Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/1-PjnWQL6PZQ2sBNq5GnZx5OZInQ.roa
File:                     1-PjnWQL6PZQ2sBNq5GnZx5OZInQ.roa (raw, json)
Hash identifier:          uRMnWF461PAyOHp3LNpswxT7YvsnOuvySsPBdXWG3+Y=
Subject key identifier:   F8:F8:E7:59:02:FA:3D:94:36:B0:13:6A:E4:69:D9:C7:93:99:22:74
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       018E33AAA4BA4412035C0BC33FFE396D36AC
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/1-PjnWQL6PZQ2sBNq5GnZx5OZInQ.roa
Signing time:             Tue 12 Mar 2024 17:16:45 +0000
ROA not before:           Tue 12 Mar 2024 17:16:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        2a0a:e2c0::/29 maxlen: 32
                          2a0e:7780::/29 maxlen: 32
                          2a0f:e000::/29 maxlen: 32
                          2a11:2f40::/29 maxlen: 29
                          2a11:3b40::/29 maxlen: 29
                          2a11:7240::/29 maxlen: 29
                          2a11:9600::/29 maxlen: 29
                          2a11:dcc0::/29 maxlen: 29
                          2a13:ba00::/29 maxlen: 32
                          2a13:dac0::/29 maxlen: 32
                          2a14:140::/29 maxlen: 29
                          2a14:1c0::/29 maxlen: 29
                          2a14:800::/29 maxlen: 29
                          2a14:f40::/29 maxlen: 29
                          2a14:7e00::/29 maxlen: 32

Validation:               Failed, certificate revoked on Thu 14 Mar 2024 14:58:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:33:aa:a4:ba:44:12:03:5c:0b:c3:3f:fe:39:6d:36:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Mar 12 17:16:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8f8e75902fa3d9436b0136ae469d9c793992274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c3:1a:1a:d5:22:0f:e5:4c:d5:be:19:bb:e3:
                    df:50:e9:b1:59:a9:5d:41:0e:8e:de:64:a8:ad:08:
                    a7:a3:1b:06:25:fd:fa:65:17:bb:89:95:8a:79:98:
                    3a:96:fc:7d:39:c6:06:17:e8:78:27:5f:aa:4f:a4:
                    fe:25:8c:73:9d:a0:fb:40:22:c5:e8:b1:c2:4a:7f:
                    5a:68:b8:65:8e:d5:8b:f4:d0:83:ad:13:b2:60:81:
                    81:4e:ed:cf:48:21:d8:26:20:dd:5e:29:66:40:14:
                    b2:2a:66:60:17:cd:1c:15:70:77:50:fc:8c:2f:fc:
                    7b:b8:30:78:d5:74:ba:a4:53:6b:9d:0c:82:72:49:
                    1c:bc:86:b0:30:06:fc:66:56:3f:a9:dd:5a:3a:32:
                    eb:b7:ba:b6:65:cd:42:3b:7d:b6:21:12:51:4b:20:
                    21:ed:4e:23:44:16:f2:ac:4c:81:1d:cf:df:5a:5b:
                    36:2c:df:9b:1f:30:1f:39:f0:45:b0:01:ce:85:e5:
                    b4:33:1b:a8:ce:59:da:e2:de:29:1a:f1:17:bf:e5:
                    48:73:97:d0:1d:bb:90:e0:c1:ad:55:e1:42:c7:bd:
                    16:69:4a:ed:b3:29:4e:b1:9c:1a:f4:a7:88:95:15:
                    cb:0e:64:87:22:62:5e:50:00:ca:c8:5b:29:2c:67:
                    07:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F8:E7:59:02:FA:3D:94:36:B0:13:6A:E4:69:D9:C7:93:99:22:74
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/1-PjnWQL6PZQ2sBNq5GnZx5OZInQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:e2c0::/29
                  2a0e:7780::/29
                  2a0f:e000::/29
                  2a11:2f40::/29
                  2a11:3b40::/29
                  2a11:7240::/29
                  2a11:9600::/29
                  2a11:dcc0::/29
                  2a13:ba00::/29
                  2a13:dac0::/29
                  2a14:140::/29
                  2a14:1c0::/29
                  2a14:800::/29
                  2a14:f40::/29
                  2a14:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:f3:15:d4:66:27:0f:a4:c2:4d:0f:04:4b:b0:76:2a:5d:cb:
         de:8d:74:e6:71:66:9b:12:d0:cf:93:16:ec:a3:66:f5:d8:82:
         c5:d5:58:62:14:8f:d5:cd:45:5e:be:c2:43:bd:94:4d:2e:f5:
         2b:ae:63:cd:cc:97:54:a4:d0:62:25:5e:57:48:42:c1:22:be:
         d3:9a:17:a7:bb:73:be:04:6d:a2:1e:58:fd:45:07:44:b9:de:
         de:f8:6f:5f:bd:09:c2:e2:07:4b:dd:5d:3e:bc:8c:aa:4c:d7:
         3e:0d:7a:85:b4:5d:0a:86:d9:8b:fc:93:07:ac:77:fb:4a:87:
         d1:30:c4:6e:4a:b0:de:58:62:6a:a6:53:ed:d8:0b:fa:06:e9:
         65:7b:29:40:e7:c8:47:75:9e:62:43:57:ba:b2:98:a2:26:f4:
         07:5f:bf:65:04:25:77:49:3a:9e:eb:82:2f:73:07:40:36:33:
         45:a9:eb:ff:11:fd:fe:3e:e4:86:aa:e9:dd:d8:0f:a7:10:17:
         71:36:c4:f8:24:47:ca:70:11:93:22:38:59:cf:35:90:8d:08:
         e0:bb:4f:05:0d:05:30:76:4b:af:8a:10:27:e7:8b:03:d4:12:
         e0:3e:89:b2:10:04:57:83:c0:cb:9c:22:c4:60:14:1a:e1:0c:
         af:e0:a6:b2
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAY4zqqS6RBIDXAvDP/45bTasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwMzEyMTcxNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGY4ZTc1OTAyZmEzZDk0MzZiMDEzNmFlNDY5ZDljNzkzOTkyMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8MaGtUiD+VM1b4Zu+PfUOmxWald
QQ6O3mSorQinoxsGJf36ZRe7iZWKeZg6lvx9OcYGF+h4J1+qT6T+JYxznaD7QCLF
6LHCSn9aaLhljtWL9NCDrROyYIGBTu3PSCHYJiDdXilmQBSyKmZgF80cFXB3UPyM
L/x7uDB41XS6pFNrnQyCckkcvIawMAb8ZlY/qd1aOjLrt7q2Zc1CO322IRJRSyAh
7U4jRBbyrEyBHc/fWls2LN+bHzAfOfBFsAHOheW0Mxuozlna4t4pGvEXv+VIc5fQ
HbuQ4MGtVeFCx70WaUrtsylOsZwa9KeIlRXLDmSHImJeUADKyFspLGcHLwIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFPj451kC+j2UNrATauRp2ceTmSJ0MB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvMS1Qam5XUUw2UFpRMnNCTnE1R25aeDVPWkluUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTEvNzU3YjU2LTdiNTctNDhhMC05YTc1LWEyYTRjNmE2MjFj
ZC8xL0dKMXJWZGFtaU81ZU00R0lPN1d2YUVNeWR1TS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBggYIKwYBBQUHAQcBAf8EczBxMG8EAgACMGkDBQMqCuLA
AwUDKg53gAMFAyoP4AADBQMqES9AAwUDKhE7QAMFAyoRckADBQMqEZYAAwUDKhHc
wAMFAyoTugADBQMqE9rAAwUDKhQBQAMFAyoUAcADBQMqFAgAAwUDKhQPQAMFAyoU
fgAwDQYJKoZIhvcNAQELBQADggEBAHXzFdRmJw+kwk0PBEuwdipdy96NdOZxZpsS
0M+TFuyjZvXYgsXVWGIUj9XNRV6+wkO9lE0u9SuuY83Ml1Sk0GIlXldIQsEivtOa
F6e7c74EbaIeWP1FB0S53t74b1+9CcLiB0vdXT68jKpM1z4NeoW0XQqG2Yv8kwes
d/tKh9EwxG5KsN5YYmqmU+3YC/oG6WV7KUDnyEd1nmJDV7qymKIm9Adfv2UEJXdJ
Op7rgi9zB0A2M0Wp6/8R/f4+5Iaq6d3YD6cQF3E2xPgkR8pwEZMiOFnPNZCNCOC7
TwUNBTB2S6+KECfniwPUEuA+ibIQBFeDwMucIsRgFBrhDK/gprI=
-----END CERTIFICATE-----