Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/JealVyI52xMPmaJxWdIw18BIl-A.roa
File:                     JealVyI52xMPmaJxWdIw18BIl-A.roa (raw, json)
Hash identifier:          XYYZWA1Dc6ln5ga8l0ZkMyxO5bU+pnUUJiXXCn+10b4=
Subject key identifier:   25:E6:A5:57:22:39:DB:13:0F:99:A2:71:59:D2:30:D7:C0:48:97:E0
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018EC9DB768B12AE35F6BF0ED19B6497A4C0
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/JealVyI52xMPmaJxWdIw18BIl-A.roa
Signing time:             Wed 10 Apr 2024 21:13:06 +0000
ROA not before:           Wed 10 Apr 2024 21:13:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215561
IP address blocks:        2a0a:79c0:200::/40 maxlen: 128
                          2a0a:79c7:f000::/38 maxlen: 128
                          2a0a:79c7:f200::/44 maxlen: 128
                          2a0a:79c7:f210::/44 maxlen: 128
                          2a0a:79c7:f220::/44 maxlen: 128
                          2a0a:79c7:f230::/44 maxlen: 128
                          2a0a:79c7:f240::/44 maxlen: 128
                          2a0a:79c7:f250::/44 maxlen: 128
                          2a0a:79c7:f260::/44 maxlen: 128
                          2a0a:79c7:f270::/44 maxlen: 128
                          2a0a:79c7:f280::/44 maxlen: 128
                          2a0a:79c7:f290::/44 maxlen: 128
                          2a0a:79c7:f2a0::/44 maxlen: 128
                          2a0a:79c7:f2b0::/44 maxlen: 128
                          2a0a:79c7:f2c0::/44 maxlen: 128
                          2a0a:79c7:f2d0::/44 maxlen: 128
                          2a0a:79c7:f2e0::/44 maxlen: 128
                          2a0a:79c7:f2f0::/44 maxlen: 128
                          2a0a:79c7:f400::/38 maxlen: 128
                          2a0a:79c7:f800::/38 maxlen: 128

Validation:               Failed, certificate revoked on Sat 20 Apr 2024 17:10:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:db:76:8b:12:ae:35:f6:bf:0e:d1:9b:64:97:a4:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Apr 10 21:13:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25e6a5572239db130f99a27159d230d7c04897e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:69:33:fd:12:f2:31:d9:c0:86:b8:d0:20:eb:
                    c9:66:44:00:71:c6:e6:48:49:d6:51:cc:65:49:6e:
                    a5:7e:cd:3d:f1:7c:44:98:7b:c0:ef:d0:5f:40:de:
                    12:83:e7:da:c1:9d:79:83:f7:b7:5e:80:e0:89:39:
                    cf:78:fc:8e:95:d7:0e:35:6f:ea:a6:87:a1:b1:a0:
                    cb:55:0b:d5:83:47:47:17:c7:68:6a:e8:1c:8b:3f:
                    cf:da:ab:af:a6:8f:2f:39:1c:27:45:20:48:13:0f:
                    68:f1:cb:9d:4b:83:56:65:fa:66:a9:12:c6:ca:7d:
                    89:34:45:f7:9c:36:bb:c5:74:dc:23:ea:08:82:6e:
                    c5:ad:ec:06:e7:02:03:35:0e:e3:83:e8:3d:fc:35:
                    62:8c:a7:07:7f:78:53:87:83:ba:71:14:61:e9:b8:
                    43:6f:34:89:ee:d5:f3:fa:60:99:e9:b8:11:30:80:
                    61:25:a4:13:ce:b8:4a:84:0c:29:d8:66:80:1b:99:
                    6e:1a:ce:80:d0:33:ca:cd:9d:6f:4a:ac:5d:2d:ae:
                    90:9d:51:88:8b:6a:5f:31:07:70:d6:38:88:37:f7:
                    90:ee:49:50:a2:db:5d:83:4c:b2:f4:29:ee:23:0a:
                    dc:bb:e5:f2:cf:e3:d9:3b:bb:14:95:21:0a:11:1e:
                    5b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:E6:A5:57:22:39:DB:13:0F:99:A2:71:59:D2:30:D7:C0:48:97:E0
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/JealVyI52xMPmaJxWdIw18BIl-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c0:200::/40
                  2a0a:79c7:f000::-2a0a:79c7:fbff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3f:83:b4:63:8a:53:e1:82:94:ca:66:ff:89:9e:c4:99:f8:67:
         7d:24:e1:64:fe:a3:43:c1:19:11:85:68:61:1c:63:c1:f7:6b:
         4e:c2:de:25:bb:df:ad:6b:92:bf:31:1f:3f:d9:42:24:fa:8f:
         39:43:c5:0a:13:fb:8a:fb:c2:74:ed:93:eb:e0:1b:5f:e8:b3:
         8e:08:1e:85:8c:0e:2e:0f:48:dc:a9:6a:8b:bb:ed:e6:c0:86:
         94:b0:92:b6:10:52:4f:e1:f3:1d:ab:a5:7a:03:78:54:ef:56:
         83:58:96:f4:db:73:5b:1f:f7:83:35:b1:1f:7d:6e:93:17:56:
         a5:76:0e:c9:3b:17:a3:be:b8:56:d5:e3:a0:7a:66:22:7c:ee:
         7d:91:ed:25:85:63:f8:6b:20:2d:58:c5:cf:7a:6a:72:08:db:
         ff:4d:e6:a9:68:fb:08:6b:35:bc:80:c2:21:e8:1c:0f:2d:2d:
         d2:eb:2a:62:a7:e7:4c:d5:da:29:3b:c9:f1:0f:9b:41:7e:2d:
         25:f3:ca:10:c1:b3:63:ad:d4:6b:e7:9b:19:f6:86:f2:35:fe:
         45:f6:d1:68:4d:e3:1c:8a:4f:19:01:92:df:47:05:6b:18:2a:
         f0:46:ab:bd:ce:e1:c2:25:d1:3e:4f:64:aa:3d:bc:fb:a9:06:
         52:bd:9c:c8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY7J23aLEq419r8O0Ztkl6TAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwNDEwMjExMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWU2YTU1NzIyMzlkYjEzMGY5OWEyNzE1OWQyMzBkN2MwNDg5N2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmkz/RLyMdnAhrjQIOvJZkQAccbm
SEnWUcxlSW6lfs098XxEmHvA79BfQN4Sg+fawZ15g/e3XoDgiTnPePyOldcONW/q
poehsaDLVQvVg0dHF8doaugciz/P2quvpo8vORwnRSBIEw9o8cudS4NWZfpmqRLG
yn2JNEX3nDa7xXTcI+oIgm7FrewG5wIDNQ7jg+g9/DVijKcHf3hTh4O6cRRh6bhD
bzSJ7tXz+mCZ6bgRMIBhJaQTzrhKhAwp2GaAG5luGs6A0DPKzZ1vSqxdLa6QnVGI
i2pfMQdw1jiIN/eQ7klQottdg0yy9CnuIwrcu+Xyz+PZO7sUlSEKER5bAwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCXmpVciOdsTD5micVnSMNfASJfgMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvSmVhbFZ5STUyeE1QbWFKeFdkSXcxOEJJbC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwYAKgp5wAIw
EAMGBCoKecfwAwYCKgp5x/gwDQYJKoZIhvcNAQELBQADggEBAD+DtGOKU+GClMpm
/4mexJn4Z30k4WT+o0PBGRGFaGEcY8H3a07C3iW7361rkr8xHz/ZQiT6jzlDxQoT
+4r7wnTtk+vgG1/os44IHoWMDi4PSNypaou77ebAhpSwkrYQUk/h8x2rpXoDeFTv
VoNYlvTbc1sf94M1sR99bpMXVqV2Dsk7F6O+uFbV46B6ZiJ87n2R7SWFY/hrIC1Y
xc96anII2/9N5qlo+whrNbyAwiHoHA8tLdLrKmKn50zV2ik7yfEPm0F+LSXzyhDB
s2Ot1Gvnmxn2hvI1/kX20WhN4xyKTxkBkt9HBWsYKvBGq73O4cIl0T5PZKo9vPup
BlK9nMg=
-----END CERTIFICATE-----