Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/QTjF-tKGpcm0czlWusk0RCTA7SE.roa
File:                     QTjF-tKGpcm0czlWusk0RCTA7SE.roa (raw, json)
Hash identifier:          EBcBTViqjxceQGbRnLdMT0Sa9sgK+wWlkI6WWjUeIV8=
Subject key identifier:   41:38:C5:FA:D2:86:A5:C9:B4:73:39:56:BA:C9:34:44:24:C0:ED:21
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018C5BC80DD1F8E6FDAA9477636AEB761DC2
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/QTjF-tKGpcm0czlWusk0RCTA7SE.roa
Signing time:             Tue 12 Dec 2023 02:08:06 +0000
ROA not before:           Tue 12 Dec 2023 02:08:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211035
IP address blocks:        2a0d:2580:db18::/48 maxlen: 48
                          2a0d:2580:db13::/48 maxlen: 48
                          2a0d:2580:db03::/48 maxlen: 48
                          2a0d:2580:db1e::/48 maxlen: 48
                          2a0d:2580:db19::/48 maxlen: 48
                          2a0d:2580:db1c::/48 maxlen: 48
                          2a0d:2580:db12::/48 maxlen: 48
                          2a0d:2580:db02::/48 maxlen: 48
                          2a0d:2580:db1d::/48 maxlen: 48
                          2a0d:2580:db10::/48 maxlen: 48
                          2a0d:2580:db1b::/48 maxlen: 48
                          2a0d:2580:db11::/48 maxlen: 48
                          2a0d:2580:db01::/48 maxlen: 48
                          2a0d:2580:db1f::/48 maxlen: 48
                          2a0d:2580:db1a::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:5b:c8:0d:d1:f8:e6:fd:aa:94:77:63:6a:eb:76:1d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Dec 12 02:08:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4138c5fad286a5c9b4733956bac9344424c0ed21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a2:25:4c:7a:22:48:f5:5a:bf:4e:fb:ca:7f:
                    e2:3c:35:23:7d:1d:68:ae:d4:d7:dd:1c:d7:da:e4:
                    bb:a8:ca:b5:52:51:9b:fe:e3:91:d9:23:6f:c8:10:
                    40:bd:13:69:b6:23:a1:fb:8b:c3:c3:e4:0a:cb:bf:
                    d3:06:8d:54:ac:d4:02:85:29:75:84:de:9e:71:51:
                    fc:8b:77:f1:74:ec:13:14:c0:a0:70:42:d6:8e:c4:
                    c3:05:21:2e:9a:45:30:30:bc:b8:ab:e8:24:71:32:
                    81:5c:0f:ed:93:83:5f:cc:31:41:89:86:45:eb:37:
                    f2:5e:4e:7e:0a:ac:e8:46:d0:08:5f:93:7d:de:b7:
                    24:b7:5b:b9:ca:b1:e8:c5:27:55:4e:f0:c4:cf:2e:
                    60:d4:44:4e:05:aa:13:37:4f:1b:e5:2b:9b:d5:ba:
                    91:aa:3f:ed:67:1d:cf:7a:51:49:c5:43:35:d5:f4:
                    6e:06:13:08:cb:b9:70:bb:f4:42:1f:46:c3:24:fd:
                    cd:c4:78:6b:0d:c2:a8:bb:70:62:86:c4:1c:a5:98:
                    48:d4:fb:88:e4:82:30:6c:14:0c:4e:40:7a:56:c7:
                    1d:94:ac:b9:d2:a6:f9:e0:cb:b2:00:3e:98:1a:a3:
                    e1:a9:db:25:82:b0:2e:79:be:41:d2:c8:47:82:84:
                    06:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:38:C5:FA:D2:86:A5:C9:B4:73:39:56:BA:C9:34:44:24:C0:ED:21
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/QTjF-tKGpcm0czlWusk0RCTA7SE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2580:db01::-2a0d:2580:db03:ffff:ffff:ffff:ffff:ffff
                  2a0d:2580:db10::/46
                  2a0d:2580:db18::/45

    Signature Algorithm: sha256WithRSAEncryption
         82:e0:27:99:66:1c:fd:c2:d7:a9:5d:7e:cd:c7:6e:f9:c8:51:
         66:30:d4:d4:a6:27:9f:fa:3c:8d:9c:b9:96:8e:c2:69:83:40:
         08:0f:e1:30:7c:c0:cd:cf:4c:67:7d:d6:aa:fd:c6:aa:c8:d6:
         14:68:03:8a:7f:b3:29:64:72:1a:8e:1c:19:65:40:39:73:bb:
         43:dc:62:37:6b:36:e3:fa:7e:61:14:89:1c:73:0d:ea:b4:57:
         4d:47:17:3d:5c:85:57:7a:50:f1:c8:08:19:bb:0c:fe:24:20:
         e8:50:05:f2:29:cc:6e:e3:2c:26:04:32:d8:24:df:32:35:71:
         e2:dc:ff:70:a1:43:b1:9a:a5:c5:02:c5:a7:1b:ea:39:04:41:
         99:e9:b6:65:c2:c1:e9:b1:8f:c3:18:cf:a6:d3:5b:c5:6a:9e:
         e6:17:cf:72:fa:35:ad:6c:a9:03:97:f0:8c:0a:cf:56:5d:3f:
         07:e2:e5:56:f8:49:90:09:5c:d0:b4:23:27:51:69:38:b4:02:
         70:f5:b5:6e:ac:4d:53:88:5d:be:86:54:09:9b:4a:0c:c4:25:
         79:36:b6:ee:93:82:6e:63:7e:92:24:3b:8b:05:21:5a:4c:77:
         ae:e0:07:87:2b:60:cb:33:db:d4:80:f1:83:04:e4:40:9a:ef:
         a9:45:6d:02
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYxbyA3R+Ob9qpR3Y2rrdh3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjMxMjEyMDIwODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTM4YzVmYWQyODZhNWM5YjQ3MzM5NTZiYWM5MzQ0NDI0YzBlZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqIlTHoiSPVav077yn/iPDUjfR1o
rtTX3RzX2uS7qMq1UlGb/uOR2SNvyBBAvRNptiOh+4vDw+QKy7/TBo1UrNQChSl1
hN6ecVH8i3fxdOwTFMCgcELWjsTDBSEumkUwMLy4q+gkcTKBXA/tk4NfzDFBiYZF
6zfyXk5+CqzoRtAIX5N93rckt1u5yrHoxSdVTvDEzy5g1EROBaoTN08b5Sub1bqR
qj/tZx3PelFJxUM11fRuBhMIy7lwu/RCH0bDJP3NxHhrDcKou3BihsQcpZhI1PuI
5IIwbBQMTkB6VscdlKy50qb54MuyAD6YGqPhqdslgrAueb5B0shHgoQGnwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFEE4xfrShqXJtHM5VrrJNEQkwO0hMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvUVRqRi10S0dwY20wY3psV3VzazBSQ1RBN1NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmMBIDBwAqDSWA
2wEDBwIqDSWA2wADBwIqDSWA2xADBwMqDSWA2xgwDQYJKoZIhvcNAQELBQADggEB
AILgJ5lmHP3C16ldfs3HbvnIUWYw1NSmJ5/6PI2cuZaOwmmDQAgP4TB8wM3PTGd9
1qr9xqrI1hRoA4p/sylkchqOHBllQDlzu0PcYjdrNuP6fmEUiRxzDeq0V01HFz1c
hVd6UPHICBm7DP4kIOhQBfIpzG7jLCYEMtgk3zI1ceLc/3ChQ7GapcUCxacb6jkE
QZnptmXCwemxj8MYz6bTW8VqnuYXz3L6Na1sqQOX8IwKz1ZdPwfi5Vb4SZAJXNC0
IydRaTi0AnD1tW6sTVOIXb6GVAmbSgzEJXk2tu6Tgm5jfpIkO4sFIVpMd67gB4cr
YMsz29SA8YME5ECa76lFbQI=
-----END CERTIFICATE-----