Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pqVV8DwR30CVoUABdNfx1ZLs4a8.roa
File:                     pqVV8DwR30CVoUABdNfx1ZLs4a8.roa (raw, json)
Hash identifier:          hpPcwWHWuxGSPPXki/xXVTMS7snFxpXyUTUEboDWNbM=
Subject key identifier:   A6:A5:55:F0:3C:11:DF:40:95:A1:40:01:74:D7:F1:D5:92:EC:E1:AF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0192BB81797CCAF3E5C069F0FA2D8B80AD6D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pqVV8DwR30CVoUABdNfx1ZLs4a8.roa
Signing time:             Wed 23 Oct 2024 22:31:17 +0000
ROA not before:           Wed 23 Oct 2024 22:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a06:de00:f0::/44 maxlen: 48
                          2a06:de00:f1::/48 maxlen: 48
                          2a0c:3b87:ff00::/40 maxlen: 48
                          2a0c:3b87:ffff::/48 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:97c0:791::/48 maxlen: 48
                          2a0e:97c0:792::/48 maxlen: 48
                          2a0e:97c4:ac00::/38 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:b107:278b::/48 maxlen: 48
                          2a10:ccc7:9000::/38 maxlen: 48
Validation:               Failed, certificate revoked on Thu 24 Oct 2024 00:28:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bb:81:79:7c:ca:f3:e5:c0:69:f0:fa:2d:8b:80:ad:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 23 22:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6a555f03c11df4095a1400174d7f1d592ece1af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:16:9c:70:f5:5f:0e:c4:e5:b7:38:c9:84:56:
                    64:33:5d:6d:28:67:90:24:49:cd:c0:58:71:1f:8d:
                    bc:d3:83:a5:61:99:37:7e:4d:e8:4b:ad:a7:19:87:
                    0b:4c:19:44:a5:cb:f3:20:66:f8:5b:65:1d:2c:81:
                    14:68:0a:1f:3e:a9:8d:d7:17:3d:0c:66:c2:2f:09:
                    9e:47:d4:0d:be:ec:b0:26:d7:f7:0b:a2:0e:55:d4:
                    44:88:6d:52:bd:b1:4c:43:e2:47:db:34:78:5c:32:
                    a0:fe:00:e6:e0:3d:9c:3d:ff:40:90:6d:84:cb:bd:
                    17:17:85:0f:6a:c5:dd:a9:60:75:24:eb:e0:0f:2a:
                    61:93:cf:d2:11:d6:3e:eb:cb:cb:22:63:dc:59:82:
                    65:aa:b1:ce:e1:8f:cc:25:23:62:6d:73:28:24:f2:
                    2b:13:e2:72:78:e6:60:b9:0e:6b:25:8e:6d:f4:39:
                    08:dd:ff:b7:ef:a6:96:bb:3a:65:8b:44:8c:88:89:
                    4b:1c:7e:61:cd:15:4b:4c:65:a8:73:7d:17:74:94:
                    a2:71:25:66:03:7c:21:1d:30:67:b8:36:c4:77:7b:
                    c2:ca:e5:3f:dc:9f:6f:58:6b:0b:64:a7:d1:a2:4d:
                    99:70:70:97:a5:3e:c6:c5:69:2f:36:6f:e6:c0:dc:
                    f9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A5:55:F0:3C:11:DF:40:95:A1:40:01:74:D7:F1:D5:92:EC:E1:AF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pqVV8DwR30CVoUABdNfx1ZLs4a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:f0::/44
                  2a0c:3b87:ff00::/40
                  2a0e:97c0:750::/48
                  2a0e:97c0:791::-2a0e:97c0:792:ffff:ffff:ffff:ffff:ffff
                  2a0e:97c4:ac00::/38
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48
                  2a0e:b107:278b::/48
                  2a10:ccc7:9000::/38

    Signature Algorithm: sha256WithRSAEncryption
         09:a3:2b:6b:7a:4d:59:02:d4:06:23:f7:82:79:92:86:9f:a2:
         be:0e:9d:3e:9c:c3:27:3c:3f:a4:c4:ba:c9:d3:23:70:04:35:
         f5:5b:fe:b9:3e:a6:90:e8:7d:ad:9b:ac:f6:2a:97:a8:d0:36:
         6b:13:96:62:8a:13:d4:ff:52:2f:8a:0b:35:c4:d7:d0:4e:5c:
         72:db:c4:9f:13:0d:43:a8:fd:25:da:0f:21:58:35:39:0e:9f:
         87:31:69:03:b0:6b:86:fe:ea:63:a9:0f:c3:35:cf:97:7b:db:
         03:b6:9f:49:a2:75:5e:f6:f4:54:a0:bf:43:5a:b3:be:d0:3d:
         2b:02:91:28:73:c9:16:8d:dc:04:59:6d:dd:4b:00:d5:07:7d:
         85:24:88:40:12:b7:16:1e:e6:a3:90:6a:fc:d5:b5:78:c9:36:
         c3:c4:45:35:ad:ff:ce:97:80:1d:19:07:78:4b:f1:ea:09:de:
         0c:6e:98:1b:7a:d2:55:a0:d7:f2:e4:e1:3c:55:fc:f1:15:54:
         49:8e:1a:1a:88:29:a5:1e:41:b4:dc:09:40:bc:79:42:a1:85:
         10:8c:d1:cb:bb:ed:4a:75:b6:47:e3:e0:5a:82:27:a9:86:6a:
         cc:e8:ae:67:3b:6b:ea:bd:fd:65:84:36:7f:d5:c8:8c:2c:ca:
         38:c5:58:53
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAZK7gXl8yvPlwGnw+i2LgK1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMDIzMjIzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmE1NTVmMDNjMTFkZjQwOTVhMTQwMDE3NGQ3ZjFkNTkyZWNlMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRaccPVfDsTltzjJhFZkM11tKGeQ
JEnNwFhxH42804OlYZk3fk3oS62nGYcLTBlEpcvzIGb4W2UdLIEUaAofPqmN1xc9
DGbCLwmeR9QNvuywJtf3C6IOVdREiG1SvbFMQ+JH2zR4XDKg/gDm4D2cPf9AkG2E
y70XF4UPasXdqWB1JOvgDyphk8/SEdY+68vLImPcWYJlqrHO4Y/MJSNibXMoJPIr
E+JyeOZguQ5rJY5t9DkI3f+376aWuzpli0SMiIlLHH5hzRVLTGWoc30XdJSicSVm
A3whHTBnuDbEd3vCyuU/3J9vWGsLZKfRok2ZcHCXpT7GxWkvNm/mwNz5WQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFKalVfA8Ed9AlaFAAXTX8dWS7OGvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcHFWVjhEd1IzMENWb1VBQmROZngxWkxzNGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAIwdAMHBCoG3gAA
8AMGACoMO4f/AwcAKg6XwAdQMBIDBwAqDpfAB5EDBwAqDpfAB5IDBgIqDpfErAMH
ACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN8gMHACoOsQcYcAMHACoOsQcbngMHACoO
sQcniwMGAioQzMeQMA0GCSqGSIb3DQEBCwUAA4IBAQAJoytrek1ZAtQGI/eCeZKG
n6K+Dp0+nMMnPD+kxLrJ0yNwBDX1W/65PqaQ6H2tm6z2Kpeo0DZrE5ZiihPU/1Iv
igs1xNfQTlxy28SfEw1DqP0l2g8hWDU5Dp+HMWkDsGuG/upjqQ/DNc+Xe9sDtp9J
onVe9vRUoL9DWrO+0D0rApEoc8kWjdwEWW3dSwDVB32FJIhAErcWHuajkGr81bV4
yTbDxEU1rf/Ol4AdGQd4S/HqCd4MbpgbetJVoNfy5OE8VfzxFVRJjhoaiCmlHkG0
3AlAvHlCoYUQjNHLu+1KdbZH4+BagiephmrM6K5nO2vqvf1lhDZ/1ciMLMo4xVhT
-----END CERTIFICATE-----