Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wrRA9GR3en1Zftqi37xYzW-PGKw.roa
File:                     wrRA9GR3en1Zftqi37xYzW-PGKw.roa (raw, json)
Hash identifier:          rSB8DjQF0ytkxAFGpKIV3hUE81ZXEO24xPsrmrhw+mU=
Subject key identifier:   C2:B4:40:F4:64:77:7A:7D:59:7E:DA:A2:DF:BC:58:CD:6F:8F:18:AC
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018E94572D90F05FD7A7456A477C8579933D
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wrRA9GR3en1Zftqi37xYzW-PGKw.roa
Signing time:             Sun 31 Mar 2024 11:48:45 +0000
ROA not before:           Sun 31 Mar 2024 11:48:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        2a0f:db80::/29 maxlen: 29
                          2a13:1340::/29 maxlen: 29
                          2a13:2980::/29 maxlen: 29
                          2a13:3880::/29 maxlen: 29
                          2a13:3b80::/29 maxlen: 29
                          2a13:4fc0::/29 maxlen: 29
                          2a13:6e40::/29 maxlen: 29
                          2a13:8580::/29 maxlen: 29
                          2a13:8c40::/29 maxlen: 29
                          2a13:9340::/29 maxlen: 29
                          2a13:93c0::/29 maxlen: 29
                          2a13:ac80::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 15 May 2024 03:13:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:94:57:2d:90:f0:5f:d7:a7:45:6a:47:7c:85:79:93:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Mar 31 11:48:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2b440f464777a7d597edaa2dfbc58cd6f8f18ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f4:8e:1c:50:c7:9a:47:1c:3c:cf:3d:80:61:
                    ed:08:5b:b5:a1:b1:7f:1f:0e:3d:89:c7:84:71:82:
                    5f:2e:21:32:21:cd:39:99:cc:3f:ec:c6:fa:71:47:
                    fa:7d:03:00:69:bb:8b:97:c9:60:b5:6d:7b:29:7a:
                    8f:de:26:a8:74:5d:65:42:b8:4b:41:c8:d1:6f:a2:
                    07:09:7f:27:64:89:4f:8f:62:eb:d8:ff:5e:ce:76:
                    16:b3:d1:f0:10:11:37:3c:1f:4f:9c:84:11:c7:0c:
                    99:1a:e9:48:85:a9:06:1b:61:c4:09:33:5c:b8:b2:
                    19:14:b7:02:73:e5:eb:0b:8c:a4:47:1e:f2:18:04:
                    61:75:89:83:5f:81:d5:7e:ff:38:7d:35:3d:11:15:
                    5b:ca:ce:2e:5c:67:2c:34:6a:06:39:8e:55:d3:f5:
                    29:c6:eb:f7:d4:34:4a:01:ae:f1:d7:fe:76:15:08:
                    f6:42:ce:b2:2f:79:c8:60:76:30:45:47:0d:76:fa:
                    db:64:c7:9e:d4:8a:cc:c8:b7:f2:9a:c6:b5:0f:11:
                    d5:36:0e:95:bd:db:02:db:e6:ab:f4:8e:b8:44:9b:
                    b5:4f:22:eb:40:22:c1:d2:25:84:1a:32:8b:c4:66:
                    e4:07:39:81:53:0a:9e:d9:93:f7:8c:fc:8b:89:0f:
                    f4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B4:40:F4:64:77:7A:7D:59:7E:DA:A2:DF:BC:58:CD:6F:8F:18:AC
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wrRA9GR3en1Zftqi37xYzW-PGKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:db80::/29
                  2a13:1340::/29
                  2a13:2980::/29
                  2a13:3880::/29
                  2a13:3b80::/29
                  2a13:4fc0::/29
                  2a13:6e40::/29
                  2a13:8580::/29
                  2a13:8c40::/29
                  2a13:9340::/29
                  2a13:93c0::/29
                  2a13:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         c7:33:d7:f5:9d:b3:f5:db:fa:fe:7c:ea:76:b3:75:8e:87:6c:
         2e:8c:e3:72:fd:06:3f:e4:10:80:f3:3a:33:01:bb:ba:5f:c7:
         57:1c:4e:e9:ff:21:0c:a5:d8:0b:cd:39:57:fb:21:3c:fa:ea:
         95:3b:6c:16:6f:5f:23:8a:08:9c:3e:19:cc:9d:73:58:1a:e0:
         07:d6:33:8d:50:c3:60:f3:bd:18:d2:5a:0c:01:4d:8d:7a:74:
         b3:66:33:ff:16:e0:54:68:e8:4b:3d:f3:48:80:ed:49:22:d9:
         ec:da:f9:45:2d:fe:9d:78:6e:23:c6:45:18:1e:8f:9d:be:52:
         f8:23:d7:0f:ef:bd:29:f0:c1:df:0c:4a:18:12:ba:e7:5c:4c:
         e4:84:8c:2b:32:1e:53:53:44:94:be:8c:eb:cf:6f:4a:d1:a0:
         b9:1c:73:c9:d4:71:44:b1:b5:0a:0f:4c:4e:4b:cb:cb:b5:08:
         9a:27:14:36:7b:3c:c7:54:dd:16:41:79:40:15:39:53:66:25:
         82:df:87:d6:6e:69:39:23:db:1f:c8:cf:e0:ca:ed:3f:1e:21:
         01:38:d3:f5:29:6b:2a:45:3a:e1:8c:7e:ef:ce:ae:1b:d1:3b:
         2e:30:2d:a9:a8:68:46:8a:71:5e:04:0e:81:63:5c:81:2f:44:
         0f:af:31:45
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY6UVy2Q8F/Xp0VqR3yFeZM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMzMxMTE0ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmI0NDBmNDY0Nzc3YTdkNTk3ZWRhYTJkZmJjNThjZDZmOGYxOGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPSOHFDHmkccPM89gGHtCFu1obF/
Hw49iceEcYJfLiEyIc05mcw/7Mb6cUf6fQMAabuLl8lgtW17KXqP3iaodF1lQrhL
QcjRb6IHCX8nZIlPj2Lr2P9eznYWs9HwEBE3PB9PnIQRxwyZGulIhakGG2HECTNc
uLIZFLcCc+XrC4ykRx7yGARhdYmDX4HVfv84fTU9ERVbys4uXGcsNGoGOY5V0/Up
xuv31DRKAa7x1/52FQj2Qs6yL3nIYHYwRUcNdvrbZMee1IrMyLfymsa1DxHVNg6V
vdsC2+ar9I64RJu1TyLrQCLB0iWEGjKLxGbkBzmBUwqe2ZP3jPyLiQ/0bwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFMK0QPRkd3p9WX7aot+8WM1vjxisMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvd3JSQTlHUjNlbjFaZnRxaTM3eFl6Vy1QR0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUDKg/bgAMF
AyoTE0ADBQMqEymAAwUDKhM4gAMFAyoTO4ADBQMqE0/AAwUDKhNuQAMFAyoThYAD
BQMqE4xAAwUDKhOTQAMFAyoTk8ADBQMqE6yAMA0GCSqGSIb3DQEBCwUAA4IBAQDH
M9f1nbP12/r+fOp2s3WOh2wujONy/QY/5BCA8zozAbu6X8dXHE7p/yEMpdgLzTlX
+yE8+uqVO2wWb18jigicPhnMnXNYGuAH1jONUMNg870Y0loMAU2NenSzZjP/FuBU
aOhLPfNIgO1JItns2vlFLf6deG4jxkUYHo+dvlL4I9cP770p8MHfDEoYErrnXEzk
hIwrMh5TU0SUvozrz29K0aC5HHPJ1HFEsbUKD0xOS8vLtQiaJxQ2ezzHVN0WQXlA
FTlTZiWC34fWbmk5I9sfyM/gyu0/HiEBONP1KWsqRTrhjH7vzq4b0TsuMC2pqGhG
inFeBA6BY1yBL0QPrzFF
-----END CERTIFICATE-----