Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/R3w6lQiZi8uCAeJjZAYxd9-46WI.roa
File:                     R3w6lQiZi8uCAeJjZAYxd9-46WI.roa (raw, json)
Hash identifier:          6U49XY0DDGt3vt7nIxJ3oV0LyN6SRNVEDTjLL98a4EY=
Subject key identifier:   47:7C:3A:95:08:99:8B:CB:82:01:E2:63:64:06:31:77:DF:B8:E9:62
Certificate issuer:       /CN=219885ea020e65006314ee9480def3b3efc039e3
Certificate serial:       01856C1C7BF750A155E569F2BF58AFFAE0A3
Authority key identifier: 21:98:85:EA:02:0E:65:00:63:14:EE:94:80:DE:F3:B3:EF:C0:39:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IZiF6gIOZQBjFO6UgN7zs-_AOeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/R3w6lQiZi8uCAeJjZAYxd9-46WI.roa
Signing time:             Sun 01 Jan 2023 06:54:44 +0000
ROA not before:           Sun 01 Jan 2023 06:54:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51559
IP address blocks:        2a0a:db00:2::/48 maxlen: 48
                          2a0a:db00:d::/48 maxlen: 48
                          2a0a:db00:8::/48 maxlen: 48
                          2a0a:db00:3::/48 maxlen: 48
                          2a0a:db00:6::/48 maxlen: 48
                          2a0a:db00:1::/48 maxlen: 48
                          2a0a:db00:c::/48 maxlen: 48
                          2a0a:db00:7::/48 maxlen: 48
                          2a0a:db00:a::/48 maxlen: 48
                          2a0a:db00:5::/48 maxlen: 48
                          2a0a:db00::/48 maxlen: 48
                          2a0a:db00:b::/48 maxlen: 48
                          2a0a:db00:e::/48 maxlen: 48
                          2a0a:db00:9::/48 maxlen: 48
                          2a0a:db00:4::/48 maxlen: 48
                          2a0a:db00::/29 maxlen: 29
                          2a0a:db00:f::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:1c:7b:f7:50:a1:55:e5:69:f2:bf:58:af:fa:e0:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=219885ea020e65006314ee9480def3b3efc039e3
        Validity
            Not Before: Jan  1 06:54:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=477c3a9508998bcb8201e26364063177dfb8e962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3c:90:d3:12:cb:28:43:10:ed:58:8b:4c:14:
                    96:dc:7a:1a:1d:9a:79:68:04:23:5e:8d:1b:4a:a2:
                    44:a3:d1:24:1c:fc:6d:75:48:8d:aa:6d:d3:0e:82:
                    f4:2d:57:d5:9c:ac:9e:f0:f4:d1:b8:7c:5d:7f:30:
                    47:d8:95:90:4e:01:8f:5d:a3:c6:aa:9e:b4:35:73:
                    e4:c1:09:37:f8:02:1e:22:51:c8:73:07:2d:0c:00:
                    72:d3:10:19:10:c7:7c:98:3f:0d:1c:3c:3f:e5:db:
                    0a:4c:49:84:a6:8a:cb:2a:46:cb:c7:85:c6:d7:00:
                    d2:1f:ef:2b:6e:6a:f1:d5:65:e6:08:ad:7f:20:30:
                    59:94:d8:3e:13:52:13:f9:ff:61:3d:e6:0d:67:08:
                    23:d7:9e:30:ba:1a:53:59:db:11:fa:57:78:ef:10:
                    28:88:20:8d:44:b2:61:6b:91:9b:5f:9e:e9:a3:ef:
                    54:12:3b:63:c9:7b:74:c4:d5:27:33:d5:13:0c:60:
                    f2:d7:f9:40:13:3b:d9:c9:f6:96:5e:0f:d7:74:dd:
                    9f:ae:fb:bd:79:8a:5c:4e:28:82:85:f2:a9:19:d7:
                    bb:6f:56:80:c2:8e:d0:d5:eb:28:e3:c1:b6:dd:12:
                    d4:1c:f1:b6:78:c8:b2:d1:19:ba:02:33:e0:df:96:
                    17:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:7C:3A:95:08:99:8B:CB:82:01:E2:63:64:06:31:77:DF:B8:E9:62
            X509v3 Authority Key Identifier:
                keyid:21:98:85:EA:02:0E:65:00:63:14:EE:94:80:DE:F3:B3:EF:C0:39:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IZiF6gIOZQBjFO6UgN7zs-_AOeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/R3w6lQiZi8uCAeJjZAYxd9-46WI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/IZiF6gIOZQBjFO6UgN7zs-_AOeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:db00::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:37:6a:2f:08:15:e4:c5:1c:8f:d4:1b:3d:d0:1e:9d:5d:f4:
         6e:19:db:54:df:33:37:c0:7d:6d:d6:5b:03:22:66:56:3b:39:
         66:f0:b2:39:c7:95:58:09:ba:e3:a2:64:58:86:02:af:b3:87:
         7b:5a:be:40:dc:3e:c4:18:86:21:ff:33:e7:01:33:b1:bb:f8:
         a6:37:a9:05:88:47:70:27:4c:25:11:b1:88:e0:bc:05:dc:6e:
         e1:be:1f:87:dc:b3:53:72:1b:01:d9:7e:43:c6:ca:80:f8:30:
         b2:1e:7c:a4:4d:81:4b:cc:82:3b:2e:f4:60:38:13:8e:7e:dd:
         01:84:83:d7:55:12:b8:06:5a:14:01:30:b3:79:f0:07:35:95:
         f4:b3:a2:d6:47:a2:82:39:61:7c:2f:5e:9e:aa:af:a1:36:a8:
         fb:64:fc:21:28:6e:c8:d6:be:f9:55:fe:df:4b:34:22:cd:30:
         28:f3:4e:f3:f0:c0:ea:e1:20:0f:75:07:80:96:ab:3d:d0:f0:
         27:0a:fa:4e:31:53:9f:86:8a:7f:ea:7f:a6:cf:22:f7:57:c1:
         0b:b7:ee:f1:1e:8e:e3:53:2e:b5:34:16:0e:f0:f4:88:b5:b3:
         b5:db:5a:2f:df:8b:b4:5e:a9:59:90:cb:d8:83:0f:05:08:08:
         62:1d:6d:b5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVsHHv3UKFV5Wnyv1iv+uCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOTg4NWVhMDIwZTY1MDA2MzE0ZWU5NDgwZGVmM2IzZWZj
MDM5ZTMwHhcNMjMwMTAxMDY1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzdjM2E5NTA4OTk4YmNiODIwMWUyNjM2NDA2MzE3N2RmYjhlOTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzyQ0xLLKEMQ7ViLTBSW3HoaHZp5
aAQjXo0bSqJEo9EkHPxtdUiNqm3TDoL0LVfVnKye8PTRuHxdfzBH2JWQTgGPXaPG
qp60NXPkwQk3+AIeIlHIcwctDABy0xAZEMd8mD8NHDw/5dsKTEmEporLKkbLx4XG
1wDSH+8rbmrx1WXmCK1/IDBZlNg+E1IT+f9hPeYNZwgj154wuhpTWdsR+ld47xAo
iCCNRLJha5GbX57po+9UEjtjyXt0xNUnM9UTDGDy1/lAEzvZyfaWXg/XdN2frvu9
eYpcTiiChfKpGde7b1aAwo7Q1eso48G23RLUHPG2eMiy0Rm6AjPg35YXSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEd8OpUImYvLggHiY2QGMXffuOliMB8GA1UdIwQY
MBaAFCGYheoCDmUAYxTulIDe87PvwDnjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVppRjZnSU9aUUJqRk82VWdON3pzLV9BT2VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZTA0YWMtYTE5MC00ODA0LTkxM2Mt
ZmZjMDI1ODMxZjRmLzEvUjN3NmxRaVppOHVDQWVKalpBWXhkOS00NldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZTA0YWMtYTE5MC00ODA0LTkxM2MtZmZjMDI1ODMxZjRm
LzEvSVppRjZnSU9aUUJqRk82VWdON3pzLV9BT2VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgrbADAN
BgkqhkiG9w0BAQsFAAOCAQEAATdqLwgV5MUcj9QbPdAenV30bhnbVN8zN8B9bdZb
AyJmVjs5ZvCyOceVWAm646JkWIYCr7OHe1q+QNw+xBiGIf8z5wEzsbv4pjepBYhH
cCdMJRGxiOC8Bdxu4b4fh9yzU3IbAdl+Q8bKgPgwsh58pE2BS8yCOy70YDgTjn7d
AYSD11USuAZaFAEws3nwBzWV9LOi1keigjlhfC9enqqvoTao+2T8IShuyNa++VX+
30s0Is0wKPNO8/DA6uEgD3UHgJarPdDwJwr6TjFTn4aKf+p/ps8i91fBC7fu8R6O
41MutTQWDvD0iLWztdtaL9+LtF6pWZDL2IMPBQgIYh1ttQ==
-----END CERTIFICATE-----