Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uX_a7vXUKundeGEVilLzCDTkyrQ.roa
File:                     uX_a7vXUKundeGEVilLzCDTkyrQ.roa (raw, json)
Hash identifier:          O6EYaT1X92b9TucKQ5Q0yuTeqpROhsNQdTzGKt3mecA=
Subject key identifier:   B9:7F:DA:EE:F5:D4:2A:E9:DD:78:61:15:8A:52:F3:08:34:E4:CA:B4
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01907C8794B84CC63F252C2BA7EC45098EE2
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uX_a7vXUKundeGEVilLzCDTkyrQ.roa
Signing time:             Thu 04 Jul 2024 06:56:18 +0000
ROA not before:           Thu 04 Jul 2024 06:56:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214601
IP address blocks:        2a14:67c0:400::/44 maxlen: 44
                          2a14:67c0:400::/48 maxlen: 48
                          2a14:67c0:401::/48 maxlen: 48
                          2a14:67c0:402::/48 maxlen: 48
                          2a14:67c0:403::/48 maxlen: 48
                          2a14:67c0:404::/48 maxlen: 48
                          2a14:67c0:405::/48 maxlen: 48
                          2a14:67c0:406::/48 maxlen: 48
                          2a14:67c0:407::/48 maxlen: 48
                          2a14:67c0:408::/48 maxlen: 48
                          2a14:67c0:409::/48 maxlen: 48
                          2a14:67c0:40a::/48 maxlen: 48
                          2a14:67c0:40b::/48 maxlen: 48
                          2a14:67c0:40c::/48 maxlen: 48
                          2a14:67c0:40d::/48 maxlen: 48
                          2a14:67c0:40e::/48 maxlen: 48
                          2a14:67c0:40f::/48 maxlen: 48
                          2a14:67c1:100::/40 maxlen: 40

Validation:               Failed, certificate revoked on Thu 18 Jul 2024 18:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7c:87:94:b8:4c:c6:3f:25:2c:2b:a7:ec:45:09:8e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jul  4 06:56:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b97fdaeef5d42ae9dd7861158a52f30834e4cab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b7:1c:47:9d:77:28:c6:a6:79:b6:72:2c:bb:
                    25:5a:cb:d0:cf:eb:f4:d6:5f:0c:7d:bf:ef:73:7d:
                    57:1e:85:70:5f:c4:df:0c:b2:19:23:cd:36:72:a2:
                    0c:33:51:dc:59:90:06:15:6b:95:03:38:69:cb:2a:
                    d6:ea:79:fb:a5:e2:d9:4b:d2:1c:21:82:45:67:fc:
                    b0:38:17:e9:df:c4:f9:fb:51:da:40:fa:1a:0e:ed:
                    d6:07:e9:05:62:c0:6c:e1:eb:8a:e4:e5:78:c9:33:
                    7e:d2:e0:5a:98:9d:49:d1:a0:78:01:9d:af:de:6d:
                    2f:87:0d:99:94:25:38:62:ce:07:a9:e2:8d:90:a8:
                    29:6b:78:f1:7c:55:43:97:42:f5:2a:d6:c5:e3:33:
                    da:fb:e0:a7:86:32:6d:01:d1:0c:79:70:0f:83:32:
                    a4:e1:2d:db:fb:e1:e0:ff:02:7e:a6:38:86:04:9f:
                    0a:33:99:81:d8:81:21:08:53:2b:c1:98:56:46:a8:
                    00:24:82:ed:4d:ff:05:c8:6d:52:66:d1:7b:b3:27:
                    cf:a5:8b:8d:d0:96:78:67:96:28:0a:5d:f9:69:35:
                    ea:0a:00:78:cc:d7:84:df:15:15:c6:10:b4:f9:1e:
                    92:dc:62:cf:0b:23:f9:9c:7a:11:41:7f:56:1b:42:
                    74:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7F:DA:EE:F5:D4:2A:E9:DD:78:61:15:8A:52:F3:08:34:E4:CA:B4
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uX_a7vXUKundeGEVilLzCDTkyrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c0:400::/44
                  2a14:67c1:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         a3:e3:ed:e0:ef:90:82:0c:58:0d:4b:04:ac:58:18:0c:40:2c:
         89:e7:55:f4:ea:3b:56:ae:5d:59:e4:7f:86:ac:84:f7:78:40:
         18:56:e0:22:a1:b2:19:42:48:4d:18:4d:3b:43:c8:31:9a:41:
         20:cc:7e:3a:10:39:4d:73:ae:09:d4:56:3b:c7:27:c5:17:c5:
         ec:c9:57:df:a4:38:c4:1e:0d:9f:6a:7f:e2:70:5b:b3:9b:ac:
         95:42:3a:f4:52:db:da:f8:f3:1f:56:19:cd:10:58:dc:67:48:
         a7:65:16:d5:47:fa:c3:b6:c5:67:42:29:31:b4:79:2a:1a:99:
         24:e9:ba:3d:db:23:96:a1:17:e3:e1:58:3b:1c:6c:a6:cf:62:
         67:9a:2e:4b:70:73:60:d4:64:02:25:0a:e5:61:7e:9e:86:ae:
         f2:9e:b9:ce:8f:aa:b3:b4:34:57:22:08:35:9b:d9:bb:f8:ff:
         57:d8:88:ea:be:8d:ad:eb:07:81:35:6e:3f:2a:12:8d:43:47:
         3f:cb:15:a2:36:39:e6:60:2d:1f:47:4a:14:5b:c8:ad:e5:db:
         10:22:00:fe:07:52:7e:dd:f7:63:39:df:47:4e:ca:91:b7:f8:
         1b:48:1a:f1:a0:85:3c:6c:18:8c:de:85:c8:d2:ca:2a:9c:0d:
         12:a7:24:0b
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZB8h5S4TMY/JSwrp+xFCY7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQwNzA0MDY1NjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTdmZGFlZWY1ZDQyYWU5ZGQ3ODYxMTU4YTUyZjMwODM0ZTRjYWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLccR513KMamebZyLLslWsvQz+v0
1l8Mfb/vc31XHoVwX8TfDLIZI802cqIMM1HcWZAGFWuVAzhpyyrW6nn7peLZS9Ic
IYJFZ/ywOBfp38T5+1HaQPoaDu3WB+kFYsBs4euK5OV4yTN+0uBamJ1J0aB4AZ2v
3m0vhw2ZlCU4Ys4HqeKNkKgpa3jxfFVDl0L1KtbF4zPa++CnhjJtAdEMeXAPgzKk
4S3b++Hg/wJ+pjiGBJ8KM5mB2IEhCFMrwZhWRqgAJILtTf8FyG1SZtF7syfPpYuN
0JZ4Z5YoCl35aTXqCgB4zNeE3xUVxhC0+R6S3GLPCyP5nHoRQX9WG0J0JwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFLl/2u711Crp3XhhFYpS8wg05Mq0MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvdVhfYTd2WFVLdW5kZUdFVmlsTHpDRFRreXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKhRnwAQA
AwYAKhRnwQEwDQYJKoZIhvcNAQELBQADggEBAKPj7eDvkIIMWA1LBKxYGAxALInn
VfTqO1auXVnkf4ashPd4QBhW4CKhshlCSE0YTTtDyDGaQSDMfjoQOU1zrgnUVjvH
J8UXxezJV9+kOMQeDZ9qf+JwW7ObrJVCOvRS29r48x9WGc0QWNxnSKdlFtVH+sO2
xWdCKTG0eSoamSTpuj3bI5ahF+PhWDscbKbPYmeaLktwc2DUZAIlCuVhfp6GrvKe
uc6PqrO0NFciCDWb2bv4/1fYiOq+ja3rB4E1bj8qEo1DRz/LFaI2OeZgLR9HShRb
yK3l2xAiAP4HUn7d92M530dOypG3+BtIGvGghTxsGIzehcjSyiqcDRKnJAs=
-----END CERTIFICATE-----