Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/JFFMhZvYStsW7HFUxY2hUDnYCqQ.roa
File:                     JFFMhZvYStsW7HFUxY2hUDnYCqQ.roa (raw, json)
Hash identifier:          7FCmHSS+GVt3DjkzZsPZlXudc+294VMFlxEQjxKVF4Y=
Subject key identifier:   24:51:4C:85:9B:D8:4A:DB:16:EC:71:54:C5:8D:A1:50:39:D8:0A:A4
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018E89E4ECA0486C6730191381122D13C5FA
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/JFFMhZvYStsW7HFUxY2hUDnYCqQ.roa
Signing time:             Fri 29 Mar 2024 11:07:45 +0000
ROA not before:           Fri 29 Mar 2024 11:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        2a0f:db80::/29 maxlen: 29
                          2a13:2980::/29 maxlen: 29
                          2a13:3880::/29 maxlen: 29
                          2a13:3b80::/29 maxlen: 29
                          2a13:4fc0::/29 maxlen: 29
                          2a13:6e40::/29 maxlen: 29
                          2a13:8580::/29 maxlen: 29
                          2a13:8c40::/29 maxlen: 29
                          2a13:9340::/29 maxlen: 29
                          2a13:93c0::/29 maxlen: 29
                          2a13:ac80::/29 maxlen: 29
Validation:               Failed, certificate revoked on Sun 31 Mar 2024 11:48:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:89:e4:ec:a0:48:6c:67:30:19:13:81:12:2d:13:c5:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Mar 29 11:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24514c859bd84adb16ec7154c58da15039d80aa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:28:ce:d4:89:f2:e8:28:f7:f7:59:61:97:c0:
                    bb:99:11:31:9a:da:6f:e2:a0:00:b8:7e:0d:94:b7:
                    4a:fa:66:b1:e2:57:71:27:1d:a7:b2:bf:c2:e7:a1:
                    3e:de:ac:33:b3:6a:23:ea:08:f5:c8:0a:0e:c5:b2:
                    03:08:8b:06:46:d3:65:88:1a:b1:26:2c:d2:67:ee:
                    f2:80:b9:84:a9:bb:35:98:6a:7f:61:3d:8b:6a:06:
                    35:49:6c:34:50:34:a9:d2:a6:eb:df:90:85:8d:44:
                    fb:0b:ed:f0:3a:9e:09:5b:5c:2d:09:02:47:85:52:
                    56:e7:62:90:bf:85:6a:1b:8b:4a:c5:eb:be:22:8a:
                    1a:df:52:1a:3e:6a:84:fd:23:e9:42:09:1a:35:30:
                    e6:d6:da:25:41:f5:3a:05:d8:b4:56:e6:b4:7e:c5:
                    70:4f:8f:2e:ef:d1:bc:55:b4:72:33:f5:9b:8e:85:
                    6e:c3:5d:d2:82:b8:8e:68:dd:ef:b5:4c:81:c5:77:
                    ce:c0:28:e8:6e:5a:dc:5d:8c:52:3f:ec:9c:40:a0:
                    4b:30:d3:eb:63:e7:30:48:8c:d7:5b:19:c2:e8:8e:
                    8f:f0:91:07:c5:65:ae:fb:8d:e4:36:e7:a1:d6:71:
                    d3:ff:10:d6:ca:5d:99:b6:ae:5e:17:a8:10:2c:c6:
                    69:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:51:4C:85:9B:D8:4A:DB:16:EC:71:54:C5:8D:A1:50:39:D8:0A:A4
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/JFFMhZvYStsW7HFUxY2hUDnYCqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:db80::/29
                  2a13:2980::/29
                  2a13:3880::/29
                  2a13:3b80::/29
                  2a13:4fc0::/29
                  2a13:6e40::/29
                  2a13:8580::/29
                  2a13:8c40::/29
                  2a13:9340::/29
                  2a13:93c0::/29
                  2a13:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         d5:62:19:ec:df:be:8d:42:35:1b:51:67:d0:e0:80:26:2e:52:
         b0:e6:97:29:fb:b4:96:3c:57:c8:c7:d8:b7:68:73:bc:52:01:
         bc:66:b7:44:f1:92:83:de:f5:d5:1c:bd:46:5b:75:1e:37:75:
         e2:e2:81:54:c0:58:53:05:11:4b:b1:64:44:e0:f9:72:33:66:
         71:3c:a3:47:3a:e6:52:31:4a:20:cf:eb:fc:78:94:8a:85:2c:
         4d:25:ff:2b:df:f3:04:21:3a:24:59:8f:91:fa:cc:9d:3e:24:
         a4:b9:ac:9c:82:d5:31:c6:8f:85:7d:c5:bc:3f:c8:92:31:d9:
         0f:47:55:b1:ee:f5:5f:9d:8d:2f:08:9e:88:b7:08:63:7d:9d:
         67:c5:d1:8f:0c:70:1b:89:b8:11:8b:88:52:b8:39:25:f9:cd:
         00:a7:04:8e:6e:3c:97:7a:5a:ca:8a:a7:92:5f:57:14:f4:93:
         a9:2d:d2:07:44:9e:b4:87:73:11:dd:11:27:df:f9:2a:b9:59:
         42:33:d2:8e:1e:87:e1:00:4a:46:b2:97:b3:8a:c7:dd:24:3c:
         fd:dd:34:d3:8a:47:13:33:6f:31:00:43:c4:0a:90:b9:c6:d7:
         f6:40:b4:03:94:1f:d1:73:a7:19:0f:21:c1:4c:5c:63:0a:92:
         ee:c2:44:70
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY6J5OygSGxnMBkTgRItE8X6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMzI5MTEwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDUxNGM4NTliZDg0YWRiMTZlYzcxNTRjNThkYTE1MDM5ZDgwYWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSjO1Iny6Cj391lhl8C7mRExmtpv
4qAAuH4NlLdK+max4ldxJx2nsr/C56E+3qwzs2oj6gj1yAoOxbIDCIsGRtNliBqx
JizSZ+7ygLmEqbs1mGp/YT2LagY1SWw0UDSp0qbr35CFjUT7C+3wOp4JW1wtCQJH
hVJW52KQv4VqG4tKxeu+Iooa31IaPmqE/SPpQgkaNTDm1tolQfU6Bdi0Vua0fsVw
T48u79G8VbRyM/WbjoVuw13SgriOaN3vtUyBxXfOwCjoblrcXYxSP+ycQKBLMNPr
Y+cwSIzXWxnC6I6P8JEHxWWu+43kNueh1nHT/xDWyl2Ztq5eF6gQLMZpGwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFCRRTIWb2ErbFuxxVMWNoVA52AqkMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvSkZGTWhadllTdHNXN0hGVXhZMmhVRG5ZQ3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKg/bgAMF
AyoTKYADBQMqEziAAwUDKhM7gAMFAyoTT8ADBQMqE25AAwUDKhOFgAMFAyoTjEAD
BQMqE5NAAwUDKhOTwAMFAyoTrIAwDQYJKoZIhvcNAQELBQADggEBANViGezfvo1C
NRtRZ9DggCYuUrDmlyn7tJY8V8jH2Ldoc7xSAbxmt0TxkoPe9dUcvUZbdR43deLi
gVTAWFMFEUuxZETg+XIzZnE8o0c65lIxSiDP6/x4lIqFLE0l/yvf8wQhOiRZj5H6
zJ0+JKS5rJyC1THGj4V9xbw/yJIx2Q9HVbHu9V+djS8Inoi3CGN9nWfF0Y8McBuJ
uBGLiFK4OSX5zQCnBI5uPJd6WsqKp5JfVxT0k6kt0gdEnrSHcxHdESff+Sq5WUIz
0o4eh+EASkayl7OKx90kPP3dNNOKRxMzbzEAQ8QKkLnG1/ZAtAOUH9FzpxkPIcFM
XGMKku7CRHA=
-----END CERTIFICATE-----