Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/pE3_2P3wjqfDjhg8TX0Ov3AMhws.roa
File:                     pE3_2P3wjqfDjhg8TX0Ov3AMhws.roa (raw, json)
Hash identifier:          g/ddPbQ94ZY6rSkYbaW2A5k29nCedn5Dcw6ljd9+OCE=
Subject key identifier:   A4:4D:FF:D8:FD:F0:8E:A7:C3:8E:18:3C:4D:7D:0E:BF:70:0C:87:0B
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0194F65266755ECB10A502B2D45FA7282B05
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/pE3_2P3wjqfDjhg8TX0Ov3AMhws.roa
Signing time:             Tue 11 Feb 2025 18:43:02 +0000
ROA not before:           Tue 11 Feb 2025 18:43:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a06:d644::/32 maxlen: 32
                          2a09:2984::/32 maxlen: 32
                          2a09:e307::/32 maxlen: 32
                          2a09:ef06::/32 maxlen: 32
                          2a0d:3c47::/32 maxlen: 32
                          2a0d:95c0::/32 maxlen: 32
                          2a0d:afc1::/32 maxlen: 32
                          2a0d:afc5::/32 maxlen: 32
                          2a0d:afc7::/32 maxlen: 32
                          2a0d:c100::/32 maxlen: 32
                          2a0d:c102::/32 maxlen: 32
                          2a0f:3104::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 11 Mar 2025 18:40:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f6:52:66:75:5e:cb:10:a5:02:b2:d4:5f:a7:28:2b:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Feb 11 18:43:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a44dffd8fdf08ea7c38e183c4d7d0ebf700c870b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:38:4f:14:5d:d1:18:3f:d8:68:de:fe:66:12:
                    13:39:fd:4a:54:0e:fa:11:b6:ca:be:61:92:e1:8d:
                    c1:62:db:b6:22:1d:8b:7e:40:f0:0b:97:fc:8a:ae:
                    c4:1b:58:af:26:9f:72:63:90:3f:a5:75:e0:81:a3:
                    1c:1c:a5:71:ea:f7:8a:62:2f:ea:2b:c6:d3:8e:23:
                    d2:2c:b0:fe:1d:99:cb:a2:9f:e8:5f:a1:e1:43:5e:
                    b8:9c:fb:0c:5c:5e:3b:6a:76:d4:c9:df:33:2d:bc:
                    cd:ac:31:0e:ba:fb:fc:3b:c2:1d:61:e9:19:57:e0:
                    92:15:86:cd:4d:a8:c5:d8:49:0f:38:05:83:db:50:
                    ad:78:c0:00:c0:85:b0:98:6c:18:d5:d4:bb:4b:3a:
                    cc:5d:12:84:b7:a8:f6:68:ae:91:80:19:dd:f3:88:
                    2a:dc:6b:0b:67:5c:01:90:f2:10:7a:56:64:50:c0:
                    d1:ee:d6:f2:bb:18:9a:c3:2c:da:b2:4a:69:90:5d:
                    33:64:b9:e7:d3:9a:31:cf:b7:c4:28:75:7d:25:a2:
                    79:17:aa:d5:4e:2e:b1:01:54:56:21:9e:1a:70:0a:
                    75:27:8d:9d:39:af:23:4a:ce:51:32:e3:fe:d1:64:
                    ce:1a:4b:b7:4c:fa:ae:1e:06:9d:d7:96:4f:a0:29:
                    18:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:4D:FF:D8:FD:F0:8E:A7:C3:8E:18:3C:4D:7D:0E:BF:70:0C:87:0B
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/pE3_2P3wjqfDjhg8TX0Ov3AMhws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d644::/32
                  2a09:2984::/32
                  2a09:e307::/32
                  2a09:ef06::/32
                  2a0d:3c47::/32
                  2a0d:95c0::/32
                  2a0d:afc1::/32
                  2a0d:afc5::/32
                  2a0d:afc7::/32
                  2a0d:c100::/32
                  2a0d:c102::/32
                  2a0f:3104::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:43:ef:75:60:2a:52:65:88:95:44:77:b4:e2:86:88:3f:aa:
         af:56:71:f8:84:16:69:6b:61:bb:35:58:da:75:58:d5:c3:a0:
         16:67:2a:18:b5:aa:e6:02:29:ec:76:b2:4e:20:62:72:22:b9:
         98:2c:c2:a2:67:4b:06:ee:8d:b7:75:3a:04:6c:6f:48:35:c5:
         ad:b6:16:e6:5b:31:a7:39:cf:37:7d:b5:c7:c2:be:06:80:73:
         17:35:01:cc:a7:51:b6:a1:0f:d2:25:9a:11:ad:96:d8:4e:63:
         5f:c9:93:a6:ed:bd:b1:e1:01:24:62:bc:f5:9a:15:e3:b1:c5:
         ae:58:a7:8e:f2:17:3d:d3:02:a2:a7:ae:5d:24:e7:b6:93:5c:
         e0:0a:8d:8e:89:bf:47:03:5b:02:f4:54:8f:4d:36:61:36:87:
         7d:55:fe:f0:c1:63:c7:05:5d:ea:40:0d:f0:b0:25:89:29:0f:
         80:7b:8d:fb:aa:ac:50:fe:b4:c0:fe:d0:22:4a:0a:66:ca:f1:
         a1:e7:93:f8:26:d5:2c:36:a2:e9:79:1b:4a:e7:6d:a3:e5:93:
         c1:5d:2d:08:20:6a:7e:e2:3c:91:a5:9d:0f:a2:cf:bb:e5:e0:
         f7:e0:e4:30:ea:23:c8:cb:de:cb:cf:0e:8b:37:83:72:4d:f1:
         b3:e4:2a:ff
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZT2UmZ1XssQpQKy1F+nKCsFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjUwMjExMTg0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDRkZmZkOGZkZjA4ZWE3YzM4ZTE4M2M0ZDdkMGViZjcwMGM4NzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DhPFF3RGD/YaN7+ZhITOf1KVA76
EbbKvmGS4Y3BYtu2Ih2LfkDwC5f8iq7EG1ivJp9yY5A/pXXggaMcHKVx6veKYi/q
K8bTjiPSLLD+HZnLop/oX6HhQ164nPsMXF47anbUyd8zLbzNrDEOuvv8O8IdYekZ
V+CSFYbNTajF2EkPOAWD21CteMAAwIWwmGwY1dS7SzrMXRKEt6j2aK6RgBnd84gq
3GsLZ1wBkPIQelZkUMDR7tbyuxiawyzaskppkF0zZLnn05oxz7fEKHV9JaJ5F6rV
Ti6xAVRWIZ4acAp1J42dOa8jSs5RMuP+0WTOGku3TPquHgad15ZPoCkY/wIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFKRN/9j98I6nw44YPE19Dr9wDIcLMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvcEUzXzJQM3dqcWZEamhnOFRYME92M0FNaHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUAKgbWRAMF
ACoJKYQDBQAqCeMHAwUAKgnvBgMFACoNPEcDBQAqDZXAAwUAKg2vwQMFACoNr8UD
BQAqDa/HAwUAKg3BAAMFACoNwQIDBQAqDzEEMA0GCSqGSIb3DQEBCwUAA4IBAQCk
Q+91YCpSZYiVRHe04oaIP6qvVnH4hBZpa2G7NVjadVjVw6AWZyoYtarmAinsdrJO
IGJyIrmYLMKiZ0sG7o23dToEbG9INcWtthbmWzGnOc83fbXHwr4GgHMXNQHMp1G2
oQ/SJZoRrZbYTmNfyZOm7b2x4QEkYrz1mhXjscWuWKeO8hc90wKip65dJOe2k1zg
Co2Oib9HA1sC9FSPTTZhNod9Vf7wwWPHBV3qQA3wsCWJKQ+Ae437qqxQ/rTA/tAi
SgpmyvGh55P4JtUsNqLpeRtK522j5ZPBXS0IIGp+4jyRpZ0Pos+75eD34OQw6iPI
y97Lzw6LN4NyTfGz5Cr/
-----END CERTIFICATE-----