Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ZkSYiGdeDBg3ZpYueCLNQO8m9lc.roa
File:                     ZkSYiGdeDBg3ZpYueCLNQO8m9lc.roa (raw, json)
Hash identifier:          P9qQE2mWmr2tCIvORTB5OhEsHTk4zoE/kGGBnFQDFHk=
Subject key identifier:   66:44:98:88:67:5E:0C:18:37:66:96:2E:78:22:CD:40:EF:26:F6:57
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018CC50153FA4A4EEDE0BA2C2844AA409492
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ZkSYiGdeDBg3ZpYueCLNQO8m9lc.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208861
IP address blocks:        2a10:2ec0::/29 maxlen: 48
                          2a0c:ab06::/32 maxlen: 32
                          2a0c:ab05::/32 maxlen: 32
                          2a0c:ab03::/32 maxlen: 32
                          2a0c:ab07:d000::/36 maxlen: 36
                          2a0c:ab07:e000::/36 maxlen: 36
                          2a0c:ab07:f000::/36 maxlen: 36
                          2a0c:ab07:5000::/36 maxlen: 36
                          2a0c:ab07:c000::/36 maxlen: 36
                          2a0c:ab07:3000::/36 maxlen: 36
                          2a0c:ab07:2000::/36 maxlen: 36
                          2a10:2ec1::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 09 Apr 2024 14:14:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:53:fa:4a:4e:ed:e0:ba:2c:28:44:aa:40:94:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66449888675e0c183766962e7822cd40ef26f657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7f:c1:cb:62:a3:88:53:87:15:99:9a:b3:0a:
                    f5:76:ca:e7:95:a4:ae:49:87:a2:33:ef:2d:0f:5d:
                    eb:04:47:3a:f6:f8:30:e4:16:11:b9:7a:42:43:63:
                    8d:68:00:14:6d:27:44:8e:98:90:39:9e:a1:9f:6a:
                    cb:d1:25:8f:f0:64:f8:3b:31:73:15:75:5c:6b:f0:
                    dd:f7:b3:c8:d2:1d:da:7c:91:55:3c:37:fa:2a:4d:
                    f3:08:f2:7f:4b:1a:e2:87:a9:07:b1:b4:55:2c:22:
                    cc:1e:31:46:bd:47:7c:79:04:2f:7f:6a:72:69:66:
                    a1:59:93:9e:db:fc:24:bb:5d:08:3f:db:1d:3c:a4:
                    fe:dc:3c:41:21:66:d1:b4:da:e0:90:1c:bd:9f:cf:
                    a2:96:d6:36:cf:1c:a0:73:96:41:a7:95:48:4c:bb:
                    1e:89:27:7e:84:fb:1e:3c:ca:c8:33:a3:0a:5f:51:
                    9a:3f:cd:8e:df:1a:eb:87:a1:13:b0:62:aa:92:bc:
                    96:42:4a:b4:5d:47:55:13:43:eb:ab:7e:bd:dc:e0:
                    6d:a4:a7:02:f3:72:dc:76:8f:8d:1b:89:fd:02:c0:
                    ab:b8:eb:b1:59:70:82:f2:fd:8b:a3:b2:73:1d:a4:
                    77:f2:3e:5b:f1:b4:dd:7a:f3:a7:06:12:f6:50:e3:
                    6c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:44:98:88:67:5E:0C:18:37:66:96:2E:78:22:CD:40:EF:26:F6:57
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ZkSYiGdeDBg3ZpYueCLNQO8m9lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:ab03::/32
                  2a0c:ab05::-2a0c:ab06:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:ab07:2000::/35
                  2a0c:ab07:5000::/36
                  2a0c:ab07:c000::/34
                  2a10:2ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:d7:16:db:be:00:d6:78:03:fd:cd:22:99:9c:44:10:7f:fa:
         b5:93:42:f8:42:1d:20:87:00:fc:6e:e2:3f:01:ba:ec:a9:7a:
         71:a3:75:53:24:86:fd:ba:c7:cf:59:7b:7a:0c:df:52:6d:9f:
         c6:78:cc:64:38:c8:93:d0:e4:bf:b1:08:60:8f:c2:a5:58:c3:
         70:b4:2f:f1:34:6d:d7:7e:06:23:bd:85:83:30:f2:c9:89:a6:
         54:cd:17:0e:87:cf:59:43:bb:eb:54:56:47:9b:47:1a:fe:33:
         e4:ec:cd:a1:3b:60:43:4d:3f:7b:0c:80:c4:d6:f1:2e:c4:8f:
         d4:3f:e5:ac:81:7b:0f:e2:6f:2f:cf:2a:75:14:ad:e9:e7:f2:
         9e:77:0b:52:9c:24:d5:7a:a4:46:c6:05:4b:d1:81:12:e1:61:
         1e:21:fb:6d:4a:bb:9e:db:e0:41:33:d1:71:ee:fb:ca:47:75:
         60:2c:e6:ec:55:7b:49:0c:58:f7:97:46:a9:47:76:9d:6a:f3:
         c1:ab:08:c4:97:a2:80:71:16:19:2d:fb:56:23:89:56:f5:4d:
         96:cf:9b:94:9e:09:d4:d8:ed:63:bc:db:c4:9a:05:df:1d:df:
         b3:da:08:1a:0d:f7:9a:a4:c5:e7:48:a6:8d:52:0b:22:6a:ce:
         95:ab:62:56
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzFAVP6Sk7t4LosKESqQJSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjQ0OTg4ODY3NWUwYzE4Mzc2Njk2MmU3ODIyY2Q0MGVmMjZmNjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhX/By2KjiFOHFZmaswr1dsrnlaSu
SYeiM+8tD13rBEc69vgw5BYRuXpCQ2ONaAAUbSdEjpiQOZ6hn2rL0SWP8GT4OzFz
FXVca/Dd97PI0h3afJFVPDf6Kk3zCPJ/Sxrih6kHsbRVLCLMHjFGvUd8eQQvf2py
aWahWZOe2/wku10IP9sdPKT+3DxBIWbRtNrgkBy9n8+iltY2zxygc5ZBp5VITLse
iSd+hPsePMrIM6MKX1GaP82O3xrrh6ETsGKqkryWQkq0XUdVE0Prq3693OBtpKcC
83Lcdo+NG4n9AsCruOuxWXCC8v2Lo7JzHaR38j5b8bTdevOnBhL2UONsVwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGZEmIhnXgwYN2aWLngizUDvJvZXMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvWmtTWWlHZGVEQmczWnBZdWVDTE5RTzhtOWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAAjA2AwUAKgyrAzAO
AwUAKgyrBQMFACoMqwYDBgUqDKsHIAMGBCoMqwdQAwYGKgyrB8ADBQMqEC7AMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ1xbbvgDWeAP9zSKZnEQQf/q1k0L4Qh0ghwD8buI/
AbrsqXpxo3VTJIb9usfPWXt6DN9SbZ/GeMxkOMiT0OS/sQhgj8KlWMNwtC/xNG3X
fgYjvYWDMPLJiaZUzRcOh89ZQ7vrVFZHm0ca/jPk7M2hO2BDTT97DIDE1vEuxI/U
P+WsgXsP4m8vzyp1FK3p5/KedwtSnCTVeqRGxgVL0YES4WEeIfttSrue2+BBM9Fx
7vvKR3VgLObsVXtJDFj3l0apR3adavPBqwjEl6KAcRYZLftWI4lW9U2Wz5uUngnU
2O1jvNvEmgXfHd+z2ggaDfeapMXnSKaNUgsias6Vq2JW
-----END CERTIFICATE-----