Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/H36ERbEUcOvobb_oSFg4TwMzVMc.roa
File:                     H36ERbEUcOvobb_oSFg4TwMzVMc.roa (raw, json)
Hash identifier:          Osu7AeAiuSUVY1ooixtSKf9bHFE8VxIQ0SXgH/vcvB8=
Subject key identifier:   1F:7E:84:45:B1:14:70:EB:E8:6D:BF:E8:48:58:38:4F:03:33:54:C7
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       018CC9BBFB64186F4FD46BCF666BE1CF4DC8
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/H36ERbEUcOvobb_oSFg4TwMzVMc.roa
Signing time:             Tue 02 Jan 2024 10:33:09 +0000
ROA not before:           Tue 02 Jan 2024 10:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207137
IP address blocks:        2a13:240:5::/48 maxlen: 48
                          2a13:240:4700::/40 maxlen: 40
                          2a13:240:4600::/40 maxlen: 40
                          2a13:240:4500::/40 maxlen: 40
                          2a13:240:4400::/40 maxlen: 40
                          2a13:240:4300::/40 maxlen: 40
                          2a13:240:4200::/40 maxlen: 40
                          2a13:240::/48 maxlen: 48
                          2a13:240:9::/48 maxlen: 48
                          2a13:240:4::/48 maxlen: 48
                          2a13:240:2::/48 maxlen: 48
                          2a13:240:8::/48 maxlen: 48
                          2a13:240:3::/48 maxlen: 48
                          2a13:240:6::/48 maxlen: 48
                          2a13:240:1::/48 maxlen: 48
                          2a13:240:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 14 Mar 2024 12:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:fb:64:18:6f:4f:d4:6b:cf:66:6b:e1:cf:4d:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Jan  2 10:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f7e8445b11470ebe86dbfe84858384f033354c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6b:a7:5a:d6:a1:d6:24:9a:3a:dc:43:a8:60:
                    3d:d5:30:ce:49:3f:6e:b4:95:62:5b:2d:b4:c2:34:
                    0c:2b:3c:7c:0e:cc:36:06:05:fe:5d:5f:4a:5d:42:
                    7e:9b:9b:fe:90:18:3b:a4:7f:fc:69:1a:1f:4c:e5:
                    eb:1f:6e:bf:4a:68:57:72:10:5f:e1:25:43:b3:b7:
                    14:d0:48:81:19:d6:09:31:9c:da:95:30:86:d4:df:
                    62:02:3e:be:15:9e:17:1b:43:03:91:02:55:b1:c1:
                    f5:f9:3a:4c:0b:47:65:51:23:67:14:d8:0c:b6:34:
                    2e:d4:e6:2b:2f:90:82:08:72:f0:2b:e6:5e:83:1e:
                    61:0d:9e:12:fa:31:e5:07:d8:28:99:03:f5:f9:bf:
                    2a:cd:2d:d0:a5:21:e7:c0:21:26:91:5f:45:ac:38:
                    20:39:42:8d:28:87:33:f5:58:2e:9d:69:73:c9:3a:
                    48:07:69:6b:96:c2:fe:72:28:8e:f1:97:57:7a:3f:
                    40:af:b3:e7:cd:8f:67:14:b1:99:69:27:65:8c:15:
                    9f:1d:56:bc:d2:24:4e:fb:ff:1f:85:75:49:06:73:
                    09:21:71:b8:5e:cc:0b:15:93:cc:2d:b6:48:4f:8f:
                    4e:8b:6f:03:8f:8a:e7:af:ff:50:40:cd:87:3a:d9:
                    56:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7E:84:45:B1:14:70:EB:E8:6D:BF:E8:48:58:38:4F:03:33:54:C7
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/H36ERbEUcOvobb_oSFg4TwMzVMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240::-2a13:240:9:ffff:ffff:ffff:ffff:ffff
                  2a13:240:4200::-2a13:240:47ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         78:11:df:2f:31:d1:59:30:60:78:2f:65:ba:26:c4:ba:78:58:
         9d:ad:b6:38:f9:08:32:10:ec:3f:96:37:09:0c:a6:8e:dc:fe:
         17:b7:d2:fe:e0:fb:b0:d1:fc:2c:11:8b:f9:a4:aa:a5:1e:71:
         35:59:a4:6f:14:41:b5:12:d8:1a:ba:50:0f:3d:2d:f2:03:c1:
         4d:ec:a6:7d:c9:db:44:37:b0:41:b3:9e:13:1f:c9:d5:db:69:
         b9:c0:56:df:16:60:59:05:28:5b:2a:9c:f0:f1:88:cd:04:78:
         bc:5e:3b:0e:d9:3f:22:f0:da:67:8d:89:31:83:e8:ac:95:fb:
         44:98:ed:70:b1:13:68:07:32:f4:e8:dc:b8:40:33:7d:22:22:
         4a:ce:60:0e:57:9d:64:8f:a3:50:38:09:86:2e:fb:0c:bc:9a:
         2a:44:f3:77:28:1d:64:79:f0:6a:44:f7:a1:da:8b:d7:b5:9d:
         7e:52:f2:1f:73:5d:a3:7d:6b:92:d2:3d:c3:43:a7:d2:9e:f4:
         f9:08:e9:95:c8:f6:8b:30:c8:a4:d4:52:f0:33:20:67:dc:1b:
         c3:4e:20:ec:33:c9:5a:ef:36:c5:12:f6:dc:50:42:51:3c:ac:
         3a:e9:68:76:25:75:66:1a:b8:fb:4d:66:34:7b:ac:50:79:6f:
         d2:d6:d7:44
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzJu/tkGG9P1GvPZmvhz03IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjQwMTAyMTAzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdlODQ0NWIxMTQ3MGViZTg2ZGJmZTg0ODU4Mzg0ZjAzMzM1NGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWunWtah1iSaOtxDqGA91TDOST9u
tJViWy20wjQMKzx8Dsw2BgX+XV9KXUJ+m5v+kBg7pH/8aRofTOXrH26/SmhXchBf
4SVDs7cU0EiBGdYJMZzalTCG1N9iAj6+FZ4XG0MDkQJVscH1+TpMC0dlUSNnFNgM
tjQu1OYrL5CCCHLwK+Zegx5hDZ4S+jHlB9gomQP1+b8qzS3QpSHnwCEmkV9FrDgg
OUKNKIcz9VgunWlzyTpIB2lrlsL+ciiO8ZdXej9Ar7PnzY9nFLGZaSdljBWfHVa8
0iRO+/8fhXVJBnMJIXG4XswLFZPMLbZIT49Oi28Dj4rnr/9QQM2HOtlWFQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFB9+hEWxFHDr6G2/6EhYOE8DM1THMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvSDM2RVJiRVVjT3ZvYmJfb1NGZzRUd016Vk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkMBADBQYqEwJA
AwcBKhMCQAAIMBADBgEqEwJAQgMGAyoTAkBAMA0GCSqGSIb3DQEBCwUAA4IBAQB4
Ed8vMdFZMGB4L2W6JsS6eFidrbY4+QgyEOw/ljcJDKaO3P4Xt9L+4Puw0fwsEYv5
pKqlHnE1WaRvFEG1EtgaulAPPS3yA8FN7KZ9ydtEN7BBs54TH8nV22m5wFbfFmBZ
BShbKpzw8YjNBHi8XjsO2T8i8NpnjYkxg+islftEmO1wsRNoBzL06Ny4QDN9IiJK
zmAOV51kj6NQOAmGLvsMvJoqRPN3KB1kefBqRPeh2ovXtZ1+UvIfc12jfWuS0j3D
Q6fSnvT5COmVyPaLMMik1FLwMyBn3BvDTiDsM8la7zbFEvbcUEJRPKw66Wh2JXVm
Grj7TWY0e6xQeW/S1tdE
-----END CERTIFICATE-----