Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/a9zrc6-IDhSrdoTnjHzS51a7EIk.roa
File:                     a9zrc6-IDhSrdoTnjHzS51a7EIk.roa (raw, json)
Hash identifier:          PK0PJAeThNpzjE+cLcXmaPuuOWqx+ox04vRllNu2mmI=
Subject key identifier:   6B:DC:EB:73:AF:88:0E:14:AB:76:84:E7:8C:7C:D2:E7:56:BB:10:89
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01904C25A72A9F83575E83F012DE2C6C618E
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/a9zrc6-IDhSrdoTnjHzS51a7EIk.roa
Signing time:             Mon 24 Jun 2024 21:27:34 +0000
ROA not before:           Mon 24 Jun 2024 21:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5503
IP address blocks:        62.171.192.0/18 maxlen: 24
                          185.192.228.0/22 maxlen: 24
                          194.154.0.0/19 maxlen: 24
                          194.238.32.0/19 maxlen: 24
                          194.238.64.0/19 maxlen: 24
                          213.18.192.0/18 maxlen: 24
                          217.177.0.0/18 maxlen: 24
                          217.177.64.0/19 maxlen: 24
                          217.179.0.0/17 maxlen: 24
                          217.179.192.0/18 maxlen: 24
                          217.180.0.0/19 maxlen: 24
                          217.180.32.0/22 maxlen: 24
                          217.180.48.0/22 maxlen: 24
                          217.181.0.0/18 maxlen: 24
                          217.181.64.0/19 maxlen: 24
                          2a02:fb0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Thu 04 Jul 2024 19:17:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4c:25:a7:2a:9f:83:57:5e:83:f0:12:de:2c:6c:61:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jun 24 21:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bdceb73af880e14ab7684e78c7cd2e756bb1089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b5:e6:aa:fb:49:7d:f2:43:40:35:5c:04:4a:
                    22:15:ca:a7:9c:9a:dc:2f:8a:f2:7d:97:b4:e6:3a:
                    22:c4:eb:ab:16:dc:56:0b:45:e4:de:9c:3a:5a:5b:
                    ee:d7:73:6f:ba:48:fd:8f:9c:0a:35:f7:2b:fc:f7:
                    58:31:42:76:4c:21:bc:87:53:28:cd:0f:5f:91:1f:
                    46:23:e6:55:d3:b3:16:ec:b3:7f:74:9c:70:77:c4:
                    16:ea:28:98:ae:7d:63:0c:48:16:ae:e6:09:f2:6c:
                    59:0c:dc:c7:bd:aa:97:cf:81:4e:4b:f0:c5:9f:fc:
                    65:64:b3:b9:10:e3:62:b6:34:e1:54:1f:46:e7:53:
                    24:79:63:53:b3:3d:04:a5:cd:f8:44:22:7d:4c:2c:
                    c5:c8:4f:27:5f:f0:26:34:47:1a:26:07:27:3b:79:
                    14:83:6b:8b:52:34:c7:04:d5:eb:65:38:c2:36:c5:
                    5a:c5:c9:31:34:88:55:4a:f5:1b:fb:d6:e2:a4:86:
                    9d:bc:73:27:45:5c:d6:81:b1:69:6a:55:b4:20:e8:
                    d5:42:be:0b:ca:ae:5a:40:4b:6c:9a:0b:31:02:67:
                    bb:f3:96:fb:68:13:b9:68:35:76:e6:3d:31:9d:16:
                    24:57:81:73:36:8a:82:0d:52:db:b0:b3:96:36:81:
                    40:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:DC:EB:73:AF:88:0E:14:AB:76:84:E7:8C:7C:D2:E7:56:BB:10:89
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/a9zrc6-IDhSrdoTnjHzS51a7EIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.192.0/18
                  185.192.228.0/22
                  194.154.0.0/19
                  194.238.32.0-194.238.95.255
                  213.18.192.0/18
                  217.177.0.0-217.177.95.255
                  217.179.0.0/17
                  217.179.192.0-217.180.35.255
                  217.180.48.0/22
                  217.181.0.0-217.181.95.255
                IPv6:
                  2a02:fb0::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:03:0d:de:46:4e:95:64:f3:f7:7f:c6:d9:a3:cc:2e:b4:bb:
         42:97:b2:9e:db:e5:e7:0f:9d:10:ec:d4:53:1b:16:71:9c:48:
         13:bb:4a:1e:a1:db:a0:65:fc:40:28:11:0d:35:35:7a:d0:73:
         41:f8:38:d6:f6:9d:39:7d:ab:ee:15:56:41:54:16:5a:e0:b8:
         a4:eb:8f:f9:49:7e:58:a2:12:dd:28:24:fc:c4:a0:8a:eb:3a:
         45:3b:bd:4c:dc:4a:1b:3b:bc:a8:6b:59:45:0f:57:19:70:14:
         6c:7a:fd:eb:15:43:7d:31:d9:c5:f7:91:f5:c7:67:8e:5f:7d:
         20:c3:77:40:fe:3c:04:11:85:f0:0e:cf:2c:91:dc:1b:c4:f1:
         df:42:a1:63:e0:2d:ea:e4:c7:ae:20:c3:08:d0:db:0e:1f:ff:
         1e:a0:25:f7:20:b3:0b:ab:16:e7:f6:fc:0a:94:f8:8f:ce:02:
         f4:ce:bf:ba:d0:93:10:6a:aa:d4:3d:86:d3:d8:5a:71:39:5c:
         ca:2e:13:63:2e:41:4e:4e:55:bd:2e:60:92:d5:33:01:94:38:
         9e:fd:5b:2e:88:0d:1c:5c:27:df:6e:84:0e:3e:7d:a6:35:de:
         13:9f:84:d6:ee:c6:41:20:34:a6:ad:6a:26:41:93:0f:04:19:
         86:57:0b:9b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZBMJacqn4NXXoPwEt4sbGGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwNjI0MjEyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmRjZWI3M2FmODgwZTE0YWI3Njg0ZTc4YzdjZDJlNzU2YmIxMDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rXmqvtJffJDQDVcBEoiFcqnnJrc
L4ryfZe05joixOurFtxWC0Xk3pw6Wlvu13Nvukj9j5wKNfcr/PdYMUJ2TCG8h1Mo
zQ9fkR9GI+ZV07MW7LN/dJxwd8QW6iiYrn1jDEgWruYJ8mxZDNzHvaqXz4FOS/DF
n/xlZLO5EONitjThVB9G51MkeWNTsz0Epc34RCJ9TCzFyE8nX/AmNEcaJgcnO3kU
g2uLUjTHBNXrZTjCNsVaxckxNIhVSvUb+9bipIadvHMnRVzWgbFpalW0IOjVQr4L
yq5aQEtsmgsxAme785b7aBO5aDV25j0xnRYkV4FzNoqCDVLbsLOWNoFA8QIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFGvc63OviA4Uq3aE54x80udWuxCJMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvYTl6cmM2LUlEaFNyZG9UbmpIelM1MWE3RUlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEBj6rwAME
ArnA5AMEBcKaADAMAwQFwu4gAwQFwu5AAwQG1RLAMAsDAwDZsQMEBdmxQAMEB9mz
ADAMAwQG2bPAAwQC2bQgAwQC2bQwMAsDAwDZtQMEBdm1QDANBAIAAjAHAwUAKgIP
sDANBgkqhkiG9w0BAQsFAAOCAQEAvgMN3kZOlWTz93/G2aPMLrS7Qpeyntvl5w+d
EOzUUxsWcZxIE7tKHqHboGX8QCgRDTU1etBzQfg41vadOX2r7hVWQVQWWuC4pOuP
+Ul+WKIS3Sgk/MSgius6RTu9TNxKGzu8qGtZRQ9XGXAUbHr96xVDfTHZxfeR9cdn
jl99IMN3QP48BBGF8A7PLJHcG8Tx30KhY+At6uTHriDDCNDbDh//HqAl9yCzC6sW
5/b8CpT4j84C9M6/utCTEGqq1D2G09hacTlcyi4TYy5BTk5VvS5gktUzAZQ4nv1b
LogNHFwn326EDj59pjXeE5+E1u7GQSA0pq1qJkGTDwQZhlcLmw==
-----END CERTIFICATE-----