Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/YYi9SE3PirS1DSsiVwWCcHy5hPc.roa
File:                     YYi9SE3PirS1DSsiVwWCcHy5hPc.roa (raw, json)
Hash identifier:          V7D40WtPfA5v1mlZNoJvSOVqn3LruVMF9uyTihr1kUc=
Subject key identifier:   61:88:BD:48:4D:CF:8A:B4:B5:0D:2B:22:57:05:82:70:7C:B9:84:F7
Certificate issuer:       /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial:       019451861EEEB712EBFECDD838A05917715A
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/YYi9SE3PirS1DSsiVwWCcHy5hPc.roa
Signing time:             Fri 10 Jan 2025 18:42:11 +0000
ROA not before:           Fri 10 Jan 2025 18:42:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212128
IP address blocks:        2a10:cbc0::/29 maxlen: 29
                          2a11:e380::/32 maxlen: 32
                          2a11:e381::/32 maxlen: 32
                          2a11:e382::/32 maxlen: 32
                          2a11:e383::/32 maxlen: 32
                          2a11:e384::/32 maxlen: 32
                          2a11:e385::/32 maxlen: 32
                          2a11:e386::/32 maxlen: 32
                          2a11:e387::/32 maxlen: 32
                          2a12:70c0::/32 maxlen: 32
                          2a12:70c1::/32 maxlen: 32
                          2a12:70c2::/32 maxlen: 32
                          2a12:70c3::/32 maxlen: 32
                          2a12:70c4::/32 maxlen: 32
                          2a12:70c5::/32 maxlen: 32
                          2a12:70c6::/32 maxlen: 32
                          2a12:70c7::/32 maxlen: 32
                          2a13:7e00::/32 maxlen: 32
                          2a13:7e01::/32 maxlen: 32
                          2a13:7e02::/32 maxlen: 32
                          2a13:7e03::/32 maxlen: 32
                          2a13:7e04::/32 maxlen: 32
                          2a13:7e05::/32 maxlen: 32
                          2a13:7e06::/32 maxlen: 32
                          2a13:7e07::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 14 Jan 2025 15:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:51:86:1e:ee:b7:12:eb:fe:cd:d8:38:a0:59:17:71:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
        Validity
            Not Before: Jan 10 18:42:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6188bd484dcf8ab4b50d2b22570582707cb984f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f3:ce:ff:6f:21:8d:f7:cc:d8:26:4e:d7:f9:
                    f5:9e:0e:2a:d8:91:cc:e9:d7:dd:8c:c6:44:fd:3e:
                    33:f6:93:3d:aa:8e:58:34:84:bb:fc:dd:a4:92:57:
                    83:d5:1a:99:b9:8b:fe:e0:0e:e0:3b:e1:9f:75:b8:
                    b0:ba:7e:d2:cc:ca:09:be:c0:5c:b9:34:bb:2d:fd:
                    f4:9e:74:09:19:12:42:70:66:86:5a:54:2e:2f:d9:
                    6d:91:05:4a:c9:4c:ee:65:fe:8f:03:23:48:92:80:
                    f4:c9:5b:a6:dc:2c:c4:67:26:54:31:2d:e2:e6:6c:
                    bc:22:f1:81:0c:27:6d:bf:e2:99:a1:f5:cf:f4:07:
                    a7:0d:67:23:5d:cb:9a:58:e7:bd:a8:84:27:47:ee:
                    dc:f3:47:ac:0c:48:79:3e:c7:7e:a8:ee:2f:0b:3b:
                    39:d3:cd:89:75:cc:ef:ec:0c:82:35:bc:9c:74:b8:
                    57:da:01:69:6d:9a:5f:51:dc:1d:b0:4b:ec:7d:2b:
                    79:9a:01:98:01:44:13:4d:fa:cc:3e:c7:38:1f:59:
                    07:5d:a7:5b:ac:15:65:49:8b:11:02:77:ae:bf:c7:
                    69:6c:85:d3:61:f7:e4:df:a8:bb:89:30:db:48:f3:
                    4b:9e:82:ed:d5:28:d1:dd:73:c3:d5:29:0a:2c:44:
                    fe:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:88:BD:48:4D:CF:8A:B4:B5:0D:2B:22:57:05:82:70:7C:B9:84:F7
            X509v3 Authority Key Identifier:
                keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/YYi9SE3PirS1DSsiVwWCcHy5hPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cbc0::/29
                  2a11:e380::/29
                  2a12:70c0::/29
                  2a13:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:71:40:14:49:f0:88:77:da:2d:c9:ca:92:4c:6c:4e:1b:68:
         86:91:28:81:8b:a1:d1:f0:57:30:f5:13:21:22:a6:fc:8e:12:
         10:c1:d7:0d:81:90:87:c1:f7:a4:b2:ae:ab:99:d1:a4:17:74:
         84:6a:f7:66:f0:40:33:49:22:4e:fe:50:50:05:03:5e:05:57:
         3a:19:41:81:17:f1:fd:63:68:2f:53:de:d7:e5:ef:83:6d:9a:
         fe:b2:b3:11:4b:0a:53:33:cf:99:8d:7e:1f:2e:a8:67:69:9c:
         b2:93:dc:47:0c:1f:a9:97:ee:81:2d:fa:79:50:48:92:51:f3:
         e2:15:4b:c2:1f:40:51:23:3e:8e:59:e8:52:32:16:8b:dc:73:
         99:bb:ba:57:93:da:b8:8e:04:73:6a:4c:8d:20:33:b2:0a:b5:
         bf:8b:ab:6b:79:aa:88:d2:32:1a:f5:8e:f8:51:88:1d:18:02:
         ba:e8:18:b3:73:19:e2:ff:f3:4a:d2:e1:fb:86:ff:8d:da:32:
         80:8a:16:ad:81:8b:5d:68:ad:15:41:5f:d2:ec:c0:45:70:ee:
         45:61:22:64:2a:06:82:58:fa:d4:93:c1:cc:3d:b4:90:94:db:
         37:b8:61:5a:eb:07:d4:60:34:fc:c7:85:c2:39:94:a4:30:25:
         82:1f:fc:26
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZRRhh7utxLr/s3YOKBZF3FaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjUwMTEwMTg0MjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTg4YmQ0ODRkY2Y4YWI0YjUwZDJiMjI1NzA1ODI3MDdjYjk4NGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vPO/28hjffM2CZO1/n1ng4q2JHM
6dfdjMZE/T4z9pM9qo5YNIS7/N2kkleD1RqZuYv+4A7gO+Gfdbiwun7SzMoJvsBc
uTS7Lf30nnQJGRJCcGaGWlQuL9ltkQVKyUzuZf6PAyNIkoD0yVum3CzEZyZUMS3i
5my8IvGBDCdtv+KZofXP9AenDWcjXcuaWOe9qIQnR+7c80esDEh5Psd+qO4vCzs5
082Jdczv7AyCNbycdLhX2gFpbZpfUdwdsEvsfSt5mgGYAUQTTfrMPsc4H1kHXadb
rBVlSYsRAneuv8dpbIXTYffk36i7iTDbSPNLnoLt1SjR3XPD1SkKLET+jwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFGGIvUhNz4q0tQ0rIlcFgnB8uYT3MB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvWVlpOVNFM1BpclMxRFNzaVZ3V0NjSHk1aFBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKhDLwAMF
AyoR44ADBQMqEnDAAwUDKhN+ADANBgkqhkiG9w0BAQsFAAOCAQEAfHFAFEnwiHfa
LcnKkkxsThtohpEogYuh0fBXMPUTISKm/I4SEMHXDYGQh8H3pLKuq5nRpBd0hGr3
ZvBAM0kiTv5QUAUDXgVXOhlBgRfx/WNoL1Pe1+Xvg22a/rKzEUsKUzPPmY1+Hy6o
Z2mcspPcRwwfqZfugS36eVBIklHz4hVLwh9AUSM+jlnoUjIWi9xzmbu6V5PauI4E
c2pMjSAzsgq1v4ura3mqiNIyGvWO+FGIHRgCuugYs3MZ4v/zStLh+4b/jdoygIoW
rYGLXWitFUFf0uzARXDuRWEiZCoGglj61JPBzD20kJTbN7hhWusH1GA0/MeFwjmU
pDAlgh/8Jg==
-----END CERTIFICATE-----