Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/cFOlBjNDNndWlIlZi_etaMu1tW0.roa
File:                     cFOlBjNDNndWlIlZi_etaMu1tW0.roa (raw, json)
Hash identifier:          UqBmq8t4irByj7jszMnaO0ydqoiqCPy8iH/+4AtVEWc=
Subject key identifier:   70:53:A5:06:33:43:36:77:56:94:89:59:8B:F7:AD:68:CB:B5:B5:6D
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       019354F87839589BBDE59BE533FDD74B6EDC
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/cFOlBjNDNndWlIlZi_etaMu1tW0.roa
Signing time:             Fri 22 Nov 2024 17:43:10 +0000
ROA not before:           Fri 22 Nov 2024 17:43:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:5385::/32 maxlen: 32
                          2a0e:5387::/32 maxlen: 32
                          2a0e:5641::/32 maxlen: 32
                          2a0e:5900::/32 maxlen: 32
                          2a0e:5906::/32 maxlen: 32
                          2a0e:8082::/32 maxlen: 32
                          2a0e:8087::/32 maxlen: 32
                          2a0e:ccc0::/32 maxlen: 32
                          2a0f:6fc1::/32 maxlen: 32
                          2a0f:6fc7::/32 maxlen: 32
                          2a0f:b4c1::/32 maxlen: 32
                          2a0f:b4c6::/32 maxlen: 32
                          2a0f:c081::/32 maxlen: 32
                          2a0f:c087::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 25 Nov 2024 16:11:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:54:f8:78:39:58:9b:bd:e5:9b:e5:33:fd:d7:4b:6e:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Nov 22 17:43:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7053a50633433677569489598bf7ad68cbb5b56d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a0:19:bd:10:27:fa:06:2f:d4:4a:5e:23:b4:
                    31:84:f5:d2:06:51:09:84:73:26:38:68:70:9d:3d:
                    98:90:c9:b5:1d:b0:83:39:24:c3:a7:43:6a:8d:cb:
                    62:9c:46:1f:be:74:55:5e:ef:b2:e5:df:66:94:59:
                    65:f6:d6:ea:a9:02:53:a4:b4:ab:51:13:44:2b:47:
                    a9:55:56:bf:ba:04:c8:79:ef:ef:03:8d:9c:45:d5:
                    39:89:d7:c7:37:e2:12:0a:af:81:b6:6e:b0:a2:8c:
                    26:db:66:25:45:6d:9f:b0:f5:a8:fa:30:cf:72:6a:
                    2a:84:a9:4d:41:30:70:81:cd:c7:b1:14:6e:8f:2c:
                    e6:9c:b4:00:5a:3e:5a:a5:18:48:4f:d4:e6:a6:9c:
                    e7:45:38:c1:96:17:77:1a:ad:c4:37:19:9d:77:59:
                    01:ec:6f:2e:8a:a6:97:0a:c8:80:7b:7b:b5:a6:74:
                    8e:83:3b:86:a8:cf:87:b4:2b:60:5b:82:fc:b1:a8:
                    2a:55:fb:e6:95:8c:32:39:4e:b0:4f:15:0f:ac:10:
                    1d:72:90:47:78:c7:8e:65:94:83:78:5f:f2:22:9b:
                    a5:9b:eb:9c:3a:ac:c6:36:7f:58:9c:a9:18:9d:a3:
                    2d:31:d1:bd:7e:88:ee:89:f8:53:b5:52:a8:bc:14:
                    af:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:53:A5:06:33:43:36:77:56:94:89:59:8B:F7:AD:68:CB:B5:B5:6D
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/cFOlBjNDNndWlIlZi_etaMu1tW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5385::/32
                  2a0e:5387::/32
                  2a0e:5641::/32
                  2a0e:5900::/32
                  2a0e:5906::/32
                  2a0e:8082::/32
                  2a0e:8087::/32
                  2a0e:ccc0::/32
                  2a0f:6fc1::/32
                  2a0f:6fc7::/32
                  2a0f:b4c1::/32
                  2a0f:b4c6::/32
                  2a0f:c081::/32
                  2a0f:c087::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:ae:cd:29:98:d9:bf:6a:73:67:c4:7e:e3:98:06:df:56:01:
         54:33:4c:42:cb:94:be:3c:15:bc:ea:79:1b:bd:09:f6:d9:11:
         b8:53:72:5c:fe:1a:91:87:02:22:6c:d7:c1:a8:f0:34:99:da:
         93:18:65:a0:46:0f:d6:56:82:02:24:e9:3e:41:da:18:60:8a:
         33:1b:77:6a:cc:ce:b3:4a:e6:69:dc:3a:26:d9:a0:df:8a:02:
         54:bd:28:1e:29:8e:af:bf:76:68:17:d7:32:45:ab:50:19:ba:
         04:f1:55:60:1b:ed:21:0f:7a:3c:b2:9e:8c:a9:2f:42:4a:b9:
         ef:93:98:45:c9:cd:2e:d2:a5:38:0a:b9:27:c3:19:59:f6:a8:
         ae:94:94:40:6d:6a:36:df:52:99:8e:14:a1:b6:fc:48:d5:f7:
         0c:50:fb:00:ff:dd:08:30:c7:a7:74:a5:32:3c:f8:80:29:2f:
         bd:60:1b:d9:fa:99:30:58:a2:ff:23:e1:e8:9b:aa:c7:7d:0d:
         e0:82:c2:aa:50:aa:4f:ec:64:08:79:12:0a:71:a4:cb:3f:fc:
         72:51:62:a8:f3:5b:0d:ea:83:43:6e:4d:21:de:26:9b:81:eb:
         29:47:6a:88:84:8d:7e:90:65:6b:ee:69:a9:26:83:b2:05:15:
         6b:da:29:85
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAZNU+Hg5WJu95ZvlM/3XS27cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQxMTIyMTc0MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDUzYTUwNjMzNDMzNjc3NTY5NDg5NTk4YmY3YWQ2OGNiYjViNTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6AZvRAn+gYv1EpeI7QxhPXSBlEJ
hHMmOGhwnT2YkMm1HbCDOSTDp0NqjctinEYfvnRVXu+y5d9mlFll9tbqqQJTpLSr
URNEK0epVVa/ugTIee/vA42cRdU5idfHN+ISCq+Btm6woowm22YlRW2fsPWo+jDP
cmoqhKlNQTBwgc3HsRRujyzmnLQAWj5apRhIT9TmppznRTjBlhd3Gq3ENxmdd1kB
7G8uiqaXCsiAe3u1pnSOgzuGqM+HtCtgW4L8sagqVfvmlYwyOU6wTxUPrBAdcpBH
eMeOZZSDeF/yIpulm+ucOqzGNn9YnKkYnaMtMdG9fojuifhTtVKovBSvrQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFHBTpQYzQzZ3VpSJWYv3rWjLtbVtMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvY0ZPbEJqTkRObmRXbElsWmlfZXRhTXUxdFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAAjBiAwUAKg5ThQMF
ACoOU4cDBQAqDlZBAwUAKg5ZAAMFACoOWQYDBQAqDoCCAwUAKg6AhwMFACoOzMAD
BQAqD2/BAwUAKg9vxwMFACoPtMEDBQAqD7TGAwUAKg/AgQMFACoPwIcwDQYJKoZI
hvcNAQELBQADggEBAB2uzSmY2b9qc2fEfuOYBt9WAVQzTELLlL48FbzqeRu9CfbZ
EbhTclz+GpGHAiJs18Go8DSZ2pMYZaBGD9ZWggIk6T5B2hhgijMbd2rMzrNK5mnc
OibZoN+KAlS9KB4pjq+/dmgX1zJFq1AZugTxVWAb7SEPejyynoypL0JKue+TmEXJ
zS7SpTgKuSfDGVn2qK6UlEBtajbfUpmOFKG2/EjV9wxQ+wD/3Qgwx6d0pTI8+IAp
L71gG9n6mTBYov8j4eibqsd9DeCCwqpQqk/sZAh5EgpxpMs//HJRYqjzWw3qg0Nu
TSHeJpuB6ylHaoiEjX6QZWvuaakmg7IFFWvaKYU=
-----END CERTIFICATE-----