Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/FW_av0yO5lEd9ItsQJafVQsA5Z4.roa
File:                     FW_av0yO5lEd9ItsQJafVQsA5Z4.roa (raw, json)
Hash identifier:          yEJd7U4QJVBkUUNpK0KxSNKifKwWt1tJ177A3htwjxE=
Subject key identifier:   15:6F:DA:BF:4C:8E:E6:51:1D:F4:8B:6C:40:96:9F:55:0B:00:E5:9E
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019168FB91FEDEA1963631216B6ED805FCFA
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/FW_av0yO5lEd9ItsQJafVQsA5Z4.roa
Signing time:             Mon 19 Aug 2024 04:53:22 +0000
ROA not before:           Mon 19 Aug 2024 04:53:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a09:6284::/32 maxlen: 32
                          2a09:e5c0::/32 maxlen: 32
                          2a09:e5c1::/32 maxlen: 32
                          2a09:e5c2::/32 maxlen: 32
                          2a09:e5c3::/32 maxlen: 32
                          2a09:e5c4::/32 maxlen: 32
                          2a09:e5c5::/32 maxlen: 32
                          2a09:e5c6::/32 maxlen: 32
                          2a0e:b140::/29 maxlen: 29
                          2a10:4103::/32 maxlen: 32
                          2a10:4104::/32 maxlen: 32
                          2a11:4b40::/32 maxlen: 32
                          2a11:4b44::/32 maxlen: 32
                          2a11:4b45::/32 maxlen: 32
                          2a11:4b46::/32 maxlen: 32
                          2a11:4b47::/32 maxlen: 32
                          2a12:a343::/32 maxlen: 32
                          2a12:a344::/32 maxlen: 32
                          2a12:a346::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 02 Sep 2024 10:59:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:68:fb:91:fe:de:a1:96:36:31:21:6b:6e:d8:05:fc:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Aug 19 04:53:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=156fdabf4c8ee6511df48b6c40969f550b00e59e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:63:9a:96:fa:c2:d5:4f:31:df:ea:ee:d7:8d:
                    29:36:fd:b6:e9:62:ee:0c:45:6b:18:c6:04:5b:f3:
                    e2:83:76:22:6e:3f:ff:31:d7:cc:4a:e0:2e:a7:06:
                    16:a4:04:fd:79:55:2d:09:9b:28:e9:aa:e2:f4:a2:
                    08:2f:c9:13:b0:8f:1b:7a:01:8d:8f:62:f7:61:59:
                    39:cd:7f:85:3c:b0:95:e5:68:57:89:fa:e6:e5:34:
                    ea:e1:07:29:13:24:b4:d0:0b:9b:0f:70:e2:8f:cc:
                    3c:a0:a2:c5:13:89:54:8c:12:3b:b1:30:85:62:e4:
                    cc:5f:54:cd:3a:d8:e9:15:3e:fe:6e:7b:bd:01:67:
                    d7:97:02:c6:58:84:91:53:dd:85:da:0a:7e:e9:af:
                    30:d4:a1:5c:e1:40:7f:27:8b:25:c4:21:f8:da:3b:
                    4e:5a:3c:12:20:33:8a:2e:92:50:1f:c1:a4:1c:bf:
                    29:7c:6c:98:f3:30:d9:81:88:ba:7d:1f:7d:b5:d2:
                    f4:3c:8c:67:66:54:5a:63:fd:13:30:16:a4:2a:f5:
                    01:f1:5d:37:da:04:23:ce:a5:46:5f:02:6c:03:96:
                    31:7a:09:f8:60:9b:ad:c9:3d:33:96:7d:e5:be:d9:
                    7c:fa:70:bd:02:c9:22:f7:bb:97:76:75:58:fc:e3:
                    4c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:6F:DA:BF:4C:8E:E6:51:1D:F4:8B:6C:40:96:9F:55:0B:00:E5:9E
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/FW_av0yO5lEd9ItsQJafVQsA5Z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6284::/32
                  2a09:e5c0::-2a09:e5c6:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0e:b140::/29
                  2a10:4103::-2a10:4104:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:4b40::/32
                  2a11:4b44::/30
                  2a12:a343::-2a12:a344:ffff:ffff:ffff:ffff:ffff:ffff
                  2a12:a346::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:70:6e:bc:68:0c:1b:67:a7:8e:02:46:3a:47:4f:35:79:7a:
         71:38:f3:ec:c9:98:bf:fb:6e:4d:19:81:a4:de:8c:9f:83:f8:
         e9:63:7d:41:7b:3b:8a:1e:fe:fb:ad:35:14:a6:bf:c9:67:df:
         57:77:7e:6e:59:06:06:0c:33:ec:e3:9e:7d:e7:8a:96:db:00:
         1e:9a:e1:f9:1b:eb:d9:bb:b0:6e:7d:76:31:ed:21:2c:08:f2:
         5a:43:e4:73:61:71:26:ec:2f:93:1b:f3:c3:95:7d:fc:f0:19:
         8b:5a:8e:e8:af:f6:c1:ae:7b:06:f7:11:0e:a3:51:34:64:33:
         85:42:61:b4:af:df:83:70:83:10:33:d6:b8:08:de:47:4e:53:
         db:c3:e7:c1:6c:44:2c:94:02:be:02:2f:92:1b:b3:ce:93:be:
         cc:1b:d6:91:b6:f0:4b:7c:2b:ec:ce:12:ea:d8:8d:95:b3:1a:
         01:0d:18:0c:4e:05:8f:34:d9:6c:01:f3:ff:cd:5e:88:92:ce:
         db:85:2f:6b:9f:b5:59:8a:07:11:ad:0a:cb:aa:9f:94:f3:83:
         86:4e:92:88:f6:89:0f:15:91:1d:61:af:f4:c7:aa:5a:87:1a:
         bf:36:38:60:12:26:69:8b:18:d6:3c:b0:49:85:32:3c:4f:a5:
         f7:a6:39:ac
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAZFo+5H+3qGWNjEha27YBfz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwODE5MDQ1MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTZmZGFiZjRjOGVlNjUxMWRmNDhiNmM0MDk2OWY1NTBiMDBlNTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2OalvrC1U8x3+ru140pNv226WLu
DEVrGMYEW/Pig3Yibj//MdfMSuAupwYWpAT9eVUtCZso6ari9KIIL8kTsI8begGN
j2L3YVk5zX+FPLCV5WhXifrm5TTq4QcpEyS00AubD3Dij8w8oKLFE4lUjBI7sTCF
YuTMX1TNOtjpFT7+bnu9AWfXlwLGWISRU92F2gp+6a8w1KFc4UB/J4slxCH42jtO
WjwSIDOKLpJQH8GkHL8pfGyY8zDZgYi6fR99tdL0PIxnZlRaY/0TMBakKvUB8V03
2gQjzqVGXwJsA5Yxegn4YJutyT0zln3lvtl8+nC9Aski97uXdnVY/ONMKQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFBVv2r9MjuZRHfSLbECWn1ULAOWeMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvRldfYXYweU81bEVkOUl0c1FKYWZWUXNBNVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBZBAIAAjBTAwUAKglihDAO
AwUGKgnlwAMFACoJ5cYDBQMqDrFAMA4DBQAqEEEDAwUAKhBBBAMFACoRS0ADBQIq
EUtEMA4DBQAqEqNDAwUAKhKjRAMFACoSo0YwDQYJKoZIhvcNAQELBQADggEBABVw
brxoDBtnp44CRjpHTzV5enE48+zJmL/7bk0ZgaTejJ+D+OljfUF7O4oe/vutNRSm
v8ln31d3fm5ZBgYMM+zjnn3nipbbAB6a4fkb69m7sG59djHtISwI8lpD5HNhcSbs
L5Mb88OVffzwGYtajuiv9sGuewb3EQ6jUTRkM4VCYbSv34NwgxAz1rgI3kdOU9vD
58FsRCyUAr4CL5Ibs86Tvswb1pG28Et8K+zOEurYjZWzGgENGAxOBY802WwB8//N
XoiSztuFL2uftVmKBxGtCsuqn5Tzg4ZOkoj2iQ8VkR1hr/THqlqHGr82OGASJmmL
GNY8sEmFMjxPpfemOaw=
-----END CERTIFICATE-----