Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/mEuzd8DHE-V3OTn4ltDmYPZg_Uw.roa
File:                     mEuzd8DHE-V3OTn4ltDmYPZg_Uw.roa (raw, json)
Hash identifier:          C78VXt+eilNX86dksZpX4tdU2oRrUT8d136Pwrq62j8=
Subject key identifier:   98:4B:B3:77:C0:C7:13:E5:77:39:39:F8:96:D0:E6:60:F6:60:FD:4C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0194881CA7149AEA5904D5EBD7C26A54208B
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/mEuzd8DHE-V3OTn4ltDmYPZg_Uw.roa
Signing time:             Tue 21 Jan 2025 09:06:06 +0000
ROA not before:           Tue 21 Jan 2025 09:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2a06:a600::/29 maxlen: 29
                          2a06:b5c0::/29 maxlen: 29
                          2a06:bf40::/29 maxlen: 29
                          2a0e:1a84::/32 maxlen: 32
                          2a0e:f600:5f::/48 maxlen: 48
                          2a0f:1e80:100::/48 maxlen: 48
                          2a0f:1e80:1986::/48 maxlen: 48
                          2a0f:1e84:20::/48 maxlen: 48
                          2a0f:3d80:bac::/48 maxlen: 48
                          2a0f:7d00:1::/48 maxlen: 48
                          2a0f:bc00:a1c4::/48 maxlen: 48
                          2a0f:e6c6:5532::/48 maxlen: 48
                          2a13:2b40::/29 maxlen: 32
Validation:               Failed, certificate revoked on Fri 24 Jan 2025 09:52:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:1c:a7:14:9a:ea:59:04:d5:eb:d7:c2:6a:54:20:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan 21 09:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=984bb377c0c713e5773939f896d0e660f660fd4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5f:54:78:1e:bf:a6:64:dc:74:6a:4d:0c:98:
                    48:52:1c:86:5a:f5:f7:5e:bb:27:c9:4c:ce:df:05:
                    98:e8:f5:ca:5d:bd:d2:fe:e0:d0:83:32:b9:0b:73:
                    21:90:93:c8:81:34:c5:55:94:a6:94:0a:ef:25:2a:
                    35:d9:e6:74:e7:6a:93:6a:e9:d7:77:88:5b:a3:4b:
                    49:c2:92:f0:14:f3:ac:c8:f4:c6:f8:61:e5:49:6d:
                    7c:ff:c8:ef:74:c8:de:cb:94:e5:23:8c:fa:5e:80:
                    fc:0c:11:af:f5:18:e0:53:0a:9f:fb:23:c6:8f:72:
                    3a:f1:d2:da:27:07:a1:b7:03:a4:35:4d:d3:7d:04:
                    76:8e:14:b5:72:a2:a5:c9:12:c9:e4:1f:fd:68:ba:
                    ad:b6:eb:91:ca:a2:88:a7:a7:63:6c:b5:07:c0:fa:
                    16:f1:9c:cb:bf:4a:ea:b6:76:fb:31:0b:0c:c4:ec:
                    be:81:17:b8:c4:fd:7e:d7:2b:a1:36:de:92:a7:ce:
                    44:ca:c7:0f:11:c0:5e:87:e4:66:76:ca:c5:e7:40:
                    79:64:7e:e7:46:0a:9b:11:17:11:78:fa:c9:99:ab:
                    66:a5:3d:81:dc:51:49:51:5c:a3:75:89:1f:d2:12:
                    d2:63:e8:51:bf:d0:b0:aa:ee:c0:43:cf:b6:7b:a4:
                    a3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:4B:B3:77:C0:C7:13:E5:77:39:39:F8:96:D0:E6:60:F6:60:FD:4C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/mEuzd8DHE-V3OTn4ltDmYPZg_Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a600::/29
                  2a06:b5c0::/29
                  2a06:bf40::/29
                  2a0e:1a84::/32
                  2a0e:f600:5f::/48
                  2a0f:1e80:100::/48
                  2a0f:1e80:1986::/48
                  2a0f:1e84:20::/48
                  2a0f:3d80:bac::/48
                  2a0f:7d00:1::/48
                  2a0f:bc00:a1c4::/48
                  2a0f:e6c6:5532::/48
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:09:f7:23:b0:f8:07:63:e4:67:de:f9:fc:7b:a7:6b:ae:d6:
         68:94:95:06:77:f1:43:cd:6e:0f:ca:b7:77:1f:3b:24:b4:10:
         75:ae:eb:54:1e:63:c7:80:2d:88:f8:8e:53:ae:b7:70:76:df:
         37:3a:93:69:67:0e:2b:f9:c8:cc:a3:36:a2:a1:f5:37:11:ec:
         53:1b:18:54:59:f5:a7:20:12:92:86:2b:a5:d1:1a:f7:c8:24:
         73:5e:39:c4:ac:9a:e4:ff:ab:ee:5a:b1:b7:7c:ea:8c:9e:31:
         af:1e:82:12:89:9a:c1:e3:94:c4:22:38:cf:d2:a8:a4:47:5d:
         64:33:94:07:60:52:bf:86:89:b7:a2:d9:62:b1:f8:d7:97:8e:
         19:a4:84:cd:30:e0:6a:02:6e:89:99:4e:74:3e:75:e3:56:b4:
         5b:ae:d8:10:60:2a:e5:b2:7b:0c:af:86:50:39:79:8a:0d:72:
         50:77:b3:a3:f4:bb:bc:8e:ff:f8:88:57:f3:51:c3:fb:f9:35:
         d5:cb:b9:9a:2f:f3:0e:3f:5c:d6:eb:3f:5f:a5:a6:c6:5c:c1:
         c6:25:53:f7:f8:dd:2f:93:07:27:e9:57:3c:bb:d2:12:28:5f:
         f8:98:05:7f:54:6c:36:f2:63:ae:70:1e:87:9f:dc:17:98:d7:
         d9:6f:72:19
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAZSIHKcUmupZBNXr18JqVCCLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMTIxMDkwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODRiYjM3N2MwYzcxM2U1NzczOTM5Zjg5NmQwZTY2MGY2NjBmZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoF9UeB6/pmTcdGpNDJhIUhyGWvX3
XrsnyUzO3wWY6PXKXb3S/uDQgzK5C3MhkJPIgTTFVZSmlArvJSo12eZ052qTaunX
d4hbo0tJwpLwFPOsyPTG+GHlSW18/8jvdMjey5TlI4z6XoD8DBGv9RjgUwqf+yPG
j3I68dLaJwehtwOkNU3TfQR2jhS1cqKlyRLJ5B/9aLqttuuRyqKIp6djbLUHwPoW
8ZzLv0rqtnb7MQsMxOy+gRe4xP1+1yuhNt6Sp85EyscPEcBeh+RmdsrF50B5ZH7n
RgqbERcRePrJmatmpT2B3FFJUVyjdYkf0hLSY+hRv9Cwqu7AQ8+2e6SjtQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFJhLs3fAxxPldzk5+JbQ5mD2YP1MMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvbUV1emQ4REhFLVYzT1RuNGx0RG1ZUFpnX1V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwcQQCAAIwawMFAyoGpgAD
BQMqBrXAAwUDKga/QAMFACoOGoQDBwAqDvYAAF8DBwAqDx6AAQADBwAqDx6AGYYD
BwAqDx6EACADBwAqDz2AC6wDBwAqD30AAAEDBwAqD7wAocQDBwAqD+bGVTIDBQMq
EytAMA0GCSqGSIb3DQEBCwUAA4IBAQAxCfcjsPgHY+Rn3vn8e6drrtZolJUGd/FD
zW4Pyrd3HzsktBB1rutUHmPHgC2I+I5Trrdwdt83OpNpZw4r+cjMozaiofU3EexT
GxhUWfWnIBKShiul0Rr3yCRzXjnErJrk/6vuWrG3fOqMnjGvHoISiZrB45TEIjjP
0qikR11kM5QHYFK/hom3otlisfjXl44ZpITNMOBqAm6JmU50PnXjVrRbrtgQYCrl
snsMr4ZQOXmKDXJQd7Oj9Lu8jv/4iFfzUcP7+TXVy7maL/MOP1zW6z9fpabGXMHG
JVP3+N0vkwcn6Vc8u9ISKF/4mAV/VGw28mOucB6Hn9wXmNfZb3IZ
-----END CERTIFICATE-----