Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HLz1IEYXzRgNm4IzpK9Hn5Yl9s0.roa
File:                     HLz1IEYXzRgNm4IzpK9Hn5Yl9s0.roa (raw, json)
Hash identifier:          xMMOhcajk5XfEleEyeSs9ujjCyAn5Tows208HevrhfM=
Subject key identifier:   1C:BC:F5:20:46:17:CD:18:0D:9B:82:33:A4:AF:47:9F:96:25:F6:CD
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0191C66D6104DDB26FFDB23F828F2133ABAA
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HLz1IEYXzRgNm4IzpK9Hn5Yl9s0.roa
Signing time:             Fri 06 Sep 2024 08:22:22 +0000
ROA not before:           Fri 06 Sep 2024 08:22:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        2a07:9200::/32 maxlen: 32
                          2a07:9202::/32 maxlen: 32
                          2a07:9203::/32 maxlen: 32
                          2a07:9204::/32 maxlen: 32
                          2a07:9205::/32 maxlen: 32
                          2a0c:a582::/32 maxlen: 32
                          2a0c:a583::/32 maxlen: 32
                          2a0c:a585::/32 maxlen: 32
                          2a0c:a587::/32 maxlen: 32
                          2a10:dfc1::/32 maxlen: 32
                          2a10:dfc2::/32 maxlen: 32
                          2a10:dfc3::/32 maxlen: 32
                          2a10:dfc4::/32 maxlen: 32
                          2a10:dfc5::/32 maxlen: 32
                          2a10:dfc6::/32 maxlen: 32
                          2a10:dfc7::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 27 Sep 2024 15:42:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c6:6d:61:04:dd:b2:6f:fd:b2:3f:82:8f:21:33:ab:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep  6 08:22:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cbcf5204617cd180d9b8233a4af479f9625f6cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:56:42:3d:06:a3:92:b2:13:62:3b:98:22:40:
                    91:c0:bc:a6:dc:5a:a8:2a:ce:e0:1d:60:c2:72:43:
                    9f:b2:a0:02:ca:61:46:4c:e5:cb:32:86:40:8d:52:
                    f7:36:f6:2f:b1:d7:b8:23:ac:a1:22:a4:ff:94:40:
                    a6:ae:f6:94:83:9e:a9:cf:39:07:08:2b:58:f6:f3:
                    15:ce:ef:b8:f3:89:9e:9a:4f:f1:a7:b3:36:e9:34:
                    bc:8e:8f:bf:af:74:4b:12:11:ba:51:dc:28:99:24:
                    63:86:28:29:79:ac:e2:0a:7c:86:07:10:9c:ef:1c:
                    8a:0e:e4:25:e7:c3:9b:62:bb:e8:71:8c:9d:29:1d:
                    ba:ae:f2:38:47:4e:6a:46:11:cf:2e:71:27:33:23:
                    e9:f5:bd:35:ba:d9:1c:33:49:0e:c9:2f:12:76:86:
                    16:cf:8e:00:fd:77:04:08:2c:fb:17:3f:00:8f:4d:
                    75:85:f0:1e:93:82:e7:66:be:75:95:e0:54:90:1d:
                    34:64:c7:83:9a:1a:e7:30:2c:27:a6:d4:40:ed:70:
                    16:69:a1:b6:89:6a:c8:27:99:7b:9f:e9:6d:aa:81:
                    ec:cd:d3:c8:24:93:3f:01:aa:ab:af:43:fc:ff:c5:
                    1c:df:ab:79:a1:30:cf:be:50:73:d4:a5:46:43:13:
                    a2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:BC:F5:20:46:17:CD:18:0D:9B:82:33:A4:AF:47:9F:96:25:F6:CD
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HLz1IEYXzRgNm4IzpK9Hn5Yl9s0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:9200::/32
                  2a07:9202::-2a07:9205:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:a582::/31
                  2a0c:a585::/32
                  2a0c:a587::/32
                  2a10:dfc1::-2a10:dfc7:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         84:00:d2:5d:ed:b7:d1:44:fd:78:8b:c2:a5:d1:30:9c:78:7c:
         43:f7:af:b9:cc:69:bd:2e:4c:1c:a8:d2:f5:4e:7c:a1:13:4c:
         e2:42:e0:ec:a2:50:72:aa:a1:50:8f:8b:c4:e7:38:33:57:f7:
         c5:32:40:63:af:0d:bb:6e:d2:bb:b6:b0:74:a8:8e:37:ed:1e:
         8c:23:06:ad:e6:8a:66:3c:25:45:9e:3a:a9:88:aa:fe:9f:94:
         f0:0a:d6:b9:a5:42:c1:76:72:3d:b3:ff:a2:a1:ac:c8:ab:a8:
         3f:d8:76:7c:c9:3f:23:5b:ef:e7:8c:04:a5:cc:c5:d1:bc:21:
         60:4d:51:ce:f9:d3:ef:bf:4e:a4:ae:ad:ee:63:7a:6b:83:b2:
         7b:dc:7e:ca:cc:a9:21:b7:07:36:70:d1:e4:24:c2:a8:ec:3b:
         09:a6:e9:5d:60:f4:57:a8:d1:db:cd:8b:e8:0d:f5:d7:01:07:
         ab:bc:06:16:c4:c7:14:68:74:e1:25:79:41:09:6a:68:d3:e5:
         bc:b2:68:f2:2d:ac:e3:b3:85:9b:ed:18:b6:22:87:83:06:10:
         a6:73:6e:de:64:50:f0:97:12:1e:87:50:ea:44:b7:63:a7:cd:
         e9:2d:bc:a4:5a:93:82:5f:24:94:2c:04:00:28:36:a2:99:36:
         c8:a1:e0:ad
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZHGbWEE3bJv/bI/go8hM6uqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwOTA2MDgyMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JjZjUyMDQ2MTdjZDE4MGQ5YjgyMzNhNGFmNDc5Zjk2MjVmNmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lZCPQajkrITYjuYIkCRwLym3Fqo
Ks7gHWDCckOfsqACymFGTOXLMoZAjVL3NvYvsde4I6yhIqT/lECmrvaUg56pzzkH
CCtY9vMVzu+484memk/xp7M26TS8jo+/r3RLEhG6UdwomSRjhigpeaziCnyGBxCc
7xyKDuQl58ObYrvocYydKR26rvI4R05qRhHPLnEnMyPp9b01utkcM0kOyS8SdoYW
z44A/XcECCz7Fz8Aj011hfAek4LnZr51leBUkB00ZMeDmhrnMCwnptRA7XAWaaG2
iWrIJ5l7n+ltqoHszdPIJJM/Aaqrr0P8/8Uc36t5oTDPvlBz1KVGQxOi+QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBy89SBGF80YDZuCM6SvR5+WJfbNMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvSEx6MUlFWVh6UmdObTRJenBLOUhuNVlsOXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAAjA8AwUAKgeSADAO
AwUBKgeSAgMFASoHkgQDBQEqDKWCAwUAKgylhQMFACoMpYcwDgMFACoQ38EDBQMq
EN/AMA0GCSqGSIb3DQEBCwUAA4IBAQCEANJd7bfRRP14i8Kl0TCceHxD96+5zGm9
LkwcqNL1TnyhE0ziQuDsolByqqFQj4vE5zgzV/fFMkBjrw27btK7trB0qI437R6M
Iwat5opmPCVFnjqpiKr+n5TwCta5pULBdnI9s/+ioazIq6g/2HZ8yT8jW+/njASl
zMXRvCFgTVHO+dPvv06krq3uY3prg7J73H7KzKkhtwc2cNHkJMKo7DsJpuldYPRX
qNHbzYvoDfXXAQervAYWxMcUaHThJXlBCWpo0+W8smjyLazjs4Wb7Ri2IoeDBhCm
c27eZFDwlxIeh1DqRLdjp83pLbykWpOCXySULAQAKDaimTbIoeCt
-----END CERTIFICATE-----