Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/JoIPgeJ6XH4CSNvOihK2yerLzvU.roa
File:                     JoIPgeJ6XH4CSNvOihK2yerLzvU.roa (raw, json)
Hash identifier:          MpePpZF1Gc4zYKQ2EW/8Mo4Wk7N3NqWyyQK8Es9mmEU=
Subject key identifier:   26:82:0F:81:E2:7A:5C:7E:02:48:DB:CE:8A:12:B6:C9:EA:CB:CE:F5
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018E8FB0FE1E5082708043E146C0C633B947
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/JoIPgeJ6XH4CSNvOihK2yerLzvU.roa
Signing time:             Sat 30 Mar 2024 14:08:45 +0000
ROA not before:           Sat 30 Mar 2024 14:08:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        2a13:8e00::/29 maxlen: 29
                          2a13:9200::/29 maxlen: 29
                          2a13:9300::/29 maxlen: 29
                          2a13:a700::/29 maxlen: 29
                          2a13:b100::/29 maxlen: 29
                          2a13:b500::/29 maxlen: 29
                          2a13:b900::/29 maxlen: 29
                          2a13:da00::/29 maxlen: 29
                          2a13:e200::/29 maxlen: 29
                          2a13:e400::/29 maxlen: 29
                          2a13:fe00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sun 31 Mar 2024 15:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8f:b0:fe:1e:50:82:70:80:43:e1:46:c0:c6:33:b9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Mar 30 14:08:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26820f81e27a5c7e0248dbce8a12b6c9eacbcef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:57:91:1b:7d:69:2f:73:32:d6:61:9d:a2:4d:
                    5a:e2:fb:01:c5:ab:5e:55:06:67:d1:05:b6:da:74:
                    42:16:26:48:e6:6b:78:1e:f0:37:17:93:5f:bc:07:
                    aa:27:e1:97:4e:5a:c1:2d:02:f6:0a:82:bd:e7:35:
                    02:21:27:58:45:d5:a0:ee:8e:55:2c:be:7b:7a:7c:
                    94:86:0d:35:91:c0:a7:bb:cc:19:ed:a6:ee:fd:c1:
                    1d:21:d8:66:c3:79:7c:90:38:b1:51:99:45:2e:20:
                    4f:e7:86:88:48:69:6f:e5:5e:8e:05:ba:cb:32:f1:
                    2b:ec:0c:2c:80:37:29:85:59:cc:0c:27:8c:50:d7:
                    74:3c:04:5c:44:53:e0:f3:dc:3b:ac:1b:8c:01:ec:
                    66:a4:0f:8e:71:18:df:10:bb:b3:d2:34:91:14:b5:
                    cb:dd:c3:30:3f:0b:18:f9:3b:7f:82:c4:e2:8d:36:
                    5a:8e:81:89:fe:e2:cd:19:09:0f:37:d0:07:02:48:
                    33:14:57:53:14:b9:e8:b9:9b:7f:8f:3c:4a:b7:aa:
                    29:21:2f:ca:db:5d:e4:f3:26:42:56:0f:eb:17:da:
                    d4:16:06:ec:e8:65:9d:5b:89:25:2f:3f:26:25:fd:
                    82:1e:6c:83:7f:47:af:d1:f6:c9:5a:65:86:d4:cb:
                    47:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:82:0F:81:E2:7A:5C:7E:02:48:DB:CE:8A:12:B6:C9:EA:CB:CE:F5
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/JoIPgeJ6XH4CSNvOihK2yerLzvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8e00::/29
                  2a13:9200::/29
                  2a13:9300::/29
                  2a13:a700::/29
                  2a13:b100::/29
                  2a13:b500::/29
                  2a13:b900::/29
                  2a13:da00::/29
                  2a13:e200::/29
                  2a13:e400::/29
                  2a13:fe00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:4f:12:8b:e1:d8:6b:65:39:bf:a8:d6:ed:6a:91:41:8b:ff:
         96:ca:3d:86:52:f1:db:b3:f5:fc:30:c8:b4:ad:ad:54:f0:5e:
         94:83:c0:80:b1:92:b1:c0:f4:14:17:e5:90:c1:b4:9f:02:7e:
         7f:74:a1:88:c4:86:09:fd:18:80:95:d0:31:fc:d7:9a:33:63:
         0b:63:79:88:a7:bd:45:6a:97:2c:cc:4a:41:5d:bf:36:19:e6:
         d6:e6:d7:d2:5c:8d:2b:a1:04:fa:d3:bd:81:68:13:f4:f4:f7:
         d7:05:81:75:42:f5:ce:ec:34:32:d2:aa:cd:ce:c4:0e:b1:b0:
         fd:97:fc:18:d9:dd:6f:6b:0e:25:5d:16:46:46:09:7f:35:d8:
         3f:87:cb:d5:97:9a:95:c3:11:b9:d3:39:7a:34:ec:0f:2e:36:
         80:3d:78:7a:3c:27:c2:fe:d4:c2:4d:83:08:dd:de:84:67:d5:
         54:d8:36:ef:19:9f:e5:b8:00:6a:ce:fd:c2:ef:f8:63:2c:f3:
         ce:4e:cb:3c:fb:5f:44:52:9d:75:0d:0c:86:39:87:87:f8:32:
         6f:2f:6e:b2:da:0a:b2:5d:24:ce:72:df:17:1d:31:e2:0f:df:
         86:c4:44:31:03:3b:2d:e0:c4:20:01:53:21:be:d9:34:b0:da:
         ec:99:cf:0b
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY6PsP4eUIJwgEPhRsDGM7lHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMzMwMTQwODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjgyMGY4MWUyN2E1YzdlMDI0OGRiY2U4YTEyYjZjOWVhY2JjZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFeRG31pL3My1mGdok1a4vsBxate
VQZn0QW22nRCFiZI5mt4HvA3F5NfvAeqJ+GXTlrBLQL2CoK95zUCISdYRdWg7o5V
LL57enyUhg01kcCnu8wZ7abu/cEdIdhmw3l8kDixUZlFLiBP54aISGlv5V6OBbrL
MvEr7AwsgDcphVnMDCeMUNd0PARcRFPg89w7rBuMAexmpA+OcRjfELuz0jSRFLXL
3cMwPwsY+Tt/gsTijTZajoGJ/uLNGQkPN9AHAkgzFFdTFLnouZt/jzxKt6opIS/K
213k8yZCVg/rF9rUFgbs6GWdW4klLz8mJf2CHmyDf0ev0fbJWmWG1MtHGwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFCaCD4Hielx+AkjbzooStsnqy871MB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvSm9JUGdlSjZYSDRDU052T2loSzJ5ZXJMenZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKhOOAAMF
AyoTkgADBQMqE5MAAwUDKhOnAAMFAyoTsQADBQMqE7UAAwUDKhO5AAMFAyoT2gAD
BQMqE+IAAwUDKhPkAAMFAyoT/gAwDQYJKoZIhvcNAQELBQADggEBAH5PEovh2Gtl
Ob+o1u1qkUGL/5bKPYZS8duz9fwwyLStrVTwXpSDwICxkrHA9BQX5ZDBtJ8Cfn90
oYjEhgn9GICV0DH815ozYwtjeYinvUVqlyzMSkFdvzYZ5tbm19JcjSuhBPrTvYFo
E/T099cFgXVC9c7sNDLSqs3OxA6xsP2X/BjZ3W9rDiVdFkZGCX812D+Hy9WXmpXD
EbnTOXo07A8uNoA9eHo8J8L+1MJNgwjd3oRn1VTYNu8Zn+W4AGrO/cLv+GMs885O
yzz7X0RSnXUNDIY5h4f4Mm8vbrLaCrJdJM5y3xcdMeIP34bERDEDOy3gxCABUyG+
2TSw2uyZzws=
-----END CERTIFICATE-----