Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/o4ACnXZYxa1Wf6xQZeNv9mwdhAM.roa
File:                     o4ACnXZYxa1Wf6xQZeNv9mwdhAM.roa (raw, json)
Hash identifier:          0BqSkQ5GH1lAtkTU17K/CTWJyBa5sniUj3lLlP1iPOU=
Subject key identifier:   A3:80:02:9D:76:58:C5:AD:56:7F:AC:50:65:E3:6F:F6:6C:1D:84:03
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       018FA56AFA354E8C4E95D4DB58880DC70C4F
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/o4ACnXZYxa1Wf6xQZeNv9mwdhAM.roa
Signing time:             Thu 23 May 2024 12:26:42 +0000
ROA not before:           Thu 23 May 2024 12:26:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60721
IP address blocks:        2a07:4a00::/29 maxlen: 29
                          2a0a:37c0::/29 maxlen: 29
                          2a0b:9800::/29 maxlen: 29
                          2a0b:a280::/29 maxlen: 29
                          2a0b:a300::/29 maxlen: 29
                          2a0c:7440::/29 maxlen: 29
                          2a0c:74c0::/29 maxlen: 29
                          2a0c:7540::/29 maxlen: 29
                          2a0d:2cc0::/29 maxlen: 29
                          2a0d:88c0::/29 maxlen: 29
                          2a0f:1180::/29 maxlen: 29
                          2a0f:2380::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 29 May 2024 10:25:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:6a:fa:35:4e:8c:4e:95:d4:db:58:88:0d:c7:0c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: May 23 12:26:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a380029d7658c5ad567fac5065e36ff66c1d8403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ab:99:d7:44:ec:fc:5a:ab:38:c1:4d:b4:7a:
                    d1:da:0e:88:e8:0a:7b:8e:c5:54:ed:1c:96:68:42:
                    00:99:ec:8f:83:b8:c3:0e:ac:84:5c:84:ef:c9:db:
                    b6:19:51:e2:d2:9c:7b:d9:77:62:5f:f2:97:28:55:
                    b5:23:90:9a:14:d0:eb:ca:bb:c9:d4:ef:fc:e4:d1:
                    00:8e:08:01:15:ee:5e:03:ad:c8:58:92:55:64:ec:
                    ee:37:39:cd:58:37:2d:44:d1:a0:dd:ec:e0:4c:30:
                    4f:62:76:a2:68:76:d4:9e:d2:c2:11:fe:ed:3c:f6:
                    1f:b0:45:45:18:79:e0:1a:82:55:cb:50:c6:55:2d:
                    c5:97:f9:c1:27:42:14:ad:f0:bd:21:44:0b:67:cf:
                    ac:38:56:d0:47:0c:76:c7:b1:f7:4b:f7:79:b7:82:
                    35:9f:03:85:2d:94:ce:1b:19:0a:7e:db:8d:85:07:
                    6c:56:24:6f:6d:37:d4:ad:c7:08:27:cc:f9:62:6b:
                    99:78:66:43:41:5f:bc:d8:88:4f:b1:6c:7c:d4:db:
                    fc:bd:bf:64:4e:ec:0d:ba:06:c4:8d:74:b4:d0:03:
                    66:21:cf:0a:d8:57:59:03:df:6b:1c:3a:39:76:14:
                    53:74:67:1d:31:59:06:5c:9a:3b:57:c1:45:c8:72:
                    92:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:80:02:9D:76:58:C5:AD:56:7F:AC:50:65:E3:6F:F6:6C:1D:84:03
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/o4ACnXZYxa1Wf6xQZeNv9mwdhAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4a00::/29
                  2a0a:37c0::/29
                  2a0b:9800::/29
                  2a0b:a280::/29
                  2a0b:a300::/29
                  2a0c:7440::/29
                  2a0c:74c0::/29
                  2a0c:7540::/29
                  2a0d:2cc0::/29
                  2a0d:88c0::/29
                  2a0f:1180::/29
                  2a0f:2380::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:df:18:48:44:ed:f5:e4:69:8b:a3:7b:39:da:a1:1d:78:60:
         42:a0:e8:88:d1:4c:52:2b:e4:ab:bd:52:49:a2:62:53:d6:eb:
         0d:b8:ed:41:c6:cc:8e:2a:a3:72:23:cd:dd:cd:1c:55:60:3e:
         bb:30:18:9f:b6:8f:e1:5c:de:d2:1e:1b:bd:67:4d:64:95:2f:
         b4:b4:fd:bb:99:61:9c:b0:7b:ef:69:a6:fc:b6:e4:06:9f:45:
         dc:69:e8:cb:e5:ce:2a:9f:25:79:f9:e8:b1:ee:93:26:59:c5:
         29:a4:ce:7a:3b:bb:51:2d:39:32:bf:32:2c:83:e6:42:09:cd:
         af:17:f6:b4:c4:37:58:e4:a8:4f:12:a3:e9:6b:f0:5e:26:4e:
         6e:b2:f8:68:6a:24:69:07:b0:c8:ee:ef:0b:74:15:32:1f:24:
         8b:8a:07:89:51:23:f4:f3:c5:77:98:55:96:7b:9c:32:00:03:
         75:dd:7c:68:8c:e6:0c:fb:bc:98:fc:21:ac:6e:9e:4f:84:e6:
         a2:1e:87:c7:9f:cc:dd:6d:72:d2:0f:fb:6a:18:9c:ea:32:b6:
         ea:c8:25:b4:0f:0e:ad:25:e8:fe:8d:47:42:40:af:43:6e:9c:
         20:28:74:3f:2a:f1:02:a5:d7:51:18:3a:f0:8b:47:cf:61:c8:
         c0:13:8a:88
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY+lavo1ToxOldTbWIgNxwxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjQwNTIzMTIyNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzgwMDI5ZDc2NThjNWFkNTY3ZmFjNTA2NWUzNmZmNjZjMWQ4NDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtquZ10Ts/FqrOMFNtHrR2g6I6Ap7
jsVU7RyWaEIAmeyPg7jDDqyEXITvydu2GVHi0px72XdiX/KXKFW1I5CaFNDryrvJ
1O/85NEAjggBFe5eA63IWJJVZOzuNznNWDctRNGg3ezgTDBPYnaiaHbUntLCEf7t
PPYfsEVFGHngGoJVy1DGVS3Fl/nBJ0IUrfC9IUQLZ8+sOFbQRwx2x7H3S/d5t4I1
nwOFLZTOGxkKftuNhQdsViRvbTfUrccIJ8z5YmuZeGZDQV+82IhPsWx81Nv8vb9k
TuwNugbEjXS00ANmIc8K2FdZA99rHDo5dhRTdGcdMVkGXJo7V8FFyHKSOQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFKOAAp12WMWtVn+sUGXjb/ZsHYQDMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvbzRBQ25YWll4YTFXZjZ4UVplTnY5bXdkaEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUDKgdKAAMF
AyoKN8ADBQMqC5gAAwUDKguigAMFAyoLowADBQMqDHRAAwUDKgx0wAMFAyoMdUAD
BQMqDSzAAwUDKg2IwAMFAyoPEYADBQMqDyOAMA0GCSqGSIb3DQEBCwUAA4IBAQAR
3xhIRO315GmLo3s52qEdeGBCoOiI0UxSK+SrvVJJomJT1usNuO1BxsyOKqNyI83d
zRxVYD67MBifto/hXN7SHhu9Z01klS+0tP27mWGcsHvvaab8tuQGn0XcaejL5c4q
nyV5+eix7pMmWcUppM56O7tRLTkyvzIsg+ZCCc2vF/a0xDdY5KhPEqPpa/BeJk5u
svhoaiRpB7DI7u8LdBUyHySLigeJUSP088V3mFWWe5wyAAN13XxojOYM+7yY/CGs
bp5PhOaiHofHn8zdbXLSD/tqGJzqMrbqyCW0Dw6tJej+jUdCQK9DbpwgKHQ/KvEC
pddRGDrwi0fPYcjAE4qI
-----END CERTIFICATE-----