Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gB_Hr-PAHXAjBWH8FgfMnpbC_fE.roa
File:                     gB_Hr-PAHXAjBWH8FgfMnpbC_fE.roa (raw, json)
Hash identifier:          j5Th74M3KvE9sIDwItttWIQvEECmVJWNBjrpAy8kMqo=
Subject key identifier:   80:1F:C7:AF:E3:C0:1D:70:23:05:61:FC:16:07:CC:9E:96:C2:FD:F1
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0192E3F9564EE50D2CD61FD64D6212C72D8D
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gB_Hr-PAHXAjBWH8FgfMnpbC_fE.roa
Signing time:             Thu 31 Oct 2024 19:07:01 +0000
ROA not before:           Thu 31 Oct 2024 19:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:4bc7::/32 maxlen: 32
                          2a0e:5385::/32 maxlen: 32
                          2a0e:5387::/32 maxlen: 32
                          2a0e:5900::/32 maxlen: 32
                          2a0e:5901::/32 maxlen: 32
                          2a0e:5906::/32 maxlen: 32
                          2a0e:8080::/32 maxlen: 32
                          2a0e:8082::/32 maxlen: 32
                          2a0e:ccc0::/32 maxlen: 32
                          2a0e:ccc5::/32 maxlen: 32
                          2a0f:6fc7::/32 maxlen: 32
                          2a0f:b4c1::/32 maxlen: 32
                          2a0f:b4c6::/32 maxlen: 32
                          2a0f:c081::/32 maxlen: 32
                          2a0f:c087::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 05 Nov 2024 18:43:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e3:f9:56:4e:e5:0d:2c:d6:1f:d6:4d:62:12:c7:2d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Oct 31 19:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=801fc7afe3c01d70230561fc1607cc9e96c2fdf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:65:5e:16:22:7a:7f:ce:5d:b1:20:27:a7:6c:
                    9a:54:18:21:ee:61:ff:b0:56:34:94:a9:58:96:f0:
                    ef:de:f9:e3:c6:13:2a:9b:a7:fe:3b:63:b7:b2:18:
                    12:e5:37:79:e2:28:eb:8c:cf:59:d4:4d:4f:33:39:
                    05:97:e0:65:22:56:71:8d:22:7b:76:4e:b1:48:1c:
                    ab:06:3f:40:fd:92:76:99:8e:e7:f9:d9:67:f2:56:
                    d6:ae:1a:f0:ac:d4:d6:f6:7f:c5:f3:7f:aa:86:6f:
                    2d:44:fa:9f:f4:11:fe:6b:19:2d:78:a9:1a:aa:22:
                    b2:be:09:12:46:91:c2:47:4c:5c:cc:cc:33:bb:e4:
                    eb:1d:5c:03:7c:55:87:20:c7:aa:3f:a1:7b:3a:de:
                    4d:e3:5f:06:80:38:67:76:b2:1f:83:f7:9a:b9:3d:
                    f7:b3:e0:8b:1c:e4:a1:43:59:af:e9:f9:25:37:bd:
                    25:89:74:5f:5d:a7:67:c8:e1:95:1e:35:e0:eb:6c:
                    6a:59:cd:8e:31:02:70:5b:f0:f1:25:16:7a:ce:83:
                    6f:f7:ac:e6:ef:f2:f0:92:45:4c:e7:a2:a4:e5:49:
                    a8:e8:15:f1:76:4e:8e:cc:42:b7:42:38:bb:55:91:
                    fa:7b:08:c0:2c:ad:d2:9d:ee:90:65:08:1e:68:a9:
                    7f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:1F:C7:AF:E3:C0:1D:70:23:05:61:FC:16:07:CC:9E:96:C2:FD:F1
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gB_Hr-PAHXAjBWH8FgfMnpbC_fE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4bc7::/32
                  2a0e:5385::/32
                  2a0e:5387::/32
                  2a0e:5900::/31
                  2a0e:5906::/32
                  2a0e:8080::/32
                  2a0e:8082::/32
                  2a0e:ccc0::/32
                  2a0e:ccc5::/32
                  2a0f:6fc7::/32
                  2a0f:b4c1::/32
                  2a0f:b4c6::/32
                  2a0f:c081::/32
                  2a0f:c087::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:c6:fa:33:0c:2d:31:25:02:a9:37:ed:c6:67:30:21:b9:c0:
         6a:5a:d5:56:5b:de:f9:a9:ee:95:35:3c:4d:56:c4:b7:31:b0:
         72:c3:5c:04:bb:74:a9:18:22:22:62:61:0c:85:bd:d9:b1:1e:
         88:3b:75:f4:b2:31:ea:be:a1:29:88:5d:1b:b6:a0:b3:bd:3c:
         12:9c:da:22:9a:09:33:51:af:59:2d:19:3e:02:16:2c:4d:36:
         20:51:50:86:ba:5a:2d:7b:1a:53:fd:35:f5:06:d1:7d:52:d1:
         05:4f:77:94:4f:c7:e9:b1:de:14:52:15:7d:c7:02:fb:df:2d:
         14:c5:37:f0:6c:98:56:0c:d3:76:19:3d:06:52:c2:c3:dc:3d:
         12:58:17:60:80:ab:d5:4a:4b:b8:96:ac:6a:b0:a2:11:ae:e2:
         fe:60:50:f4:a8:a6:62:dd:25:e0:67:a6:88:a2:cc:ea:b6:50:
         8e:15:45:39:dc:cc:13:98:94:0e:aa:ed:d4:10:7c:09:1d:68:
         e4:29:75:d2:85:46:92:c0:9e:1e:bb:3c:ba:3e:5c:2e:1d:6f:
         56:43:bf:65:b1:eb:e9:cf:51:af:42:0d:8b:d9:bc:68:72:fd:
         38:aa:00:35:f4:06:cd:d3:8f:8b:3d:2f:87:f2:49:05:0c:59:
         53:32:51:c6
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAZLj+VZO5Q0s1h/WTWISxy2NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQxMDMxMTkwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDFmYzdhZmUzYzAxZDcwMjMwNTYxZmMxNjA3Y2M5ZTk2YzJmZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2VeFiJ6f85dsSAnp2yaVBgh7mH/
sFY0lKlYlvDv3vnjxhMqm6f+O2O3shgS5Td54ijrjM9Z1E1PMzkFl+BlIlZxjSJ7
dk6xSByrBj9A/ZJ2mY7n+dln8lbWrhrwrNTW9n/F83+qhm8tRPqf9BH+axkteKka
qiKyvgkSRpHCR0xczMwzu+TrHVwDfFWHIMeqP6F7Ot5N418GgDhndrIfg/eauT33
s+CLHOShQ1mv6fklN70liXRfXadnyOGVHjXg62xqWc2OMQJwW/DxJRZ6zoNv96zm
7/LwkkVM56Kk5Umo6BXxdk6OzEK3Qji7VZH6ewjALK3Sne6QZQgeaKl/VwIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFIAfx6/jwB1wIwVh/BYHzJ6Wwv3xMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvZ0JfSHItUEFIWEFqQldIOEZnZk1ucGJDX2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAAjBiAwUAKg5LxwMF
ACoOU4UDBQAqDlOHAwUBKg5ZAAMFACoOWQYDBQAqDoCAAwUAKg6AggMFACoOzMAD
BQAqDszFAwUAKg9vxwMFACoPtMEDBQAqD7TGAwUAKg/AgQMFACoPwIcwDQYJKoZI
hvcNAQELBQADggEBAAbG+jMMLTElAqk37cZnMCG5wGpa1VZb3vmp7pU1PE1WxLcx
sHLDXAS7dKkYIiJiYQyFvdmxHog7dfSyMeq+oSmIXRu2oLO9PBKc2iKaCTNRr1kt
GT4CFixNNiBRUIa6Wi17GlP9NfUG0X1S0QVPd5RPx+mx3hRSFX3HAvvfLRTFN/Bs
mFYM03YZPQZSwsPcPRJYF2CAq9VKS7iWrGqwohGu4v5gUPSopmLdJeBnpoiizOq2
UI4VRTnczBOYlA6q7dQQfAkdaOQpddKFRpLAnh67PLo+XC4db1ZDv2Wx6+nPUa9C
DYvZvGhy/TiqADX0Bs3Tj4s9L4fySQUMWVMyUcY=
-----END CERTIFICATE-----