Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j6vKjH9qHRV-l4kelwGSSnYxRPs.roa
File:                     j6vKjH9qHRV-l4kelwGSSnYxRPs.roa (raw, json)
Hash identifier:          tIBStEbRTMeCNr5WYWycQY6VXkjoiGTLiALElRcAm0U=
Subject key identifier:   8F:AB:CA:8C:7F:6A:1D:15:7E:97:89:1E:97:01:92:4A:76:31:44:FB
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CE18969CE7AD8A163B485E85ED7F9AB85
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j6vKjH9qHRV-l4kelwGSSnYxRPs.roa
Signing time:             Sun 07 Jan 2024 01:28:48 +0000
ROA not before:           Sun 07 Jan 2024 01:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212271
IP address blocks:        2a05:4140::/29 maxlen: 48
                          2a05:4143::/32 maxlen: 48
                          2a05:4140:37::/48 maxlen: 48
                          2a05:4140:32::/48 maxlen: 48
                          2a11:e102::/32 maxlen: 32
                          2a05:4140:30::/48 maxlen: 48
                          2a05:4140:10::/48 maxlen: 48
                          2a05:4140:190::/48 maxlen: 48
                          2a05:4140:34::/48 maxlen: 48
                          2a05:4144::/32 maxlen: 32
                          2a05:4140:5::/48 maxlen: 48
                          2a05:4140:8::/48 maxlen: 48
                          2a05:4140:3::/48 maxlen: 48
                          2a05:4140:187::/48 maxlen: 48
                          2a05:4140:400::/40 maxlen: 48
                          2a05:4140:100::/40 maxlen: 48
                          2a05:4140:300::/40 maxlen: 40
                          2a05:4140:36::/48 maxlen: 48
                          2a05:4140:16::/48 maxlen: 48
                          2a05:4140:31::/48 maxlen: 48
                          2a05:4140:4::/48 maxlen: 48
                          2a05:4140:15::/48 maxlen: 48
                          2a05:4140:35::/48 maxlen: 64
                          2a05:4140:33::/48 maxlen: 48
                          2a05:4140:29::/48 maxlen: 48
                          2a05:4140:9::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 16 Jan 2024 17:56:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e1:89:69:ce:7a:d8:a1:63:b4:85:e8:5e:d7:f9:ab:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  7 01:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fabca8c7f6a1d157e97891e9701924a763144fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:14:c9:0a:c3:3c:0c:6d:ea:67:46:70:5f:a4:
                    b7:75:4b:d7:a4:f5:c2:3d:b8:07:7d:79:14:fa:16:
                    ab:72:97:60:57:70:db:79:0c:ec:90:ba:b3:24:df:
                    b6:26:a4:61:e9:cb:f9:74:a6:f1:05:47:61:e1:39:
                    e8:b7:b5:84:51:2b:f7:61:9c:60:4c:9b:65:3c:66:
                    9b:76:75:75:8d:c1:40:7f:61:78:51:4c:36:ba:a7:
                    c1:43:0b:b6:74:bb:53:aa:b7:69:20:42:4e:21:33:
                    31:fc:af:62:50:68:52:ba:10:74:a8:8a:f1:d4:4b:
                    9f:29:74:c9:aa:c1:f8:16:f1:5e:7c:a5:8c:e7:8a:
                    b1:d6:d9:dc:b4:5c:7f:88:0f:be:1d:af:8a:c8:86:
                    0d:12:d5:a2:d4:dd:70:79:eb:ac:ea:84:e0:f9:78:
                    3a:63:00:a5:c4:a3:5d:1b:05:df:f1:15:38:be:9f:
                    f2:1b:1a:68:4f:81:03:14:fa:4f:52:8c:49:f8:7d:
                    a2:80:cb:77:ac:0d:ae:3f:98:f8:08:e1:32:37:af:
                    6b:3c:c6:03:7e:3f:6c:2e:19:be:13:55:88:7a:3a:
                    ea:ae:ad:72:be:06:e1:8c:b8:af:51:fc:15:93:d8:
                    db:08:60:c4:7c:9b:8c:21:bb:ca:89:41:35:10:9f:
                    37:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:AB:CA:8C:7F:6A:1D:15:7E:97:89:1E:97:01:92:4A:76:31:44:FB
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j6vKjH9qHRV-l4kelwGSSnYxRPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140::/29
                  2a11:e102::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:29:ea:65:5b:8a:b8:e2:bb:09:f4:6b:b7:f7:69:5f:8b:3f:
         d5:fa:bb:c5:9e:aa:80:2b:9a:43:b4:77:4d:20:cb:6a:0a:d3:
         1b:f0:5d:aa:61:51:db:31:dc:80:37:bd:ed:be:b3:f0:6e:bb:
         7d:fe:f3:46:72:34:ba:13:40:b5:b9:e4:c3:3f:31:2f:ab:17:
         56:d4:7f:0f:8d:d4:c7:01:76:d0:70:90:dd:a4:8e:6f:6e:54:
         fc:73:26:5d:b0:b0:46:ae:07:5e:27:de:58:90:7f:3a:d2:2f:
         4b:89:c4:c1:db:29:e2:bf:e2:ca:51:ca:e8:30:81:d8:81:a0:
         75:fe:ac:3c:95:1c:a6:3b:a6:f9:7f:0f:17:cc:73:1e:47:71:
         35:64:24:82:f2:b0:3b:84:c0:ad:59:76:1a:1f:68:34:50:12:
         2f:65:5c:fd:c4:d0:6d:33:b0:32:a5:4b:ed:51:b8:17:be:90:
         52:54:94:7d:41:58:f5:24:c8:9a:89:31:1c:0b:94:03:94:61:
         66:f4:e6:28:f3:b7:98:f6:e6:12:3c:9d:ce:fd:ad:35:76:99:
         c5:cc:60:9f:5f:c9:0e:1c:8c:3c:80:9d:70:76:d6:ac:c5:cb:
         9f:3d:bd:1f:d6:01:13:53:18:61:66:fc:da:e4:16:70:70:10:
         db:21:28:bf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzhiWnOetihY7SF6F7X+auFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTA3MDEyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmFiY2E4YzdmNmExZDE1N2U5Nzg5MWU5NzAxOTI0YTc2MzE0NGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohTJCsM8DG3qZ0ZwX6S3dUvXpPXC
PbgHfXkU+harcpdgV3DbeQzskLqzJN+2JqRh6cv5dKbxBUdh4Tnot7WEUSv3YZxg
TJtlPGabdnV1jcFAf2F4UUw2uqfBQwu2dLtTqrdpIEJOITMx/K9iUGhSuhB0qIrx
1EufKXTJqsH4FvFefKWM54qx1tnctFx/iA++Ha+KyIYNEtWi1N1weeus6oTg+Xg6
YwClxKNdGwXf8RU4vp/yGxpoT4EDFPpPUoxJ+H2igMt3rA2uP5j4COEyN69rPMYD
fj9sLhm+E1WIejrqrq1yvgbhjLivUfwVk9jbCGDEfJuMIbvKiUE1EJ83VQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI+ryox/ah0VfpeJHpcBkkp2MUT7MB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvajZ2S2pIOXFIUlYtbDRrZWx3R1NTbll4UlBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgVBQAMF
ACoR4QIwDQYJKoZIhvcNAQELBQADggEBADMp6mVbirjiuwn0a7f3aV+LP9X6u8We
qoArmkO0d00gy2oK0xvwXaphUdsx3IA3ve2+s/Buu33+80ZyNLoTQLW55MM/MS+r
F1bUfw+N1McBdtBwkN2kjm9uVPxzJl2wsEauB14n3liQfzrSL0uJxMHbKeK/4spR
yugwgdiBoHX+rDyVHKY7pvl/DxfMcx5HcTVkJILysDuEwK1ZdhofaDRQEi9lXP3E
0G0zsDKlS+1RuBe+kFJUlH1BWPUkyJqJMRwLlAOUYWb05ijzt5j25hI8nc79rTV2
mcXMYJ9fyQ4cjDyAnXB21qzFy589vR/WARNTGGFm/NrkFnBwENshKL8=
-----END CERTIFICATE-----