Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/HfabBpGA7iAevbm_P_xbN4Qfiwo.roa
File:                     HfabBpGA7iAevbm_P_xbN4Qfiwo.roa (raw, json)
Hash identifier:          4ijrDXtGwarhXq1PqJXUmUqHJiEO6DHGdWCByBTKeu4=
Subject key identifier:   1D:F6:9B:06:91:80:EE:20:1E:BD:B9:BF:3F:FC:5B:37:84:1F:8B:0A
Certificate issuer:       /CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
Certificate serial:       01892CCC738FFEB59454F6DE2F3874A1D8CC
Authority key identifier: C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/HfabBpGA7iAevbm_P_xbN4Qfiwo.roa
Signing time:             Thu 06 Jul 2023 20:02:23 +0000
ROA not before:           Thu 06 Jul 2023 20:02:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     36383
IP address blocks:        2a00:79e0:3fd::/48 maxlen: 48
                          2a00:79e0:3fc::/48 maxlen: 48
                          2a00:79e0:3800::/38 maxlen: 38
                          2a00:79e0:2000::/38 maxlen: 38
                          2a00:79e0:2400::/39 maxlen: 39
                          2a00:79e0:3000::/38 maxlen: 38
                          2a00:79e0:2800::/38 maxlen: 38
                          2a00:79e0:2000::/35 maxlen: 35
                          2a00:79e0:3400::/39 maxlen: 39
                          2a00:79e0:2600::/39 maxlen: 39
                          2a00:79e0:2c00::/39 maxlen: 39
                          2a00:79e0:3c00::/39 maxlen: 39
                          2a00:79e0:2e00::/39 maxlen: 39
                          2a00:79e0:3600::/39 maxlen: 39
                          2a00:79e0:2200::/39 maxlen: 39
                          2a00:79e0:3e00::/39 maxlen: 39
                          2a00:79e0:2a00::/39 maxlen: 39
                          2a00:79e0:3a00::/39 maxlen: 39
                          2a00:79e0:3200::/39 maxlen: 39

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2c:cc:73:8f:fe:b5:94:54:f6:de:2f:38:74:a1:d8:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
        Validity
            Not Before: Jul  6 20:02:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1df69b069180ee201ebdb9bf3ffc5b37841f8b0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:35:56:de:a0:ef:16:e6:f8:ba:bc:fc:89:89:
                    fd:79:8f:b1:73:7b:19:95:a0:c9:70:34:d2:9a:5d:
                    0e:c2:f7:7e:d5:ab:8a:1d:db:89:66:97:e4:53:99:
                    06:d8:a3:c8:db:19:24:bb:b8:ec:33:08:b8:a7:2a:
                    7c:7c:2a:17:81:04:1d:3b:d8:10:0e:4b:2f:d1:61:
                    02:d8:e4:1c:7b:30:1f:32:7e:aa:46:65:ca:99:93:
                    ca:7f:81:b4:ff:1a:4e:de:15:11:b8:80:5f:50:aa:
                    b1:79:48:33:3e:d4:28:05:55:1e:7c:3c:d0:b2:b0:
                    47:7f:50:a9:81:dd:99:b4:e0:5a:d2:d1:15:51:96:
                    4d:b9:c3:97:b6:95:18:99:45:3b:e1:8f:e1:76:6b:
                    82:c1:dd:7e:09:38:92:2b:27:38:4f:bf:23:4e:63:
                    ed:3b:9d:22:21:11:a7:65:d3:e6:5f:a2:6c:7e:8b:
                    6c:b2:f6:0b:4e:76:ec:57:32:4f:52:b1:d6:a9:aa:
                    bd:51:92:4d:ab:84:8d:43:ce:a1:c2:4d:e7:9e:a4:
                    44:00:a5:75:b9:50:a7:15:1e:56:9f:2a:f1:0b:4f:
                    8a:99:28:c9:93:db:73:81:6d:49:5e:32:c7:40:c8:
                    9b:e8:96:cb:db:ae:b3:ec:52:9e:ff:27:33:e2:87:
                    bd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F6:9B:06:91:80:EE:20:1E:BD:B9:BF:3F:FC:5B:37:84:1F:8B:0A
            X509v3 Authority Key Identifier:
                keyid:C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/HfabBpGA7iAevbm_P_xbN4Qfiwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:79e0:3fc::/47
                  2a00:79e0:2000::/35

    Signature Algorithm: sha256WithRSAEncryption
         8b:22:44:77:d5:7a:9a:10:8c:46:28:d2:33:d9:5e:ce:d0:0a:
         1c:4d:99:fe:09:9d:63:19:b7:45:56:2b:a3:51:32:a3:04:74:
         c6:b1:fd:fb:40:bb:84:f8:be:7d:62:5e:e5:5a:49:cf:ca:31:
         ac:ce:42:41:19:e0:49:37:7f:33:28:fc:3b:b9:a0:43:ab:4e:
         17:da:cc:5f:a2:74:8a:cb:97:51:2e:1f:bc:39:c0:91:0c:48:
         b5:94:89:b6:8f:17:7b:77:27:e1:e0:ee:d4:be:05:97:54:67:
         df:18:8b:ed:7d:dd:dc:77:b2:c9:96:36:44:46:b7:c7:96:0f:
         2f:65:74:de:0e:8e:66:de:52:e5:68:e4:0c:40:18:52:c4:f8:
         69:59:04:10:b2:53:d1:e3:90:03:bf:44:e8:d4:76:3f:6c:6d:
         4f:95:c0:55:7e:35:26:67:14:79:c9:2c:30:38:da:4b:2d:33:
         ef:b3:c2:26:0f:bd:50:a5:ab:e8:29:a7:7b:a6:19:97:19:87:
         77:d4:1b:b6:f2:9f:3c:33:b6:51:77:f6:eb:57:59:ca:1a:2d:
         66:b8:fe:32:18:6a:44:ec:24:61:00:11:0e:8a:52:1e:c9:1b:
         ad:68:b1:48:ac:28:19:d3:47:75:56:c1:0e:6b:92:0e:bb:d7:
         b8:1a:0b:63
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYkszHOP/rWUVPbeLzh0odjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzQ3ZmJlMjZjOWNkZDc2MjhhZGZlZGI1N2I3OGJlOGRl
NzVlMjkwHhcNMjMwNzA2MjAwMjIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGY2OWIwNjkxODBlZTIwMWViZGI5YmYzZmZjNWIzNzg0MWY4YjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjVW3qDvFub4urz8iYn9eY+xc3sZ
laDJcDTSml0Owvd+1auKHduJZpfkU5kG2KPI2xkku7jsMwi4pyp8fCoXgQQdO9gQ
Dksv0WEC2OQcezAfMn6qRmXKmZPKf4G0/xpO3hURuIBfUKqxeUgzPtQoBVUefDzQ
srBHf1Cpgd2ZtOBa0tEVUZZNucOXtpUYmUU74Y/hdmuCwd1+CTiSKyc4T78jTmPt
O50iIRGnZdPmX6JsfotssvYLTnbsVzJPUrHWqaq9UZJNq4SNQ86hwk3nnqREAKV1
uVCnFR5WnyrxC0+KmSjJk9tzgW1JXjLHQMib6JbL266z7FKe/ycz4oe9aQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFB32mwaRgO4gHr25vz/8WzeEH4sKMB8GA1UdIwQY
MBaAFMB0f74myc3XYorf7bV7eL6N514pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDIt
MzY4NjA4Mzg1ODgzLzEvSGZhYkJwR0E3aUFldmJtX1BfeGJONFFmaXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDItMzY4NjA4Mzg1ODgz
LzEvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcBKgB54AP8
AwYFKgB54CAwDQYJKoZIhvcNAQELBQADggEBAIsiRHfVepoQjEYo0jPZXs7QChxN
mf4JnWMZt0VWK6NRMqMEdMax/ftAu4T4vn1iXuVaSc/KMazOQkEZ4Ek3fzMo/Du5
oEOrThfazF+idIrLl1EuH7w5wJEMSLWUibaPF3t3J+Hg7tS+BZdUZ98Yi+193dx3
ssmWNkRGt8eWDy9ldN4OjmbeUuVo5AxAGFLE+GlZBBCyU9HjkAO/ROjUdj9sbU+V
wFV+NSZnFHnJLDA42kstM++zwiYPvVClq+gpp3umGZcZh3fUG7bynzwztlF39utX
WcoaLWa4/jIYakTsJGEAEQ6KUh7JG61osUisKBnTR3VWwQ5rkg6717gaC2M=
-----END CERTIFICATE-----