Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/tbPQk8e4907VguvqXSjR-QXHDVA.roa
File:                     tbPQk8e4907VguvqXSjR-QXHDVA.roa (raw, json)
Hash identifier:          OwugCdQbKcopN8aan+UktD/NjUWXE0w5ChuMkG0OdDQ=
Subject key identifier:   B5:B3:D0:93:C7:B8:F7:4E:D5:82:EB:EA:5D:28:D1:F9:05:C7:0D:50
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       01931AF232CF3659EFCE83AD6D4310729B73
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/tbPQk8e4907VguvqXSjR-QXHDVA.roa
Signing time:             Mon 11 Nov 2024 11:18:20 +0000
ROA not before:           Mon 11 Nov 2024 11:18:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a06:d640::/32 maxlen: 32
                          2a06:d646::/32 maxlen: 32
                          2a09:e302::/32 maxlen: 32
                          2a09:ef01::/32 maxlen: 32
                          2a09:ef02::/32 maxlen: 32
                          2a09:ef05::/32 maxlen: 32
                          2a09:ef07::/32 maxlen: 32
                          2a0a:b385::/32 maxlen: 32
                          2a0d:3c44::/32 maxlen: 32
                          2a0d:95c1::/32 maxlen: 32
                          2a0d:95c5::/32 maxlen: 32
                          2a0d:afc0::/32 maxlen: 32
                          2a0d:afc2::/32 maxlen: 32
                          2a0d:c105::/32 maxlen: 32
                          2a0f:3102::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 13 Nov 2024 10:44:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:f2:32:cf:36:59:ef:ce:83:ad:6d:43:10:72:9b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Nov 11 11:18:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5b3d093c7b8f74ed582ebea5d28d1f905c70d50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ea:e4:1e:dc:99:d7:6b:be:96:0d:ac:bb:5a:
                    8b:06:66:7d:3d:00:7e:fd:78:6c:70:64:3f:04:8f:
                    f0:30:0e:53:49:36:bb:67:14:1b:6d:9d:15:70:b6:
                    90:ee:ee:56:bb:f0:33:51:fb:69:7c:72:65:a0:28:
                    26:b3:ca:63:52:e5:ab:f5:36:9a:cf:4a:87:de:a9:
                    48:79:76:ce:7e:c7:32:0b:98:30:54:7d:15:f5:ce:
                    4f:6e:e9:10:19:11:2f:4c:1a:b5:46:9e:6a:98:a7:
                    8e:31:ef:b7:df:97:ee:fb:ad:60:e3:25:22:05:b3:
                    88:40:37:c4:f3:2d:b9:fd:79:48:e6:8f:f3:ce:53:
                    ec:d7:dd:1b:02:43:8b:91:b5:ee:cf:fd:d2:0e:59:
                    3d:19:a1:14:ff:d6:8e:b0:dd:c8:17:dc:3f:30:b6:
                    d0:c5:13:15:f1:24:da:81:54:4d:0c:d8:d8:ba:1e:
                    e8:38:50:fc:a6:ed:fd:17:76:ee:2c:df:ca:d5:eb:
                    03:cd:22:45:0c:76:74:e1:ff:3c:82:7e:9a:c8:72:
                    ec:f0:e9:8e:e7:5a:84:32:78:d3:87:0e:51:40:3e:
                    c1:95:9d:2a:e2:78:8c:7e:22:8f:fe:1c:4b:27:4f:
                    3f:46:a4:68:9d:fc:34:3e:c8:b7:f1:1c:99:b2:96:
                    95:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B3:D0:93:C7:B8:F7:4E:D5:82:EB:EA:5D:28:D1:F9:05:C7:0D:50
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/tbPQk8e4907VguvqXSjR-QXHDVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d640::/32
                  2a06:d646::/32
                  2a09:e302::/32
                  2a09:ef01::-2a09:ef02:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:ef05::/32
                  2a09:ef07::/32
                  2a0a:b385::/32
                  2a0d:3c44::/32
                  2a0d:95c1::/32
                  2a0d:95c5::/32
                  2a0d:afc0::/32
                  2a0d:afc2::/32
                  2a0d:c105::/32
                  2a0f:3102::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:a9:fb:98:0a:08:56:ed:9e:26:7d:d4:d6:41:46:12:0e:21:
         b2:b7:32:f0:7f:93:6d:62:73:8d:fc:c2:7d:ea:79:00:17:65:
         9c:69:ed:92:4a:0a:18:20:b8:07:79:6b:f9:7d:c2:93:b2:22:
         d1:6b:f3:b6:ff:13:1a:82:bf:5c:97:4c:69:71:eb:08:df:19:
         6a:5a:0e:ed:fb:c3:b4:2e:72:86:08:27:c7:e4:8a:98:9a:80:
         61:69:d9:a2:fb:8e:76:00:10:06:85:41:31:fb:9f:37:6a:b3:
         f5:f6:4b:af:bf:4a:c7:57:54:17:13:4b:47:fb:a7:9e:1c:1c:
         35:04:4c:56:00:4e:b2:73:5d:a9:31:a2:80:5e:b1:28:65:f4:
         a9:3c:0e:d1:bc:dc:c6:dc:87:c3:fb:4d:33:55:f8:ef:24:ec:
         62:6d:9f:e9:2c:73:8a:f6:75:04:90:e7:4d:40:9b:1e:9d:71:
         87:13:7a:c3:1c:b1:cb:94:74:5a:d6:8e:cb:f6:c6:47:49:92:
         ba:e7:1b:db:fe:af:a9:c8:1a:84:9f:02:7f:56:26:04:1b:61:
         8d:c5:17:4a:bf:7c:7f:71:b9:79:a3:96:80:f5:bc:20:43:e4:
         8d:1c:83:95:de:15:18:42:07:ee:60:36:31:b1:15:ef:8b:d7:
         2f:4a:6b:8e
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAZMa8jLPNlnvzoOtbUMQcptzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQxMTExMTExODIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWIzZDA5M2M3YjhmNzRlZDU4MmViZWE1ZDI4ZDFmOTA1YzcwZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+rkHtyZ12u+lg2su1qLBmZ9PQB+
/XhscGQ/BI/wMA5TSTa7ZxQbbZ0VcLaQ7u5Wu/AzUftpfHJloCgms8pjUuWr9Taa
z0qH3qlIeXbOfscyC5gwVH0V9c5PbukQGREvTBq1Rp5qmKeOMe+335fu+61g4yUi
BbOIQDfE8y25/XlI5o/zzlPs190bAkOLkbXuz/3SDlk9GaEU/9aOsN3IF9w/MLbQ
xRMV8STagVRNDNjYuh7oOFD8pu39F3buLN/K1esDzSJFDHZ04f88gn6ayHLs8OmO
51qEMnjThw5RQD7BlZ0q4niMfiKP/hxLJ08/RqRonfw0Psi38RyZspaVlwIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFLWz0JPHuPdO1YLr6l0o0fkFxw1QMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvdGJQUWs4ZTQ5MDdWZ3V2cVhTalItUVhIRFZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwcQQCAAIwawMFACoG1kAD
BQAqBtZGAwUAKgnjAjAOAwUAKgnvAQMFACoJ7wIDBQAqCe8FAwUAKgnvBwMFACoK
s4UDBQAqDTxEAwUAKg2VwQMFACoNlcUDBQAqDa/AAwUAKg2vwgMFACoNwQUDBQAq
DzECMA0GCSqGSIb3DQEBCwUAA4IBAQByqfuYCghW7Z4mfdTWQUYSDiGytzLwf5Nt
YnON/MJ96nkAF2Wcae2SSgoYILgHeWv5fcKTsiLRa/O2/xMagr9cl0xpcesI3xlq
Wg7t+8O0LnKGCCfH5IqYmoBhadmi+452ABAGhUEx+583arP19kuvv0rHV1QXE0tH
+6eeHBw1BExWAE6yc12pMaKAXrEoZfSpPA7RvNzG3IfD+00zVfjvJOxibZ/pLHOK
9nUEkOdNQJsenXGHE3rDHLHLlHRa1o7L9sZHSZK65xvb/q+pyBqEnwJ/ViYEG2GN
xRdKv3x/cbl5o5aA9bwgQ+SNHIOV3hUYQgfuYDYxsRXvi9cvSmuO
-----END CERTIFICATE-----