Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/fQOjg2neIW2krOjnTjp85AzsqWw.roa
File:                     fQOjg2neIW2krOjnTjp85AzsqWw.roa (raw, json)
Hash identifier:          oLkygrSzeNUtXBVJ8GQjUuMpl+O/HdhLAvhaLJTZu6o=
Subject key identifier:   7D:03:A3:83:69:DE:21:6D:A4:AC:E8:E7:4E:3A:7C:E4:0C:EC:A9:6C
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0194920768D504E65331300182823F1D95FB
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/fQOjg2neIW2krOjnTjp85AzsqWw.roa
Signing time:             Thu 23 Jan 2025 07:19:06 +0000
ROA not before:           Thu 23 Jan 2025 07:19:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a06:d646::/32 maxlen: 32
                          2a09:e302::/32 maxlen: 32
                          2a09:e306::/32 maxlen: 32
                          2a09:ef02::/32 maxlen: 32
                          2a09:ef05::/32 maxlen: 32
                          2a09:ef07::/32 maxlen: 32
                          2a0a:b385::/32 maxlen: 32
                          2a0b:9001::/32 maxlen: 32
                          2a0b:9005::/32 maxlen: 32
                          2a0d:95c5::/32 maxlen: 32
                          2a0d:afc0::/32 maxlen: 32
                          2a0d:afc6::/32 maxlen: 32
                          2a0d:c105::/32 maxlen: 32
                          2a0f:3105::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 29 Jan 2025 17:49:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:92:07:68:d5:04:e6:53:31:30:01:82:82:3f:1d:95:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan 23 07:19:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d03a38369de216da4ace8e74e3a7ce40ceca96c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:92:34:1c:c2:77:d3:a2:83:d1:13:26:be:28:
                    00:c0:e5:17:04:1c:74:c6:91:5f:3e:8a:e6:15:28:
                    42:01:a7:8e:5e:ef:cc:43:81:35:9f:f6:7d:28:41:
                    fd:a0:39:5b:2a:59:e1:97:b4:ef:bd:1b:3d:39:ff:
                    82:60:92:9a:f1:f6:08:b7:0a:2d:fd:1c:e7:ba:15:
                    39:3a:cf:30:f4:a8:61:24:7f:2f:5a:47:d0:c7:8d:
                    e0:7f:b1:b2:1e:37:7d:5b:40:9c:be:e0:a0:b1:34:
                    e7:48:2d:39:df:d1:cd:24:fa:fa:88:15:bd:f0:c9:
                    d5:36:e7:44:aa:54:92:a6:5f:3a:8b:c9:a4:34:c3:
                    51:5c:22:2e:be:2c:4b:3c:c1:3a:33:b8:62:41:e5:
                    79:cd:9b:0c:5d:47:b5:ca:9c:8f:43:ad:72:e0:13:
                    7e:59:f2:04:bc:24:70:6d:cb:ab:b6:27:21:99:8e:
                    6b:f7:59:49:ca:33:17:c2:9b:2d:5a:66:fa:98:20:
                    29:49:c5:79:f7:92:98:3b:9b:24:22:b4:8f:4f:20:
                    ef:ca:ef:14:36:ec:4e:77:79:47:52:78:c6:fe:49:
                    f6:eb:a6:d1:5b:ca:be:e5:73:a6:2a:b9:92:9f:e6:
                    98:1c:64:7d:2a:fc:bf:5b:07:8d:1e:0d:48:c3:b5:
                    6c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:03:A3:83:69:DE:21:6D:A4:AC:E8:E7:4E:3A:7C:E4:0C:EC:A9:6C
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/fQOjg2neIW2krOjnTjp85AzsqWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d646::/32
                  2a09:e302::/32
                  2a09:e306::/32
                  2a09:ef02::/32
                  2a09:ef05::/32
                  2a09:ef07::/32
                  2a0a:b385::/32
                  2a0b:9001::/32
                  2a0b:9005::/32
                  2a0d:95c5::/32
                  2a0d:afc0::/32
                  2a0d:afc6::/32
                  2a0d:c105::/32
                  2a0f:3105::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:cb:14:69:62:82:7e:5b:ea:1f:2a:79:55:59:29:a7:c0:32:
         c5:a7:a4:49:03:b5:24:c0:c7:28:1b:12:6f:46:ba:df:d3:1f:
         85:ec:93:c0:a0:af:89:32:34:d4:d4:14:37:18:09:1d:77:c2:
         43:40:f4:d7:76:60:55:1d:a3:e6:30:a5:8f:21:c7:a8:dd:9f:
         34:a5:77:63:0f:a2:94:ce:7e:5a:e7:91:83:6c:71:8f:8d:57:
         b6:77:14:da:c9:69:ed:d1:1c:54:65:1b:23:04:c8:35:cb:8b:
         65:31:23:8b:f3:dc:4b:0f:4c:1f:64:cc:d2:fe:d1:ef:fa:d4:
         90:3c:d9:1b:49:d1:69:17:4e:1e:74:0c:9e:ef:e5:5c:b3:70:
         86:0f:ad:67:36:28:79:de:ed:60:61:f1:61:73:fb:2d:18:3c:
         ef:da:8b:e4:cb:e1:dd:5c:44:28:9e:80:1d:80:64:31:a4:1f:
         20:35:0d:24:32:d7:cd:a4:f2:f6:49:d1:58:4e:08:f6:1e:f5:
         2f:79:f0:71:c2:aa:5e:69:d9:54:8b:45:e2:7a:63:25:22:f5:
         e2:d5:3a:67:eb:ae:dc:f5:b1:02:dd:85:53:ee:d4:66:7b:93:
         bf:48:f2:f5:66:8c:1d:ed:90:47:e0:44:45:08:b0:7f:04:91:
         58:fd:41:bc
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAZSSB2jVBOZTMTABgoI/HZX7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjUwMTIzMDcxOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDAzYTM4MzY5ZGUyMTZkYTRhY2U4ZTc0ZTNhN2NlNDBjZWNhOTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZI0HMJ306KD0RMmvigAwOUXBBx0
xpFfPormFShCAaeOXu/MQ4E1n/Z9KEH9oDlbKlnhl7TvvRs9Of+CYJKa8fYItwot
/RznuhU5Os8w9KhhJH8vWkfQx43gf7GyHjd9W0CcvuCgsTTnSC0539HNJPr6iBW9
8MnVNudEqlSSpl86i8mkNMNRXCIuvixLPME6M7hiQeV5zZsMXUe1ypyPQ61y4BN+
WfIEvCRwbcurtichmY5r91lJyjMXwpstWmb6mCApScV595KYO5skIrSPTyDvyu8U
NuxOd3lHUnjG/kn266bRW8q+5XOmKrmSn+aYHGR9Kvy/WweNHg1Iw7VstQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFH0Do4Np3iFtpKzo5046fOQM7KlsMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvZlFPamcybmVJVzJrck9qblRqcDg1QXpzcVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAAjBiAwUAKgbWRgMF
ACoJ4wIDBQAqCeMGAwUAKgnvAgMFACoJ7wUDBQAqCe8HAwUAKgqzhQMFACoLkAED
BQAqC5AFAwUAKg2VxQMFACoNr8ADBQAqDa/GAwUAKg3BBQMFACoPMQUwDQYJKoZI
hvcNAQELBQADggEBAAPLFGlign5b6h8qeVVZKafAMsWnpEkDtSTAxygbEm9Gut/T
H4Xsk8Cgr4kyNNTUFDcYCR13wkNA9Nd2YFUdo+YwpY8hx6jdnzSld2MPopTOflrn
kYNscY+NV7Z3FNrJae3RHFRlGyMEyDXLi2UxI4vz3EsPTB9kzNL+0e/61JA82RtJ
0WkXTh50DJ7v5VyzcIYPrWc2KHne7WBh8WFz+y0YPO/ai+TL4d1cRCiegB2AZDGk
HyA1DSQy182k8vZJ0VhOCPYe9S958HHCql5p2VSLReJ6YyUi9eLVOmfrrtz1sQLd
hVPu1GZ7k79I8vVmjB3tkEfgREUIsH8EkVj9Qbw=
-----END CERTIFICATE-----