Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/GxOW4JC38XkEeAlVoATwwQrZRVY.roa
File:                     GxOW4JC38XkEeAlVoATwwQrZRVY.roa (raw, json)
Hash identifier:          gk31cbd82XW/gSb15HwSYmlk6wEnJjy9B7jKBmUMygE=
Subject key identifier:   1B:13:96:E0:90:B7:F1:79:04:78:09:55:A0:04:F0:C1:0A:D9:45:56
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018EA25ECB096B23ABB5B5C43E23617A327A
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/GxOW4JC38XkEeAlVoATwwQrZRVY.roa
Signing time:             Wed 03 Apr 2024 05:11:45 +0000
ROA not before:           Wed 03 Apr 2024 05:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a09:e5c0::/32 maxlen: 32
                          2a09:e5c1::/32 maxlen: 32
                          2a09:e5c2::/32 maxlen: 32
                          2a09:e5c3::/32 maxlen: 32
                          2a09:e5c4::/32 maxlen: 32
                          2a09:e5c5::/32 maxlen: 32
                          2a09:e5c6::/32 maxlen: 32
                          2a0e:b140::/29 maxlen: 29
                          2a10:4103::/32 maxlen: 32
                          2a11:4b40::/32 maxlen: 32
                          2a11:4b44::/32 maxlen: 32
                          2a11:4b45::/32 maxlen: 32
                          2a11:4b46::/32 maxlen: 32
                          2a11:4b47::/32 maxlen: 32
                          2a12:a343::/32 maxlen: 32
                          2a12:a344::/32 maxlen: 32
                          2a12:a346::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 09 Apr 2024 03:20:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a2:5e:cb:09:6b:23:ab:b5:b5:c4:3e:23:61:7a:32:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Apr  3 05:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b1396e090b7f17904780955a004f0c10ad94556
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d8:35:44:28:b9:e6:87:ea:b4:ad:38:a6:e3:
                    ce:82:22:c0:b0:61:ad:4e:a9:ad:59:eb:a5:0a:de:
                    b8:23:59:24:d8:f9:7a:36:6f:75:a9:1c:a4:16:85:
                    e7:bc:59:ff:e0:e7:69:c3:d3:37:a5:c0:32:b6:36:
                    c3:25:99:36:ed:f4:e9:aa:0c:57:2d:f8:57:e8:ed:
                    8c:fd:62:73:74:3c:7c:12:29:5d:3c:72:63:a8:a0:
                    a2:85:a7:36:6b:3e:78:e2:56:99:bf:c4:fa:46:d6:
                    3a:ad:57:28:ab:5f:96:08:75:84:c7:1b:9a:69:41:
                    08:4f:84:c6:f8:bf:c3:09:e3:89:95:bf:c8:ba:46:
                    8a:e5:15:02:bb:e8:01:ce:5f:34:ec:6a:ae:70:d9:
                    e4:16:24:2e:66:c9:5a:f3:16:37:d6:ee:89:75:20:
                    ab:d3:e0:b9:d4:c7:ad:8e:18:d3:63:78:ca:c6:09:
                    32:1c:81:e7:fb:04:43:b7:15:5a:85:27:32:2c:94:
                    78:61:ba:4d:6c:0f:85:e8:9c:3b:c1:49:d7:82:34:
                    c4:d9:86:2e:1c:34:fc:92:4f:aa:81:b0:e6:b9:57:
                    c1:a4:81:1a:d5:d1:8e:03:f0:de:27:3f:e9:22:ad:
                    b4:1b:e8:ef:b8:e8:d4:a7:93:bc:d5:75:d0:c0:ca:
                    91:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:13:96:E0:90:B7:F1:79:04:78:09:55:A0:04:F0:C1:0A:D9:45:56
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/GxOW4JC38XkEeAlVoATwwQrZRVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e5c0::-2a09:e5c6:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0e:b140::/29
                  2a10:4103::/32
                  2a11:4b40::/32
                  2a11:4b44::/30
                  2a12:a343::-2a12:a344:ffff:ffff:ffff:ffff:ffff:ffff
                  2a12:a346::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:61:9e:33:e9:f7:7a:45:98:dd:68:56:f9:8f:59:ba:46:2d:
         2d:e1:45:f4:1f:0d:a1:a1:2f:77:66:01:68:8a:f6:c5:a5:77:
         45:bb:ee:e1:51:ce:2c:79:f9:4e:81:f1:ec:fa:26:64:a5:5c:
         07:4d:30:11:c4:c2:3c:25:81:a7:f1:77:eb:18:28:1d:f8:38:
         da:6d:2e:90:7f:df:34:37:4d:b8:df:7a:42:03:72:60:8f:39:
         05:cf:13:a6:b3:fa:8d:93:8c:e6:4e:1e:70:21:a2:6e:fd:8c:
         38:a2:c0:1d:d0:d1:f9:f4:6f:6a:84:3f:bb:21:07:ff:67:62:
         57:e1:44:5d:85:e7:33:d7:5e:b6:4c:e2:02:8e:91:92:95:db:
         61:fa:ff:f2:6b:d1:ad:b4:8e:c7:b9:1f:19:53:8f:d6:f2:38:
         ad:47:95:5f:29:a2:49:91:e3:05:77:03:59:58:a7:32:3d:1c:
         94:7a:3e:38:1f:14:bf:75:b4:4a:fa:4d:0e:05:bc:fd:01:fb:
         04:f0:9c:fe:03:85:fd:1f:e8:9a:4e:af:e2:c9:25:82:9d:5e:
         c0:75:a1:d2:3b:30:70:76:63:2b:5b:dd:f9:15:9a:b8:cd:b4:
         2d:1d:53:7e:d3:a2:8d:22:ad:5a:ee:6b:a5:79:31:09:1b:d3:
         66:11:32:9c
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAY6iXssJayOrtbXEPiNhejJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwNDAzMDUxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjEzOTZlMDkwYjdmMTc5MDQ3ODA5NTVhMDA0ZjBjMTBhZDk0NTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNg1RCi55ofqtK04puPOgiLAsGGt
TqmtWeulCt64I1kk2Pl6Nm91qRykFoXnvFn/4Odpw9M3pcAytjbDJZk27fTpqgxX
LfhX6O2M/WJzdDx8EildPHJjqKCihac2az544laZv8T6RtY6rVcoq1+WCHWExxua
aUEIT4TG+L/DCeOJlb/IukaK5RUCu+gBzl807GqucNnkFiQuZsla8xY31u6JdSCr
0+C51MetjhjTY3jKxgkyHIHn+wRDtxVahScyLJR4YbpNbA+F6Jw7wUnXgjTE2YYu
HDT8kk+qgbDmuVfBpIEa1dGOA/DeJz/pIq20G+jvuOjUp5O81XXQwMqRYwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFBsTluCQt/F5BHgJVaAE8MEK2UVWMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvR3hPVzRKQzM4WGtFZUFsVm9BVHd3UXJaUlZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAAjBDMA4DBQYqCeXA
AwUAKgnlxgMFAyoOsUADBQAqEEEDAwUAKhFLQAMFAioRS0QwDgMFACoSo0MDBQAq
EqNEAwUAKhKjRjANBgkqhkiG9w0BAQsFAAOCAQEAh2GeM+n3ekWY3WhW+Y9ZukYt
LeFF9B8NoaEvd2YBaIr2xaV3Rbvu4VHOLHn5ToHx7PomZKVcB00wEcTCPCWBp/F3
6xgoHfg42m0ukH/fNDdNuN96QgNyYI85Bc8TprP6jZOM5k4ecCGibv2MOKLAHdDR
+fRvaoQ/uyEH/2diV+FEXYXnM9detkziAo6RkpXbYfr/8mvRrbSOx7kfGVOP1vI4
rUeVXymiSZHjBXcDWVinMj0clHo+OB8Uv3W0SvpNDgW8/QH7BPCc/gOF/R/omk6v
4sklgp1ewHWh0jswcHZjK1vd+RWauM20LR1TftOijSKtWu5rpXkxCRvTZhEynA==
-----END CERTIFICATE-----