Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/zLkIcAyJe9T6l_C9YXKXHUnBtbM.roa
File:                     zLkIcAyJe9T6l_C9YXKXHUnBtbM.roa (raw, json)
Hash identifier:          paRMUho6Mm8IdZ2xUupQIIQLGW8g8HA1FhlNZiPpTLU=
Subject key identifier:   CC:B9:08:70:0C:89:7B:D4:FA:97:F0:BD:61:72:97:1D:49:C1:B5:B3
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369F1BA64D5487AC5A26AEE900E9E4D
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/zLkIcAyJe9T6l_C9YXKXHUnBtbM.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214610
IP address blocks:        2a0f:7803:f680::/44 maxlen: 48
                          2a0f:7803:f690::/44 maxlen: 48
                          2a0f:7803:f6a0::/44 maxlen: 48
                          2a0f:7803:f7c0::/44 maxlen: 48
                          2a0f:7803:f7d0::/44 maxlen: 48
                          2a0f:7803:f7e0::/44 maxlen: 48
                          2a0f:7803:f7f0::/44 maxlen: 48
                          2a0f:7803:f800::/44 maxlen: 48
                          2a0f:7803:f810::/44 maxlen: 48
                          2a0f:7803:f840::/44 maxlen: 48
                          2a0f:7803:f860::/44 maxlen: 48
                          2a0f:7803:f8b0::/44 maxlen: 48
                          2a0f:7803:f970::/44 maxlen: 48
Validation:               Failed, certificate revoked on Thu 09 Jan 2025 18:44:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f1:ba:64:d5:48:7a:c5:a2:6a:ee:90:0e:9e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccb908700c897bd4fa97f0bd6172971d49c1b5b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d1:f8:ae:e0:95:8d:a9:3f:12:16:01:57:1c:
                    c9:01:4a:4a:47:31:8e:58:b2:cd:cf:c4:71:f1:e1:
                    1b:e5:fe:41:88:23:a7:07:cc:65:73:bf:a1:28:10:
                    53:1b:6f:3c:a2:b4:cc:2d:88:3f:54:7c:7d:ba:9d:
                    fd:02:84:dc:89:93:e2:a7:77:15:76:fe:86:97:7f:
                    6f:d7:10:f3:84:48:c9:0f:5a:cd:07:9f:6c:1e:b3:
                    d7:79:96:1f:54:02:b3:99:bc:e3:85:8f:d8:9f:34:
                    4d:24:26:45:ab:e9:0a:e6:76:e1:ca:0a:56:2e:40:
                    eb:67:ff:9f:ab:0f:6e:40:58:14:19:73:11:33:ff:
                    9b:2d:14:6b:08:0e:03:2a:95:4b:df:a4:9a:d1:85:
                    cb:f4:7e:c3:0d:5e:a5:ce:38:ed:34:d4:1d:47:df:
                    7e:c9:05:2d:73:e5:37:e4:dd:a5:a0:87:f5:43:56:
                    6a:35:bf:8c:ff:59:2f:ab:47:c0:3a:42:1c:0a:0f:
                    ab:d0:8c:a9:16:89:13:db:12:2a:7b:1c:7f:97:86:
                    b1:11:c2:44:90:48:11:29:b7:39:79:51:d7:11:fd:
                    63:9d:0f:b2:05:f7:a4:ad:4a:48:17:36:40:b5:8b:
                    d1:a5:77:e5:45:b8:08:ea:58:2c:b5:8d:4e:00:bc:
                    61:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B9:08:70:0C:89:7B:D4:FA:97:F0:BD:61:72:97:1D:49:C1:B5:B3
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/zLkIcAyJe9T6l_C9YXKXHUnBtbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f680::-2a0f:7803:f6af:ffff:ffff:ffff:ffff:ffff
                  2a0f:7803:f7c0::-2a0f:7803:f81f:ffff:ffff:ffff:ffff:ffff
                  2a0f:7803:f840::/44
                  2a0f:7803:f860::/44
                  2a0f:7803:f8b0::/44
                  2a0f:7803:f970::/44

    Signature Algorithm: sha256WithRSAEncryption
         23:7d:7e:01:30:38:34:79:14:b6:1e:dc:98:1e:88:ce:66:cc:
         a5:73:7e:da:a8:cd:a5:4d:db:3a:30:c8:0b:ae:67:e1:37:fe:
         2c:00:f1:24:4a:78:52:e7:27:2f:8d:fe:7d:f0:20:74:e1:4d:
         23:7c:b3:56:52:02:dd:90:da:42:6a:33:d8:f8:6f:d9:67:ff:
         37:8f:3d:07:c2:c8:6b:80:5f:1b:0c:92:fb:af:0e:20:21:a5:
         12:d3:f9:fa:16:6e:e4:03:f6:c9:e8:3f:91:74:04:3c:cc:1d:
         fd:15:77:bd:6d:83:f5:04:3e:ba:52:02:09:d8:2d:a9:08:fb:
         00:3f:61:55:9d:63:d2:32:1e:48:dc:79:38:eb:88:bf:0f:53:
         65:cd:fa:2d:3b:af:44:6f:40:33:f3:48:e0:1f:69:f9:b9:0c:
         bf:c0:10:70:e0:61:e5:58:d2:87:66:26:80:7d:7c:79:90:09:
         2d:c4:00:89:0d:74:82:1c:a5:fe:6b:3a:64:31:b6:f5:83:d8:
         7f:b6:e7:7e:3b:75:cb:09:cb:31:fd:77:b8:cd:e8:74:d7:d3:
         30:a9:c0:da:bf:d5:c0:27:5b:01:9e:75:28:6f:ae:8b:66:b1:
         03:88:e1:ad:3c:1c:eb:70:be:a4:90:d6:dc:c1:e6:36:a0:0f:
         c1:a6:ac:f1
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZQjafG6ZNVIesWiau6QDp5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2I5MDg3MDBjODk3YmQ0ZmE5N2YwYmQ2MTcyOTcxZDQ5YzFiNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodH4ruCVjak/EhYBVxzJAUpKRzGO
WLLNz8Rx8eEb5f5BiCOnB8xlc7+hKBBTG288orTMLYg/VHx9up39AoTciZPip3cV
dv6Gl39v1xDzhEjJD1rNB59sHrPXeZYfVAKzmbzjhY/YnzRNJCZFq+kK5nbhygpW
LkDrZ/+fqw9uQFgUGXMRM/+bLRRrCA4DKpVL36Sa0YXL9H7DDV6lzjjtNNQdR99+
yQUtc+U35N2loIf1Q1ZqNb+M/1kvq0fAOkIcCg+r0IypFokT2xIqexx/l4axEcJE
kEgRKbc5eVHXEf1jnQ+yBfekrUpIFzZAtYvRpXflRbgI6lgstY1OALxhKQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFMy5CHAMiXvU+pfwvWFylx1JwbWzMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvekxrSWNBeUplOVQ2bF9DOVlYS1hIVW5CdGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMMBIDBwcqD3gD
9oADBwQqD3gD9qAwEgMHBioPeAP3wAMHBSoPeAP4AAMHBCoPeAP4QAMHBCoPeAP4
YAMHBCoPeAP4sAMHBCoPeAP5cDANBgkqhkiG9w0BAQsFAAOCAQEAI31+ATA4NHkU
th7cmB6IzmbMpXN+2qjNpU3bOjDIC65n4Tf+LADxJEp4UucnL43+ffAgdOFNI3yz
VlIC3ZDaQmoz2Phv2Wf/N489B8LIa4BfGwyS+68OICGlEtP5+hZu5AP2yeg/kXQE
PMwd/RV3vW2D9QQ+ulICCdgtqQj7AD9hVZ1j0jIeSNx5OOuIvw9TZc36LTuvRG9A
M/NI4B9p+bkMv8AQcOBh5VjSh2YmgH18eZAJLcQAiQ10ghyl/ms6ZDG29YPYf7bn
fjt1ywnLMf13uM3odNfTMKnA2r/VwCdbAZ51KG+ui2axA4jhrTwc63C+pJDW3MHm
NqAPwaas8Q==
-----END CERTIFICATE-----