP address blocks:        45.143.68.0/24 maxlen: 24
                          45.143.69.0/24 maxlen: 24
                          45.143.70.0/24 maxlen: 24
                          45.143.71.0/24 maxlen: 24
                          83.150.240.0/24 maxlen: 24
                          83.150.241.0/24 maxlen: 24
                          83.150.242.0/24 maxlen: 24
                          83.150.243.0/24 maxlen: 24
                          95.181.216.0/24 maxlen: 24
                          95.181.217.0/24 maxlen: 24
                          95.181.218.0/24 maxlen: 24
                          95.181.219.0/24 maxlen: 24
                          185.75.208.0/24 maxlen: 24
                          185.75.209.0/24 maxlen: 24
                          185.75.210.0/24 maxlen: 24
                          185.75.211.0/24 maxlen: 24
                          193.108.243.0/24 maxlen: 24
                          193.201.248.0/24 maxlen: 24
                          193.201.250.0/24 maxlen: 24
                          193.201.251.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 01 Mar 2024 09:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:3e:a6:37:b6:c3:20:33:c1:89:0c:5d:3f:ca:56:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
        Validity
            Not Before: Mar  1 09:00:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acc37f47cff701e7235d12882cd3a880d61b35dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0a:b2:17:45:ef:fa:86:34:b7:7a:aa:9d:33:
                    bc:7f:73:57:b8:5a:90:22:85:3f:aa:db:52:0a:bf:
                    5f:a7:64:24:52:53:bc:e5:cf:e2:97:8f:7c:de:e0:
                    a0:b4:f7:d5:e6:62:40:9d:62:b5:9f:90:f1:e1:50:
                    dd:82:82:f6:c8:a7:fc:84:5f:1d:bc:f6:1b:93:8c:
                    dc:a8:44:e9:7b:18:36:27:f7:1e:f8:11:42:26:47:
                    4b:63:c2:ff:de:c8:7f:6a:b1:f6:fd:21:ed:98:e4:
                    57:5d:d2:63:52:07:60:8c:8d:c2:e6:06:65:ff:83:
                    00:1c:91:31:bc:d9:a5:1c:01:d6:19:b5:42:e3:ed:
                    10:34:81:eb:7f:8e:05:d7:7e:4e:de:b6:9a:15:cb:
                    01:bb:9c:62:54:b4:f8:8f:89:6e:65:bc:92:e0:13:
                    7b:e5:23:c4:08:5c:70:3e:c1:c2:2e:cc:66:40:72:
                    8e:b0:2f:9e:74:7f:5f:f3:92:0e:fc:7e:8e:23:05:
                    5a:e8:86:38:ab:2e:e3:79:05:0f:3e:fa:4a:96:81:
                    c3:1c:40:af:73:bc:a5:e5:09:fd:40:86:be:ec:9e:
                    e3:3b:c2:61:99:e4:ab:a7:15:ee:a8:09:e1:d5:e7:
                    13:f9:b5:a4:5b:dd:6f:9e:db:6b:0b:6d:bc:9b:9b:
                    7b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C3:7F:47:CF:F7:01:E7:23:5D:12:88:2C:D3:A8:80:D6:1B:35:DD
            X509v3 Authority Key Identifier:
                keyid:92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/rMN_R8_3AecjXRKILNOogNYbNd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.68.0/22
                  83.150.240.0/22
                  95.181.216.0/22
                  185.75.208.0/22
                  193.108.243.0/24
                  193.201.248.0/24
                  193.201.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:58:d9:f9:ab:f8:8b:bf:c9:19:b6:c3:c2:c9:0a:bc:f5:ba:
         71:50:06:7d:d8:0a:f3:13:44:6c:4e:b2:71:02:23:c1:53:3a:
         2f:67:cc:3c:ec:df:5f:d7:63:ab:16:5e:b3:1b:d6:72:11:62:
         06:f6:9c:3f:80:93:26:09:34:b3:d7:ee:0a:9f:b5:c6:e9:fa:
         74:4f:e0:15:f2:b4:7b:b6:cf:a2:53:75:39:59:29:97:ee:a7:
         99:31:22:01:d4:f8:ed:c2:9c:97:53:20:63:d1:8f:12:69:63:
         46:a2:8b:02:1e:ba:34:c3:70:c8:07:78:1c:6d:ff:90:73:1c:
         f3:b8:13:0d:99:bf:54:d9:0b:ed:60:f9:db:ba:af:9c:38:f9:
         09:e0:5a:5e:ab:9e:19:9e:b5:67:69:fa:b5:8e:74:0f:16:dd:
         11:3d:c9:0d:7f:61:33:1e:d7:05:4c:e1:4c:48:82:6e:72:cc:
         83:0f:c8:93:c9:5e:6d:03:1e:2b:6f:66:9d:cf:21:4e:d2:e6:
         b9:a3:54:e7:86:45:7d:40:aa:c4:fa:e8:84:ab:e3:81:b6:75:
         e2:12:85:bb:c8:2f:85:e3:42:6a:2b:41:db:f8:72:00:b3:ec:
         08:71:11:00:35:43:e1:9e:81:e2:32:0a:6f:44:2f:b7:29:26:
         ef:12:7d:d3
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY35PqY3tsMgM8GJDF0/ylZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjIwOGI0N2I2YTg2NGQ5ZDFmZjMzZTA2YWE4MWQxMzgx
OWE3NGUwHhcNMjQwMzAxMDkwMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2MzN2Y0N2NmZjcwMWU3MjM1ZDEyODgyY2QzYTg4MGQ2MWIzNWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQqyF0Xv+oY0t3qqnTO8f3NXuFqQ
IoU/qttSCr9fp2QkUlO85c/il4983uCgtPfV5mJAnWK1n5Dx4VDdgoL2yKf8hF8d
vPYbk4zcqETpexg2J/ce+BFCJkdLY8L/3sh/arH2/SHtmORXXdJjUgdgjI3C5gZl
/4MAHJExvNmlHAHWGbVC4+0QNIHrf44F135O3raaFcsBu5xiVLT4j4luZbyS4BN7
5SPECFxwPsHCLsxmQHKOsC+edH9f85IO/H6OIwVa6IY4qy7jeQUPPvpKloHDHECv
c7yl5Qn9QIa+7J7jO8JhmeSrpxXuqAnh1ecT+bWkW91vnttrC228m5t7bQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKzDf0fP9wHnI10SiCzTqIDWGzXdMB8GA1UdIwQY
MBaAFJIiCLR7aoZNnR/zPgaqgdE4GadOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lJSXRIdHFoazJkSF9NLUJxcUIwVGdacDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82OTkwZTktYzNjMC00NzhhLTk5OTct
OTViMDhlMzY2MGNmLzEvck1OX1I4XzNBZWNqWFJLSUxOT29nTlliTmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82OTkwZTktYzNjMC00NzhhLTk5OTctOTViMDhlMzY2MGNm
LzEva2lJSXRIdHFoazJkSF9NLUJxcUIwVGdacDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCLY9EAwQC
U5bwAwQCX7XYAwQCuUvQAwQAwWzzAwQAwcn4AwQBwcn6MA0GCSqGSIb3DQEBCwUA
A4IBAQBjWNn5q/iLv8kZtsPCyQq89bpxUAZ92ArzE0RsTrJxAiPBUzovZ8w87N9f
12OrFl6zG9ZyEWIG9pw/gJMmCTSz1+4Kn7XG6fp0T+AV8rR7ts+iU3U5WSmX7qeZ
MSIB1PjtwpyXUyBj0Y8SaWNGoosCHro0w3DIB3gcbf+QcxzzuBMNmb9U2QvtYPnb
uq+cOPkJ4Fpeq54ZnrVnafq1jnQPFt0RPckNf2EzHtcFTOFMSIJucsyDD8iTyV5t
Ax4rb2adzyFO0ua5o1TnhkV9QKrE+uiEq+OBtnXiEoW7yC+F40JqK0Hb+HIAs+wI
cREANUPhnoHiMgpvRC+3KSbvEn3T
-----END CERTIFICATE-----