Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/xAiJ8tYKiwUN_gaQlVEUbWaEnPc.roa
File:                     xAiJ8tYKiwUN_gaQlVEUbWaEnPc.roa (raw, json)
Hash identifier:          vbhd99Pj6LeQF7B+LZyVkC4ZjwnMWUpNq2bBdLn9NhA=
Subject key identifier:   C4:08:89:F2:D6:0A:8B:05:0D:FE:06:90:95:51:14:6D:66:84:9C:F7
Certificate issuer:       /CN=6aa8fa75c5020cd6218cf7f109de420265204bac
Certificate serial:       018BE753F6A65AB6D7A99FE99035CB919787
Authority key identifier: 6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/xAiJ8tYKiwUN_gaQlVEUbWaEnPc.roa
Signing time:             Sun 19 Nov 2023 11:25:21 +0000
ROA not before:           Sun 19 Nov 2023 11:25:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        2a13:d040:1e::/48 maxlen: 48
                          2a13:d040:19::/48 maxlen: 48
                          2a13:d040:14::/48 maxlen: 48
                          2a13:d040:1f::/48 maxlen: 48
                          2a13:d040:12::/48 maxlen: 48
                          2a13:d040:2::/48 maxlen: 48
                          2a13:d040:1d::/48 maxlen: 48
                          2a13:d040:18::/48 maxlen: 48
                          2a13:d040:13::/48 maxlen: 48
                          2a13:d040:16::/48 maxlen: 48
                          2a13:d040:1::/48 maxlen: 48
                          2a13:d040:11::/48 maxlen: 48
                          2a13:d040:1c::/48 maxlen: 48
                          2a13:d040:17::/48 maxlen: 48
                          2a13:d040:1a::/48 maxlen: 48
                          2a13:d040:15::/48 maxlen: 48
                          2a13:d040:10::/48 maxlen: 48
                          2a13:d040:1b::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sun 19 Nov 2023 17:25:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:e7:53:f6:a6:5a:b6:d7:a9:9f:e9:90:35:cb:91:97:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa8fa75c5020cd6218cf7f109de420265204bac
        Validity
            Not Before: Nov 19 11:25:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c40889f2d60a8b050dfe06909551146d66849cf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:65:a9:95:50:f3:cb:cc:bf:49:9a:7f:b2:10:
                    e3:59:6f:81:3c:9a:f7:96:34:f1:eb:06:90:d9:f5:
                    a5:f0:0c:49:28:c8:e5:a2:1f:e2:21:70:ee:f8:cc:
                    1f:f1:15:2b:59:e9:12:0d:1b:f5:76:70:0e:eb:0c:
                    8c:b8:c1:b7:5a:08:17:69:14:72:c3:83:06:29:00:
                    84:b3:69:9c:e6:d0:8e:7c:cc:5f:83:08:92:7f:dd:
                    d1:d1:49:9d:86:b5:73:55:ff:57:17:16:36:34:5b:
                    05:32:b6:03:5c:9a:8b:09:1f:04:b4:66:98:5f:2c:
                    88:16:ae:35:f4:e9:94:89:06:ad:0f:f6:0f:f4:a4:
                    52:33:bc:f7:be:3b:5c:80:11:b5:97:2b:b2:60:9c:
                    75:d6:82:fd:3e:9a:0c:9c:de:9c:fc:de:04:f8:3c:
                    11:7d:e1:f9:e1:98:3a:fb:6c:85:63:53:32:9c:aa:
                    0e:14:3e:13:b1:62:b2:b3:6f:48:52:17:75:48:fa:
                    3b:a6:a3:8b:45:0d:64:7a:fa:15:32:78:62:0e:ac:
                    65:17:f3:dc:4a:1b:fd:2e:5d:20:86:3e:07:d1:a4:
                    2e:b1:11:4a:39:7d:a7:a6:4d:7a:5c:a2:33:67:2f:
                    bc:60:14:ce:3b:82:41:62:f2:4c:76:a5:3c:4b:97:
                    51:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:08:89:F2:D6:0A:8B:05:0D:FE:06:90:95:51:14:6D:66:84:9C:F7
            X509v3 Authority Key Identifier:
                keyid:6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/xAiJ8tYKiwUN_gaQlVEUbWaEnPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d040:1::-2a13:d040:2:ffff:ffff:ffff:ffff:ffff
                  2a13:d040:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         95:57:2a:41:b7:d1:40:a1:8c:8a:bb:70:6d:e1:a5:47:bf:01:
         fa:d2:e5:23:f9:dc:b3:0f:c4:78:7f:5d:11:c1:a1:21:e3:87:
         92:bd:52:eb:5e:de:fa:eb:f7:d7:4d:47:9e:c3:90:dd:34:9c:
         32:54:d3:1b:31:8d:98:b2:05:a6:4d:7a:86:84:eb:fa:ee:be:
         c8:7d:36:34:e5:26:74:8c:8d:f9:9e:36:99:32:ed:21:d7:a6:
         99:83:be:73:7b:20:96:5c:8e:4d:5e:e2:f8:40:9e:64:c0:b2:
         71:6e:76:22:4e:d1:60:5f:18:49:76:38:a7:ab:64:4a:bb:62:
         b5:0e:6b:a3:0b:64:f8:0a:68:13:9d:f9:60:c4:59:0b:8b:ce:
         ae:41:74:f3:1f:63:5c:ad:7c:78:10:23:2e:dd:b6:5a:6f:73:
         1d:f1:69:bb:b9:82:6b:d5:18:91:53:ac:d1:99:cf:89:2f:95:
         66:13:0f:01:53:ae:eb:61:57:9f:26:27:60:ba:42:6b:26:37:
         e0:34:8c:9c:c8:e1:53:05:7d:0f:7d:2c:f7:1e:15:fe:5f:a6:
         f2:57:0a:0d:1a:18:e2:50:cf:7d:72:be:79:8d:f5:c5:17:4f:
         bd:44:cb:9c:49:18:81:98:ff:ac:01:a9:89:92:9d:69:89:1b:
         9f:11:db:e8
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYvnU/amWrbXqZ/pkDXLkZeHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYThmYTc1YzUwMjBjZDYyMThjZjdmMTA5ZGU0MjAyNjUy
MDRiYWMwHhcNMjMxMTE5MTEyNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDA4ODlmMmQ2MGE4YjA1MGRmZTA2OTA5NTUxMTQ2ZDY2ODQ5Y2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGWplVDzy8y/SZp/shDjWW+BPJr3
ljTx6waQ2fWl8AxJKMjloh/iIXDu+Mwf8RUrWekSDRv1dnAO6wyMuMG3WggXaRRy
w4MGKQCEs2mc5tCOfMxfgwiSf93R0UmdhrVzVf9XFxY2NFsFMrYDXJqLCR8EtGaY
XyyIFq419OmUiQatD/YP9KRSM7z3vjtcgBG1lyuyYJx11oL9PpoMnN6c/N4E+DwR
feH54Zg6+2yFY1MynKoOFD4TsWKys29IUhd1SPo7pqOLRQ1kevoVMnhiDqxlF/Pc
Shv9Ll0ghj4H0aQusRFKOX2npk16XKIzZy+8YBTOO4JBYvJMdqU8S5dRPwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMQIifLWCosFDf4GkJVRFG1mhJz3MB8GA1UdIwQY
MBaAFGqo+nXFAgzWIYz38QneQgJlIEusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAt
MzVjNjNmYTc2NWEyLzEveEFpSjh0WUtpd1VOX2dhUWxWRVViV2FFblBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAtMzVjNjNmYTc2NWEy
LzEvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdMBIDBwAqE9BA
AAEDBwAqE9BAAAIDBwQqE9BAABAwDQYJKoZIhvcNAQELBQADggEBAJVXKkG30UCh
jIq7cG3hpUe/AfrS5SP53LMPxHh/XRHBoSHjh5K9Uute3vrr99dNR57DkN00nDJU
0xsxjZiyBaZNeoaE6/ruvsh9NjTlJnSMjfmeNpky7SHXppmDvnN7IJZcjk1e4vhA
nmTAsnFudiJO0WBfGEl2OKerZEq7YrUOa6MLZPgKaBOd+WDEWQuLzq5BdPMfY1yt
fHgQIy7dtlpvcx3xabu5gmvVGJFTrNGZz4kvlWYTDwFTruthV58mJ2C6QmsmN+A0
jJzI4VMFfQ99LPceFf5fpvJXCg0aGOJQz31yvnmN9cUXT71Ey5xJGIGY/6wBqYmS
nWmJG58R2+g=
-----END CERTIFICATE-----