Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/P9dq1pEsI-JV-ksg9UGkZh3kLkE.roa
File:                     P9dq1pEsI-JV-ksg9UGkZh3kLkE.roa (raw, json)
Hash identifier:          UcskQl5bDrDluf1fL8ekSDJBuZK9PKDJahFzvE4JKTM=
Subject key identifier:   3F:D7:6A:D6:91:2C:23:E2:55:FA:4B:20:F5:41:A4:66:1D:E4:2E:41
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       018FF9BFCCDDA051C9EDC45A95841F39A169
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/P9dq1pEsI-JV-ksg9UGkZh3kLkE.roa
Signing time:             Sat 08 Jun 2024 21:27:27 +0000
ROA not before:           Sat 08 Jun 2024 21:27:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51396
IP address blocks:        2a06:b440::/29 maxlen: 29
                          2a0e:7780::/29 maxlen: 30
                          2a0f:e000::/29 maxlen: 29
                          2a11:f140::/29 maxlen: 30
                          2a12:6740::/29 maxlen: 30
                          2a12:8ec0::/29 maxlen: 30
                          2a12:ccc0::/29 maxlen: 30
                          2a12:d3c0::/29 maxlen: 30
                          2a12:e240::/29 maxlen: 30
                          2a12:f0c0::/29 maxlen: 30

Validation:               Failed, certificate revoked on Fri 14 Jun 2024 07:53:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f9:bf:cc:dd:a0:51:c9:ed:c4:5a:95:84:1f:39:a1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Jun  8 21:27:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fd76ad6912c23e255fa4b20f541a4661de42e41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:4f:c2:f7:df:8a:50:fe:3a:33:03:e5:99:3d:
                    5a:cd:4f:76:6d:8c:f9:be:c1:0a:a3:66:1e:96:7f:
                    1f:8c:19:65:98:6f:c3:fd:75:32:31:da:b1:5c:a6:
                    fe:85:8a:c6:4e:88:8f:61:3f:2b:71:6b:d1:7b:73:
                    8f:9f:9e:0e:72:48:93:50:bb:51:7d:44:a7:01:a7:
                    65:ef:01:b0:19:89:79:09:06:7f:bd:6d:c3:20:d8:
                    f7:b0:fe:81:a3:54:d1:fa:ca:8e:40:03:0a:13:f6:
                    00:a0:76:69:d0:c1:05:b8:a1:86:a9:03:ef:90:a3:
                    19:7c:c6:05:7e:75:e3:9f:45:d1:9a:24:ba:34:72:
                    98:47:32:12:a0:3f:bb:6a:98:1c:93:82:d4:71:f2:
                    eb:63:19:30:93:e7:2d:e0:37:4f:0c:0f:f3:d9:26:
                    df:0a:3e:46:41:3b:a8:45:25:00:51:c4:c9:b6:7f:
                    cf:b8:3c:02:9a:7e:8c:d1:65:21:2a:16:ee:60:39:
                    b4:72:a6:79:37:40:f3:f6:14:d2:a2:57:e8:51:6e:
                    31:63:47:38:94:27:e1:fe:36:93:6e:54:ad:32:bb:
                    c5:c4:f8:9b:40:ea:b7:37:1a:49:5b:e9:78:5c:73:
                    f9:0f:e1:a7:0e:9e:13:fd:f3:fb:ef:b1:44:b6:4b:
                    f9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D7:6A:D6:91:2C:23:E2:55:FA:4B:20:F5:41:A4:66:1D:E4:2E:41
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/P9dq1pEsI-JV-ksg9UGkZh3kLkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:b440::/29
                  2a0e:7780::/29
                  2a0f:e000::/29
                  2a11:f140::/29
                  2a12:6740::/29
                  2a12:8ec0::/29
                  2a12:ccc0::/29
                  2a12:d3c0::/29
                  2a12:e240::/29
                  2a12:f0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:af:f7:5d:51:85:45:c6:84:8d:6d:2a:33:44:d5:de:a8:39:
         94:7c:a0:2e:f7:92:a9:a2:66:cc:8d:49:83:07:f0:5a:d8:46:
         99:a8:47:fd:09:ac:a8:9a:0c:6b:ba:ed:fd:7c:cf:8a:85:d0:
         72:1e:17:51:8a:fa:00:ce:26:65:55:a0:2d:8b:32:bf:ed:16:
         b9:0d:4e:ae:be:e0:ac:d1:0b:3f:ab:bf:d1:2b:66:a4:aa:11:
         de:1d:bd:b8:42:af:26:fb:ee:53:1c:be:50:e1:53:6d:20:c8:
         c5:73:15:51:c9:09:29:b5:19:8a:bf:80:79:87:a6:b9:d0:31:
         1d:02:f9:a9:43:78:ba:85:0c:4f:ac:d4:81:dc:ac:68:e2:8d:
         8d:3d:35:15:88:ae:04:e5:d0:5f:61:f0:02:9c:87:66:f1:a8:
         c6:ef:52:ed:17:ca:f8:3d:1e:25:28:3c:70:a0:fc:7e:b4:30:
         c1:68:f1:c2:f4:0c:22:54:7e:23:e3:c5:6f:45:d4:f3:95:4d:
         8d:b8:19:da:e4:60:39:51:59:7d:61:f6:66:a4:dc:f3:02:c4:
         73:4f:91:9b:60:da:cf:a2:ef:c0:b7:1b:a5:c7:a4:f2:b7:ee:
         11:d4:29:5b:83:5d:19:d9:81:e5:d4:ef:05:7f:7a:c0:e2:3c:
         de:66:81:3a
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY/5v8zdoFHJ7cRalYQfOaFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwNjA4MjEyNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQ3NmFkNjkxMmMyM2UyNTVmYTRiMjBmNTQxYTQ2NjFkZTQyZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6k/C99+KUP46MwPlmT1azU92bYz5
vsEKo2Yeln8fjBllmG/D/XUyMdqxXKb+hYrGToiPYT8rcWvRe3OPn54OckiTULtR
fUSnAadl7wGwGYl5CQZ/vW3DINj3sP6Bo1TR+sqOQAMKE/YAoHZp0MEFuKGGqQPv
kKMZfMYFfnXjn0XRmiS6NHKYRzISoD+7apgck4LUcfLrYxkwk+ct4DdPDA/z2Sbf
Cj5GQTuoRSUAUcTJtn/PuDwCmn6M0WUhKhbuYDm0cqZ5N0Dz9hTSolfoUW4xY0c4
lCfh/jaTblStMrvFxPibQOq3NxpJW+l4XHP5D+GnDp4T/fP777FEtkv5+QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFD/XataRLCPiVfpLIPVBpGYd5C5BMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvUDlkcTFwRXNJLUpWLWtzZzlVR2taaDNrTGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKga0QAMF
AyoOd4ADBQMqD+AAAwUDKhHxQAMFAyoSZ0ADBQMqEo7AAwUDKhLMwAMFAyoS08AD
BQMqEuJAAwUDKhLwwDANBgkqhkiG9w0BAQsFAAOCAQEAVa/3XVGFRcaEjW0qM0TV
3qg5lHygLveSqaJmzI1JgwfwWthGmahH/QmsqJoMa7rt/XzPioXQch4XUYr6AM4m
ZVWgLYsyv+0WuQ1Orr7grNELP6u/0StmpKoR3h29uEKvJvvuUxy+UOFTbSDIxXMV
UckJKbUZir+AeYemudAxHQL5qUN4uoUMT6zUgdysaOKNjT01FYiuBOXQX2HwApyH
ZvGoxu9S7RfK+D0eJSg8cKD8frQwwWjxwvQMIlR+I+PFb0XU85VNjbgZ2uRgOVFZ
fWH2ZqTc8wLEc0+Rm2Daz6LvwLcbpcek8rfuEdQpW4NdGdmB5dTvBX96wOI83maB
Og==
-----END CERTIFICATE-----