Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/xaSpHDZ0GAs4sVw2RwGTZOtVUjE.roa
File:                     xaSpHDZ0GAs4sVw2RwGTZOtVUjE.roa (raw, json)
Hash identifier:          mCSPcaeHEjWB55rIZTx66I5GIzESiuUC6CB9KDMbljw=
Subject key identifier:   C5:A4:A9:1C:36:74:18:0B:38:B1:5C:36:47:01:93:64:EB:55:52:31
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0192BBECB197D3B5B3E8F1DE42027C63DFFD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/xaSpHDZ0GAs4sVw2RwGTZOtVUjE.roa
Signing time:             Thu 24 Oct 2024 00:28:24 +0000
ROA not before:           Thu 24 Oct 2024 00:28:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a06:de00:f0::/44 maxlen: 48
                          2a0c:3b87:ff00::/40 maxlen: 48
                          2a0c:3b87:ffff::/48 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:97c0:791::/48 maxlen: 48
                          2a0e:97c0:792::/48 maxlen: 48
                          2a0e:97c4:ac00::/38 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:b107:278b::/48 maxlen: 48
                          2a10:ccc7:9000::/38 maxlen: 48

Validation:               Failed, certificate revoked on Thu 07 Nov 2024 00:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bb:ec:b1:97:d3:b5:b3:e8:f1:de:42:02:7c:63:df:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 24 00:28:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5a4a91c3674180b38b15c3647019364eb555231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f3:15:59:49:3d:1e:a7:e8:35:de:41:6f:55:
                    31:a4:5e:70:2b:95:8f:bd:3b:58:ab:d0:8e:51:d9:
                    ae:5e:b3:37:55:d9:4e:3d:62:22:9f:b0:e2:d4:e0:
                    72:f0:3d:f5:b2:51:43:63:5c:cb:4e:ce:4f:29:d9:
                    f3:ce:b4:81:a9:29:93:92:a9:00:48:3c:1b:63:a8:
                    6f:41:5d:68:9e:c1:38:d1:2c:41:c6:0e:71:9b:bf:
                    b8:79:b0:40:8a:4a:61:65:ab:d8:c8:72:f9:9e:4b:
                    71:14:7e:c5:45:18:ce:e1:d6:e0:cf:ae:cb:45:c3:
                    37:11:e0:69:34:4f:2b:20:8b:e2:5d:83:28:ca:ee:
                    0e:74:29:97:6f:4b:21:70:58:ef:68:ea:71:03:54:
                    13:6d:bc:c6:3a:54:33:6e:10:d1:b9:1b:39:1f:a2:
                    04:34:56:23:73:02:fc:52:b6:0d:ad:97:7b:99:23:
                    ab:92:e5:f0:21:98:35:cb:a6:4b:f1:12:5f:06:b0:
                    cb:fd:22:22:e3:ea:2d:e9:fe:10:52:68:54:64:55:
                    a8:48:90:e5:17:45:4a:1b:d6:44:58:8a:e0:82:26:
                    bd:46:e2:bb:34:58:29:90:ab:fc:3c:10:5e:ff:b5:
                    c5:9c:e8:88:c2:07:84:21:12:7a:6f:6a:d6:71:bb:
                    65:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A4:A9:1C:36:74:18:0B:38:B1:5C:36:47:01:93:64:EB:55:52:31
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/xaSpHDZ0GAs4sVw2RwGTZOtVUjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:f0::/44
                  2a0c:3b87:ff00::/40
                  2a0e:97c0:750::/48
                  2a0e:97c0:791::-2a0e:97c0:792:ffff:ffff:ffff:ffff:ffff
                  2a0e:97c4:ac00::/38
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48
                  2a0e:b107:278b::/48
                  2a10:ccc7:9000::/38

    Signature Algorithm: sha256WithRSAEncryption
         0a:75:11:4e:a9:6d:4e:b3:e2:69:de:0d:1c:ae:cf:a0:20:67:
         85:50:bf:5f:48:e9:7e:e6:5f:b4:57:83:fa:7d:aa:f5:ce:9e:
         fe:d8:2e:87:e1:d9:9d:8e:2d:a0:57:50:be:e7:4b:65:63:70:
         24:f1:7d:0a:04:5f:e8:df:bb:92:6f:4f:f7:42:50:2e:b1:7c:
         b6:3e:7c:d4:ee:60:1d:b8:48:4c:d3:c5:a1:32:50:51:7d:7c:
         4b:3c:8a:ea:7f:ff:51:75:d0:be:f9:df:9c:d1:a6:76:7c:a2:
         f5:f3:68:14:1d:ae:c7:83:52:ce:8b:95:8c:58:b6:22:e9:53:
         5c:d6:e1:23:28:87:e7:d2:2d:e1:f6:6c:15:f3:7d:0f:ae:3e:
         e1:8e:fa:4b:fd:13:0d:ac:28:b4:bd:d5:cb:8f:71:dc:b3:25:
         01:c9:c4:a4:30:be:c4:14:0d:46:45:da:b1:56:1b:c1:f2:07:
         cb:a9:7a:21:a1:e6:e6:19:db:e3:86:70:59:ee:3b:c6:7f:1c:
         ee:c6:cb:6b:f4:20:54:e9:5b:ed:78:d1:3e:5a:87:70:1f:5b:
         60:26:ea:75:ad:d8:df:2a:46:21:13:ae:6e:36:18:0c:df:d7:
         5f:0d:48:0f:69:20:3e:ed:b7:8a:7a:7a:21:c6:7f:90:03:38:
         df:52:ab:fb
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAZK77LGX07Wz6PHeQgJ8Y9/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMDI0MDAyODI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE0YTkxYzM2NzQxODBiMzhiMTVjMzY0NzAxOTM2NGViNTU1MjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfMVWUk9HqfoNd5Bb1UxpF5wK5WP
vTtYq9COUdmuXrM3VdlOPWIin7Di1OBy8D31slFDY1zLTs5PKdnzzrSBqSmTkqkA
SDwbY6hvQV1onsE40SxBxg5xm7+4ebBAikphZavYyHL5nktxFH7FRRjO4dbgz67L
RcM3EeBpNE8rIIviXYMoyu4OdCmXb0shcFjvaOpxA1QTbbzGOlQzbhDRuRs5H6IE
NFYjcwL8UrYNrZd7mSOrkuXwIZg1y6ZL8RJfBrDL/SIi4+ot6f4QUmhUZFWoSJDl
F0VKG9ZEWIrggia9RuK7NFgpkKv8PBBe/7XFnOiIwgeEIRJ6b2rWcbtlRQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFMWkqRw2dBgLOLFcNkcBk2TrVVIxMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveGFTcEhEWjBHQXM0c1Z3MlJ3R1RaT3RWVWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAIwdAMHBCoG3gAA
8AMGACoMO4f/AwcAKg6XwAdQMBIDBwAqDpfAB5EDBwAqDpfAB5IDBgIqDpfErAMH
ACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN8gMHACoOsQcYcAMHACoOsQcbngMHACoO
sQcniwMGAioQzMeQMA0GCSqGSIb3DQEBCwUAA4IBAQAKdRFOqW1Os+Jp3g0crs+g
IGeFUL9fSOl+5l+0V4P6far1zp7+2C6H4dmdji2gV1C+50tlY3Ak8X0KBF/o37uS
b0/3QlAusXy2PnzU7mAduEhM08WhMlBRfXxLPIrqf/9RddC++d+c0aZ2fKL182gU
Ha7Hg1LOi5WMWLYi6VNc1uEjKIfn0i3h9mwV830Prj7hjvpL/RMNrCi0vdXLj3Hc
syUBycSkML7EFA1GRdqxVhvB8gfLqXohoebmGdvjhnBZ7jvGfxzuxstr9CBU6Vvt
eNE+WodwH1tgJup1rdjfKkYhE65uNhgM39dfDUgPaSA+7beKenohxn+QAzjfUqv7
-----END CERTIFICATE-----