Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/58iiFFsLepGJefrKYVmnJQFhG74.roa
File:                     58iiFFsLepGJefrKYVmnJQFhG74.roa (raw, json)
Hash identifier:          9xMiiReDZRo2JsYBB61QLI/Z1zSjNPB9jEhDPWijs7M=
Subject key identifier:   E7:C8:A2:14:5B:0B:7A:91:89:79:FA:CA:61:59:A7:25:01:61:1B:BE
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0192D36D8C447826612C229FBB7AF4AE75D3
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/58iiFFsLepGJefrKYVmnJQFhG74.roa
Signing time:             Mon 28 Oct 2024 14:00:24 +0000
ROA not before:           Mon 28 Oct 2024 14:00:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a06:d640::/32 maxlen: 32
                          2a06:d646::/32 maxlen: 32
                          2a09:ef01::/32 maxlen: 32
                          2a0a:b385::/32 maxlen: 32
                          2a0d:3c44::/32 maxlen: 32
                          2a0d:95c1::/32 maxlen: 32
                          2a0d:95c5::/32 maxlen: 32
                          2a0d:afc0::/32 maxlen: 32
                          2a0d:afc2::/32 maxlen: 32
                          2a0d:c105::/32 maxlen: 32
                          2a0f:3102::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 31 Oct 2024 19:07:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:6d:8c:44:78:26:61:2c:22:9f:bb:7a:f4:ae:75:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Oct 28 14:00:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7c8a2145b0b7a918979faca6159a72501611bbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a6:fd:45:26:2b:f6:92:11:11:f0:33:ff:54:
                    01:bb:98:3c:8b:96:9d:15:3b:b9:c9:56:23:94:2b:
                    d0:55:78:43:b5:95:00:a5:57:1b:75:03:14:7c:f1:
                    92:e5:9f:08:15:07:0f:30:a3:97:5c:9b:88:c6:00:
                    10:77:67:d9:7f:ec:53:14:54:f8:b8:3f:95:33:b9:
                    82:60:a0:15:b8:2a:b4:ac:9f:ad:54:84:b4:c8:ae:
                    e9:01:ff:a7:26:4b:33:65:8a:eb:69:0d:8f:37:ed:
                    91:90:df:6f:2b:b6:02:9a:3e:a2:2a:19:79:c2:dc:
                    73:7f:03:d5:1c:5c:49:0c:89:74:9e:a7:df:f0:e5:
                    43:32:db:2a:bf:16:aa:31:92:2e:9b:b6:c0:55:3f:
                    6a:e3:0d:07:dd:05:1e:bf:b2:26:01:f4:43:d5:0c:
                    b5:8f:c1:05:90:8f:fd:43:b3:bc:1d:2e:7d:83:21:
                    16:f6:be:a4:cd:af:7e:40:c3:ba:cf:47:34:cb:13:
                    ca:70:2c:33:0b:44:da:f2:36:24:88:22:75:44:36:
                    9c:ad:b9:a8:6b:07:54:d0:11:67:90:a5:dc:d7:31:
                    5e:5a:3a:33:6c:69:8a:22:3d:57:21:69:e4:58:ad:
                    76:78:38:6b:c4:22:d4:c4:da:77:e6:cf:8d:b1:f5:
                    94:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:C8:A2:14:5B:0B:7A:91:89:79:FA:CA:61:59:A7:25:01:61:1B:BE
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/58iiFFsLepGJefrKYVmnJQFhG74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d640::/32
                  2a06:d646::/32
                  2a09:ef01::/32
                  2a0a:b385::/32
                  2a0d:3c44::/32
                  2a0d:95c1::/32
                  2a0d:95c5::/32
                  2a0d:afc0::/32
                  2a0d:afc2::/32
                  2a0d:c105::/32
                  2a0f:3102::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:5c:4c:7e:f9:25:2a:32:07:e2:a8:f5:3a:f9:ad:40:2d:bc:
         75:5d:24:b3:70:59:0c:a8:4c:00:4c:71:b2:88:98:8a:4a:47:
         6d:a3:ef:fe:23:d4:bf:2d:ab:a0:2f:b4:e0:93:e5:d6:a9:70:
         b6:e1:68:8d:88:87:ac:b9:63:9c:fc:15:bc:43:88:7a:cf:fc:
         21:9e:c4:39:4f:c7:38:61:28:95:55:88:dc:6c:d7:16:de:d8:
         43:ea:c0:68:10:b8:7b:b0:f9:02:29:b9:ce:c1:90:1d:bc:e1:
         b4:54:d2:cb:38:36:30:c3:d4:7d:15:58:52:c4:8e:3b:22:6e:
         2c:75:ec:d4:eb:4a:9d:ef:19:01:6a:41:ad:f1:dd:c0:53:4a:
         60:76:2c:ba:ee:be:9d:98:d9:58:37:6f:46:db:e6:bd:25:57:
         d9:83:dd:6f:13:5a:8f:02:dd:97:29:0d:c0:59:92:03:b4:14:
         d3:98:f9:1b:71:e7:42:e4:0c:7e:f5:53:df:12:9c:ee:c3:d6:
         31:83:22:5e:30:d1:1d:41:df:3e:29:59:ee:eb:e4:70:6b:37:
         c2:65:97:e5:32:6f:e4:94:13:0e:53:f9:87:b9:2a:b6:d1:7c:
         cc:29:50:a0:13:cf:43:1a:7a:76:9a:64:ff:8c:41:be:36:e8:
         d1:27:5d:67
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZLTbYxEeCZhLCKfu3r0rnXTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQxMDI4MTQwMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2M4YTIxNDViMGI3YTkxODk3OWZhY2E2MTU5YTcyNTAxNjExYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKb9RSYr9pIREfAz/1QBu5g8i5ad
FTu5yVYjlCvQVXhDtZUApVcbdQMUfPGS5Z8IFQcPMKOXXJuIxgAQd2fZf+xTFFT4
uD+VM7mCYKAVuCq0rJ+tVIS0yK7pAf+nJkszZYrraQ2PN+2RkN9vK7YCmj6iKhl5
wtxzfwPVHFxJDIl0nqff8OVDMtsqvxaqMZIum7bAVT9q4w0H3QUev7ImAfRD1Qy1
j8EFkI/9Q7O8HS59gyEW9r6kza9+QMO6z0c0yxPKcCwzC0Ta8jYkiCJ1RDacrbmo
awdU0BFnkKXc1zFeWjozbGmKIj1XIWnkWK12eDhrxCLUxNp35s+NsfWU4QIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFOfIohRbC3qRiXn6ymFZpyUBYRu+MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvNThpaUZGc0xlcEdKZWZyS1lWbW5KUUZoRzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUAKgbWQAMF
ACoG1kYDBQAqCe8BAwUAKgqzhQMFACoNPEQDBQAqDZXBAwUAKg2VxQMFACoNr8AD
BQAqDa/CAwUAKg3BBQMFACoPMQIwDQYJKoZIhvcNAQELBQADggEBAKRcTH75JSoy
B+Ko9Tr5rUAtvHVdJLNwWQyoTABMcbKImIpKR22j7/4j1L8tq6AvtOCT5dapcLbh
aI2Ih6y5Y5z8FbxDiHrP/CGexDlPxzhhKJVViNxs1xbe2EPqwGgQuHuw+QIpuc7B
kB284bRU0ss4NjDD1H0VWFLEjjsibix17NTrSp3vGQFqQa3x3cBTSmB2LLruvp2Y
2Vg3b0bb5r0lV9mD3W8TWo8C3ZcpDcBZkgO0FNOY+Rtx50LkDH71U98SnO7D1jGD
Il4w0R1B3z4pWe7r5HBrN8Jll+Uyb+SUEw5T+Ye5KrbRfMwpUKATz0MaenaaZP+M
Qb426NEnXWc=
-----END CERTIFICATE-----