Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/3bjPoPW3sNsEI3vi3pw5pNF7JCw.roa
File:                     3bjPoPW3sNsEI3vi3pw5pNF7JCw.roa (raw, json)
Hash identifier:          MdqoQf7pb8Xujx6/f6YsaYrNv4PCcYxnh3NKDQY4zOI=
Subject key identifier:   DD:B8:CF:A0:F5:B7:B0:DB:04:23:7B:E2:DE:9C:39:A4:D1:7B:24:2C
Certificate issuer:       /CN=cff5dc76eb6f814ed601568fdd2c8110edef8c17
Certificate serial:       018CC56EDFD4A87FA7E7B09B78D0FA192A85
Authority key identifier: CF:F5:DC:76:EB:6F:81:4E:D6:01:56:8F:DD:2C:81:10:ED:EF:8C:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z_XcdutvgU7WAVaP3SyBEO3vjBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/3bjPoPW3sNsEI3vi3pw5pNF7JCw.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60504
IP address blocks:        2a13:82c2::/32 maxlen: 32
                          2a13:82c0::/32 maxlen: 32
                          2a13:82c4:1::/48 maxlen: 48
                          2a13:82c5:3000::/36 maxlen: 36
                          2a13:82c5:4000::/36 maxlen: 36
                          2a13:82c5:5000::/36 maxlen: 36
                          2a13:82c5:6000::/36 maxlen: 36
                          2a13:82c5:1000::/36 maxlen: 36
                          2a13:82c5:2000::/36 maxlen: 36
                          2a13:82c7::/32 maxlen: 32
                          2a13:82c1::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 04 Jan 2024 08:06:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:df:d4:a8:7f:a7:e7:b0:9b:78:d0:fa:19:2a:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cff5dc76eb6f814ed601568fdd2c8110edef8c17
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddb8cfa0f5b7b0db04237be2de9c39a4d17b242c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:69:1d:19:c3:18:c1:1c:69:31:26:25:b7:66:
                    9a:04:50:c2:cb:3f:8e:94:b1:8f:04:97:77:50:f6:
                    32:bd:41:38:69:50:03:ca:24:a8:6f:6d:76:01:df:
                    4a:b4:99:61:04:15:e2:5f:95:88:2a:4f:25:97:ea:
                    ff:5e:90:bb:90:0c:81:58:88:76:cb:d1:47:00:31:
                    cc:5c:5f:f7:22:a9:43:df:8f:04:38:b5:64:8f:5b:
                    7a:0f:bf:cc:82:c1:2e:79:e2:2f:43:df:3d:b1:a1:
                    30:29:f7:f2:fd:c3:b2:c2:92:cf:61:3b:a6:90:09:
                    80:ac:09:67:e2:6d:d5:30:7c:f2:38:3e:62:15:49:
                    4d:8a:8a:3a:ea:bb:e7:74:5a:95:17:fe:6a:8b:31:
                    dc:f9:79:ef:dc:df:1f:9a:52:b1:0f:87:f7:eb:ed:
                    71:7a:ef:9e:ce:73:6a:d3:a9:71:4a:96:f2:a5:a8:
                    5e:dc:38:90:22:12:aa:37:2c:d4:77:ca:e1:20:69:
                    1e:ee:6f:82:82:56:2e:2d:f6:c2:6c:fb:d9:cb:ed:
                    06:13:32:cb:57:69:f4:a9:fb:29:cc:28:e0:a9:c9:
                    bc:e4:49:75:d0:a8:99:2d:cc:dd:a0:41:f8:f1:3e:
                    bc:08:ac:21:43:4d:44:23:d4:da:13:96:91:00:78:
                    a2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:B8:CF:A0:F5:B7:B0:DB:04:23:7B:E2:DE:9C:39:A4:D1:7B:24:2C
            X509v3 Authority Key Identifier:
                keyid:CF:F5:DC:76:EB:6F:81:4E:D6:01:56:8F:DD:2C:81:10:ED:EF:8C:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z_XcdutvgU7WAVaP3SyBEO3vjBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/3bjPoPW3sNsEI3vi3pw5pNF7JCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/z_XcdutvgU7WAVaP3SyBEO3vjBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:82c0::-2a13:82c2:ffff:ffff:ffff:ffff:ffff:ffff
                  2a13:82c4:1::/48
                  2a13:82c5:1000::-2a13:82c5:6fff:ffff:ffff:ffff:ffff:ffff
                  2a13:82c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:70:6d:e7:eb:0e:f3:9a:61:52:ac:a2:db:a3:d9:a0:94:7e:
         8d:de:ec:9e:c2:3a:85:97:2b:6e:46:f3:bb:08:67:d1:42:95:
         0c:eb:30:43:11:f7:5f:72:05:c0:93:74:ab:74:69:59:94:97:
         e5:0c:7c:69:bc:f3:06:8f:75:12:65:ca:2a:b2:7c:2e:e4:18:
         6a:b9:c7:68:ab:db:4f:d4:0b:ea:3a:25:ed:8e:5e:44:b2:36:
         42:f4:09:a8:98:85:a0:ba:cc:c9:0a:b5:4f:e1:86:33:a4:5e:
         2d:49:9a:50:39:10:13:5c:a3:38:86:2a:dc:52:dd:f0:93:65:
         0f:b3:d1:c2:3d:2b:62:2e:7e:65:63:4f:82:7f:fb:01:f8:c3:
         ef:54:07:99:ed:2e:e0:93:c5:43:e6:2e:e4:2d:be:b5:c7:3d:
         14:73:e9:a8:ac:9a:bf:e9:ab:57:91:6a:3e:1e:93:7f:86:7c:
         15:59:18:98:09:ed:ba:15:a0:36:dd:52:fa:6f:2d:53:1f:d0:
         a2:dd:8a:b8:a5:d9:3e:2a:ec:3f:94:a1:8c:ab:1e:f6:86:00:
         17:15:f7:30:24:4c:5f:d9:4c:0f:63:af:5a:15:49:40:c2:60:
         7b:b6:a4:77:60:5b:50:72:7a:fc:c8:02:14:18:cb:7f:31:80:
         c2:0b:9b:3c
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzFbt/UqH+n57CbeND6GSqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZjVkYzc2ZWI2ZjgxNGVkNjAxNTY4ZmRkMmM4MTEwZWRl
ZjhjMTcwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGI4Y2ZhMGY1YjdiMGRiMDQyMzdiZTJkZTljMzlhNGQxN2IyNDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2kdGcMYwRxpMSYlt2aaBFDCyz+O
lLGPBJd3UPYyvUE4aVADyiSob212Ad9KtJlhBBXiX5WIKk8ll+r/XpC7kAyBWIh2
y9FHADHMXF/3IqlD348EOLVkj1t6D7/MgsEueeIvQ989saEwKffy/cOywpLPYTum
kAmArAln4m3VMHzyOD5iFUlNioo66rvndFqVF/5qizHc+Xnv3N8fmlKxD4f36+1x
eu+eznNq06lxSpbypahe3DiQIhKqNyzUd8rhIGke7m+CglYuLfbCbPvZy+0GEzLL
V2n0qfspzCjgqcm85El10KiZLczdoEH48T68CKwhQ01EI9TaE5aRAHiivwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFN24z6D1t7DbBCN74t6cOaTReyQsMB8GA1UdIwQY
MBaAFM/13Hbrb4FO1gFWj90sgRDt74wXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvel9YY2R1dHZnVTdXQVZhUDNTeUJFTzN2akJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny84YzBjMDAtNWZjZS00NWNiLWJiYjct
MDFkOWU5ZDMxOTQzLzEvM2JqUG9QVzNzTnNFSTN2aTNwdzVwTkY3SkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny84YzBjMDAtNWZjZS00NWNiLWJiYjctMDFkOWU5ZDMxOTQz
LzEvel9YY2R1dHZnVTdXQVZhUDNTeUJFTzN2akJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAAjAyMA4DBQYqE4LA
AwUAKhOCwgMHACoTgsQAATAQAwYEKhOCxRADBgQqE4LFYAMFACoTgscwDQYJKoZI
hvcNAQELBQADggEBAGdwbefrDvOaYVKsotuj2aCUfo3e7J7COoWXK25G87sIZ9FC
lQzrMEMR919yBcCTdKt0aVmUl+UMfGm88waPdRJlyiqyfC7kGGq5x2ir20/UC+o6
Je2OXkSyNkL0CaiYhaC6zMkKtU/hhjOkXi1JmlA5EBNcoziGKtxS3fCTZQ+z0cI9
K2IufmVjT4J/+wH4w+9UB5ntLuCTxUPmLuQtvrXHPRRz6aismr/pq1eRaj4ek3+G
fBVZGJgJ7boVoDbdUvpvLVMf0KLdiril2T4q7D+UoYyrHvaGABcV9zAkTF/ZTA9j
r1oVSUDCYHu2pHdgW1ByevzIAhQYy38xgMILmzw=
-----END CERTIFICATE-----