Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/8VgtEilykbRMYwZHq64khFt3p5s.roa
File:                     8VgtEilykbRMYwZHq64khFt3p5s.roa (raw, json)
Hash identifier:          vJgL5YMs5ObtBaCczFtKJBu/yie0sysCw/xjgwT6etk=
Subject key identifier:   F1:58:2D:12:29:72:91:B4:4C:63:06:47:AB:AE:24:84:5B:77:A7:9B
Certificate issuer:       /CN=a63bcc6d25f7476fbb3ec33f6dbc3e9eead92212
Certificate serial:       018BD755D3B2B2DDC3EA16E84E7EE0800E16
Authority key identifier: A6:3B:CC:6D:25:F7:47:6F:BB:3E:C3:3F:6D:BC:3E:9E:EA:D9:22:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjvMbSX3R2-7PsM_bbw-nurZIhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/8VgtEilykbRMYwZHq64khFt3p5s.roa
Signing time:             Thu 16 Nov 2023 08:53:28 +0000
ROA not before:           Thu 16 Nov 2023 08:53:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     64105
IP address blocks:        2a02:9b0:25::/48 maxlen: 48
                          2a02:9b0:60::/48 maxlen: 48
                          2a02:9b0:20::/48 maxlen: 48
                          2a02:9b0:5e::/48 maxlen: 48
                          2a02:9b0:1e::/48 maxlen: 48
                          2a02:9b0:24::/48 maxlen: 48
                          2a02:9b0:1f::/48 maxlen: 48
                          2a02:9b0:5f::/48 maxlen: 48
                          2a02:9b0:22::/48 maxlen: 48
                          2a02:9b0:5d::/48 maxlen: 48
                          2a02:9b0:23::/48 maxlen: 48
                          2a02:9b0:26::/48 maxlen: 48
                          2a02:9b0:21::/48 maxlen: 48
                          2a02:9b0:61::/48 maxlen: 48
                          2a02:9b0:5c::/48 maxlen: 48
                          2a02:9b0:27::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d7:55:d3:b2:b2:dd:c3:ea:16:e8:4e:7e:e0:80:0e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63bcc6d25f7476fbb3ec33f6dbc3e9eead92212
        Validity
            Not Before: Nov 16 08:53:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f1582d12297291b44c630647abae24845b77a79b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:70:a1:cc:8f:f5:09:6f:30:03:7f:a5:7e:f2:
                    8d:19:7c:ca:9b:f1:0a:90:38:c0:56:89:d1:5b:a5:
                    e7:6d:ef:da:bb:bb:51:fd:ac:c1:7a:6e:96:1c:a7:
                    ef:0d:b9:35:20:40:4d:64:44:79:ab:dc:1b:4c:ba:
                    14:57:34:13:29:44:cc:7c:69:3b:c7:93:df:82:7f:
                    8c:68:3d:37:63:a2:81:4a:ae:64:c2:97:53:3f:ae:
                    80:8f:94:fd:e1:5b:04:19:7d:2f:8c:ad:81:b6:e8:
                    af:7e:95:79:f8:1b:22:2c:27:b7:82:85:03:1e:c0:
                    c5:76:d5:34:ec:d7:4b:01:30:e9:61:b1:30:ed:c0:
                    37:13:33:c8:d1:15:fa:1f:d8:ed:9a:1a:b8:13:e5:
                    77:8b:74:13:ad:e8:c8:30:3c:ef:24:68:66:51:a2:
                    f3:17:d3:cb:1b:93:cd:3c:1c:de:83:3a:f4:59:da:
                    c1:ef:66:6c:35:6d:cb:fe:a1:63:03:d3:51:c3:95:
                    5b:38:1e:12:aa:51:fc:a6:54:3f:60:6e:9d:8c:af:
                    0b:c4:4a:7b:5c:b1:91:d8:7a:18:50:25:20:7a:00:
                    a3:8d:d6:92:8e:74:d6:b1:0a:b8:e8:2c:ac:d3:40:
                    c0:40:de:e4:b8:2c:3f:6c:fa:03:e2:27:3e:fa:ee:
                    9b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:58:2D:12:29:72:91:B4:4C:63:06:47:AB:AE:24:84:5B:77:A7:9B
            X509v3 Authority Key Identifier:
                keyid:A6:3B:CC:6D:25:F7:47:6F:BB:3E:C3:3F:6D:BC:3E:9E:EA:D9:22:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjvMbSX3R2-7PsM_bbw-nurZIhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/8VgtEilykbRMYwZHq64khFt3p5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/768fdb-d1b5-4bef-bcbd-4924fa000b7c/1/pjvMbSX3R2-7PsM_bbw-nurZIhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:9b0:1e::-2a02:9b0:27:ffff:ffff:ffff:ffff:ffff
                  2a02:9b0:5c::-2a02:9b0:61:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0f:0b:ce:de:d0:dd:fc:f3:74:84:2a:3c:fa:a5:87:33:96:73:
         09:f3:32:ba:6d:06:af:dc:77:47:2b:b9:af:f0:e9:18:1f:5e:
         11:ae:d6:db:98:1a:4a:8a:d5:d7:59:bb:bd:48:20:8f:f6:98:
         1e:54:7d:ee:2c:69:f1:c7:79:eb:f0:1d:5a:88:93:26:82:f0:
         2a:25:d2:95:7a:2d:6f:ca:f1:99:1b:50:1d:97:79:ba:d1:cf:
         aa:30:f9:d8:31:ff:42:22:03:9f:4c:f1:d0:6b:65:46:23:6a:
         b7:8e:77:cb:58:1d:64:40:77:98:9b:fc:7a:a7:16:c1:a1:79:
         c9:59:d9:26:55:92:fa:63:92:b7:6a:b4:df:7d:9c:df:df:5e:
         67:7f:e5:7d:a7:0b:fb:be:8b:25:51:b5:6e:76:36:6d:2d:13:
         2c:63:93:d7:c8:b4:a2:ca:bc:3d:7b:8a:93:b0:4a:51:f8:0b:
         41:94:f2:9c:dd:0f:a2:66:53:61:cd:09:2e:e4:6e:c8:76:10:
         c0:88:b1:c0:f4:fc:50:f5:7e:65:ac:c7:91:5d:eb:89:12:9f:
         13:6c:47:91:b4:76:2e:a5:ed:b3:e4:db:9c:a5:2e:81:5b:aa:
         6e:27:e4:20:aa:05:3f:4c:43:4a:e1:b5:d8:4e:14:2a:8c:53:
         66:41:97:ca
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYvXVdOyst3D6hboTn7ggA4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2JjYzZkMjVmNzQ3NmZiYjNlYzMzZjZkYmMzZTllZWFk
OTIyMTIwHhcNMjMxMTE2MDg1MzI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTU4MmQxMjI5NzI5MWI0NGM2MzA2NDdhYmFlMjQ4NDViNzdhNzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3ChzI/1CW8wA3+lfvKNGXzKm/EK
kDjAVonRW6Xnbe/au7tR/azBem6WHKfvDbk1IEBNZER5q9wbTLoUVzQTKUTMfGk7
x5Pfgn+MaD03Y6KBSq5kwpdTP66Aj5T94VsEGX0vjK2BtuivfpV5+BsiLCe3goUD
HsDFdtU07NdLATDpYbEw7cA3EzPI0RX6H9jtmhq4E+V3i3QTrejIMDzvJGhmUaLz
F9PLG5PNPBzegzr0WdrB72ZsNW3L/qFjA9NRw5VbOB4SqlH8plQ/YG6djK8LxEp7
XLGR2HoYUCUgegCjjdaSjnTWsQq46Cys00DAQN7kuCw/bPoD4ic++u6buwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFPFYLRIpcpG0TGMGR6uuJIRbd6ebMB8GA1UdIwQY
MBaAFKY7zG0l90dvuz7DP228Pp7q2SISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGp2TWJTWDNSMi03UHNNX2Jidy1udXJaSWhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83NjhmZGItZDFiNS00YmVmLWJjYmQt
NDkyNGZhMDAwYjdjLzEvOFZndEVpbHlrYlJNWXdaSHE2NGtoRnQzcDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS83NjhmZGItZDFiNS00YmVmLWJjYmQtNDkyNGZhMDAwYjdj
LzEvcGp2TWJTWDNSMi03UHNNX2Jidy1udXJaSWhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAAjAoMBIDBwEqAgmw
AB4DBwMqAgmwACAwEgMHAioCCbAAXAMHASoCCbAAYDANBgkqhkiG9w0BAQsFAAOC
AQEADwvO3tDd/PN0hCo8+qWHM5ZzCfMyum0Gr9x3Ryu5r/DpGB9eEa7W25gaSorV
11m7vUggj/aYHlR97ixp8cd56/AdWoiTJoLwKiXSlXotb8rxmRtQHZd5utHPqjD5
2DH/QiIDn0zx0GtlRiNqt453y1gdZEB3mJv8eqcWwaF5yVnZJlWS+mOSt2q0332c
399eZ3/lfacL+76LJVG1bnY2bS0TLGOT18i0osq8PXuKk7BKUfgLQZTynN0PomZT
Yc0JLuRuyHYQwIixwPT8UPV+ZazHkV3riRKfE2xHkbR2LqXts+TbnKUugVuqbifk
IKoFP0xDSuG12E4UKoxTZkGXyg==
-----END CERTIFICATE-----