Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Zt6qoFbh-CEkoxDDwReqmbmPw90.roa
File:                     Zt6qoFbh-CEkoxDDwReqmbmPw90.roa (raw, json)
Hash identifier:          YJ2YKbW+VBEoFNSkY1V76shTg5oq3v2Tte096yb9haY=
Subject key identifier:   66:DE:AA:A0:56:E1:F8:21:24:A3:10:C3:C1:17:AA:99:B9:8F:C3:DD
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0191095B01A417CBD10997AB3512FF2F9CE8
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Zt6qoFbh-CEkoxDDwReqmbmPw90.roa
Signing time:             Wed 31 Jul 2024 15:14:04 +0000
ROA not before:           Wed 31 Jul 2024 15:14:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        2a07:9200::/32 maxlen: 32
                          2a07:9202::/32 maxlen: 32
                          2a07:9203::/32 maxlen: 32
                          2a07:9204::/32 maxlen: 32
                          2a07:9205::/32 maxlen: 32
                          2a0c:a582::/32 maxlen: 32
                          2a0c:a583::/32 maxlen: 32
                          2a0c:a585::/32 maxlen: 32
                          2a0c:a587::/32 maxlen: 32
                          2a10:dfc1::/32 maxlen: 32
                          2a10:dfc2::/32 maxlen: 32
                          2a10:dfc3::/32 maxlen: 32
                          2a10:dfc4::/32 maxlen: 32
                          2a10:dfc5::/32 maxlen: 32
                          2a10:dfc6::/32 maxlen: 32
                          2a10:dfc7::/32 maxlen: 32
                          2a11:3900::/32 maxlen: 32
                          2a11:d680::/32 maxlen: 32
                          2a12:9f00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 06 Sep 2024 08:22:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:09:5b:01:a4:17:cb:d1:09:97:ab:35:12:ff:2f:9c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jul 31 15:14:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66deaaa056e1f82124a310c3c117aa99b98fc3dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:79:32:69:60:2c:54:c3:14:3c:c7:67:4e:b4:
                    a7:a7:b9:48:6b:e3:17:f5:48:fe:56:ca:13:6d:e4:
                    7a:2e:6b:65:53:a6:62:72:2a:01:6c:08:0d:cc:db:
                    16:1d:e0:cb:a6:34:5c:0a:e3:57:d8:a3:9e:4c:86:
                    a1:8c:45:67:98:01:fa:6b:f6:bc:55:1c:08:f2:77:
                    54:f8:23:81:85:d0:16:53:76:bb:55:3f:17:a2:e7:
                    f8:ff:a7:72:32:c5:7f:c6:53:c2:53:de:5c:84:c4:
                    e0:63:d2:e5:5e:4a:d9:51:64:b6:2e:80:c6:28:34:
                    d3:4e:0e:e0:e5:19:96:d6:79:ec:c7:8e:68:f7:c8:
                    4a:3e:99:db:96:09:c9:a9:a1:47:f2:f1:a8:c4:c5:
                    e3:97:3e:43:bd:26:5a:77:db:68:aa:d4:1a:ce:9b:
                    48:fe:60:40:e8:41:07:2f:65:82:03:5c:de:9c:10:
                    16:b1:28:00:20:07:3f:02:94:17:58:44:5b:40:c0:
                    9e:c2:13:64:0c:26:53:5c:dd:e5:f6:3f:0b:47:e1:
                    cf:fe:cb:8d:5a:d9:72:eb:ea:e3:4b:c1:dd:f4:c8:
                    cb:40:a3:02:62:cb:3c:f1:a2:a8:9a:c5:e5:b7:a8:
                    80:14:fb:b0:29:5b:28:f0:eb:46:8e:e2:50:04:1f:
                    44:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DE:AA:A0:56:E1:F8:21:24:A3:10:C3:C1:17:AA:99:B9:8F:C3:DD
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Zt6qoFbh-CEkoxDDwReqmbmPw90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:9200::/32
                  2a07:9202::-2a07:9205:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:a582::/31
                  2a0c:a585::/32
                  2a0c:a587::/32
                  2a10:dfc1::-2a10:dfc7:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:3900::/32
                  2a11:d680::/32
                  2a12:9f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:9d:f4:5e:ce:4c:df:66:e7:cf:13:aa:a9:36:0e:fc:8f:88:
         72:b5:b4:64:3d:73:a3:e4:23:f7:69:4c:a7:6f:54:3d:9d:da:
         62:f4:5b:82:ab:a3:86:c0:79:76:f1:fd:d6:8e:e4:80:f1:be:
         da:78:03:1a:da:36:9b:01:35:17:cb:94:e5:dd:e0:71:14:3a:
         5d:a0:87:c0:4c:dd:d7:d3:78:84:b4:1a:14:5c:af:14:b8:f1:
         d0:9f:98:76:2c:5c:ae:67:66:89:ba:0a:1d:e0:38:ac:5f:e4:
         cc:e9:0d:13:72:f6:d3:b9:c4:a0:84:be:c8:6a:37:96:7c:39:
         b2:04:22:b4:7d:88:7b:60:71:56:c2:a5:42:50:84:1d:8f:b4:
         c3:be:00:6b:11:05:5c:b4:4a:36:f1:fa:87:3a:8f:6f:99:3a:
         82:95:5a:c8:70:2d:57:d2:e9:3e:94:7f:45:10:06:12:a6:f7:
         9d:cd:f1:12:91:f8:39:8b:f7:21:4d:e6:d6:98:8e:04:ee:eb:
         ee:59:bb:b1:ca:c5:02:83:bc:1f:02:0f:ca:69:6f:06:d6:d0:
         88:78:71:23:af:10:ae:90:1d:a2:b6:82:c7:28:43:4c:1b:70:
         f0:2f:f8:87:70:21:9a:1b:9e:94:09:10:38:e7:a4:56:f5:cb:
         72:67:a5:f0
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZEJWwGkF8vRCZerNRL/L5zoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNzMxMTUxNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmRlYWFhMDU2ZTFmODIxMjRhMzEwYzNjMTE3YWE5OWI5OGZjM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3kyaWAsVMMUPMdnTrSnp7lIa+MX
9Uj+VsoTbeR6LmtlU6ZicioBbAgNzNsWHeDLpjRcCuNX2KOeTIahjEVnmAH6a/a8
VRwI8ndU+COBhdAWU3a7VT8Xouf4/6dyMsV/xlPCU95chMTgY9LlXkrZUWS2LoDG
KDTTTg7g5RmW1nnsx45o98hKPpnblgnJqaFH8vGoxMXjlz5DvSZad9toqtQazptI
/mBA6EEHL2WCA1zenBAWsSgAIAc/ApQXWERbQMCewhNkDCZTXN3l9j8LR+HP/suN
Wtly6+rjS8Hd9MjLQKMCYss88aKomsXlt6iAFPuwKVso8OtGjuJQBB9EBQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFGbeqqBW4fghJKMQw8EXqpm5j8PdMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvWnQ2cW9GYmgtQ0Vrb3hERHdSZXFtYm1QdzkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBXBAIAAjBRAwUAKgeSADAO
AwUBKgeSAgMFASoHkgQDBQEqDKWCAwUAKgylhQMFACoMpYcwDgMFACoQ38EDBQMq
EN/AAwUAKhE5AAMFACoR1oADBQAqEp8AMA0GCSqGSIb3DQEBCwUAA4IBAQCXnfRe
zkzfZufPE6qpNg78j4hytbRkPXOj5CP3aUynb1Q9ndpi9FuCq6OGwHl28f3WjuSA
8b7aeAMa2jabATUXy5Tl3eBxFDpdoIfATN3X03iEtBoUXK8UuPHQn5h2LFyuZ2aJ
ugod4DisX+TM6Q0TcvbTucSghL7IajeWfDmyBCK0fYh7YHFWwqVCUIQdj7TDvgBr
EQVctEo28fqHOo9vmTqClVrIcC1X0uk+lH9FEAYSpvedzfESkfg5i/chTebWmI4E
7uvuWbuxysUCg7wfAg/KaW8G1tCIeHEjrxCukB2itoLHKENMG3DwL/iHcCGaG56U
CRA456RW9ctyZ6Xw
-----END CERTIFICATE-----