Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oZLdJDbee9K0oBljr4W_icbs49s.roa
File:                     oZLdJDbee9K0oBljr4W_icbs49s.roa (raw, json)
Hash identifier:          h6kFGjmHsU+egsp6L+j+cHmsRFdtDz4uJnIimc6bco4=
Subject key identifier:   A1:92:DD:24:36:DE:7B:D2:B4:A0:19:63:AF:85:BF:89:C6:EC:E3:DB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCF2144AFA39730BFDBA6D1BAE5F50
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oZLdJDbee9K0oBljr4W_icbs49s.roa
Signing time:             Tue 02 Jan 2024 10:34:12 +0000
ROA not before:           Tue 02 Jan 2024 10:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200160
IP address blocks:        2a0e:b107:660::/44 maxlen: 48
                          2a0e:b107:1d60::/44 maxlen: 48
                          2a0e:b107:1e00::/44 maxlen: 48
                          2a0e:b107:600::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:b107:6c0::/44 maxlen: 48
                          2a0e:b107:690::/44 maxlen: 48
                          2a0e:b107:5f0::/44 maxlen: 48
                          2a0e:b107:ad0::/44 maxlen: 48
                          2a0e:b107:2150::/44 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:bb0::/44 maxlen: 48

Validation:               Failed, certificate revoked on Tue 12 Mar 2024 03:54:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f2:14:4a:fa:39:73:0b:fd:ba:6d:1b:ae:5f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a192dd2436de7bd2b4a01963af85bf89c6ece3db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:41:a8:86:36:10:38:27:0a:5c:09:32:1f:40:
                    c9:02:e9:2e:0b:95:9a:e1:c7:58:02:e1:92:51:9d:
                    ca:9c:37:23:b3:a1:b7:d8:60:56:2e:8c:48:65:7d:
                    4c:f1:7b:c6:e0:f0:ef:2a:b7:52:01:8e:a9:e7:e5:
                    33:5c:97:eb:25:c9:cb:dd:08:fb:b2:65:30:33:4f:
                    a7:e6:32:ad:1c:6b:80:32:f6:fa:b4:e1:a8:40:5c:
                    db:1e:36:ca:ca:05:d1:72:f7:b7:c1:bd:13:4d:a2:
                    0a:7b:89:37:38:5b:84:19:d8:82:90:30:4a:c7:b0:
                    61:08:40:bb:59:f7:0e:72:8a:e9:00:25:0d:bc:1e:
                    c5:94:b2:94:b2:c6:a4:8f:dd:f0:cc:49:a0:85:49:
                    37:2f:70:eb:5a:88:0d:c6:d0:87:33:d3:bc:fa:de:
                    96:41:6f:d0:e3:be:dc:11:0d:53:40:81:b8:63:f1:
                    8c:57:26:93:43:ff:8b:86:0a:7f:76:b4:9b:17:25:
                    a6:d6:df:50:1e:33:f4:bb:58:39:6d:0f:07:e2:dc:
                    b9:0c:32:d5:8b:34:a3:00:77:ca:81:d8:82:fd:12:
                    27:74:70:59:c4:a1:4f:a3:a3:a6:f6:07:b7:0d:14:
                    80:ff:6d:4b:ef:e3:c2:49:0b:07:e0:32:8f:c0:dc:
                    00:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:92:DD:24:36:DE:7B:D2:B4:A0:19:63:AF:85:BF:89:C6:EC:E3:DB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oZLdJDbee9K0oBljr4W_icbs49s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:5d0::-2a0e:b107:60f:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:660::/44
                  2a0e:b107:690::/44
                  2a0e:b107:6c0::/44
                  2a0e:b107:ad0::/44
                  2a0e:b107:bb0::/44
                  2a0e:b107:1d60::/44
                  2a0e:b107:1e00::/44
                  2a0e:b107:2150::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:fd:58:8f:66:be:39:e7:56:ea:f4:31:5c:e7:b3:85:97:9f:
         be:cf:53:ac:cb:7c:9a:a4:6a:8d:a1:67:70:b5:b0:6e:87:94:
         6e:b7:8c:ae:02:3a:4b:34:40:95:32:82:5c:bb:b8:58:2b:2d:
         ed:26:ef:88:ae:5f:9d:f6:ce:57:4c:e0:66:c5:e4:05:e9:9e:
         6a:49:83:cc:50:2f:57:7f:eb:3f:6e:9f:b8:3d:de:0b:82:ae:
         c1:ab:83:67:0b:98:47:17:51:05:f9:be:58:33:74:61:1b:7e:
         c9:97:31:e7:7a:eb:f2:07:e5:06:c4:44:38:4d:03:aa:5f:90:
         f0:c3:94:14:38:ac:79:9e:dc:0d:71:13:05:4d:e6:b6:4a:fe:
         7c:c8:84:89:d7:70:cb:d6:bc:43:19:da:bf:37:19:5c:39:5d:
         3a:4b:08:8c:d8:ef:b0:15:c2:b6:c3:b2:e0:c0:e0:e8:7d:86:
         90:6a:02:d8:65:f5:39:5f:14:9b:23:33:ba:90:7d:6b:03:b2:
         72:54:6d:e4:4d:f4:3c:45:26:99:d0:f7:68:e7:b6:63:1c:b4:
         b5:23:ef:42:2c:35:1d:ef:84:b7:91:46:dd:e3:c0:e6:6e:18:
         ed:e4:d6:81:50:d2:17:30:17:ce:86:f8:9e:4a:37:d4:12:bc:
         91:bc:dc:72
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYzJvPIUSvo5cwv9um0brl9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTkyZGQyNDM2ZGU3YmQyYjRhMDE5NjNhZjg1YmY4OWM2ZWNlM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkGohjYQOCcKXAkyH0DJAukuC5Wa
4cdYAuGSUZ3KnDcjs6G32GBWLoxIZX1M8XvG4PDvKrdSAY6p5+UzXJfrJcnL3Qj7
smUwM0+n5jKtHGuAMvb6tOGoQFzbHjbKygXRcve3wb0TTaIKe4k3OFuEGdiCkDBK
x7BhCEC7WfcOcorpACUNvB7FlLKUssakj93wzEmghUk3L3DrWogNxtCHM9O8+t6W
QW/Q477cEQ1TQIG4Y/GMVyaTQ/+Lhgp/drSbFyWm1t9QHjP0u1g5bQ8H4ty5DDLV
izSjAHfKgdiC/RIndHBZxKFPo6Om9ge3DRSA/21L7+PCSQsH4DKPwNwAzwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFKGS3SQ23nvStKAZY6+Fv4nG7OPbMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb1pMZEpEYmVlOUswb0JsanI0V19pY2JzNDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAAjBcMBIDBwQqDrEH
BdADBwQqDrEHBgADBwQqDrEHBmADBwQqDrEHBpADBwQqDrEHBsADBwQqDrEHCtAD
BwQqDrEHC7ADBwQqDrEHHWADBwQqDrEHHgADBwQqDrEHIVAwDQYJKoZIhvcNAQEL
BQADggEBAKL9WI9mvjnnVur0MVzns4WXn77PU6zLfJqkao2hZ3C1sG6HlG63jK4C
Oks0QJUygly7uFgrLe0m74iuX532zldM4GbF5AXpnmpJg8xQL1d/6z9un7g93guC
rsGrg2cLmEcXUQX5vlgzdGEbfsmXMed66/IH5QbERDhNA6pfkPDDlBQ4rHme3A1x
EwVN5rZK/nzIhInXcMvWvEMZ2r83GVw5XTpLCIzY77AVwrbDsuDA4Oh9hpBqAthl
9TlfFJsjM7qQfWsDsnJUbeRN9DxFJpnQ92jntmMctLUj70IsNR3vhLeRRt3jwOZu
GO3k1oFQ0hcwF86G+J5KN9QSvJG83HI=
-----END CERTIFICATE-----