Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/vpYHaGri-Z8BPeI5SiHy3im16y8.roa
File:                     vpYHaGri-Z8BPeI5SiHy3im16y8.roa (raw, json)
Hash identifier:          IP1df6VOVT6uIOLzR010guMeOBctr8bZA93MlN8FsRM=
Subject key identifier:   BE:96:07:68:6A:E2:F9:9F:01:3D:E2:39:4A:21:F2:DE:29:B5:EB:2F
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       01856C6F1FD94297F980CE74C5396C81FC9B
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/vpYHaGri-Z8BPeI5SiHy3im16y8.roa
Signing time:             Sun 01 Jan 2023 08:25:00 +0000
ROA not before:           Sun 01 Jan 2023 08:25:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204755
IP address blocks:        2a0f:ca80:deed::/48 maxlen: 48
                          2a0f:ca80:fe0::/44 maxlen: 44
                          2a0f:ca80:b00b::/48 maxlen: 48
                          2a0f:ca80:616::/48 maxlen: 48
                          2a0f:ca80:666::/48 maxlen: 48
                          2a0f:ca81:deed::/48 maxlen: 48
                          2a0f:ca80:1339::/48 maxlen: 48
                          2a0f:ca81:b00b::/48 maxlen: 48
                          2a0f:ca80:beef::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6f:1f:d9:42:97:f9:80:ce:74:c5:39:6c:81:fc:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan  1 08:25:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=be9607686ae2f99f013de2394a21f2de29b5eb2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2a:dd:f4:04:35:ad:c1:3d:2f:8c:30:c3:c4:
                    ea:25:ca:eb:a4:a4:cb:2e:a9:7e:be:f1:43:9b:2c:
                    99:1c:a1:19:e6:c8:a9:5d:24:6a:81:6a:1e:be:1d:
                    ce:c1:e9:78:d6:c6:b3:52:73:a5:5a:bf:b5:58:d6:
                    29:70:a6:a6:38:7e:ac:2a:bc:c8:76:12:b5:a8:27:
                    f3:64:05:6f:b8:a6:42:55:5e:a7:70:30:ee:0f:06:
                    94:eb:d5:f5:d1:3c:ee:e7:2b:9e:e3:7e:b7:d4:4c:
                    e2:9d:92:f9:84:c1:97:24:17:6a:94:31:c0:01:b1:
                    a0:8a:10:99:df:b2:1e:7c:2d:95:0c:fa:b6:a6:eb:
                    85:b5:4c:19:9d:16:39:14:e2:79:09:e9:72:19:76:
                    e6:fa:cf:36:b1:95:e5:1d:96:6b:4a:71:01:53:83:
                    c3:0f:02:ee:1f:7b:fc:0b:e6:70:ac:72:45:42:91:
                    96:56:39:11:1c:77:23:3a:a9:82:ea:6c:57:f9:dd:
                    9a:22:f0:2b:a0:be:dc:f9:0d:6a:c0:03:8a:42:1e:
                    06:c5:03:da:dd:cd:e1:e5:34:e4:aa:40:51:9f:5b:
                    b9:c4:05:e8:f8:8a:da:b5:da:a1:39:24:6c:01:69:
                    8c:f2:a0:e1:1f:0b:f6:a2:e4:3b:0f:07:ba:4f:95:
                    a3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:96:07:68:6A:E2:F9:9F:01:3D:E2:39:4A:21:F2:DE:29:B5:EB:2F
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/vpYHaGri-Z8BPeI5SiHy3im16y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca80:616::/48
                  2a0f:ca80:666::/48
                  2a0f:ca80:fe0::/44
                  2a0f:ca80:1339::/48
                  2a0f:ca80:b00b::/48
                  2a0f:ca80:beef::/48
                  2a0f:ca80:deed::/48
                  2a0f:ca81:b00b::/48
                  2a0f:ca81:deed::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:85:ba:47:de:c1:f5:b6:52:29:79:4d:15:ff:0f:2e:9c:2b:
         33:bb:a5:c6:f8:48:76:03:b7:16:54:1c:b4:ca:42:49:4b:a8:
         51:d8:4d:d7:ab:3c:8a:9a:e1:87:f4:76:1d:4d:f3:f1:af:2d:
         3e:46:ac:81:cd:15:27:65:24:01:c7:6c:7e:6d:de:e8:73:e1:
         c3:6f:f6:95:95:fb:83:53:fb:9a:03:5e:c1:e6:b2:03:54:ce:
         eb:53:b1:c1:95:a5:0d:4b:2f:0b:8f:48:8d:9c:bd:3e:a9:57:
         20:3e:cb:94:df:d4:5a:77:a2:3b:ae:76:60:15:9e:d9:46:df:
         e2:2e:e9:04:72:32:c2:c0:ff:2b:1d:97:42:dc:69:47:ef:c2:
         e0:27:c5:4f:52:02:1b:f4:29:06:50:ca:c1:92:39:5f:33:cb:
         60:7b:7f:1e:51:d2:09:6f:bb:04:66:67:0a:ce:1b:87:e4:87:
         e9:8f:0e:91:76:77:34:80:9f:3c:07:97:ee:0a:60:3b:d8:6f:
         10:99:3b:f2:dd:34:35:ac:88:82:8f:1c:97:b7:86:bf:02:0e:
         70:7a:92:82:e9:ac:38:3b:00:60:9a:28:56:71:79:48:3e:b1:
         f6:bf:ba:22:11:0f:22:2c:2f:49:9b:74:79:b2:c1:78:e4:03:
         8a:26:04:2d
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVsbx/ZQpf5gM50xTlsgfybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjMwMTAxMDgyNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTk2MDc2ODZhZTJmOTlmMDEzZGUyMzk0YTIxZjJkZTI5YjVlYjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCrd9AQ1rcE9L4www8TqJcrrpKTL
Lql+vvFDmyyZHKEZ5sipXSRqgWoevh3Owel41sazUnOlWr+1WNYpcKamOH6sKrzI
dhK1qCfzZAVvuKZCVV6ncDDuDwaU69X10Tzu5yue43631EzinZL5hMGXJBdqlDHA
AbGgihCZ37IefC2VDPq2puuFtUwZnRY5FOJ5CelyGXbm+s82sZXlHZZrSnEBU4PD
DwLuH3v8C+ZwrHJFQpGWVjkRHHcjOqmC6mxX+d2aIvAroL7c+Q1qwAOKQh4GxQPa
3c3h5TTkqkBRn1u5xAXo+IratdqhOSRsAWmM8qDhHwv2ouQ7Dwe6T5WjlQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFL6WB2hq4vmfAT3iOUoh8t4ptesvMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvdnBZSGFHcmktWjhCUGVJNVNpSHkzaW0xNnk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBXBAIAAjBRAwcAKg/KgAYW
AwcAKg/KgAZmAwcEKg/KgA/gAwcAKg/KgBM5AwcAKg/KgLALAwcAKg/KgL7vAwcA
Kg/KgN7tAwcAKg/KgbALAwcAKg/Kgd7tMA0GCSqGSIb3DQEBCwUAA4IBAQB7hbpH
3sH1tlIpeU0V/w8unCszu6XG+Eh2A7cWVBy0ykJJS6hR2E3XqzyKmuGH9HYdTfPx
ry0+RqyBzRUnZSQBx2x+bd7oc+HDb/aVlfuDU/uaA17B5rIDVM7rU7HBlaUNSy8L
j0iNnL0+qVcgPsuU39Rad6I7rnZgFZ7ZRt/iLukEcjLCwP8rHZdC3GlH78LgJ8VP
UgIb9CkGUMrBkjlfM8tge38eUdIJb7sEZmcKzhuH5Ifpjw6Rdnc0gJ88B5fuCmA7
2G8QmTvy3TQ1rIiCjxyXt4a/Ag5wepKC6aw4OwBgmihWcXlIPrH2v7oiEQ8iLC9J
m3R5ssF45AOKJgQt
-----END CERTIFICATE-----