Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/flguOz_Q3ue_CCLD4XyxOvEWI1k.roa
File:                     flguOz_Q3ue_CCLD4XyxOvEWI1k.roa (raw, json)
Hash identifier:          9enqT6W48a1mcsv9yMBJ6bmOsFhg1ZcWyXo57/h+NzY=
Subject key identifier:   7E:58:2E:3B:3F:D0:DE:E7:BF:08:22:C3:E1:7C:B1:3A:F1:16:23:59
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0194DC5D8F30B08339E70E7C09D6975036D0
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/flguOz_Q3ue_CCLD4XyxOvEWI1k.roa
Signing time:             Thu 06 Feb 2025 17:45:06 +0000
ROA not before:           Thu 06 Feb 2025 17:45:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:5641::/32 maxlen: 32
                          2a0e:5643::/32 maxlen: 32
                          2a0e:5645::/32 maxlen: 32
                          2a0e:5647::/32 maxlen: 32
                          2a0e:5905::/32 maxlen: 32
                          2a0e:8084::/32 maxlen: 32
                          2a0e:8087::/32 maxlen: 32
                          2a0e:ccc4::/32 maxlen: 32
                          2a0f:6fc3::/32 maxlen: 32
                          2a0f:b4c2::/32 maxlen: 32
                          2a0f:c085::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 11 Feb 2025 18:43:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:dc:5d:8f:30:b0:83:39:e7:0e:7c:09:d6:97:50:36:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Feb  6 17:45:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e582e3b3fd0dee7bf0822c3e17cb13af1162359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:55:6f:2e:e1:88:35:60:69:41:b5:e3:90:fd:
                    64:91:52:d2:be:00:b6:89:09:ec:c6:cf:55:82:0a:
                    74:02:cb:e5:94:3a:3e:ec:58:3d:3a:e5:dc:80:7f:
                    60:e8:29:89:1d:5c:d6:2d:17:8e:85:4d:a3:d4:3e:
                    c1:3f:4d:03:c6:9e:1f:b2:33:ec:f2:ee:4e:7e:ff:
                    b3:57:c1:aa:0c:8f:3e:3d:62:53:b2:6e:b0:ec:e9:
                    6d:dc:e7:ba:45:50:40:8f:88:cd:69:ee:56:e5:4a:
                    af:1c:a9:d7:0d:dd:4a:ba:a8:80:65:e0:6a:f3:d4:
                    03:01:80:7c:38:fe:98:56:43:a0:e7:e0:8c:7c:36:
                    d2:31:a8:8c:19:3e:ea:75:50:56:05:94:4d:5e:b7:
                    38:3a:d1:fd:73:44:3e:1b:5d:54:dd:7f:ea:2f:79:
                    83:23:08:6b:d0:75:eb:3e:73:59:fe:22:52:05:5e:
                    96:af:a6:a8:bf:7b:be:c7:82:70:19:19:ed:2d:25:
                    f0:2f:4e:20:a4:9d:73:a1:69:bb:ad:ad:df:9d:32:
                    11:90:6f:c9:6f:49:02:04:8b:bf:a6:08:53:3a:af:
                    60:6d:1e:8a:7a:0a:59:91:1f:2c:67:08:fe:aa:69:
                    34:ea:57:5d:0d:ed:bd:9e:f5:a3:44:d8:d1:b0:44:
                    a8:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:58:2E:3B:3F:D0:DE:E7:BF:08:22:C3:E1:7C:B1:3A:F1:16:23:59
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/flguOz_Q3ue_CCLD4XyxOvEWI1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5641::/32
                  2a0e:5643::/32
                  2a0e:5645::/32
                  2a0e:5647::/32
                  2a0e:5905::/32
                  2a0e:8084::/32
                  2a0e:8087::/32
                  2a0e:ccc4::/32
                  2a0f:6fc3::/32
                  2a0f:b4c2::/32
                  2a0f:c085::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:3d:b7:e4:11:a3:21:2c:79:18:21:9c:ca:e9:41:3b:fd:97:
         18:c6:08:dd:fe:10:e4:82:4f:d3:81:7f:67:0c:3b:04:03:b8:
         d8:47:3f:dd:0d:c8:e0:a9:3e:a2:d4:93:cd:39:d7:37:62:38:
         97:ed:21:52:18:70:f1:69:4b:74:91:53:a4:2e:a6:c1:9b:1f:
         05:f7:07:5d:53:26:d0:ac:21:35:e9:02:17:66:80:8c:19:12:
         59:67:93:23:6b:fb:a0:22:03:7d:e8:02:d4:af:ef:24:43:15:
         e5:9e:d4:1f:42:3b:84:21:89:45:50:c3:b3:3e:dc:6d:d9:16:
         5e:a3:50:e8:de:90:dd:a7:62:81:57:39:7e:87:80:77:b4:9c:
         b5:c8:d1:ff:66:20:e0:85:8c:03:86:ac:4b:5b:b8:a9:fd:2b:
         7a:d2:59:bd:d1:4a:11:9a:e9:ab:f8:8b:8b:df:a3:5b:9f:45:
         c3:75:59:47:b7:ae:f5:e5:15:19:14:b9:09:10:c0:d1:a5:27:
         f0:24:71:68:e0:d8:0c:7b:49:0f:14:5b:bb:84:2f:df:e1:3c:
         ee:45:d1:d2:56:43:26:03:99:b4:5b:1b:d7:45:08:ca:11:24:
         13:f1:1f:49:d1:61:3b:91:10:8c:c9:32:01:7d:50:a6:dc:30:
         6f:5f:d9:2a
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZTcXY8wsIM55w58CdaXUDbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwMjA2MTc0NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTU4MmUzYjNmZDBkZWU3YmYwODIyYzNlMTdjYjEzYWYxMTYyMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VVvLuGINWBpQbXjkP1kkVLSvgC2
iQnsxs9Vggp0AsvllDo+7Fg9OuXcgH9g6CmJHVzWLReOhU2j1D7BP00Dxp4fsjPs
8u5Ofv+zV8GqDI8+PWJTsm6w7Olt3Oe6RVBAj4jNae5W5UqvHKnXDd1KuqiAZeBq
89QDAYB8OP6YVkOg5+CMfDbSMaiMGT7qdVBWBZRNXrc4OtH9c0Q+G11U3X/qL3mD
Iwhr0HXrPnNZ/iJSBV6Wr6aov3u+x4JwGRntLSXwL04gpJ1zoWm7ra3fnTIRkG/J
b0kCBIu/pghTOq9gbR6KegpZkR8sZwj+qmk06lddDe29nvWjRNjRsESoLwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFH5YLjs/0N7nvwgiw+F8sTrxFiNZMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvZmxndU96X1EzdWVfQ0NMRDRYeXhPdkVXSTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUAKg5WQQMF
ACoOVkMDBQAqDlZFAwUAKg5WRwMFACoOWQUDBQAqDoCEAwUAKg6AhwMFACoOzMQD
BQAqD2/DAwUAKg+0wgMFACoPwIUwDQYJKoZIhvcNAQELBQADggEBABc9t+QRoyEs
eRghnMrpQTv9lxjGCN3+EOSCT9OBf2cMOwQDuNhHP90NyOCpPqLUk8051zdiOJft
IVIYcPFpS3SRU6QupsGbHwX3B11TJtCsITXpAhdmgIwZEllnkyNr+6AiA33oAtSv
7yRDFeWe1B9CO4QhiUVQw7M+3G3ZFl6jUOjekN2nYoFXOX6HgHe0nLXI0f9mIOCF
jAOGrEtbuKn9K3rSWb3RShGa6av4i4vfo1ufRcN1WUe3rvXlFRkUuQkQwNGlJ/Ak
cWjg2Ax7SQ8UW7uEL9/hPO5F0dJWQyYDmbRbG9dFCMoRJBPxH0nRYTuREIzJMgF9
UKbcMG9f2So=
-----END CERTIFICATE-----