Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/D_7gT2GO22y1Dju3MbA4Iewrif4.roa
File:                     D_7gT2GO22y1Dju3MbA4Iewrif4.roa (raw, json)
Hash identifier:          SHkvMNaBxc1q7+Q5fWApoW/ZDzqtWAi+CP0EfEzlLaw=
Subject key identifier:   0F:FE:E0:4F:61:8E:DB:6C:B5:0E:3B:B7:31:B0:38:21:EC:2B:89:FE
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01934E3F47F4859C42FDD72F0F8BB8F33855
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/D_7gT2GO22y1Dju3MbA4Iewrif4.roa
Signing time:             Thu 21 Nov 2024 10:23:10 +0000
ROA not before:           Thu 21 Nov 2024 10:23:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a09:6284::/32 maxlen: 32
                          2a09:e5c0::/32 maxlen: 32
                          2a09:e5c1::/32 maxlen: 32
                          2a09:e5c2::/32 maxlen: 32
                          2a09:e5c3::/32 maxlen: 32
                          2a09:e5c4::/32 maxlen: 32
                          2a09:e5c5::/32 maxlen: 32
                          2a09:e5c6::/32 maxlen: 32
                          2a0e:b140::/29 maxlen: 29
                          2a10:4103::/32 maxlen: 32
                          2a10:4104::/32 maxlen: 32
                          2a10:4105::/32 maxlen: 32
                          2a11:4b46::/32 maxlen: 32
                          2a11:4b47::/32 maxlen: 32
                          2a12:a343::/32 maxlen: 32
                          2a12:a344::/32 maxlen: 32
                          2a12:a346::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 11 Dec 2024 06:07:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:3f:47:f4:85:9c:42:fd:d7:2f:0f:8b:b8:f3:38:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Nov 21 10:23:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ffee04f618edb6cb50e3bb731b03821ec2b89fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b4:6a:0c:2b:6d:29:cf:a9:82:0c:9a:7a:40:
                    f0:76:2e:67:96:3a:5f:b4:d4:c8:5f:3f:32:4c:f8:
                    dd:50:ae:47:77:ea:c1:60:03:ba:e6:00:ea:77:91:
                    04:e3:83:44:4f:a6:99:f0:9c:64:18:e8:0e:a0:ae:
                    47:a2:93:08:2a:24:f1:33:3f:62:64:42:40:59:1b:
                    e7:3a:7f:aa:41:db:8a:64:63:77:65:d6:11:69:34:
                    36:e9:8b:ec:96:ab:a7:61:2b:1f:44:e9:f8:a5:c9:
                    2c:f9:74:cb:f6:37:96:5a:19:0b:5c:11:13:ab:5c:
                    ab:ec:1a:f7:9a:49:b4:68:d0:d0:16:15:64:e2:e6:
                    be:86:e1:ba:9a:34:2f:07:3a:17:d4:75:03:ff:4c:
                    6d:bd:ad:d0:45:61:fd:1f:9e:1a:dc:d8:a2:c8:bd:
                    01:59:92:62:b5:a6:86:84:e7:bc:9b:d3:29:bd:a1:
                    c5:01:5f:8e:f7:6f:18:6b:a1:d1:66:e8:bb:15:28:
                    d6:0a:44:74:26:36:74:c1:45:5e:39:7f:75:c1:e6:
                    69:2e:b6:f3:64:a0:fa:b2:54:a9:fb:41:3e:96:6a:
                    6b:e5:a5:83:ec:29:da:89:87:31:fb:3a:9f:21:8e:
                    07:6c:4c:bb:d6:66:f2:6f:f0:34:a9:93:1a:3f:ed:
                    7a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:FE:E0:4F:61:8E:DB:6C:B5:0E:3B:B7:31:B0:38:21:EC:2B:89:FE
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/D_7gT2GO22y1Dju3MbA4Iewrif4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6284::/32
                  2a09:e5c0::-2a09:e5c6:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0e:b140::/29
                  2a10:4103::-2a10:4105:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:4b46::/31
                  2a12:a343::-2a12:a344:ffff:ffff:ffff:ffff:ffff:ffff
                  2a12:a346::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:fd:74:17:3b:8c:5c:9b:76:7c:e0:34:d7:36:2e:ff:2d:cc:
         b0:1a:64:86:ce:e1:46:59:0b:c2:24:95:4f:fe:f8:ef:a6:11:
         3d:dc:24:5b:56:e5:25:96:d5:88:12:a6:b8:7c:79:20:2f:89:
         34:25:e4:91:c4:e7:03:e1:9f:d5:25:48:f1:1a:7c:64:f6:25:
         d4:13:56:80:b8:14:50:40:db:a0:ad:75:79:f5:08:59:75:74:
         aa:f5:c3:6a:19:16:56:da:93:7a:15:b7:47:87:5d:e5:4a:65:
         ce:2e:51:a3:13:35:c1:ab:ef:20:9e:c1:1c:27:72:35:96:e0:
         ed:73:bc:e1:a7:f2:ee:87:c3:a2:26:84:d5:07:69:46:50:c5:
         0b:48:d1:d3:e0:c0:a8:45:61:35:ad:39:c0:2f:62:f8:47:89:
         eb:cf:46:bd:23:ad:97:d0:17:c0:06:db:4b:50:fd:02:d9:80:
         97:37:b4:61:f3:cc:1f:ad:fe:83:4f:91:2d:2b:c4:dd:3c:4d:
         14:ca:17:f5:a9:66:67:5e:d2:6a:a7:54:56:d8:09:9f:cc:a6:
         af:70:40:a8:51:3b:84:9e:66:05:62:b3:2b:4c:5e:27:9c:28:
         0d:f0:96:e5:0c:03:48:af:67:23:82:01:83:f7:d0:d5:f3:c3:
         cf:7b:90:0e
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZNOP0f0hZxC/dcvD4u48zhVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQxMTIxMTAyMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmZlZTA0ZjYxOGVkYjZjYjUwZTNiYjczMWIwMzgyMWVjMmI4OWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LRqDCttKc+pggyaekDwdi5nljpf
tNTIXz8yTPjdUK5Hd+rBYAO65gDqd5EE44NET6aZ8JxkGOgOoK5HopMIKiTxMz9i
ZEJAWRvnOn+qQduKZGN3ZdYRaTQ26YvslqunYSsfROn4pcks+XTL9jeWWhkLXBET
q1yr7Br3mkm0aNDQFhVk4ua+huG6mjQvBzoX1HUD/0xtva3QRWH9H54a3NiiyL0B
WZJitaaGhOe8m9MpvaHFAV+O928Ya6HRZui7FSjWCkR0JjZ0wUVeOX91weZpLrbz
ZKD6slSp+0E+lmpr5aWD7CnaiYcx+zqfIY4HbEy71mbyb/A0qZMaP+160QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFA/+4E9hjttstQ47tzGwOCHsK4n+MB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvRF83Z1QyR08yMnkxRGp1M01iQTRJZXdyaWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAwUAKglihDAO
AwUGKgnlwAMFACoJ5cYDBQMqDrFAMA4DBQAqEEEDAwUBKhBBBAMFASoRS0YwDgMF
ACoSo0MDBQAqEqNEAwUAKhKjRjANBgkqhkiG9w0BAQsFAAOCAQEAaP10FzuMXJt2
fOA01zYu/y3MsBpkhs7hRlkLwiSVT/7476YRPdwkW1blJZbViBKmuHx5IC+JNCXk
kcTnA+Gf1SVI8Rp8ZPYl1BNWgLgUUEDboK11efUIWXV0qvXDahkWVtqTehW3R4dd
5Uplzi5RoxM1wavvIJ7BHCdyNZbg7XO84afy7ofDoiaE1QdpRlDFC0jR0+DAqEVh
Na05wC9i+EeJ689GvSOtl9AXwAbbS1D9AtmAlze0YfPMH63+g0+RLSvE3TxNFMoX
9almZ17SaqdUVtgJn8ymr3BAqFE7hJ5mBWKzK0xeJ5woDfCW5QwDSK9nI4IBg/fQ
1fPDz3uQDg==
-----END CERTIFICATE-----