Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ksdt5xhjXmqFhAFeLVx66Q4y9as.roa
File:                     Ksdt5xhjXmqFhAFeLVx66Q4y9as.roa (raw, json)
Hash identifier:          BVu3wtXNfFT7Ukw77mBC1RETlSw9395FvNqiZtv9Q4c=
Subject key identifier:   2A:C7:6D:E7:18:63:5E:6A:85:84:01:5E:2D:5C:7A:E9:0E:32:F5:AB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DA1D1437435FBD9E749DB166EF5AD0BB5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ksdt5xhjXmqFhAFeLVx66Q4y9as.roa
Signing time:             Tue 13 Feb 2024 09:34:22 +0000
ROA not before:           Tue 13 Feb 2024 09:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0e:97c0:aba::/48 maxlen: 48
                          2a0e:b107:19::/48 maxlen: 48
                          2a0e:b107:360::/48 maxlen: 48
                          2a0e:b107:361::/48 maxlen: 48
                          2a0e:b107:362::/48 maxlen: 48
                          2a0e:b107:363::/48 maxlen: 48
                          2a0e:b107:364::/48 maxlen: 48
                          2a0e:b107:365::/48 maxlen: 48
                          2a0e:b107:367::/48 maxlen: 48
                          2a0e:b107:f50::/44 maxlen: 48
                          2a10:2f00:1a0::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sun 18 Feb 2024 20:42:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a1:d1:43:74:35:fb:d9:e7:49:db:16:6e:f5:ad:0b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 13 09:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ac76de718635e6a8584015e2d5c7ae90e32f5ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d3:ed:09:1a:1a:8c:d8:bc:a8:28:d3:b7:f5:
                    2f:ec:ea:95:bc:c4:29:82:54:e3:77:d6:91:18:f5:
                    e7:d7:92:a4:af:21:03:81:bb:c1:ed:d5:a7:aa:db:
                    d7:63:a6:92:77:8d:bc:4a:b4:2f:1a:ad:e6:44:29:
                    6b:b9:5a:c1:82:1a:eb:94:d7:99:10:39:e7:2a:69:
                    35:e3:eb:88:3f:b5:77:a5:f0:10:eb:30:f8:28:38:
                    cb:fc:05:df:8f:cb:c8:bf:b7:92:0f:40:39:40:ea:
                    44:1c:26:59:e6:81:45:bc:00:e2:dc:10:91:b1:21:
                    fa:23:47:ab:7f:f3:d6:a0:a4:b7:12:55:f4:12:c6:
                    11:9e:fe:d7:ae:8f:88:9f:af:9b:9a:7f:d5:50:ce:
                    62:18:dd:02:34:a9:5a:c5:be:18:70:24:e2:fe:37:
                    d2:50:6c:3c:ea:dc:44:1f:77:12:87:01:a2:b7:46:
                    21:f7:d1:ed:d0:90:ed:02:ef:07:37:ff:02:de:d5:
                    f3:c1:6e:16:38:30:be:0d:5c:15:1a:50:71:64:82:
                    4a:f8:5d:22:4c:f9:63:ea:46:57:8b:3f:75:88:88:
                    5b:d4:aa:98:4c:7b:5b:ca:b2:84:48:4e:44:07:74:
                    16:4c:1b:cd:37:30:73:de:f8:7b:76:d7:3a:1a:42:
                    0e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C7:6D:E7:18:63:5E:6A:85:84:01:5E:2D:5C:7A:E9:0E:32:F5:AB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ksdt5xhjXmqFhAFeLVx66Q4y9as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:aba::/48
                  2a0e:b107:19::/48
                  2a0e:b107:360::-2a0e:b107:365:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:367::/48
                  2a0e:b107:f50::/44
                  2a10:2f00:1a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:c2:e4:c3:4a:cf:44:1b:21:e9:ff:f1:02:09:22:1c:1c:22:
         d4:11:2f:14:f1:d5:84:84:c6:7d:2c:75:ac:9f:e8:de:48:16:
         01:bf:cd:3f:e4:ce:9f:fc:57:81:66:4f:4e:54:a1:1e:cd:f7:
         fc:e6:3d:c1:6c:1f:88:a4:e7:e5:c1:cb:85:69:93:a6:86:c8:
         f9:50:ce:98:cc:b3:64:ce:7f:45:59:1a:cb:db:fd:60:c1:f4:
         0f:07:a4:4e:6e:62:77:51:1f:31:4a:c7:1f:34:2d:76:ca:9c:
         d1:7d:74:38:c8:28:00:e0:d1:d0:01:ad:73:fe:21:0b:7a:a7:
         9b:7e:c4:14:77:af:23:01:15:2d:11:98:46:fd:24:3f:7c:e7:
         90:13:f1:b6:fc:fe:34:ba:12:97:e2:9b:09:50:79:51:35:ad:
         f7:3b:af:1f:ee:c3:df:63:8a:82:66:e8:2a:15:36:bc:0c:62:
         18:cd:e5:79:fd:1b:46:7b:8b:14:8f:21:3d:3f:83:b1:67:11:
         e4:6c:c2:f3:79:a8:e8:1a:62:76:d0:30:b4:b1:bf:1c:29:16:
         2a:f9:c3:82:6b:a7:8f:a5:35:40:8c:10:e1:12:96:24:18:d4:
         48:17:2e:ce:93:72:78:be:0c:d1:93:01:39:6c:b3:21:0e:fc:
         00:e8:e0:99
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAY2h0UN0NfvZ50nbFm71rQu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjEzMDkzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWM3NmRlNzE4NjM1ZTZhODU4NDAxNWUyZDVjN2FlOTBlMzJmNWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutPtCRoajNi8qCjTt/Uv7OqVvMQp
glTjd9aRGPXn15KkryEDgbvB7dWnqtvXY6aSd428SrQvGq3mRClruVrBghrrlNeZ
EDnnKmk14+uIP7V3pfAQ6zD4KDjL/AXfj8vIv7eSD0A5QOpEHCZZ5oFFvADi3BCR
sSH6I0erf/PWoKS3ElX0EsYRnv7Xro+In6+bmn/VUM5iGN0CNKlaxb4YcCTi/jfS
UGw86txEH3cShwGit0Yh99Ht0JDtAu8HN/8C3tXzwW4WODC+DVwVGlBxZIJK+F0i
TPlj6kZXiz91iIhb1KqYTHtbyrKESE5EB3QWTBvNNzBz3vh7dtc6GkIOWwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFCrHbecYY15qhYQBXi1ceukOMvWrMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS3NkdDV4aGpYbXFGaEFGZUxWeDY2UTR5OWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTBHBAIAAjBBAwcAKg6XwAq6
AwcAKg6xBwAZMBIDBwUqDrEHA2ADBwEqDrEHA2QDBwAqDrEHA2cDBwQqDrEHD1AD
BwAqEC8AAaAwDQYJKoZIhvcNAQELBQADggEBAEvC5MNKz0QbIen/8QIJIhwcItQR
LxTx1YSExn0sdayf6N5IFgG/zT/kzp/8V4FmT05UoR7N9/zmPcFsH4ik5+XBy4Vp
k6aGyPlQzpjMs2TOf0VZGsvb/WDB9A8HpE5uYndRHzFKxx80LXbKnNF9dDjIKADg
0dABrXP+IQt6p5t+xBR3ryMBFS0RmEb9JD9855AT8bb8/jS6EpfimwlQeVE1rfc7
rx/uw99jioJm6CoVNrwMYhjN5Xn9G0Z7ixSPIT0/g7FnEeRswvN5qOgaYnbQMLSx
vxwpFir5w4Jrp4+lNUCMEOESliQY1EgXLs6Tcni+DNGTATlssyEO/ADo4Jk=
-----END CERTIFICATE-----