Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/G7BnPxaL9HW9naLebvWL-Uhij3s.roa
File:                     G7BnPxaL9HW9naLebvWL-Uhij3s.roa (raw, json)
Hash identifier:          Atzn1sgCPy4S8LHMbEzojkKFSTSytBk2ikBzYOrA4Ak=
Subject key identifier:   1B:B0:67:3F:16:8B:F4:75:BD:9D:A2:DE:6E:F5:8B:F9:48:62:8F:7B
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       018CE9C6ADEE712DD0929BDCA4DCFF7BDD67
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/G7BnPxaL9HW9naLebvWL-Uhij3s.roa
Signing time:             Mon 08 Jan 2024 15:52:41 +0000
ROA not before:           Mon 08 Jan 2024 15:52:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62651
IP address blocks:        2a03:efc0:1700::/40 maxlen: 40
                          2a03:efc0:3500::/40 maxlen: 40
                          2a03:efc0:3100::/40 maxlen: 40
                          2a03:efc0:2500::/40 maxlen: 40
                          2a03:efc0:2300::/40 maxlen: 40
                          2a03:efc0:2700::/40 maxlen: 40
                          2a03:efc0:2900::/40 maxlen: 40
                          2a03:efc0:3300::/40 maxlen: 40
                          2a03:efc0:3700::/40 maxlen: 40

Validation:               Failed, certificate revoked on Fri 12 Jan 2024 15:47:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:c6:ad:ee:71:2d:d0:92:9b:dc:a4:dc:ff:7b:dd:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: Jan  8 15:52:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bb0673f168bf475bd9da2de6ef58bf948628f7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ec:d3:9e:f9:aa:3d:a6:dc:85:86:ca:24:8b:
                    bd:4d:e9:58:0a:a8:2b:f9:6d:4e:be:13:2d:9d:2c:
                    0b:09:b8:ca:df:06:24:33:48:41:60:f8:53:f4:c3:
                    df:67:39:56:79:7c:4d:a8:f0:cd:9b:f4:f4:e5:c6:
                    c5:2e:15:36:9f:f6:59:6f:26:1a:60:ab:7b:18:5d:
                    b2:22:4e:58:42:90:cb:a6:60:38:22:be:bf:c7:58:
                    cb:a5:b9:d7:39:22:e8:22:7a:a4:99:eb:87:d6:6a:
                    38:13:89:23:21:a7:18:9e:3d:3f:b4:c2:84:ad:a5:
                    02:13:db:4c:05:49:a2:20:c0:2f:0e:92:b8:8d:76:
                    9b:22:02:9c:18:d2:29:9f:f1:c9:a8:49:23:44:b3:
                    50:cd:71:30:38:82:f2:52:e6:54:9e:7c:19:63:dd:
                    c9:0b:67:c1:52:f8:a8:cb:96:5d:74:42:ae:1f:ab:
                    b5:aa:a9:b2:87:58:22:a4:45:ac:29:d9:82:86:22:
                    a8:e2:03:39:df:16:a8:2e:79:99:40:37:ab:92:f4:
                    90:df:f0:c5:d0:65:69:53:38:97:44:76:e9:e8:58:
                    a8:7d:f5:f0:4e:36:46:3a:77:16:f9:84:9b:bc:1f:
                    d0:d4:2a:36:a9:98:e1:d6:fe:08:5d:41:94:b4:0c:
                    44:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B0:67:3F:16:8B:F4:75:BD:9D:A2:DE:6E:F5:8B:F9:48:62:8F:7B
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/G7BnPxaL9HW9naLebvWL-Uhij3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:efc0:1700::/40
                  2a03:efc0:2300::/40
                  2a03:efc0:2500::/40
                  2a03:efc0:2700::/40
                  2a03:efc0:2900::/40
                  2a03:efc0:3100::/40
                  2a03:efc0:3300::/40
                  2a03:efc0:3500::/40
                  2a03:efc0:3700::/40

    Signature Algorithm: sha256WithRSAEncryption
         16:f3:b8:f7:77:47:20:b1:4a:6b:9c:24:fc:d2:3e:6b:9d:31:
         65:16:79:6e:4c:31:41:e5:a4:9b:01:a3:0f:f5:2b:a6:f9:50:
         1f:71:1a:84:64:13:ff:dc:09:82:3c:72:e5:84:37:80:1b:e4:
         bf:6a:91:8d:2e:17:26:93:cf:d7:88:fd:21:2b:10:d8:7d:73:
         4a:2f:4a:ac:50:51:cc:d5:c9:d4:1a:1a:2a:4e:f7:82:f1:b5:
         87:19:49:96:4a:93:16:e8:40:40:b1:01:bf:16:f0:8e:a1:a4:
         b5:7c:af:c9:bf:03:b9:5a:08:39:2e:fe:23:e0:5e:0a:f0:99:
         ae:11:66:94:03:bf:7b:f6:25:21:7d:56:b1:ea:b6:9d:c3:c5:
         bd:a3:d5:17:07:67:a8:33:86:c7:a1:91:05:7c:41:09:df:f4:
         8c:03:34:b5:75:78:e0:fe:4f:1a:78:19:27:35:27:b4:a8:32:
         ec:3f:f5:f6:76:f8:d5:8d:8e:d2:3d:0a:6b:cf:2c:51:4a:05:
         5d:b5:b0:45:8c:fb:33:16:b6:bc:48:98:49:e4:97:cc:e0:03:
         85:19:e5:49:40:0b:d2:87:77:bf:5d:61:a0:93:b3:0c:a7:1a:
         3a:ac:f8:d2:99:56:4e:ac:c8:99:59:7f:e0:68:c2:c1:df:bd:
         2c:9b:cc:d9
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYzpxq3ucS3QkpvcpNz/e91nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjQwMTA4MTU1MjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmIwNjczZjE2OGJmNDc1YmQ5ZGEyZGU2ZWY1OGJmOTQ4NjI4ZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+zTnvmqPabchYbKJIu9TelYCqgr
+W1OvhMtnSwLCbjK3wYkM0hBYPhT9MPfZzlWeXxNqPDNm/T05cbFLhU2n/ZZbyYa
YKt7GF2yIk5YQpDLpmA4Ir6/x1jLpbnXOSLoInqkmeuH1mo4E4kjIacYnj0/tMKE
raUCE9tMBUmiIMAvDpK4jXabIgKcGNIpn/HJqEkjRLNQzXEwOILyUuZUnnwZY93J
C2fBUvioy5ZddEKuH6u1qqmyh1gipEWsKdmChiKo4gM53xaoLnmZQDerkvSQ3/DF
0GVpUziXRHbp6FioffXwTjZGOncW+YSbvB/Q1Co2qZjh1v4IXUGUtAxEtQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFBuwZz8Wi/R1vZ2i3m71i/lIYo97MB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvRzdCblB4YUw5SFc5bmFMZWJ2V0wtVWhpajNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAAjBIAwYAKgPvwBcD
BgAqA+/AIwMGACoD78AlAwYAKgPvwCcDBgAqA+/AKQMGACoD78AxAwYAKgPvwDMD
BgAqA+/ANQMGACoD78A3MA0GCSqGSIb3DQEBCwUAA4IBAQAW87j3d0cgsUprnCT8
0j5rnTFlFnluTDFB5aSbAaMP9Sum+VAfcRqEZBP/3AmCPHLlhDeAG+S/apGNLhcm
k8/XiP0hKxDYfXNKL0qsUFHM1cnUGhoqTveC8bWHGUmWSpMW6EBAsQG/FvCOoaS1
fK/JvwO5Wgg5Lv4j4F4K8JmuEWaUA7979iUhfVax6radw8W9o9UXB2eoM4bHoZEF
fEEJ3/SMAzS1dXjg/k8aeBknNSe0qDLsP/X2dvjVjY7SPQprzyxRSgVdtbBFjPsz
Fra8SJhJ5JfM4AOFGeVJQAvSh3e/XWGgk7MMpxo6rPjSmVZOrMiZWX/gaMLB370s
m8zZ
-----END CERTIFICATE-----