Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I9-aA-TLJPJsCcpZdXLwdC308nU.roa
File:                     I9-aA-TLJPJsCcpZdXLwdC308nU.roa (raw, json)
Hash identifier:          7kMDJBFcrlv3SdA8WNwrdmVR7gpsnXNGeWYecRDtuP8=
Subject key identifier:   23:DF:9A:03:E4:CB:24:F2:6C:09:CA:59:75:72:F0:74:2D:F4:F2:75
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA79DD480215B13EAE06F09B5B831
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I9-aA-TLJPJsCcpZdXLwdC308nU.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203629
IP address blocks:        2a0c:77c3::/32 maxlen: 32
                          2a0d:3884::/32 maxlen: 32
                          2a0d:3880::/32 maxlen: 32
                          2a0c:77c7::/32 maxlen: 32
                          2a0d:3883::/32 maxlen: 32
                          2a0d:3885::/32 maxlen: 32
                          2a0c:77c6::/32 maxlen: 32
                          2a0d:3882::/32 maxlen: 32
                          2a0c:77c5::/32 maxlen: 32
                          2a0c:77c1::/32 maxlen: 32
                          2a0d:3886::/32 maxlen: 32
                          2a0c:77c4::/32 maxlen: 32
                          2a0c:77c2::/32 maxlen: 32
                          2a0d:3887::/32 maxlen: 32
                          2a0d:3881::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 21:48:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a7:9d:d4:80:21:5b:13:ea:e0:6f:09:b5:b8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23df9a03e4cb24f26c09ca597572f0742df4f275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:32:1c:6f:2b:f9:5f:2d:8c:88:75:f8:d9:4e:
                    b6:7c:8b:28:0a:f5:3c:ad:7c:32:43:89:e7:7c:ad:
                    8a:cc:31:95:be:8e:ea:14:06:89:43:29:e0:40:b3:
                    84:7a:e5:e7:db:c8:05:1b:25:20:f7:b7:99:ba:e0:
                    9d:b8:d5:b4:96:5e:58:9b:69:1f:3c:ff:33:c0:30:
                    2e:9a:ad:76:de:ac:09:87:35:7d:eb:7a:2c:9e:3c:
                    84:77:64:97:9b:0e:32:26:4e:9f:e1:94:a9:01:51:
                    d0:23:de:3c:ae:c0:e2:45:0c:ff:f3:14:6e:10:52:
                    26:06:53:07:ba:97:c2:c9:e9:cc:3c:47:59:e6:86:
                    eb:5b:41:7b:ca:29:64:ad:9c:ce:ec:21:04:d9:bb:
                    aa:5a:f5:1d:ec:92:c8:32:92:2b:80:8e:69:d4:a2:
                    b6:76:b0:e1:91:7e:fa:e9:ba:d3:01:06:fc:84:f9:
                    e4:51:ca:eb:d1:47:74:13:1e:e4:e5:d1:66:62:41:
                    39:fe:32:76:6e:3d:c7:49:bc:08:3a:09:69:81:4c:
                    60:a0:17:97:f2:7a:cb:68:24:65:ff:a1:10:77:c8:
                    37:ce:52:ee:5b:8c:9e:ff:86:d3:31:c2:9d:ab:ad:
                    40:57:72:28:3f:8b:a3:5c:98:6f:2c:70:b4:f3:53:
                    5e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:DF:9A:03:E4:CB:24:F2:6C:09:CA:59:75:72:F0:74:2D:F4:F2:75
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I9-aA-TLJPJsCcpZdXLwdC308nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:77c1::-2a0c:77c7:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0d:3880::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:41:74:e3:f2:e9:09:85:f8:a8:90:5d:c4:79:60:89:ed:84:
         2a:00:49:2a:70:1b:3a:72:9b:77:1e:83:7c:81:8c:f3:18:c5:
         89:84:db:8a:9c:09:10:e0:31:57:44:c8:12:fe:af:83:42:ea:
         f9:26:70:f6:99:bd:8a:2d:02:88:ec:f8:17:33:89:fd:2a:e2:
         a4:39:bb:56:8c:fc:e4:39:68:13:2c:bf:9c:ef:c4:b5:0d:85:
         0f:67:aa:6b:bd:00:b7:aa:22:2d:43:eb:32:37:13:96:0f:43:
         1d:b9:b6:b6:b2:59:1d:b2:7e:94:42:1b:ba:8c:d4:e2:57:ad:
         7d:d9:9f:5a:77:54:a5:18:45:0c:e7:1e:50:d9:83:98:8b:fb:
         c1:77:bb:d0:5c:19:5f:d9:17:8f:be:98:b6:bb:10:94:5d:0c:
         fc:fa:27:d6:9b:68:a5:ad:d8:90:dd:29:38:7f:53:26:58:6c:
         60:d8:8c:23:f5:11:72:9c:77:82:fd:5f:f2:93:5c:6d:fc:9a:
         2a:db:67:b3:6a:82:56:c5:95:1e:0e:51:8e:b0:3f:81:e0:2e:
         23:9d:ba:9c:92:2d:d8:91:6f:6b:d3:e5:d1:02:3b:dd:4a:1e:
         37:e6:5e:17:ae:c5:d7:29:0b:78:78:ff:ac:f0:97:10:67:47:
         4b:ae:97:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI36ed1IAhWxPq4G8JtbgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2RmOWEwM2U0Y2IyNGYyNmMwOWNhNTk3NTcyZjA3NDJkZjRmMjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDIcbyv5Xy2MiHX42U62fIsoCvU8
rXwyQ4nnfK2KzDGVvo7qFAaJQyngQLOEeuXn28gFGyUg97eZuuCduNW0ll5Ym2kf
PP8zwDAumq123qwJhzV963osnjyEd2SXmw4yJk6f4ZSpAVHQI948rsDiRQz/8xRu
EFImBlMHupfCyenMPEdZ5obrW0F7yilkrZzO7CEE2buqWvUd7JLIMpIrgI5p1KK2
drDhkX766brTAQb8hPnkUcrr0Ud0Ex7k5dFmYkE5/jJ2bj3HSbwIOglpgUxgoBeX
8nrLaCRl/6EQd8g3zlLuW4ye/4bTMcKdq61AV3IoP4ujXJhvLHC081NePwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCPfmgPkyyTybAnKWXVy8HQt9PJ1MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSTktYUEtVExKUEpzQ2NwWmRYTHdkQzMwOG5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXMA4DBQAqDHfB
AwUDKgx3wAMFAyoNOIAwDQYJKoZIhvcNAQELBQADggEBAD1BdOPy6QmF+KiQXcR5
YInthCoASSpwGzpym3ceg3yBjPMYxYmE24qcCRDgMVdEyBL+r4NC6vkmcPaZvYot
Aojs+Bczif0q4qQ5u1aM/OQ5aBMsv5zvxLUNhQ9nqmu9ALeqIi1D6zI3E5YPQx25
trayWR2yfpRCG7qM1OJXrX3Zn1p3VKUYRQznHlDZg5iL+8F3u9BcGV/ZF4++mLa7
EJRdDPz6J9abaKWt2JDdKTh/UyZYbGDYjCP1EXKcd4L9X/KTXG38mirbZ7NqglbF
lR4OUY6wP4HgLiOdupySLdiRb2vT5dECO91KHjfmXheuxdcpC3h4/6zwlxBnR0uu
l8A=
-----END CERTIFICATE-----