Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/2GPJH57IPi5k1-ABjPDybOg_3TE.roa
File:                     2GPJH57IPi5k1-ABjPDybOg_3TE.roa (raw, json)
Hash identifier:          Lll7YKQZ4HrIdYsbCnKBWFflhLmIbjUl4s+VcaeHZ0Y=
Subject key identifier:   D8:63:C9:1F:9E:C8:3E:2E:64:D7:E0:01:8C:F0:F2:6C:E8:3F:DD:31
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       0190436CAFB742873A17D644F05ED68963A9
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/2GPJH57IPi5k1-ABjPDybOg_3TE.roa
Signing time:             Sun 23 Jun 2024 04:48:34 +0000
ROA not before:           Sun 23 Jun 2024 04:48:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60262
IP address blocks:        2a11:c40::/29 maxlen: 29
                          2a11:1000::/29 maxlen: 29
                          2a11:4300::/29 maxlen: 29
                          2a11:4600::/29 maxlen: 29
                          2a11:4ec0::/29 maxlen: 29
                          2a11:8580::/29 maxlen: 29
                          2a11:d780::/29 maxlen: 29
                          2a12:700::/29 maxlen: 29
                          2a12:980::/29 maxlen: 29
                          2a12:1600::/29 maxlen: 29
                          2a12:6080::/29 maxlen: 29
                          2a12:7b00::/29 maxlen: 29
                          2a12:c780::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 24 Jun 2024 04:17:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:43:6c:af:b7:42:87:3a:17:d6:44:f0:5e:d6:89:63:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jun 23 04:48:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d863c91f9ec83e2e64d7e0018cf0f26ce83fdd31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8b:0d:6e:c1:a4:87:2b:d0:3c:8f:f4:23:27:
                    c8:c1:cb:cc:43:a4:5d:eb:e5:a7:d1:a2:ae:d0:66:
                    e7:bd:f9:c8:bd:d0:39:86:25:05:65:20:d0:2a:6f:
                    45:df:51:70:8e:f0:2a:42:e0:43:b2:82:49:ad:0e:
                    91:18:f9:f6:83:4b:d0:ea:9c:ae:fa:66:3e:74:c2:
                    72:94:e2:c3:13:f5:9e:3b:a7:30:00:55:f8:7e:0a:
                    33:31:14:55:02:9d:86:61:c6:76:af:91:22:fe:63:
                    01:cd:06:69:9f:c4:1d:e7:4f:a3:7d:56:e0:de:e3:
                    a3:82:f7:85:b1:78:1c:41:47:70:0c:c8:8d:7b:f3:
                    cf:4d:4d:a6:f7:b8:c4:39:c5:9b:af:b4:e6:2e:1c:
                    ad:b1:96:bf:a3:1c:dc:ea:7e:87:71:94:af:e5:f7:
                    38:88:e5:26:44:d0:5e:30:19:78:3f:34:b6:79:94:
                    94:ad:bd:eb:6a:5f:aa:a3:6a:de:59:af:8d:ec:92:
                    74:53:b2:d4:95:23:87:93:88:d8:d2:22:c9:2f:13:
                    9f:16:17:21:3a:20:31:4d:22:75:f2:3a:29:3e:68:
                    c4:3c:e8:22:a7:e4:47:95:4c:f1:d8:b3:d7:ec:72:
                    18:cb:06:1d:53:ff:06:a4:81:be:ab:ac:5f:af:c7:
                    ef:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:63:C9:1F:9E:C8:3E:2E:64:D7:E0:01:8C:F0:F2:6C:E8:3F:DD:31
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/2GPJH57IPi5k1-ABjPDybOg_3TE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:c40::/29
                  2a11:1000::/29
                  2a11:4300::/29
                  2a11:4600::/29
                  2a11:4ec0::/29
                  2a11:8580::/29
                  2a11:d780::/29
                  2a12:700::/29
                  2a12:980::/29
                  2a12:1600::/29
                  2a12:6080::/29
                  2a12:7b00::/29
                  2a12:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:87:9a:00:6b:fb:c6:ae:54:15:d9:76:f7:b1:40:03:ee:c6:
         13:2a:c5:79:f5:8e:b2:14:f0:d2:81:79:db:ca:a9:e3:54:c5:
         eb:80:0e:fd:02:5a:c7:94:c4:b7:8d:f0:39:fc:22:14:f5:f7:
         ed:6a:dc:d1:49:ac:2c:51:4a:f6:2d:c5:25:69:44:25:c9:0f:
         79:ce:f8:e4:01:5c:42:3b:1c:6b:92:87:41:f5:b7:4a:81:72:
         1b:af:b6:13:b3:fc:4b:63:19:ef:ee:7c:ef:a8:cf:f6:b3:26:
         f2:fc:af:d9:9e:23:2f:f6:4a:95:81:a1:ee:41:f1:a2:aa:c0:
         07:4b:98:4a:58:50:e1:eb:de:50:3e:63:65:3e:3c:eb:5e:4b:
         db:11:80:94:31:e7:22:53:aa:6e:22:8e:c8:b3:cc:f4:7c:b0:
         85:1f:71:ee:fa:88:20:72:2c:6f:d8:d2:e2:3a:35:30:0d:75:
         a4:46:7a:a6:b5:3b:f8:a5:3f:ec:98:16:b1:b0:74:20:23:05:
         10:99:b2:76:c4:0d:28:c9:f6:41:97:51:7a:e1:0e:58:47:ab:
         cd:9a:d9:24:8b:3c:4c:29:19:3f:59:e6:7c:f4:ba:68:06:71:
         8f:9e:92:48:7f:92:4e:1d:6b:ae:97:12:20:f6:55:c7:4a:39:
         fe:7c:b4:bb
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAZBDbK+3Qoc6F9ZE8F7WiWOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjQwNjIzMDQ0ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODYzYzkxZjllYzgzZTJlNjRkN2UwMDE4Y2YwZjI2Y2U4M2ZkZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4sNbsGkhyvQPI/0IyfIwcvMQ6Rd
6+Wn0aKu0GbnvfnIvdA5hiUFZSDQKm9F31FwjvAqQuBDsoJJrQ6RGPn2g0vQ6pyu
+mY+dMJylOLDE/WeO6cwAFX4fgozMRRVAp2GYcZ2r5Ei/mMBzQZpn8Qd50+jfVbg
3uOjgveFsXgcQUdwDMiNe/PPTU2m97jEOcWbr7TmLhytsZa/oxzc6n6HcZSv5fc4
iOUmRNBeMBl4PzS2eZSUrb3ral+qo2reWa+N7JJ0U7LUlSOHk4jY0iLJLxOfFhch
OiAxTSJ18jopPmjEPOgip+RHlUzx2LPX7HIYywYdU/8GpIG+q6xfr8fvTwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFNhjyR+eyD4uZNfgAYzw8mzoP90xMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvMkdQSkg1N0lQaTVrMS1BQmpQRHliT2dfM1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAAjBbAwUDKhEMQAMF
AyoREAADBQMqEUMAAwUDKhFGAAMFAyoRTsADBQMqEYWAAwUDKhHXgAMFAyoSBwAD
BQMqEgmAAwUDKhIWAAMFAyoSYIADBQMqEnsAAwUDKhLHgDANBgkqhkiG9w0BAQsF
AAOCAQEABIeaAGv7xq5UFdl297FAA+7GEyrFefWOshTw0oF528qp41TF64AO/QJa
x5TEt43wOfwiFPX37Wrc0UmsLFFK9i3FJWlEJckPec745AFcQjsca5KHQfW3SoFy
G6+2E7P8S2MZ7+5876jP9rMm8vyv2Z4jL/ZKlYGh7kHxoqrAB0uYSlhQ4eveUD5j
ZT48615L2xGAlDHnIlOqbiKOyLPM9HywhR9x7vqIIHIsb9jS4jo1MA11pEZ6prU7
+KU/7JgWsbB0ICMFEJmydsQNKMn2QZdReuEOWEerzZrZJIs8TCkZP1nmfPS6aAZx
j56SSH+STh1rrpcSIPZVx0o5/ny0uw==
-----END CERTIFICATE-----