Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/h_XToe5sbbnQo2qbs1ItwQbP-g4.roa
File:                     h_XToe5sbbnQo2qbs1ItwQbP-g4.roa (raw, json)
Hash identifier:          z7QOjwP/yv0DCzz69kb32HvAy1+wwdg3F46jRiV2boI=
Subject key identifier:   87:F5:D3:A1:EE:6C:6D:B9:D0:A3:6A:9B:B3:52:2D:C1:06:CF:FA:0E
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018F91AD9A8C27C54574505E6F2BDB8AB312
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/h_XToe5sbbnQo2qbs1ItwQbP-g4.roa
Signing time:             Sun 19 May 2024 16:27:04 +0000
ROA not before:           Sun 19 May 2024 16:27:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215158
IP address blocks:        2a11:1c80::/29 maxlen: 29
                          2a11:a040::/29 maxlen: 29
                          2a11:e8c0::/29 maxlen: 29
                          2a11:ea80::/29 maxlen: 29
                          2a11:ff40::/29 maxlen: 29
                          2a12:1040::/29 maxlen: 29
                          2a12:12c0::/29 maxlen: 29
                          2a12:2e80::/29 maxlen: 29
                          2a12:3c00::/29 maxlen: 29
                          2a12:8580::/29 maxlen: 29
                          2a12:8a00::/29 maxlen: 29
                          2a12:9300::/29 maxlen: 29
                          2a12:d080::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 23 May 2024 11:59:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:91:ad:9a:8c:27:c5:45:74:50:5e:6f:2b:db:8a:b3:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May 19 16:27:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87f5d3a1ee6c6db9d0a36a9bb3522dc106cffa0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:12:1a:4a:7d:0b:8f:29:aa:b3:b1:18:86:50:
                    b2:d6:e7:34:71:c0:77:3a:a9:c8:a3:73:11:66:9c:
                    bf:1b:d4:03:50:00:00:c4:c1:58:5f:3b:90:59:b2:
                    aa:fb:5b:c0:c6:10:dd:73:a1:55:7e:15:11:4d:9c:
                    2b:28:cc:9e:c7:fd:b2:88:5d:c4:e6:4a:18:1d:70:
                    7d:a8:bf:15:a6:9e:ff:26:6b:6d:99:27:73:f3:fc:
                    ee:71:79:ee:8f:8a:f0:89:11:02:81:2c:1b:1c:7b:
                    9a:99:6d:17:97:25:5c:da:56:94:ba:7a:6f:a4:d7:
                    fc:5a:ca:83:5a:a1:6f:b2:c4:c3:a4:97:0b:4a:c7:
                    e4:93:1f:37:c0:c6:dd:1d:34:46:47:24:e0:8d:81:
                    87:83:8c:0a:56:63:3e:f4:79:7e:e1:e3:8f:5d:b7:
                    f5:45:6f:b1:f9:29:49:a0:1f:e4:62:fd:fb:4e:3e:
                    20:a8:dc:e7:04:dc:34:1e:04:a3:fa:12:18:20:f8:
                    20:eb:48:07:b7:91:a5:53:5b:6b:82:d0:ad:84:d2:
                    35:4e:de:35:99:02:c5:07:72:f1:25:35:d4:77:27:
                    49:32:76:cb:96:65:f7:96:7b:e9:78:14:6a:a6:d5:
                    7f:5b:b9:58:60:81:4a:01:bc:ef:9d:a5:45:7d:34:
                    9b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F5:D3:A1:EE:6C:6D:B9:D0:A3:6A:9B:B3:52:2D:C1:06:CF:FA:0E
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/h_XToe5sbbnQo2qbs1ItwQbP-g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1c80::/29
                  2a11:a040::/29
                  2a11:e8c0::/29
                  2a11:ea80::/29
                  2a11:ff40::/29
                  2a12:1040::/29
                  2a12:12c0::/29
                  2a12:2e80::/29
                  2a12:3c00::/29
                  2a12:8580::/29
                  2a12:8a00::/29
                  2a12:9300::/29
                  2a12:d080::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:2c:b3:e5:28:4b:d9:fc:f1:ef:ae:1d:9d:bb:bc:d5:ea:a9:
         ce:4b:0e:2a:7f:7a:b2:f8:a0:a3:a4:10:b8:6e:02:33:fe:80:
         9f:59:73:fb:47:6e:44:d3:37:28:96:f4:bc:ff:d3:e9:a6:7a:
         53:b1:fe:95:3c:6d:e9:b8:d8:bb:91:1a:4a:d7:6c:d6:db:b8:
         0b:6a:75:f0:8d:e8:4d:56:5e:3a:0a:ba:97:5b:68:dd:1b:1d:
         04:53:a1:c3:dc:52:42:ea:fb:2d:52:fb:0f:e5:00:48:a9:cc:
         90:96:fc:6e:c3:04:6c:78:16:c3:74:87:03:3d:ec:0b:cf:f9:
         02:9f:60:3a:f9:af:70:5c:f6:0b:15:a7:11:22:53:cc:27:76:
         3a:88:d6:b4:5d:c4:9d:4c:3f:d1:cf:3d:6d:3a:94:e0:3c:b1:
         64:5a:f0:22:78:3d:7e:a4:ba:7f:87:df:2e:c5:72:e0:d0:ac:
         e2:82:2b:22:94:c1:37:d3:3f:e1:bc:5e:4e:20:1c:8a:cb:95:
         bf:e0:50:24:e8:f5:a0:84:a3:18:dd:e1:a7:f6:ad:10:e9:ee:
         d9:81:6b:22:6c:6c:e8:d9:43:c6:d6:30:53:35:3f:ae:47:c6:
         82:83:15:ef:26:8c:dc:19:6f:17:3b:33:eb:8b:33:4f:14:d9:
         28:21:16:31
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAY+RrZqMJ8VFdFBebyvbirMSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNTE5MTYyNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Y1ZDNhMWVlNmM2ZGI5ZDBhMzZhOWJiMzUyMmRjMTA2Y2ZmYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBIaSn0Ljymqs7EYhlCy1uc0ccB3
OqnIo3MRZpy/G9QDUAAAxMFYXzuQWbKq+1vAxhDdc6FVfhURTZwrKMyex/2yiF3E
5koYHXB9qL8Vpp7/JmttmSdz8/zucXnuj4rwiRECgSwbHHuamW0XlyVc2laUunpv
pNf8WsqDWqFvssTDpJcLSsfkkx83wMbdHTRGRyTgjYGHg4wKVmM+9Hl+4eOPXbf1
RW+x+SlJoB/kYv37Tj4gqNznBNw0HgSj+hIYIPgg60gHt5GlU1trgtCthNI1Tt41
mQLFB3LxJTXUdydJMnbLlmX3lnvpeBRqptV/W7lYYIFKAbzvnaVFfTSbswIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFIf106HubG250KNqm7NSLcEGz/oOMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvaF9YVG9lNXNiYm5RbzJxYnMxSXR3UWJQLWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAAjBbAwUDKhEcgAMF
AyoRoEADBQMqEejAAwUDKhHqgAMFAyoR/0ADBQMqEhBAAwUDKhISwAMFAyoSLoAD
BQMqEjwAAwUDKhKFgAMFAyoSigADBQMqEpMAAwUDKhLQgDANBgkqhkiG9w0BAQsF
AAOCAQEAgiyz5ShL2fzx764dnbu81eqpzksOKn96svigo6QQuG4CM/6An1lz+0du
RNM3KJb0vP/T6aZ6U7H+lTxt6bjYu5EaStds1tu4C2p18I3oTVZeOgq6l1to3Rsd
BFOhw9xSQur7LVL7D+UASKnMkJb8bsMEbHgWw3SHAz3sC8/5Ap9gOvmvcFz2CxWn
ESJTzCd2OojWtF3EnUw/0c89bTqU4DyxZFrwIng9fqS6f4ffLsVy4NCs4oIrIpTB
N9M/4bxeTiAcisuVv+BQJOj1oISjGN3hp/atEOnu2YFrImxs6NlDxtYwUzU/rkfG
goMV7yaM3BlvFzsz64szTxTZKCEWMQ==
-----END CERTIFICATE-----