Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/4im0fkTItIvNVT_WZnK2W2LwO00.roa
File:                     4im0fkTItIvNVT_WZnK2W2LwO00.roa (raw, json)
Hash identifier:          yPNC/GzYhcMRBOxe+Ev13sdptLlH1Svt+u0Y8BqdR2s=
Subject key identifier:   E2:29:B4:7E:44:C8:B4:8B:CD:55:3F:D6:66:72:B6:5B:62:F0:3B:4D
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01907DB120AEE9C615E3A16E3957B49C4DE5
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/4im0fkTItIvNVT_WZnK2W2LwO00.roa
Signing time:             Thu 04 Jul 2024 12:21:18 +0000
ROA not before:           Thu 04 Jul 2024 12:21:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        2a07:9201::/32 maxlen: 32
                          2a09:340::/32 maxlen: 32
                          2a09:c440::/32 maxlen: 32
                          2a0c:5d40::/32 maxlen: 32
                          2a0c:a584::/32 maxlen: 32
                          2a10:dfc0::/32 maxlen: 32
                          2a10:fac0::/32 maxlen: 32
                          2a11:580::/32 maxlen: 32
                          2a11:1600::/32 maxlen: 32
                          2a11:2a80::/32 maxlen: 32
                          2a11:3900::/32 maxlen: 32
                          2a11:d680::/32 maxlen: 32
                          2a12:9f00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 24 Jul 2024 13:08:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7d:b1:20:ae:e9:c6:15:e3:a1:6e:39:57:b4:9c:4d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jul  4 12:21:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e229b47e44c8b48bcd553fd66672b65b62f03b4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8f:aa:3d:69:f5:88:b2:ee:f5:f5:db:3a:60:
                    d8:b3:f2:91:e1:66:bc:38:0e:34:36:b2:38:5b:a6:
                    1a:4f:14:a1:9d:59:d4:a1:3b:41:fb:a2:ed:ed:3f:
                    bc:d1:86:3d:46:7a:de:84:e2:3f:fb:94:fb:b5:91:
                    ca:d5:f2:c6:f4:77:12:d6:a1:11:cf:97:79:5d:e8:
                    7f:51:a2:0b:46:4a:b8:ee:1c:c2:ad:27:17:c4:81:
                    cf:a7:c5:df:c8:80:5e:f6:22:38:70:51:d2:f5:b6:
                    64:71:08:f5:74:d4:ec:08:19:86:0e:b7:c3:74:e7:
                    00:c4:cb:8d:2a:15:8e:1a:34:ed:11:b2:7c:b2:51:
                    12:8f:b1:6b:75:cf:c5:81:38:dc:0d:04:90:bf:fd:
                    29:3b:79:45:cc:0c:f5:c3:7c:7f:fd:89:ae:9a:6d:
                    a2:cb:1f:f6:54:a7:51:63:6a:b2:f7:c3:90:db:2c:
                    1c:5e:20:ae:88:5f:0c:a4:bf:ff:39:7d:ec:1c:ca:
                    e8:60:af:da:c8:b0:6c:f6:40:58:57:84:1b:d6:b1:
                    0e:5b:03:8d:4c:44:31:ca:eb:3a:fc:cd:51:dc:37:
                    20:df:6e:02:cc:11:8e:64:8f:45:70:5e:85:c1:df:
                    eb:f4:59:56:e9:f8:d5:79:58:c0:03:ba:c8:50:da:
                    77:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:29:B4:7E:44:C8:B4:8B:CD:55:3F:D6:66:72:B6:5B:62:F0:3B:4D
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/4im0fkTItIvNVT_WZnK2W2LwO00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:9201::/32
                  2a09:340::/32
                  2a09:c440::/32
                  2a0c:5d40::/32
                  2a0c:a584::/32
                  2a10:dfc0::/32
                  2a10:fac0::/32
                  2a11:580::/32
                  2a11:1600::/32
                  2a11:2a80::/32
                  2a11:3900::/32
                  2a11:d680::/32
                  2a12:9f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:c6:db:03:40:23:23:05:33:eb:dd:12:45:bd:b0:d6:e2:27:
         7a:d6:5e:2a:18:e7:5b:54:40:e5:3d:39:94:5b:60:83:06:c0:
         8e:c4:e9:0b:18:9b:0b:1e:02:a0:cf:b2:5f:98:59:fd:5f:45:
         e2:ed:94:36:bd:3b:83:73:82:82:f1:a6:d3:16:bc:50:62:0f:
         5b:87:44:e3:f6:67:b2:de:41:a5:78:ac:6e:4b:5f:e2:8d:1c:
         8b:73:cc:55:2b:b6:17:d0:d5:b8:68:fd:19:c9:fa:c0:42:05:
         c0:e0:aa:d8:59:d1:1d:a3:2b:58:4f:0c:8c:d7:ae:49:d3:61:
         d0:b3:ed:51:74:7e:e8:ac:7e:4c:3d:12:bb:11:6d:c7:29:7b:
         07:42:6f:80:b4:12:35:2c:37:ce:85:c3:53:c1:0a:96:f5:ed:
         a9:ed:70:7e:20:6c:b8:ab:db:12:fd:cf:36:c4:3d:83:5f:6e:
         f6:d2:12:33:42:63:43:6d:be:bb:ec:8e:6a:44:b9:91:02:61:
         b2:d8:27:b3:08:b4:b6:8d:b2:21:dd:80:5c:41:d2:ea:87:65:
         5f:0e:a6:07:05:f7:6b:a5:75:5c:c7:24:08:cd:9a:79:92:92:
         24:a3:dc:47:fa:dd:d1:81:19:0d:8a:b1:19:27:8b:cf:9c:5b:
         7b:6b:99:b6
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAZB9sSCu6cYV46FuOVe0nE3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNzA0MTIyMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjI5YjQ3ZTQ0YzhiNDhiY2Q1NTNmZDY2NjcyYjY1YjYyZjAzYjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4+qPWn1iLLu9fXbOmDYs/KR4Wa8
OA40NrI4W6YaTxShnVnUoTtB+6Lt7T+80YY9RnrehOI/+5T7tZHK1fLG9HcS1qER
z5d5Xeh/UaILRkq47hzCrScXxIHPp8XfyIBe9iI4cFHS9bZkcQj1dNTsCBmGDrfD
dOcAxMuNKhWOGjTtEbJ8slESj7Frdc/FgTjcDQSQv/0pO3lFzAz1w3x//Ymumm2i
yx/2VKdRY2qy98OQ2ywcXiCuiF8MpL//OX3sHMroYK/ayLBs9kBYV4Qb1rEOWwON
TEQxyus6/M1R3Dcg324CzBGOZI9FcF6Fwd/r9FlW6fjVeVjAA7rIUNp3xwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFOIptH5EyLSLzVU/1mZytlti8DtNMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvNGltMGZrVEl0SXZOVlRfV1puSzJXMkx3TzAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAAjBbAwUAKgeSAQMF
ACoJA0ADBQAqCcRAAwUAKgxdQAMFACoMpYQDBQAqEN/AAwUAKhD6wAMFACoRBYAD
BQAqERYAAwUAKhEqgAMFACoROQADBQAqEdaAAwUAKhKfADANBgkqhkiG9w0BAQsF
AAOCAQEAFcbbA0AjIwUz690SRb2w1uInetZeKhjnW1RA5T05lFtggwbAjsTpCxib
Cx4CoM+yX5hZ/V9F4u2UNr07g3OCgvGm0xa8UGIPW4dE4/Znst5BpXisbktf4o0c
i3PMVSu2F9DVuGj9Gcn6wEIFwOCq2FnRHaMrWE8MjNeuSdNh0LPtUXR+6Kx+TD0S
uxFtxyl7B0JvgLQSNSw3zoXDU8EKlvXtqe1wfiBsuKvbEv3PNsQ9g19u9tISM0Jj
Q22+u+yOakS5kQJhstgnswi0to2yId2AXEHS6odlXw6mBwX3a6V1XMckCM2aeZKS
JKPcR/rd0YEZDYqxGSeLz5xbe2uZtg==
-----END CERTIFICATE-----