Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/g-JDZB3hRg3AB26t1Kb3z8LwInw.roa
File:                     g-JDZB3hRg3AB26t1Kb3z8LwInw.roa (raw, json)
Hash identifier:          EinHoXS9vwcVCT5qA7JOwnYknPsGeRgFB2egejQOrRQ=
Subject key identifier:   83:E2:43:64:1D:E1:46:0D:C0:07:6E:AD:D4:A6:F7:CF:C2:F0:22:7C
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0194B335ABB06C54D73A93EA8ED5283EC5E7
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/g-JDZB3hRg3AB26t1Kb3z8LwInw.roa
Signing time:             Wed 29 Jan 2025 17:57:06 +0000
ROA not before:           Wed 29 Jan 2025 17:57:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a06:d644::/32 maxlen: 32
                          2a09:e307::/32 maxlen: 32
                          2a09:ef06::/32 maxlen: 32
                          2a0b:9004::/32 maxlen: 32
                          2a0d:3c42::/32 maxlen: 32
                          2a0d:3c47::/32 maxlen: 32
                          2a0d:95c0::/32 maxlen: 32
                          2a0d:95c2::/32 maxlen: 32
                          2a0d:afc1::/32 maxlen: 32
                          2a0d:afc4::/32 maxlen: 32
                          2a0d:afc5::/32 maxlen: 32
                          2a0d:afc7::/32 maxlen: 32
                          2a0d:c100::/32 maxlen: 32
                          2a0d:c102::/32 maxlen: 32
                          2a0d:c104::/32 maxlen: 32
                          2a0f:3104::/32 maxlen: 32
Validation:               Failed, certificate revoked on Fri 31 Jan 2025 16:19:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b3:35:ab:b0:6c:54:d7:3a:93:ea:8e:d5:28:3e:c5:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan 29 17:57:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83e243641de1460dc0076eadd4a6f7cfc2f0227c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f3:e2:a5:8a:76:75:d2:db:0a:1d:76:b6:94:
                    72:f7:78:da:86:42:59:8a:fa:1a:68:47:21:f2:69:
                    3e:d2:c5:df:f2:d9:18:48:fe:bf:2e:84:e9:f4:70:
                    42:14:63:30:fd:68:89:9b:4a:18:33:86:d7:d5:31:
                    2d:a1:eb:f1:1b:b1:55:e3:20:10:4b:36:63:0e:48:
                    f5:a7:b3:ab:76:84:e5:8a:60:d3:89:26:e4:c5:98:
                    09:2e:52:c1:0e:52:af:07:4e:a8:fe:a0:87:70:64:
                    04:65:31:7c:78:23:7b:92:df:e0:d2:f0:79:09:9b:
                    f0:df:5f:90:0b:f3:25:f6:75:af:ea:a8:54:04:99:
                    c1:ce:d0:e3:3b:3c:73:b0:54:49:e3:a5:4f:96:d9:
                    07:54:61:be:7d:d5:21:e6:b2:25:d4:40:4d:0e:de:
                    45:d7:a6:73:24:03:87:af:0f:3c:7b:34:a1:b0:df:
                    52:f7:2d:4f:77:d8:c2:3a:91:ce:e0:4d:94:3e:20:
                    76:3b:8c:35:8e:91:07:fb:2f:70:b3:bb:81:38:95:
                    a8:97:13:e5:2d:3c:da:4d:e6:e3:2d:24:05:20:18:
                    95:13:f0:4f:21:e5:25:21:8c:5d:98:a0:ef:55:84:
                    48:34:ea:5d:14:77:25:7b:28:64:22:9d:e0:b5:2a:
                    bc:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:E2:43:64:1D:E1:46:0D:C0:07:6E:AD:D4:A6:F7:CF:C2:F0:22:7C
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/g-JDZB3hRg3AB26t1Kb3z8LwInw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d644::/32
                  2a09:e307::/32
                  2a09:ef06::/32
                  2a0b:9004::/32
                  2a0d:3c42::/32
                  2a0d:3c47::/32
                  2a0d:95c0::/32
                  2a0d:95c2::/32
                  2a0d:afc1::/32
                  2a0d:afc4::/31
                  2a0d:afc7::/32
                  2a0d:c100::/32
                  2a0d:c102::/32
                  2a0d:c104::/32
                  2a0f:3104::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:6d:ed:1f:9a:90:3d:64:f1:69:ca:7a:a2:42:b0:12:c7:92:
         1f:b2:21:bb:1e:55:a8:1c:76:f6:d6:3d:37:74:69:99:c7:50:
         a7:19:c7:8e:0c:01:ae:f6:bf:e4:8d:be:f0:d0:04:39:8f:7c:
         fe:2c:b2:f3:a3:41:1d:02:5c:51:cd:bb:aa:8b:ba:ff:2a:e1:
         a5:19:a4:2b:6a:c8:15:ae:e6:e6:ff:c9:fb:44:a0:51:5b:39:
         56:d8:7b:bd:89:be:43:72:75:39:bb:e5:d8:29:47:84:ed:a8:
         93:13:6b:21:79:77:6a:af:d9:b6:ae:17:64:28:ae:df:c8:88:
         61:28:9f:4a:29:5e:c3:50:12:89:a9:34:9a:05:96:c1:d2:32:
         c1:cc:bc:5b:b3:a6:38:f6:e5:bb:48:89:b1:82:0d:53:f3:97:
         d8:28:40:78:03:78:a0:cc:45:d5:82:d5:7b:60:8e:c1:b1:e1:
         d9:73:4c:0d:6a:27:05:77:14:02:26:a3:71:a5:10:24:24:db:
         34:ff:62:6a:8d:3b:b8:20:dc:14:5d:0a:ab:0d:77:27:53:ad:
         69:24:72:a0:df:24:ce:10:e3:44:cc:92:00:99:2d:31:d8:85:
         33:e9:86:f5:38:b3:7f:b0:cd:28:1f:38:9b:95:c5:cb:45:75:
         b4:5b:97:e4
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZSzNauwbFTXOpPqjtUoPsXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjUwMTI5MTc1NzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2UyNDM2NDFkZTE0NjBkYzAwNzZlYWRkNGE2ZjdjZmMyZjAyMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvPipYp2ddLbCh12tpRy93jahkJZ
ivoaaEch8mk+0sXf8tkYSP6/LoTp9HBCFGMw/WiJm0oYM4bX1TEtoevxG7FV4yAQ
SzZjDkj1p7OrdoTlimDTiSbkxZgJLlLBDlKvB06o/qCHcGQEZTF8eCN7kt/g0vB5
CZvw31+QC/Ml9nWv6qhUBJnBztDjOzxzsFRJ46VPltkHVGG+fdUh5rIl1EBNDt5F
16ZzJAOHrw88ezShsN9S9y1Pd9jCOpHO4E2UPiB2O4w1jpEH+y9ws7uBOJWolxPl
LTzaTebjLSQFIBiVE/BPIeUlIYxdmKDvVYRINOpdFHcleyhkIp3gtSq8dQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFIPiQ2Qd4UYNwAdurdSm98/C8CJ8MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvZy1KRFpCM2hSZzNBQjI2dDFLYjN6OEx3SW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwbwQCAAIwaQMFACoG1kQD
BQAqCeMHAwUAKgnvBgMFACoLkAQDBQAqDTxCAwUAKg08RwMFACoNlcADBQAqDZXC
AwUAKg2vwQMFASoNr8QDBQAqDa/HAwUAKg3BAAMFACoNwQIDBQAqDcEEAwUAKg8x
BDANBgkqhkiG9w0BAQsFAAOCAQEAGG3tH5qQPWTxacp6okKwEseSH7Ihux5VqBx2
9tY9N3RpmcdQpxnHjgwBrva/5I2+8NAEOY98/iyy86NBHQJcUc27qou6/yrhpRmk
K2rIFa7m5v/J+0SgUVs5Vth7vYm+Q3J1Obvl2ClHhO2okxNrIXl3aq/Ztq4XZCiu
38iIYSifSilew1ASiak0mgWWwdIywcy8W7OmOPblu0iJsYINU/OX2ChAeAN4oMxF
1YLVe2COwbHh2XNMDWonBXcUAiajcaUQJCTbNP9iao07uCDcFF0Kqw13J1OtaSRy
oN8kzhDjRMySAJktMdiFM+mG9Tizf7DNKB84m5XFy0V1tFuX5A==
-----END CERTIFICATE-----