Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5s9rcmJJXf6HZkave0Q3qOESACY.roa
File:                     5s9rcmJJXf6HZkave0Q3qOESACY.roa (raw, json)
Hash identifier:          4QwtHv5y25W2e3HOmvrfu/svBrtNI/x1VSmBF87wFx0=
Subject key identifier:   E6:CF:6B:72:62:49:5D:FE:87:66:46:AF:7B:44:37:A8:E1:12:00:26
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       0191A1407971E4CC4174E6E3D44CFB4D50BD
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5s9rcmJJXf6HZkave0Q3qOESACY.roa
Signing time:             Fri 30 Aug 2024 03:07:22 +0000
ROA not before:           Fri 30 Aug 2024 03:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61400
IP address blocks:        2a09:6281::/32 maxlen: 32
                          2a09:6282::/32 maxlen: 32
                          2a09:6283::/32 maxlen: 32
                          2a09:e2c0::/32 maxlen: 32
                          2a09:e2c1::/32 maxlen: 32
                          2a09:e2c2::/32 maxlen: 32
                          2a09:e2c3::/32 maxlen: 32
                          2a09:e2c4::/32 maxlen: 32
                          2a09:e2c5::/32 maxlen: 32
                          2a09:e2c6::/32 maxlen: 32
                          2a09:e2c7::/32 maxlen: 32
                          2a10:4102::/32 maxlen: 32
                          2a10:4106::/32 maxlen: 32
                          2a12:c300::/30 maxlen: 30
                          2a12:c300::/32 maxlen: 32
                          2a12:c301::/32 maxlen: 32
                          2a12:c302::/32 maxlen: 32
                          2a12:c303::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 29 Oct 2024 02:53:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a1:40:79:71:e4:cc:41:74:e6:e3:d4:4c:fb:4d:50:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Aug 30 03:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6cf6b7262495dfe876646af7b4437a8e1120026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c6:17:18:fe:f9:cf:ba:0f:ea:6d:0d:ce:e0:
                    cc:85:35:1d:d9:82:f4:0d:2a:de:c2:9c:26:b3:91:
                    ce:0a:b3:95:bd:04:db:b3:14:0a:e6:19:a2:69:23:
                    35:d4:2f:af:a0:d6:77:e1:cd:49:5b:40:97:1f:4c:
                    6a:ad:77:36:27:61:cd:f2:ba:8f:af:f9:ba:0f:19:
                    fe:c8:55:1c:82:69:c4:08:c8:60:e8:5a:0e:cd:0f:
                    89:a8:08:fe:08:90:c3:88:76:4a:0c:ca:4b:c3:3c:
                    4a:cf:da:6a:c4:f1:fb:f8:85:17:ea:ca:49:35:fd:
                    36:91:27:58:9f:f4:ac:65:be:9b:bd:4f:09:d3:2d:
                    b5:01:86:50:db:cb:89:41:f4:43:cf:a3:90:aa:8c:
                    91:38:18:01:ef:cf:bd:a3:68:17:8d:f8:2d:cb:65:
                    84:c1:6e:15:f3:32:f8:ff:6b:c5:d9:9b:09:36:3f:
                    d1:ea:26:14:eb:33:c0:79:46:73:89:44:69:08:1d:
                    3c:5c:6d:da:38:68:ac:49:1a:20:88:6a:f9:d8:ec:
                    62:3d:ed:4c:6e:d8:ea:33:e0:cb:ab:18:6b:22:7f:
                    bb:e9:0d:f9:5b:80:a1:fd:19:03:b2:ea:ed:76:d6:
                    d2:b2:f9:93:b2:93:ba:f7:48:2e:62:9e:46:90:09:
                    31:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CF:6B:72:62:49:5D:FE:87:66:46:AF:7B:44:37:A8:E1:12:00:26
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/5s9rcmJJXf6HZkave0Q3qOESACY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6281::-2a09:6283:ffff:ffff:ffff:ffff:ffff:ffff
                  2a09:e2c0::/29
                  2a10:4102::/32
                  2a10:4106::/32
                  2a12:c300::/30

    Signature Algorithm: sha256WithRSAEncryption
         84:20:4e:5a:91:c7:62:11:7f:76:5b:cc:08:31:29:63:3d:dd:
         57:e1:b8:01:c3:59:f1:e7:ba:ae:4c:db:f5:2e:88:e7:29:dc:
         ab:a6:7b:c5:e6:f9:0d:e4:9e:46:2d:5b:86:4b:36:00:45:80:
         16:7d:83:dc:a4:64:7d:b1:f4:df:f7:4a:91:e8:c9:ab:dd:48:
         00:74:90:3f:dc:23:48:08:19:19:63:b9:b5:95:11:14:f0:4b:
         87:d6:15:db:a4:63:d1:cf:35:3f:07:d1:3c:43:86:c9:44:03:
         3e:6a:bb:b7:ae:f9:6a:29:32:99:c4:51:5a:d2:d7:a7:7e:c4:
         c4:4f:21:2c:af:94:c5:9e:76:26:5e:59:4e:0c:3a:9c:ab:c0:
         50:49:77:d4:a4:e7:14:58:6f:ff:b6:6d:8d:f9:c8:cc:a4:f2:
         c7:31:c8:97:0c:8d:57:70:77:00:8c:a3:e4:24:8d:4e:54:8d:
         61:3c:69:3a:65:00:90:da:32:3d:fa:0a:f2:af:d9:80:fe:63:
         89:76:89:b1:45:9c:e4:54:64:49:42:55:bd:b1:ab:a7:95:5b:
         d3:1c:86:49:37:59:d7:f4:05:ce:7b:40:a8:ae:77:83:5b:e7:
         d3:a1:00:16:82:77:3d:d1:3b:1a:eb:d5:e6:ed:18:69:6f:53:
         7d:cd:2b:80
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZGhQHlx5MxBdObj1Ez7TVC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwODMwMDMwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNmNmI3MjYyNDk1ZGZlODc2NjQ2YWY3YjQ0MzdhOGUxMTIwMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMYXGP75z7oP6m0NzuDMhTUd2YL0
DSrewpwms5HOCrOVvQTbsxQK5hmiaSM11C+voNZ34c1JW0CXH0xqrXc2J2HN8rqP
r/m6Dxn+yFUcgmnECMhg6FoOzQ+JqAj+CJDDiHZKDMpLwzxKz9pqxPH7+IUX6spJ
Nf02kSdYn/SsZb6bvU8J0y21AYZQ28uJQfRDz6OQqoyROBgB78+9o2gXjfgty2WE
wW4V8zL4/2vF2ZsJNj/R6iYU6zPAeUZziURpCB08XG3aOGisSRogiGr52OxiPe1M
btjqM+DLqxhrIn+76Q35W4Ch/RkDsurtdtbSsvmTspO690guYp5GkAkx9QIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFObPa3JiSV3+h2ZGr3tEN6jhEgAmMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvNXM5cmNtSkpYZjZIWmthdmUwUTNxT0VTQUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAAjAsMA4DBQAqCWKB
AwUCKgligAMFAyoJ4sADBQAqEEECAwUAKhBBBgMFAioSwwAwDQYJKoZIhvcNAQEL
BQADggEBAIQgTlqRx2IRf3ZbzAgxKWM93VfhuAHDWfHnuq5M2/UuiOcp3Kume8Xm
+Q3knkYtW4ZLNgBFgBZ9g9ykZH2x9N/3SpHoyavdSAB0kD/cI0gIGRljubWVERTw
S4fWFdukY9HPNT8H0TxDhslEAz5qu7eu+WopMpnEUVrS16d+xMRPISyvlMWediZe
WU4MOpyrwFBJd9Sk5xRYb/+2bY35yMyk8scxyJcMjVdwdwCMo+QkjU5UjWE8aTpl
AJDaMj36CvKv2YD+Y4l2ibFFnORUZElCVb2xq6eVW9Mchkk3Wdf0Bc57QKiud4Nb
59OhABaCdz3ROxrr1ebtGGlvU33NK4A=
-----END CERTIFICATE-----