Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Y_-uk0EY1ARRtvYxsiTSes-PHLA.roa
File:                     Y_-uk0EY1ARRtvYxsiTSes-PHLA.roa (raw, json)
Hash identifier:          qdG4cBdnFe9dlhx7cZoo49Cs8y3y5mtAPGHl36hp6Gw=
Subject key identifier:   63:FF:AE:93:41:18:D4:04:51:B6:F6:31:B2:24:D2:7A:CF:8F:1C:B0
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0192E3F957211650B47D6B5731B1AA537649
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Y_-uk0EY1ARRtvYxsiTSes-PHLA.roa
Signing time:             Thu 31 Oct 2024 19:07:01 +0000
ROA not before:           Thu 31 Oct 2024 19:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a06:d640::/32 maxlen: 32
                          2a06:d646::/32 maxlen: 32
                          2a09:ef01::/32 maxlen: 32
                          2a09:ef02::/32 maxlen: 32
                          2a0a:b385::/32 maxlen: 32
                          2a0d:3c44::/32 maxlen: 32
                          2a0d:95c1::/32 maxlen: 32
                          2a0d:95c5::/32 maxlen: 32
                          2a0d:afc0::/32 maxlen: 32
                          2a0d:afc2::/32 maxlen: 32
                          2a0d:c105::/32 maxlen: 32
                          2a0f:3102::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 05 Nov 2024 18:43:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e3:f9:57:21:16:50:b4:7d:6b:57:31:b1:aa:53:76:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Oct 31 19:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63ffae934118d40451b6f631b224d27acf8f1cb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d6:c1:6d:78:81:a0:37:b7:79:e6:95:9e:9f:
                    dc:1d:0e:f4:22:73:54:5d:45:f9:1d:ec:e8:43:b6:
                    f6:2d:64:ea:a8:4b:ba:1b:fd:7e:ff:b2:4a:3b:38:
                    20:90:ec:79:f3:d6:80:46:6b:8d:54:94:4e:2c:70:
                    e8:0a:38:28:9b:33:02:1d:87:33:0d:83:cc:d9:40:
                    8b:64:c1:4c:e0:f4:e2:86:45:92:1a:61:1f:4d:01:
                    8a:7f:6a:57:16:f2:71:cf:49:93:fd:3f:02:3b:22:
                    1d:68:41:78:cf:96:0a:25:a9:59:7c:20:df:aa:53:
                    2c:fc:f4:1c:f8:55:e1:14:d6:cf:8d:23:41:75:d9:
                    cb:db:5f:bd:d7:b6:18:ac:71:ec:c3:c7:b5:31:87:
                    68:d3:81:a0:85:e8:e6:84:96:6d:f3:4e:56:60:60:
                    42:56:62:49:8a:1c:a5:93:d0:b7:b9:11:d4:57:de:
                    00:63:a4:6c:52:41:d0:55:e8:d1:2f:77:38:f0:18:
                    e5:2e:10:eb:12:dd:7a:b0:67:1c:6d:14:72:80:cf:
                    b6:b1:0a:16:3e:0e:f8:55:4b:45:2c:a0:eb:4a:b5:
                    ec:f5:61:34:77:2f:c1:f1:c1:02:8f:50:19:2b:c6:
                    67:86:52:14:33:e5:4d:ef:e2:37:51:5f:9e:61:a9:
                    cf:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FF:AE:93:41:18:D4:04:51:B6:F6:31:B2:24:D2:7A:CF:8F:1C:B0
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Y_-uk0EY1ARRtvYxsiTSes-PHLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d640::/32
                  2a06:d646::/32
                  2a09:ef01::-2a09:ef02:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0a:b385::/32
                  2a0d:3c44::/32
                  2a0d:95c1::/32
                  2a0d:95c5::/32
                  2a0d:afc0::/32
                  2a0d:afc2::/32
                  2a0d:c105::/32
                  2a0f:3102::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:e5:a1:6e:7e:e6:c2:22:ae:2e:96:d6:93:62:67:69:ff:cf:
         dd:c5:8f:2e:aa:5a:b3:e7:c3:c2:cd:d6:17:c1:bd:cb:22:fa:
         ab:07:df:f6:44:91:87:7e:5d:df:57:b2:72:ee:71:48:f7:e8:
         61:54:d4:ce:a9:70:77:51:37:b4:c8:32:3f:04:99:f0:3a:66:
         0c:88:0c:d3:81:a9:ed:a3:ef:55:4b:d7:eb:ca:ad:7d:ba:24:
         64:c7:e9:f2:f4:53:ce:bf:88:4f:87:be:8d:a5:e9:3c:02:01:
         ec:40:3c:ff:b2:62:d0:46:a4:c4:5e:e1:a7:44:79:cf:31:dc:
         2f:b6:0c:97:b2:f0:04:6a:55:1f:af:e5:54:79:8d:9f:0e:5e:
         64:27:dc:4f:7b:19:75:e3:99:30:6b:5c:11:b2:1d:e8:db:ad:
         23:6e:78:a0:8e:fd:68:86:fe:22:32:20:fb:5c:b9:b8:bd:11:
         12:08:83:2b:1b:c2:93:ff:4c:8d:26:36:6b:73:dc:1c:5b:ef:
         07:32:bf:e1:99:e9:6a:df:27:7a:9d:70:e4:8f:87:e7:bb:0b:
         93:dd:af:f6:0f:97:a1:97:c3:90:eb:a1:b0:3a:a7:ca:18:9d:
         2b:93:e6:ac:8c:a6:a4:d4:c7:49:89:00:d7:3f:4b:63:c9:02:
         58:cd:07:ba
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZLj+VchFlC0fWtXMbGqU3ZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQxMDMxMTkwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2ZmYWU5MzQxMThkNDA0NTFiNmY2MzFiMjI0ZDI3YWNmOGYxY2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dbBbXiBoDe3eeaVnp/cHQ70InNU
XUX5HezoQ7b2LWTqqEu6G/1+/7JKOzggkOx589aARmuNVJROLHDoCjgomzMCHYcz
DYPM2UCLZMFM4PTihkWSGmEfTQGKf2pXFvJxz0mT/T8COyIdaEF4z5YKJalZfCDf
qlMs/PQc+FXhFNbPjSNBddnL21+917YYrHHsw8e1MYdo04GghejmhJZt805WYGBC
VmJJihylk9C3uRHUV94AY6RsUkHQVejRL3c48BjlLhDrEt16sGccbRRygM+2sQoW
Pg74VUtFLKDrSrXs9WE0dy/B8cECj1AZK8ZnhlIUM+VN7+I3UV+eYanPSwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFGP/rpNBGNQEUbb2MbIk0nrPjxywMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvWV8tdWswRVkxQVJSdHZZeHNpVFNlcy1QSExBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAAjBWAwUAKgbWQAMF
ACoG1kYwDgMFACoJ7wEDBQAqCe8CAwUAKgqzhQMFACoNPEQDBQAqDZXBAwUAKg2V
xQMFACoNr8ADBQAqDa/CAwUAKg3BBQMFACoPMQIwDQYJKoZIhvcNAQELBQADggEB
AFjloW5+5sIiri6W1pNiZ2n/z93Fjy6qWrPnw8LN1hfBvcsi+qsH3/ZEkYd+Xd9X
snLucUj36GFU1M6pcHdRN7TIMj8EmfA6ZgyIDNOBqe2j71VL1+vKrX26JGTH6fL0
U86/iE+Hvo2l6TwCAexAPP+yYtBGpMRe4adEec8x3C+2DJey8ARqVR+v5VR5jZ8O
XmQn3E97GXXjmTBrXBGyHejbrSNueKCO/WiG/iIyIPtcubi9ERIIgysbwpP/TI0m
Nmtz3Bxb7wcyv+GZ6WrfJ3qdcOSPh+e7C5Pdr/YPl6GXw5DrobA6p8oYnSuT5qyM
pqTUx0mJANc/S2PJAljNB7o=
-----END CERTIFICATE-----