Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/z9xcAXefAfpH77PRp0s7glV9Kl8.roa
File:                     z9xcAXefAfpH77PRp0s7glV9Kl8.roa (raw, json)
Hash identifier:          1Z5u8AEyifaXRfFwQ8LNWQQY4nf9SrzNG6D7e6wfy+g=
Subject key identifier:   CF:DC:5C:01:77:9F:01:FA:47:EF:B3:D1:A7:4B:3B:82:55:7D:2A:5F
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       0191A86FC4FF9FE66355559F0C9CE004C37A
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/z9xcAXefAfpH77PRp0s7glV9Kl8.roa
Signing time:             Sat 31 Aug 2024 12:36:22 +0000
ROA not before:           Sat 31 Aug 2024 12:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51026
IP address blocks:        62.220.126.0/24 maxlen: 24
                          62.220.127.0/24 maxlen: 24
                          81.12.24.0/22 maxlen: 24
                          81.12.24.0/24 maxlen: 24
                          81.12.25.0/24 maxlen: 24
                          81.12.26.0/24 maxlen: 24
                          81.12.27.0/24 maxlen: 24
                          81.12.30.0/24 maxlen: 24
                          81.12.31.0/24 maxlen: 24
                          87.107.8.0/23 maxlen: 24
                          87.107.110.0/23 maxlen: 24
                          87.107.110.0/24 maxlen: 24
                          87.107.111.0/24 maxlen: 24
                          87.107.144.0/24 maxlen: 24
                          87.107.152.0/24 maxlen: 24
                          87.107.153.0/24 maxlen: 24
                          87.107.166.0/24 maxlen: 24
                          87.107.167.0/24 maxlen: 24
                          87.107.174.0/24 maxlen: 24
                          87.107.175.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 29 Sep 2024 09:23:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a8:6f:c4:ff:9f:e6:63:55:55:9f:0c:9c:e0:04:c3:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Aug 31 12:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfdc5c01779f01fa47efb3d1a74b3b82557d2a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:cf:22:3c:17:1a:a7:e2:e0:89:88:3c:e0:36:
                    a7:8e:01:9f:b4:ef:19:60:b1:e7:fb:d8:52:62:cd:
                    07:f0:be:18:57:82:3e:37:0b:9d:3f:99:62:95:30:
                    c3:72:b0:99:27:f2:c3:05:a2:8f:4c:04:8f:d9:dd:
                    92:65:07:1d:4b:70:b4:ba:41:ad:a9:24:fa:e6:70:
                    3c:01:b2:6e:91:81:70:50:7b:75:f7:30:6d:7a:9e:
                    ed:2d:57:16:c1:83:8b:1b:f2:08:25:cd:9d:71:24:
                    55:a6:fb:47:67:d4:ef:f8:c8:a7:e3:70:72:8f:ba:
                    63:d3:81:0d:06:51:d3:2f:5f:11:ff:ac:f0:be:0b:
                    7c:db:f9:4b:fe:34:68:d4:5e:00:be:d9:10:f2:8b:
                    2d:32:23:3f:9e:8b:d1:14:60:52:51:13:73:7b:e5:
                    34:7f:a7:ed:0f:68:4c:1e:bc:6e:a4:52:dc:e0:4e:
                    3f:3c:6d:0f:93:9f:21:47:da:46:6c:ce:03:5b:78:
                    6d:82:05:33:d7:72:98:5b:74:73:b6:6b:7f:7c:36:
                    66:68:52:e0:de:50:56:d1:87:a5:76:89:27:f9:bc:
                    b9:ef:98:4d:f4:8b:5e:40:7b:4d:9d:a0:93:a0:ff:
                    33:90:43:ad:eb:ad:76:d5:4a:36:32:0e:05:d6:a4:
                    8e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:DC:5C:01:77:9F:01:FA:47:EF:B3:D1:A7:4B:3B:82:55:7D:2A:5F
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/z9xcAXefAfpH77PRp0s7glV9Kl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.126.0/23
                  81.12.24.0/22
                  81.12.30.0/23
                  87.107.8.0/23
                  87.107.110.0/23
                  87.107.144.0/24
                  87.107.152.0/23
                  87.107.166.0/23
                  87.107.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:30:d8:0a:8b:f5:2f:a3:96:40:2f:21:42:d8:e6:f3:bb:da:
         db:64:6b:ed:bc:35:9f:29:c7:9c:52:33:74:ce:7f:38:4b:d0:
         58:1e:5f:3e:86:2d:3c:95:55:b0:7c:d0:c2:92:f8:a8:1a:66:
         0d:4d:0d:79:47:ba:d1:ec:05:08:b6:28:34:31:59:82:9b:5a:
         70:dc:ee:09:e5:60:14:5c:37:42:3e:f4:69:38:e9:71:ed:34:
         8e:89:5f:d8:3c:4a:49:d5:39:df:91:48:29:8a:b3:66:6c:9b:
         a0:e4:13:4a:5f:70:f5:af:ad:97:5b:95:5a:26:e7:3b:71:ab:
         c0:8d:8f:d7:70:4c:5a:f8:77:4b:35:21:bf:f9:ea:82:05:e7:
         2f:4b:2f:36:5e:7f:73:22:9a:ff:43:6b:df:05:57:d7:18:6c:
         bb:12:50:bb:bf:8e:50:02:8d:4c:03:ff:64:0f:41:a1:b7:b4:
         71:4a:82:66:90:91:78:64:31:11:fd:0f:78:18:b7:1d:90:c4:
         d2:6c:5e:99:b3:30:41:2a:85:1c:77:28:be:68:27:4b:fd:91:
         1d:00:b8:43:3e:95:e0:69:37:72:d9:f8:c9:61:11:95:2c:68:
         1e:59:bf:73:3f:3b:7e:11:db:be:02:07:22:37:ff:26:0f:f3:
         87:dd:f3:84
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZGob8T/n+ZjVVWfDJzgBMN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwODMxMTIzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmRjNWMwMTc3OWYwMWZhNDdlZmIzZDFhNzRiM2I4MjU1N2QyYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzc8iPBcap+LgiYg84DanjgGftO8Z
YLHn+9hSYs0H8L4YV4I+NwudP5lilTDDcrCZJ/LDBaKPTASP2d2SZQcdS3C0ukGt
qST65nA8AbJukYFwUHt19zBtep7tLVcWwYOLG/IIJc2dcSRVpvtHZ9Tv+Min43By
j7pj04ENBlHTL18R/6zwvgt82/lL/jRo1F4AvtkQ8ostMiM/novRFGBSURNze+U0
f6ftD2hMHrxupFLc4E4/PG0Pk58hR9pGbM4DW3htggUz13KYW3Rztmt/fDZmaFLg
3lBW0Yeldokn+by575hN9IteQHtNnaCToP8zkEOt66121Uo2Mg4F1qSOlQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFM/cXAF3nwH6R++z0adLO4JVfSpfMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvejl4Y0FYZWZBZnBINzdQUnAwczdnbFY5S2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBPtx+AwQC
UQwYAwQBUQweAwQBV2sIAwQBV2tuAwQAV2uQAwQBV2uYAwQBV2umAwQBV2uuMA0G
CSqGSIb3DQEBCwUAA4IBAQATMNgKi/Uvo5ZALyFC2Obzu9rbZGvtvDWfKcecUjN0
zn84S9BYHl8+hi08lVWwfNDCkvioGmYNTQ15R7rR7AUItig0MVmCm1pw3O4J5WAU
XDdCPvRpOOlx7TSOiV/YPEpJ1TnfkUgpirNmbJug5BNKX3D1r62XW5VaJuc7cavA
jY/XcExa+HdLNSG/+eqCBecvSy82Xn9zIpr/Q2vfBVfXGGy7ElC7v45QAo1MA/9k
D0Ght7RxSoJmkJF4ZDER/Q94GLcdkMTSbF6ZszBBKoUcdyi+aCdL/ZEdALhDPpXg
aTdy2fjJYRGVLGgeWb9zPzt+Edu+AgciN/8mD/OH3fOE
-----END CERTIFICATE-----