Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nSGwsi5EywDgPqaAfLHVEGliO78.roa
File:                     nSGwsi5EywDgPqaAfLHVEGliO78.roa (raw, json)
Hash identifier:          Q2tKEOqZpoYIwGC+Qp8CNwg85vNq7pa6TsP11CkGwQQ=
Subject key identifier:   9D:21:B0:B2:2E:44:CB:00:E0:3E:A6:80:7C:B1:D5:10:69:62:3B:BF
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018F20954E4DF6CB862C41F16149D542F39F
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nSGwsi5EywDgPqaAfLHVEGliO78.roa
Signing time:             Sat 27 Apr 2024 17:23:26 +0000
ROA not before:           Sat 27 Apr 2024 17:23:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215158
IP address blocks:        2a11:4540::/29 maxlen: 29
                          2a11:e8c0::/29 maxlen: 29
                          2a11:ea80::/29 maxlen: 29
                          2a11:ff40::/29 maxlen: 29
                          2a12:1040::/29 maxlen: 29
                          2a12:2e80::/29 maxlen: 29
                          2a12:3c00::/29 maxlen: 29
                          2a12:8580::/29 maxlen: 29
                          2a12:8a00::/29 maxlen: 29
                          2a12:9300::/29 maxlen: 29
                          2a12:d080::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 29 Apr 2024 17:40:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:20:95:4e:4d:f6:cb:86:2c:41:f1:61:49:d5:42:f3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 27 17:23:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d21b0b22e44cb00e03ea6807cb1d51069623bbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f3:3f:a0:3e:3d:b1:da:72:cf:4e:d7:03:89:
                    76:29:a8:34:f5:89:c7:43:21:e2:81:34:84:aa:a9:
                    7d:0f:11:44:9d:93:0b:a2:ed:1f:fb:91:62:73:c1:
                    17:1b:a0:75:c8:83:bf:d5:66:9d:b7:64:4d:90:af:
                    20:5d:d1:10:1c:bc:21:35:c8:c4:62:02:1e:1d:a9:
                    19:e1:e8:ce:0c:f7:0e:4b:a3:83:f7:f4:ff:90:85:
                    9e:36:1e:80:39:08:a2:54:53:eb:26:68:e0:bb:15:
                    31:f6:59:f7:fd:6e:4f:03:c2:fd:79:6e:d1:fc:ea:
                    b9:77:7c:c9:14:ad:a1:bf:cc:89:22:50:e2:0c:6a:
                    62:ae:1a:51:88:01:f1:b7:66:fc:0c:3e:81:5d:e4:
                    6c:0a:2a:a6:f4:42:a9:a5:e6:ba:00:ce:91:49:52:
                    52:3c:85:2b:9f:96:ae:53:19:41:19:0e:73:af:19:
                    40:f9:58:ac:7b:27:ab:33:77:be:dd:13:48:fb:8e:
                    1c:c7:7b:2f:cb:70:35:da:c1:3b:a5:0b:69:72:91:
                    34:f7:89:97:24:da:27:82:0b:ec:0c:46:9a:d5:6e:
                    57:03:d1:35:f5:f2:1f:10:84:2f:dd:23:87:ad:dd:
                    e2:8c:90:48:3e:e7:f2:2f:42:19:da:d7:06:78:a7:
                    01:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:21:B0:B2:2E:44:CB:00:E0:3E:A6:80:7C:B1:D5:10:69:62:3B:BF
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nSGwsi5EywDgPqaAfLHVEGliO78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4540::/29
                  2a11:e8c0::/29
                  2a11:ea80::/29
                  2a11:ff40::/29
                  2a12:1040::/29
                  2a12:2e80::/29
                  2a12:3c00::/29
                  2a12:8580::/29
                  2a12:8a00::/29
                  2a12:9300::/29
                  2a12:d080::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:a5:a1:f0:12:ee:fb:96:f6:b8:9a:e3:f9:73:20:fe:3f:97:
         80:f4:a9:36:58:0b:6d:c4:1a:55:95:26:22:c2:75:12:d9:f8:
         24:f4:72:dc:a8:9c:49:45:df:d0:1a:3b:06:73:ca:c0:2b:5d:
         f9:c8:15:11:50:a4:69:b4:de:2c:f3:5b:80:41:9a:02:89:e2:
         48:e6:fb:93:e8:54:02:58:ef:1c:06:c0:82:5f:d0:7d:57:17:
         09:bb:33:b6:be:fa:0e:bd:e7:48:29:1b:cb:55:f7:96:21:c8:
         1d:bb:36:a3:8f:5b:32:5b:a4:b4:48:35:bb:0c:2f:3a:ad:87:
         85:3f:ac:a4:21:df:58:fb:67:ff:bc:21:90:5e:f0:20:29:1c:
         60:2e:71:64:04:35:f0:42:6d:c5:b7:a5:e6:9d:ef:be:37:7a:
         99:c2:7b:66:c1:e7:05:7d:7f:b7:e3:31:85:46:5c:9f:c1:4b:
         8f:27:6a:88:10:87:56:26:a1:18:bd:6a:fe:4a:db:cc:00:4b:
         30:b2:5f:a7:34:a5:03:53:a2:bf:da:a5:fb:7c:df:a8:71:56:
         2b:09:0c:51:0b:9a:f7:b8:7e:b3:58:a2:3b:03:cb:d6:03:a5:
         09:de:f3:1f:a2:e5:19:a3:44:1f:00:e7:5a:55:c9:1e:a6:1a:
         fd:fe:83:dc
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY8glU5N9suGLEHxYUnVQvOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDI3MTcyMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDIxYjBiMjJlNDRjYjAwZTAzZWE2ODA3Y2IxZDUxMDY5NjIzYmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/M/oD49sdpyz07XA4l2Kag09YnH
QyHigTSEqql9DxFEnZMLou0f+5Fic8EXG6B1yIO/1Wadt2RNkK8gXdEQHLwhNcjE
YgIeHakZ4ejODPcOS6OD9/T/kIWeNh6AOQiiVFPrJmjguxUx9ln3/W5PA8L9eW7R
/Oq5d3zJFK2hv8yJIlDiDGpirhpRiAHxt2b8DD6BXeRsCiqm9EKppea6AM6RSVJS
PIUrn5auUxlBGQ5zrxlA+ViseyerM3e+3RNI+44cx3svy3A12sE7pQtpcpE094mX
JNonggvsDEaa1W5XA9E19fIfEIQv3SOHrd3ijJBIPufyL0IZ2tcGeKcBqwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFJ0hsLIuRMsA4D6mgHyx1RBpYju/MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvblNHd3NpNUV5d0RnUHFhQWZMSFZFR2xpTzc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKhFFQAMF
AyoR6MADBQMqEeqAAwUDKhH/QAMFAyoSEEADBQMqEi6AAwUDKhI8AAMFAyoShYAD
BQMqEooAAwUDKhKTAAMFAyoS0IAwDQYJKoZIhvcNAQELBQADggEBABWlofAS7vuW
9ria4/lzIP4/l4D0qTZYC23EGlWVJiLCdRLZ+CT0ctyonElF39AaOwZzysArXfnI
FRFQpGm03izzW4BBmgKJ4kjm+5PoVAJY7xwGwIJf0H1XFwm7M7a++g6950gpG8tV
95YhyB27NqOPWzJbpLRINbsMLzqth4U/rKQh31j7Z/+8IZBe8CApHGAucWQENfBC
bcW3pead7743epnCe2bB5wV9f7fjMYVGXJ/BS48naogQh1YmoRi9av5K28wASzCy
X6c0pQNTor/apft836hxVisJDFELmve4frNYojsDy9YDpQne8x+i5RmjRB8A51pV
yR6mGv3+g9w=
-----END CERTIFICATE-----