Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/JSTjK9ik8yJnlwa7hRmaQzYoPGk.roa
File:                     JSTjK9ik8yJnlwa7hRmaQzYoPGk.roa (raw, json)
Hash identifier:          iaJFH0yJ0m/DxgNlZzaOc8E2ixcvOjqB9NxoQBRLgtQ=
Subject key identifier:   25:24:E3:2B:D8:A4:F3:22:67:97:06:BB:85:19:9A:43:36:28:3C:69
Certificate issuer:       /CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
Certificate serial:       019368E3F4F7B98CD1734D60C9E87EF2B9DE
Authority key identifier: 2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/JSTjK9ik8yJnlwa7hRmaQzYoPGk.roa
Signing time:             Tue 26 Nov 2024 14:33:10 +0000
ROA not before:           Tue 26 Nov 2024 14:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21416
IP address blocks:        2a0e:eac0:1000::/48 maxlen: 48
                          2a0e:eac0:1001::/48 maxlen: 48
                          2a0e:eac0:1002::/48 maxlen: 48
                          2a0e:eac0:1104::/48 maxlen: 48
                          2a0e:eac0:1105::/48 maxlen: 48
                          2a0e:eac0:1106::/48 maxlen: 48
                          2a0e:eac0:1107::/48 maxlen: 48
                          2a0e:eac0:1108::/48 maxlen: 48
                          2a0e:eac0:1109::/48 maxlen: 48
                          2a0e:eac0:1110::/48 maxlen: 48
                          2a0e:eac0:1112::/48 maxlen: 48
                          2a0e:eac0:1113::/48 maxlen: 48
                          2a0e:eac0:1115::/48 maxlen: 48
Validation:               Failed, certificate revoked on Thu 12 Dec 2024 14:08:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:68:e3:f4:f7:b9:8c:d1:73:4d:60:c9:e8:7e:f2:b9:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
        Validity
            Not Before: Nov 26 14:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2524e32bd8a4f322679706bb85199a4336283c69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5b:fa:7e:d0:9e:8c:24:6b:2f:fd:e3:35:4d:
                    59:d8:fe:4b:7b:fc:a8:34:ce:08:d1:0d:b7:ca:50:
                    28:93:df:98:86:1b:a6:e1:e0:d2:85:54:0f:24:e0:
                    d1:db:92:96:91:cb:1d:49:dd:04:c3:ea:68:0d:88:
                    19:80:03:2a:ad:cd:6e:f7:90:e4:c2:41:c5:b7:a8:
                    32:b0:4c:56:76:2d:57:e7:4b:89:2f:99:1b:5b:08:
                    3d:89:1f:ec:d8:1b:b2:63:c2:08:d4:16:f6:04:a3:
                    c1:4d:52:19:5e:e2:5f:93:04:f7:4f:16:28:2f:fb:
                    d4:7b:54:ba:22:b3:ea:e0:73:c4:a3:4d:07:75:a9:
                    fd:65:a7:ca:7f:70:b1:f3:1a:0d:21:6c:7c:85:6e:
                    85:af:e3:52:63:ca:36:ac:30:4e:9b:4b:da:40:8d:
                    a2:4e:1e:93:c9:3a:b1:9a:75:65:ac:40:b7:f6:7b:
                    fd:24:5d:a9:33:25:ef:0d:47:4b:62:2b:1f:b2:2e:
                    ad:b0:ca:3e:1f:5e:44:59:2d:b8:91:84:72:b9:00:
                    8e:a2:98:d0:34:98:c9:68:a1:75:6c:50:cb:ef:7c:
                    86:85:d7:d7:f7:73:bd:c7:ac:f0:1a:59:8f:cf:16:
                    5e:df:89:1e:0a:49:3b:7b:35:ac:1d:36:93:09:f6:
                    26:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:24:E3:2B:D8:A4:F3:22:67:97:06:BB:85:19:9A:43:36:28:3C:69
            X509v3 Authority Key Identifier:
                keyid:2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/JSTjK9ik8yJnlwa7hRmaQzYoPGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:eac0:1000::-2a0e:eac0:1002:ffff:ffff:ffff:ffff:ffff
                  2a0e:eac0:1104::-2a0e:eac0:1109:ffff:ffff:ffff:ffff:ffff
                  2a0e:eac0:1110::/48
                  2a0e:eac0:1112::/47
                  2a0e:eac0:1115::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:cf:1c:97:27:25:1d:72:f3:10:75:df:43:07:91:98:bc:36:
         01:3f:7f:59:57:b8:ee:9f:2a:e1:3a:3f:9f:98:65:17:a4:12:
         87:02:61:53:60:f7:a0:74:16:25:fe:84:d2:66:ca:48:50:f3:
         b5:7b:e6:99:a3:ab:19:0d:57:e5:4c:06:65:51:84:9f:78:b1:
         70:1c:0c:c5:91:d4:11:6a:00:30:af:23:f6:94:4c:77:89:93:
         dc:1b:dc:20:93:94:37:6c:ea:3d:f7:3a:bf:e4:cd:2a:c2:65:
         d6:11:31:82:12:2b:cc:3c:32:89:69:82:45:50:4e:19:a3:62:
         7d:16:12:20:c8:49:24:34:b5:36:9a:d9:ea:03:7f:99:6e:e6:
         8a:86:35:e4:a0:1f:fd:fc:27:61:b0:7b:91:0c:43:a8:41:fb:
         ec:be:b7:b2:aa:f2:92:aa:a5:ed:78:9c:3b:b9:5c:c3:29:b2:
         1e:46:ee:27:6e:e7:33:6c:b0:b8:d7:e0:38:27:62:cb:50:62:
         60:c2:f5:8f:20:74:0d:c1:c7:38:d4:a6:0b:d6:a1:c3:35:1c:
         ec:3f:3c:44:43:09:b0:0d:5f:5e:cc:32:49:5e:d7:87:f7:ac:
         33:05:14:db:9d:a2:c2:8f:4e:6f:79:a2:c8:a0:40:bf:70:b2:
         b2:c1:39:b8
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZNo4/T3uYzRc01gyeh+8rneMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQ3ZTUxOTFmODFmZjBhMTlmMTAyYjE3MThhYjRmOWUw
ZWEzYTAwHhcNMjQxMTI2MTQzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTI0ZTMyYmQ4YTRmMzIyNjc5NzA2YmI4NTE5OWE0MzM2MjgzYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1v6ftCejCRrL/3jNU1Z2P5Le/yo
NM4I0Q23ylAok9+Yhhum4eDShVQPJODR25KWkcsdSd0Ew+poDYgZgAMqrc1u95Dk
wkHFt6gysExWdi1X50uJL5kbWwg9iR/s2BuyY8II1Bb2BKPBTVIZXuJfkwT3TxYo
L/vUe1S6IrPq4HPEo00Hdan9ZafKf3Cx8xoNIWx8hW6Fr+NSY8o2rDBOm0vaQI2i
Th6TyTqxmnVlrEC39nv9JF2pMyXvDUdLYisfsi6tsMo+H15EWS24kYRyuQCOopjQ
NJjJaKF1bFDL73yGhdfX93O9x6zwGlmPzxZe34keCkk7ezWsHTaTCfYmkwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCUk4yvYpPMiZ5cGu4UZmkM2KDxpMB8GA1UdIwQY
MBaAFCttflGR+B/woZ8QKxcYq0+eDqOgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAt
MDBjYTMxMjZiM2ZlLzEvSlNUaks5aWs4eUpubHdhN2hSbWFRellvUEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAtMDBjYTMxMjZiM2Zl
LzEvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAAjBCMBEDBgQqDurA
EAMHACoO6sAQAjASAwcCKg7qwBEEAwcBKg7qwBEIAwcAKg7qwBEQAwcBKg7qwBES
AwcAKg7qwBEVMA0GCSqGSIb3DQEBCwUAA4IBAQBZzxyXJyUdcvMQdd9DB5GYvDYB
P39ZV7junyrhOj+fmGUXpBKHAmFTYPegdBYl/oTSZspIUPO1e+aZo6sZDVflTAZl
UYSfeLFwHAzFkdQRagAwryP2lEx3iZPcG9wgk5Q3bOo99zq/5M0qwmXWETGCEivM
PDKJaYJFUE4Zo2J9FhIgyEkkNLU2mtnqA3+ZbuaKhjXkoB/9/CdhsHuRDEOoQfvs
vreyqvKSqqXteJw7uVzDKbIeRu4nbuczbLC41+A4J2LLUGJgwvWPIHQNwcc41KYL
1qHDNRzsPzxEQwmwDV9ezDJJXteH96wzBRTbnaLCj05veaLIoEC/cLKywTm4
-----END CERTIFICATE-----