Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/CNDSD0PcmjEfngsAGxkbTl21eLI.roa
File:                     CNDSD0PcmjEfngsAGxkbTl21eLI.roa (raw, json)
Hash identifier:          ZJSwoD+6hcM8BOeyeJBPiFO5hlToRQbZomzWfDE3bT4=
Subject key identifier:   08:D0:D2:0F:43:DC:9A:31:1F:9E:0B:00:1B:19:1B:4E:5D:B5:78:B2
Certificate issuer:       /CN=6aa8fa75c5020cd6218cf7f109de420265204bac
Certificate serial:       018BE89D8E479AFB57E6618C5DCADC226F84
Authority key identifier: 6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/CNDSD0PcmjEfngsAGxkbTl21eLI.roa
Signing time:             Sun 19 Nov 2023 17:25:21 +0000
ROA not before:           Sun 19 Nov 2023 17:25:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:d040:1e::/48 maxlen: 48
                          2a13:d040:19::/48 maxlen: 48
                          2a13:d040:14::/48 maxlen: 48
                          2a13:d040:1f::/48 maxlen: 48
                          2a13:d040:12::/48 maxlen: 48
                          2a13:d040:2::/48 maxlen: 48
                          2a13:d040:1d::/48 maxlen: 48
                          2a13:d040:18::/48 maxlen: 48
                          2a13:d040:3::/48 maxlen: 48
                          2a13:d040:13::/48 maxlen: 48
                          2a13:d040:16::/48 maxlen: 48
                          2a13:d040:1::/48 maxlen: 48
                          2a13:d040:11::/48 maxlen: 48
                          2a13:d040:1c::/48 maxlen: 48
                          2a13:d040:17::/48 maxlen: 48
                          2a13:d040:1a::/48 maxlen: 48
                          2a13:d040:15::/48 maxlen: 48
                          2a13:d040:10::/48 maxlen: 48
                          2a13:d040:1b::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:e8:9d:8e:47:9a:fb:57:e6:61:8c:5d:ca:dc:22:6f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa8fa75c5020cd6218cf7f109de420265204bac
        Validity
            Not Before: Nov 19 17:25:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08d0d20f43dc9a311f9e0b001b191b4e5db578b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8a:d9:b6:d3:be:39:82:e1:f5:5a:09:44:7e:
                    56:70:9a:8f:d9:3d:00:0c:40:f1:d1:76:17:00:f1:
                    ca:df:db:98:dc:30:d3:cd:14:bd:a5:29:ab:7b:66:
                    10:f8:8d:ff:4f:74:8f:79:32:f9:5b:83:85:e2:0d:
                    61:7c:b9:b4:91:a4:fb:62:80:13:c0:5c:28:f8:8e:
                    f2:70:73:a5:12:e3:e9:ed:a3:ae:3b:21:94:12:4b:
                    49:7f:2b:9b:7a:f5:65:fd:d5:2f:06:e1:f1:ba:33:
                    d7:e4:3f:e8:c8:5a:d1:54:48:e3:b5:b2:3b:e4:51:
                    9b:c7:a6:98:0a:56:f0:dc:04:8a:b7:0e:1d:10:34:
                    10:ac:f9:e2:97:6c:28:1c:8a:d7:ad:8f:e1:d9:a7:
                    75:75:74:92:f2:b5:6a:53:86:29:9f:b8:b7:59:70:
                    bc:48:ab:ae:d4:40:c9:c7:52:ec:d6:ea:48:84:a7:
                    e7:0e:be:25:11:43:04:f2:a2:87:7d:e7:56:34:1c:
                    b0:7b:0b:37:3b:3a:ca:9b:9e:b9:89:61:29:87:ef:
                    b3:8b:72:17:e4:a6:65:37:c0:e9:49:9c:98:91:2d:
                    f3:97:24:b8:d8:e0:50:76:16:8a:4b:ea:7f:61:84:
                    f0:81:89:df:2d:84:c5:ac:9b:8f:57:2d:ca:d0:71:
                    6d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D0:D2:0F:43:DC:9A:31:1F:9E:0B:00:1B:19:1B:4E:5D:B5:78:B2
            X509v3 Authority Key Identifier:
                keyid:6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/CNDSD0PcmjEfngsAGxkbTl21eLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d040:1::-2a13:d040:3:ffff:ffff:ffff:ffff:ffff
                  2a13:d040:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:df:8c:0f:76:c7:ae:af:cb:75:c9:a8:02:db:c6:06:eb:b1:
         b6:c0:ef:9a:62:74:ff:39:8e:bd:bd:5e:41:d4:ed:7c:95:05:
         79:0f:39:d4:a1:76:3c:a2:de:2c:69:0a:07:0f:3c:ea:b1:26:
         38:fb:9c:65:9a:1f:3f:af:d2:c2:1e:ab:91:cf:85:34:b5:77:
         af:2b:c4:ec:2a:a2:67:c0:1c:2c:6f:6d:0e:2e:99:29:8b:0d:
         b6:cb:a0:2e:5e:ad:c3:ba:74:d4:22:de:95:a9:f3:67:40:1c:
         b1:2d:81:11:1f:da:62:c8:ad:ef:e1:8c:b4:26:e5:f1:e1:2f:
         07:16:54:c5:1e:a1:9e:2e:93:54:9e:e7:04:b1:1d:1c:a1:bb:
         c6:50:da:30:29:25:fc:68:1e:f1:99:d7:b2:79:90:98:26:a3:
         47:1f:04:a9:17:0f:b3:91:d0:16:28:ea:f8:9b:f9:f7:6c:e8:
         8b:ad:3c:ea:f8:ec:c4:db:e9:d7:04:d5:26:14:d6:28:22:f1:
         b9:39:a4:3e:52:bc:19:4c:a4:dc:f7:4b:2b:3d:3b:5e:ec:95:
         0f:e1:2b:c2:2b:e3:45:b8:6a:40:fb:cc:77:10:d3:4f:e6:2b:
         35:82:e0:30:5e:67:0e:d9:2e:66:dd:ab:bd:84:b5:f2:c3:d9:
         bd:f8:53:5c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYvonY5HmvtX5mGMXcrcIm+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYThmYTc1YzUwMjBjZDYyMThjZjdmMTA5ZGU0MjAyNjUy
MDRiYWMwHhcNMjMxMTE5MTcyNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQwZDIwZjQzZGM5YTMxMWY5ZTBiMDAxYjE5MWI0ZTVkYjU3OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4rZttO+OYLh9VoJRH5WcJqP2T0A
DEDx0XYXAPHK39uY3DDTzRS9pSmre2YQ+I3/T3SPeTL5W4OF4g1hfLm0kaT7YoAT
wFwo+I7ycHOlEuPp7aOuOyGUEktJfyubevVl/dUvBuHxujPX5D/oyFrRVEjjtbI7
5FGbx6aYClbw3ASKtw4dEDQQrPnil2woHIrXrY/h2ad1dXSS8rVqU4Ypn7i3WXC8
SKuu1EDJx1Ls1upIhKfnDr4lEUME8qKHfedWNBywews3OzrKm565iWEph++zi3IX
5KZlN8DpSZyYkS3zlyS42OBQdhaKS+p/YYTwgYnfLYTFrJuPVy3K0HFtrwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAjQ0g9D3JoxH54LABsZG05dtXiyMB8GA1UdIwQY
MBaAFGqo+nXFAgzWIYz38QneQgJlIEusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAt
MzVjNjNmYTc2NWEyLzEvQ05EU0QwUGNtakVmbmdzQUd4a2JUbDIxZUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAtMzVjNjNmYTc2NWEy
LzEvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdMBIDBwAqE9BA
AAEDBwIqE9BAAAADBwQqE9BAABAwDQYJKoZIhvcNAQELBQADggEBAAffjA92x66v
y3XJqALbxgbrsbbA75pidP85jr29XkHU7XyVBXkPOdShdjyi3ixpCgcPPOqxJjj7
nGWaHz+v0sIeq5HPhTS1d68rxOwqomfAHCxvbQ4umSmLDbbLoC5ercO6dNQi3pWp
82dAHLEtgREf2mLIre/hjLQm5fHhLwcWVMUeoZ4uk1Se5wSxHRyhu8ZQ2jApJfxo
HvGZ17J5kJgmo0cfBKkXD7OR0BYo6vib+fds6IutPOr47MTb6dcE1SYU1igi8bk5
pD5SvBlMpNz3Sys9O17slQ/hK8Ir40W4akD7zHcQ00/mKzWC4DBeZw7ZLmbdq72E
tfLD2b34U1w=
-----END CERTIFICATE-----