Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/1-R1f2ODHSc9pjHJpFwsHn_RKDiQ.roa
File:                     1-R1f2ODHSc9pjHJpFwsHn_RKDiQ.roa (raw, json)
Hash identifier:          IKYgaz9GY6YogYQZHiXEuPWOeoyx9G9QeDx9lCky/8c=
Subject key identifier:   F9:1D:5F:D8:E0:C7:49:CF:69:8C:72:69:17:0B:07:9F:F4:4A:0E:24
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       01856BC0F67794F9A692A97343FB97FFF17C
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/1-R1f2ODHSc9pjHJpFwsHn_RKDiQ.roa
Signing time:             Sun 01 Jan 2023 05:14:46 +0000
ROA not before:           Sun 01 Jan 2023 05:14:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208861
IP address blocks:        2a10:2ec0::/29 maxlen: 48
                          2a0c:ab06::/32 maxlen: 32
                          2a0c:ab05::/32 maxlen: 32
                          2a0c:ab03::/32 maxlen: 32
                          2a0c:ab07:2000::/36 maxlen: 36
                          2a0c:ab07:3000::/36 maxlen: 36
                          2a0c:ab07:c000::/36 maxlen: 36
                          2a0c:ab07:5000::/36 maxlen: 36
                          2a0c:ab07:f000::/36 maxlen: 36
                          2a0c:ab07:e000::/36 maxlen: 36
                          2a0c:ab07:d000::/36 maxlen: 36
                          2a10:2ec1::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:c0:f6:77:94:f9:a6:92:a9:73:43:fb:97:ff:f1:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 05:14:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f91d5fd8e0c749cf698c7269170b079ff44a0e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6d:c1:7a:1b:b2:c8:94:0b:bb:60:d7:fd:38:
                    8c:73:02:fe:f8:d4:0b:79:3f:88:a5:83:c2:3b:95:
                    1e:7f:f8:b2:40:db:80:33:80:f7:09:34:ca:8a:53:
                    be:b8:70:8b:ca:b0:cb:45:c5:92:b2:df:eb:c4:4e:
                    4a:24:ed:06:e7:dc:73:56:9b:44:07:15:a0:1f:83:
                    f5:2a:0d:e8:c0:e2:67:8d:be:1d:c5:c9:e5:e6:16:
                    71:6b:87:3d:5a:21:35:8a:a0:bb:e8:44:a9:36:87:
                    e7:15:ac:41:15:24:7e:4d:7a:e5:b0:cb:23:78:58:
                    a5:b9:40:8e:7d:4d:b4:3d:ba:bb:88:8b:92:e5:ca:
                    67:86:ba:aa:a5:c7:ae:85:16:e5:bc:22:ed:12:45:
                    4b:78:ff:e5:c9:de:28:f2:58:31:4d:f0:df:f9:a7:
                    e0:ff:eb:d5:23:b7:88:39:d8:21:d4:c9:9f:ba:e4:
                    c6:fb:c1:95:8f:c3:31:6d:3b:d3:23:34:9d:54:db:
                    80:08:ac:a0:e9:aa:ba:9c:5f:bd:78:0b:8f:6f:30:
                    44:60:32:23:ca:0e:14:41:99:b0:e8:25:7a:18:45:
                    2b:18:18:78:46:79:ac:bc:1e:c2:5a:0a:da:24:be:
                    c7:19:1d:45:c3:6c:bc:3c:8d:57:b6:f5:a4:e4:8e:
                    d0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:1D:5F:D8:E0:C7:49:CF:69:8C:72:69:17:0B:07:9F:F4:4A:0E:24
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/1-R1f2ODHSc9pjHJpFwsHn_RKDiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:ab03::/32
                  2a0c:ab05::-2a0c:ab06:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:ab07:2000::/35
                  2a0c:ab07:5000::/36
                  2a0c:ab07:c000::/34
                  2a10:2ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:99:04:e1:a3:52:9e:b7:22:91:9e:bb:b7:13:ed:dc:25:2d:
         b6:6c:7d:81:0f:f3:02:ce:72:5f:8d:00:3a:bc:db:62:ea:bd:
         d7:96:07:aa:16:ee:76:ac:53:54:f7:89:ea:dc:71:be:4d:e5:
         93:45:9d:f7:b9:a6:58:d3:68:65:b2:3c:12:a4:e3:ba:65:f9:
         86:30:57:a3:b1:49:68:36:5e:c1:40:d1:f1:74:1d:90:e8:81:
         2c:42:c7:f6:f4:f0:d8:08:17:fe:6b:a9:78:9e:82:3a:c5:81:
         98:05:83:ae:eb:04:e1:6a:26:e2:d5:93:b1:4b:72:84:1b:cc:
         85:7c:0c:88:29:62:36:08:30:ad:8f:c9:ef:b3:26:5a:ec:c3:
         0c:85:91:25:7d:e1:62:e6:d5:a4:51:52:32:3d:8c:1e:8f:bd:
         48:dd:b8:74:d2:e6:b5:ad:de:be:3b:64:59:97:ab:9e:2a:85:
         37:f1:bd:5c:de:0a:53:94:6a:95:b0:6c:b0:03:9c:f9:34:9d:
         d7:3f:6a:46:9c:0b:47:45:4d:2d:1c:c0:53:9c:87:ee:bb:7d:
         e3:4c:60:4e:8d:3e:c6:7d:ea:dc:b9:e2:00:d4:8d:e0:af:e3:
         9a:81:b7:bd:21:08:9a:dc:29:20:c6:7b:b1:12:4c:94:b8:68:
         54:4c:9c:f9
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYVrwPZ3lPmmkqlzQ/uX//F8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjMwMTAxMDUxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTFkNWZkOGUwYzc0OWNmNjk4YzcyNjkxNzBiMDc5ZmY0NGEwZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlm3BehuyyJQLu2DX/TiMcwL++NQL
eT+IpYPCO5Uef/iyQNuAM4D3CTTKilO+uHCLyrDLRcWSst/rxE5KJO0G59xzVptE
BxWgH4P1Kg3owOJnjb4dxcnl5hZxa4c9WiE1iqC76ESpNofnFaxBFSR+TXrlsMsj
eFiluUCOfU20Pbq7iIuS5cpnhrqqpceuhRblvCLtEkVLeP/lyd4o8lgxTfDf+afg
/+vVI7eIOdgh1MmfuuTG+8GVj8MxbTvTIzSdVNuACKyg6aq6nF+9eAuPbzBEYDIj
yg4UQZmw6CV6GEUrGBh4RnmsvB7CWgraJL7HGR1Fw2y8PI1XtvWk5I7QuQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFPkdX9jgx0nPaYxyaRcLB5/0Sg4kMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvMS1SMWYyT0RIU2M5cGpISnBGd3NIbl9SS0RpUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjUvMzBkYzg1LTJkZDgtNGIxYy1iMTUxLTRiZDYzYWRjNzM1
NC8xL3Y0UVJOVVhaQUFkZzltQmlwQ0laTTZMcFdkZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBPBggrBgEFBQcBBwEB/wRAMD4wPAQCAAIwNgMFACoMqwMw
DgMFACoMqwUDBQAqDKsGAwYFKgyrByADBgQqDKsHUAMGBioMqwfAAwUDKhAuwDAN
BgkqhkiG9w0BAQsFAAOCAQEAjJkE4aNSnrcikZ67txPt3CUttmx9gQ/zAs5yX40A
OrzbYuq915YHqhbudqxTVPeJ6txxvk3lk0Wd97mmWNNoZbI8EqTjumX5hjBXo7FJ
aDZewUDR8XQdkOiBLELH9vTw2AgX/mupeJ6COsWBmAWDrusE4Wom4tWTsUtyhBvM
hXwMiCliNggwrY/J77MmWuzDDIWRJX3hYubVpFFSMj2MHo+9SN24dNLmta3evjtk
WZerniqFN/G9XN4KU5RqlbBssAOc+TSd1z9qRpwLR0VNLRzAU5yH7rt940xgTo0+
xn3q3LniANSN4K/jmoG3vSEImtwpIMZ7sRJMlLhoVEyc+Q==
-----END CERTIFICATE-----