Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/RDvomJcEFrlBDVpOYewhDg1wvAk.roa
File:                     RDvomJcEFrlBDVpOYewhDg1wvAk.roa (raw, json)
Hash identifier:          NkNfC7JwHPhbgq+EyXo4UBxw2E7i/S8PTiH6o8Dyfd0=
Subject key identifier:   44:3B:E8:98:97:04:16:B9:41:0D:5A:4E:61:EC:21:0E:0D:70:BC:09
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       0192FC290C5829BC8FAFB7C049A02D4F0382
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/RDvomJcEFrlBDVpOYewhDg1wvAk.roa
Signing time:             Tue 05 Nov 2024 11:50:01 +0000
ROA not before:           Tue 05 Nov 2024 11:50:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201364
IP address blocks:        2a0b:9800::/32 maxlen: 32
                          2a0b:9801::/32 maxlen: 32
                          2a0b:9802::/32 maxlen: 32
                          2a0b:9803::/32 maxlen: 32
                          2a0b:9804::/32 maxlen: 32
                          2a0b:9805::/32 maxlen: 32
                          2a0b:9806::/32 maxlen: 32
                          2a0b:9807::/32 maxlen: 32
                          2a0f:3380::/32 maxlen: 32
                          2a0f:3381::/32 maxlen: 32
                          2a0f:3382::/32 maxlen: 32
                          2a0f:3383::/32 maxlen: 32
                          2a0f:3384::/32 maxlen: 32
                          2a0f:3385::/32 maxlen: 32
                          2a0f:3386::/32 maxlen: 32
                          2a0f:3387::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sun 10 Nov 2024 11:42:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:29:0c:58:29:bc:8f:af:b7:c0:49:a0:2d:4f:03:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Nov  5 11:50:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=443be898970416b9410d5a4e61ec210e0d70bc09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:98:c2:3b:8a:2d:99:41:a2:31:7a:8f:3e:61:
                    26:c9:88:19:e1:0e:fc:45:e2:f1:7f:e2:e3:80:df:
                    cb:c7:ce:35:b4:8a:25:78:83:9e:7c:3c:1b:e7:9c:
                    42:f4:5a:b7:70:5a:41:6c:e4:57:51:54:6b:51:f6:
                    e0:f0:b0:3e:ed:b4:64:24:c5:d0:9a:ec:30:a4:fb:
                    8d:d4:aa:b3:97:ad:e8:1b:38:ef:99:2e:c5:f8:0e:
                    81:1a:1a:e0:cc:fa:5d:f6:97:da:1c:fb:45:a3:e5:
                    28:03:9c:32:9d:84:ed:64:86:cd:c7:9e:4c:34:a7:
                    c6:31:c3:99:d9:e7:46:f4:8e:8b:0c:74:10:63:a4:
                    86:1d:0b:a8:77:8a:ed:9d:a7:b5:f1:a3:db:8d:04:
                    f6:da:cc:6b:9e:75:ce:78:f2:9b:a7:10:6d:a0:4a:
                    da:0f:49:b3:55:06:b6:b3:b6:2b:98:65:a5:a3:c3:
                    7e:c0:69:be:60:58:81:9c:59:d4:9e:b2:ad:34:46:
                    f5:c1:88:9a:4b:d4:bc:05:b3:c1:3a:fc:0c:76:d0:
                    57:1d:12:ef:34:01:cb:19:1c:c0:b3:cd:83:d7:b0:
                    4d:d8:3d:8b:46:47:9a:a4:db:7e:b4:a6:e0:46:97:
                    eb:c5:4e:b7:a2:33:2b:83:51:ec:78:a9:be:85:db:
                    9e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:3B:E8:98:97:04:16:B9:41:0D:5A:4E:61:EC:21:0E:0D:70:BC:09
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/RDvomJcEFrlBDVpOYewhDg1wvAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:9800::/29
                  2a0f:3380::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:65:06:d8:6e:fd:a4:3c:e6:a1:67:c8:30:58:93:78:cd:52:
         c9:92:4d:a9:4b:17:01:95:90:9b:ef:d2:9f:2f:35:23:ca:ed:
         e4:6e:66:79:4f:15:9b:30:04:97:81:b0:40:de:43:25:22:e0:
         4b:e2:25:0f:3a:e2:be:26:b8:85:78:63:0d:87:31:d7:75:05:
         d1:0d:16:31:89:48:f3:4d:4d:ba:42:79:40:28:6d:17:e6:29:
         7c:7c:49:a8:9b:0f:c7:89:1d:02:e5:77:ce:53:5d:dc:98:e7:
         ca:6c:f0:f0:73:ac:47:a3:91:40:8a:31:9d:46:b6:58:6a:3b:
         4a:57:c6:78:0d:32:45:e8:ba:f6:97:03:0e:3e:86:b2:71:49:
         08:88:c8:11:e2:f0:de:69:33:ce:c8:27:a3:ab:8d:f3:fb:f6:
         aa:97:95:51:ef:90:d1:24:fc:0c:35:ec:61:4b:cb:19:b1:da:
         57:08:31:32:ce:88:bd:db:a5:a9:58:df:8a:7b:af:22:8b:12:
         87:52:a5:5b:93:53:3c:44:5c:c1:8c:ac:e8:b1:85:e7:04:b2:
         69:aa:80:c7:ac:b9:fa:b1:66:01:c8:bc:e6:18:de:8e:fa:53:
         77:de:17:6f:56:ad:46:13:b2:24:b6:7a:e9:e9:97:1d:61:a5:
         b9:8d:bc:91
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZL8KQxYKbyPr7fASaAtTwOCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjQxMTA1MTE1MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDNiZTg5ODk3MDQxNmI5NDEwZDVhNGU2MWVjMjEwZTBkNzBiYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpjCO4otmUGiMXqPPmEmyYgZ4Q78
ReLxf+LjgN/Lx841tIoleIOefDwb55xC9Fq3cFpBbORXUVRrUfbg8LA+7bRkJMXQ
muwwpPuN1Kqzl63oGzjvmS7F+A6BGhrgzPpd9pfaHPtFo+UoA5wynYTtZIbNx55M
NKfGMcOZ2edG9I6LDHQQY6SGHQuod4rtnae18aPbjQT22sxrnnXOePKbpxBtoEra
D0mzVQa2s7YrmGWlo8N+wGm+YFiBnFnUnrKtNEb1wYiaS9S8BbPBOvwMdtBXHRLv
NAHLGRzAs82D17BN2D2LRkeapNt+tKbgRpfrxU63ojMrg1HseKm+hdueLQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEQ76JiXBBa5QQ1aTmHsIQ4NcLwJMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvUkR2b21KY0VGcmxCRFZwT1lld2hEZzF3dkFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKguYAAMF
AyoPM4AwDQYJKoZIhvcNAQELBQADggEBABNlBthu/aQ85qFnyDBYk3jNUsmSTalL
FwGVkJvv0p8vNSPK7eRuZnlPFZswBJeBsEDeQyUi4EviJQ864r4muIV4Yw2HMdd1
BdENFjGJSPNNTbpCeUAobRfmKXx8SaibD8eJHQLld85TXdyY58ps8PBzrEejkUCK
MZ1GtlhqO0pXxngNMkXouvaXAw4+hrJxSQiIyBHi8N5pM87IJ6OrjfP79qqXlVHv
kNEk/Aw17GFLyxmx2lcIMTLOiL3bpalY34p7ryKLEodSpVuTUzxEXMGMrOixhecE
smmqgMesufqxZgHIvOYY3o76U3feF29WrUYTsiS2eunplx1hpbmNvJE=
-----END CERTIFICATE-----