Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/MdtwhsXuSnJDerCXlMkKOM6b-xI.roa
File:                     MdtwhsXuSnJDerCXlMkKOM6b-xI.roa (raw, json)
Hash identifier:          7jApm+r88itDIinF9QxMrnsyJLJr1wTsdK33FrMR1OU=
Subject key identifier:   31:DB:70:86:C5:EE:4A:72:43:7A:B0:97:94:C9:0A:38:CE:9B:FB:12
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0192FDA32900DD6E29C44E06BA4A9A5A6BE6
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/MdtwhsXuSnJDerCXlMkKOM6b-xI.roa
Signing time:             Tue 05 Nov 2024 18:43:01 +0000
ROA not before:           Tue 05 Nov 2024 18:43:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a06:d640::/32 maxlen: 32
                          2a06:d646::/32 maxlen: 32
                          2a09:e302::/32 maxlen: 32
                          2a09:ef01::/32 maxlen: 32
                          2a09:ef02::/32 maxlen: 32
                          2a09:ef05::/32 maxlen: 32
                          2a0a:b385::/32 maxlen: 32
                          2a0d:3c44::/32 maxlen: 32
                          2a0d:95c1::/32 maxlen: 32
                          2a0d:95c5::/32 maxlen: 32
                          2a0d:afc0::/32 maxlen: 32
                          2a0d:afc2::/32 maxlen: 32
                          2a0d:c105::/32 maxlen: 32
                          2a0f:3102::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 11 Nov 2024 11:18:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fd:a3:29:00:dd:6e:29:c4:4e:06:ba:4a:9a:5a:6b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Nov  5 18:43:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31db7086c5ee4a72437ab09794c90a38ce9bfb12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:dc:d3:12:b1:e3:05:a3:64:b2:48:2c:6c:c2:
                    78:3c:9d:97:68:b8:50:e6:d2:dc:fa:85:8b:c6:aa:
                    ed:ad:fc:63:56:0a:27:5e:72:20:94:24:aa:94:06:
                    29:cb:17:0d:6a:32:4f:17:2e:eb:4f:be:68:65:b5:
                    47:59:17:e1:44:99:bb:c0:02:6b:b6:61:80:9d:0e:
                    4a:8b:9a:40:b0:b4:a5:42:e3:47:14:12:4d:5a:11:
                    91:3b:a4:3c:6f:35:d1:47:89:a9:84:76:b4:dd:1b:
                    19:4d:a7:98:c3:29:c7:4e:66:44:f8:32:6a:61:7f:
                    d8:c1:c9:ee:67:07:c2:ba:72:9e:1f:67:47:12:dd:
                    62:85:a2:0c:2f:6f:9d:aa:e0:fa:51:78:25:79:2c:
                    52:a3:e3:bb:ee:8b:ad:7f:4a:51:d3:da:de:b7:ff:
                    dd:57:03:43:89:1e:7a:06:c7:1a:f0:f9:36:97:30:
                    fa:33:12:13:c7:b9:23:e9:6d:1a:f6:8b:43:d7:45:
                    c5:3e:0b:55:f1:bf:5d:9e:d9:6c:92:0b:23:38:e6:
                    1b:0d:6f:46:a2:21:d5:75:e7:99:b2:2e:df:18:bc:
                    45:21:d2:72:66:a7:cb:3a:ca:a0:b0:9f:ff:33:76:
                    a1:1a:35:41:5f:00:55:b2:62:83:38:b7:22:e7:8f:
                    d4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DB:70:86:C5:EE:4A:72:43:7A:B0:97:94:C9:0A:38:CE:9B:FB:12
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/MdtwhsXuSnJDerCXlMkKOM6b-xI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d640::/32
                  2a06:d646::/32
                  2a09:e302::/32
                  2a09:ef01::-2a09:ef02:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:ef05::/32
                  2a0a:b385::/32
                  2a0d:3c44::/32
                  2a0d:95c1::/32
                  2a0d:95c5::/32
                  2a0d:afc0::/32
                  2a0d:afc2::/32
                  2a0d:c105::/32
                  2a0f:3102::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:96:f3:b3:59:20:4c:67:d6:19:f6:de:0d:4c:3c:f3:7f:ac:
         a8:0c:9a:73:97:a9:d5:a3:f5:cf:54:51:2e:f2:0c:97:b3:2f:
         0f:64:88:37:32:08:34:30:db:eb:e5:f2:49:39:13:27:b9:98:
         1c:40:c9:fe:20:3a:48:f9:8d:41:cc:ed:83:14:75:8c:0d:52:
         3e:01:63:e8:6c:fc:ba:81:23:6a:56:46:60:54:a8:dc:c0:ea:
         54:af:68:73:45:ff:7a:a4:93:4a:95:aa:82:9d:17:64:b9:40:
         ac:05:94:16:ae:d8:83:0b:4c:80:ba:99:8e:51:c4:30:28:f5:
         61:bd:06:79:b3:bc:e2:41:25:44:b8:fa:60:c8:5b:1d:2a:f2:
         9e:e7:d7:d6:30:b0:ea:6a:c3:bc:9e:ef:0a:43:78:c3:23:a0:
         76:f5:25:d1:95:d9:a9:b2:76:67:87:e7:eb:ef:b7:ad:be:96:
         a6:02:4c:98:df:59:ff:5d:25:4f:5b:94:3a:94:2f:82:22:a3:
         1e:1a:42:05:51:d0:a6:d3:30:ea:42:8d:1a:d7:90:01:3a:e4:
         03:7f:dc:d1:14:b0:b3:03:83:fd:d6:a8:1e:bd:5e:2c:5e:b1:
         95:e6:c9:d3:69:67:56:25:70:7a:8e:21:34:59:dc:3b:ea:74:
         88:f9:54:8f
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZL9oykA3W4pxE4GukqaWmvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQxMTA1MTg0MzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWRiNzA4NmM1ZWU0YTcyNDM3YWIwOTc5NGM5MGEzOGNlOWJmYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNzTErHjBaNkskgsbMJ4PJ2XaLhQ
5tLc+oWLxqrtrfxjVgonXnIglCSqlAYpyxcNajJPFy7rT75oZbVHWRfhRJm7wAJr
tmGAnQ5Ki5pAsLSlQuNHFBJNWhGRO6Q8bzXRR4mphHa03RsZTaeYwynHTmZE+DJq
YX/YwcnuZwfCunKeH2dHEt1ihaIML2+dquD6UXgleSxSo+O77outf0pR09ret//d
VwNDiR56Bsca8Pk2lzD6MxITx7kj6W0a9otD10XFPgtV8b9dntlskgsjOOYbDW9G
oiHVdeeZsi7fGLxFIdJyZqfLOsqgsJ//M3ahGjVBXwBVsmKDOLci54/UGwIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFDHbcIbF7kpyQ3qwl5TJCjjOm/sSMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvTWR0d2hzWHVTbkpEZXJDWGxNa0tPTTZiLXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAAjBkAwUAKgbWQAMF
ACoG1kYDBQAqCeMCMA4DBQAqCe8BAwUAKgnvAgMFACoJ7wUDBQAqCrOFAwUAKg08
RAMFACoNlcEDBQAqDZXFAwUAKg2vwAMFACoNr8IDBQAqDcEFAwUAKg8xAjANBgkq
hkiG9w0BAQsFAAOCAQEAVZbzs1kgTGfWGfbeDUw883+sqAyac5ep1aP1z1RRLvIM
l7MvD2SINzIINDDb6+XySTkTJ7mYHEDJ/iA6SPmNQcztgxR1jA1SPgFj6Gz8uoEj
alZGYFSo3MDqVK9oc0X/eqSTSpWqgp0XZLlArAWUFq7YgwtMgLqZjlHEMCj1Yb0G
ebO84kElRLj6YMhbHSrynufX1jCw6mrDvJ7vCkN4wyOgdvUl0ZXZqbJ2Z4fn6++3
rb6WpgJMmN9Z/10lT1uUOpQvgiKjHhpCBVHQptMw6kKNGteQATrkA3/c0RSwswOD
/daoHr1eLF6xlebJ02lnViVweo4hNFncO+p0iPlUjw==
-----END CERTIFICATE-----