Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/EhIOG3XnYxgIKzYDWf3I1E-v39o.roa
File:                     EhIOG3XnYxgIKzYDWf3I1E-v39o.roa (raw, json)
Hash identifier:          LfyT8jxqvswz2cZ8f0Zv3dqdrtoys6ilIPrIB1EvqaM=
Subject key identifier:   12:12:0E:1B:75:E7:63:18:08:2B:36:03:59:FD:C8:D4:4F:AF:DF:DA
Certificate issuer:       /CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
Certificate serial:       01856CC1751F8E946223152E7451CD84E388
Authority key identifier: 38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/EhIOG3XnYxgIKzYDWf3I1E-v39o.roa
Signing time:             Sun 01 Jan 2023 09:54:55 +0000
ROA not before:           Sun 01 Jan 2023 09:54:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     32519
IP address blocks:        2a07:aec0::/29 maxlen: 128

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:c1:75:1f:8e:94:62:23:15:2e:74:51:cd:84:e3:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
        Validity
            Not Before: Jan  1 09:54:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=12120e1b75e76318082b360359fdc8d44fafdfda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:3a:9c:59:8f:a1:62:f4:d2:60:90:66:00:c2:
                    f6:84:e3:8f:4c:f8:97:7a:70:c2:26:62:5e:32:86:
                    29:16:c8:dc:89:15:3e:ba:f0:07:d7:3a:2a:00:6a:
                    94:95:9e:e4:62:84:53:1b:97:12:9d:59:e9:cb:65:
                    45:05:e4:28:5f:c3:60:d0:9e:6e:ff:4e:b8:f2:7f:
                    b3:a7:51:53:57:de:62:fa:50:e8:59:6d:bc:86:1e:
                    a8:64:f3:43:f5:78:9f:a4:b7:18:b5:b9:b1:80:2e:
                    38:2d:95:17:5a:cd:99:b9:bf:79:d3:6b:a8:35:1d:
                    55:01:2f:04:e5:cf:68:90:5e:5b:05:ef:cd:e3:9e:
                    8f:4b:4d:98:45:38:9b:74:8e:8d:7c:cf:65:40:83:
                    b8:21:88:bb:a5:57:30:db:b5:23:bf:a3:d5:dd:40:
                    5f:b0:44:5b:5e:3e:d2:c5:9e:50:86:1d:81:9c:b4:
                    0f:c2:52:b5:f2:36:48:4d:0f:67:a1:7b:71:fe:84:
                    ca:81:fb:cb:89:78:e2:1f:28:7b:0d:77:aa:1b:e1:
                    18:42:f9:64:c4:cf:79:0a:83:fe:e3:bd:e5:8f:2b:
                    cc:4e:26:49:47:a6:e9:2d:4f:74:5a:1b:02:36:35:
                    60:02:84:b3:90:cf:1d:4a:dc:18:7b:c9:4d:8e:3f:
                    b4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:12:0E:1B:75:E7:63:18:08:2B:36:03:59:FD:C8:D4:4F:AF:DF:DA
            X509v3 Authority Key Identifier:
                keyid:38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/EhIOG3XnYxgIKzYDWf3I1E-v39o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:aec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:ca:77:cf:3a:31:fa:91:d2:32:7a:8f:09:cb:25:8f:be:a9:
         5b:94:f9:a9:17:0a:bf:e0:07:0f:67:08:59:fd:21:3a:fd:51:
         d2:e1:48:92:7e:1f:0a:16:75:94:02:4b:25:47:ea:79:c9:5f:
         e9:0b:e1:ae:e7:e5:1a:72:aa:e3:2f:91:e3:65:0f:22:bf:8d:
         fb:15:5f:6f:37:8e:95:19:a1:ab:59:ad:37:9d:75:ea:58:04:
         c3:6a:61:e6:46:a7:d4:28:86:5b:ab:43:e6:e0:15:2e:ac:1e:
         68:88:a9:6e:93:86:d4:11:1e:87:f2:4a:47:da:ab:df:5e:91:
         59:ad:a9:90:ff:c0:6b:e3:b1:08:07:6c:c1:13:03:4b:63:9c:
         cd:b8:80:fb:ba:d0:38:57:00:f0:01:bf:99:1a:78:d6:8c:3d:
         61:9b:c6:20:5b:cc:d3:f8:ae:1c:97:54:95:8c:cd:11:28:62:
         82:14:47:bb:2f:be:0a:f8:b2:a7:e9:5f:43:6c:1e:91:82:5c:
         f1:7d:ff:18:11:eb:cd:c9:48:12:7e:1d:0f:41:41:cc:2a:10:
         0e:32:72:b4:c6:5e:0c:67:b3:dd:2c:30:f4:e8:a1:9c:05:e0:
         0e:b6:b9:89:3d:52:25:4a:13:e2:23:27:62:d2:1f:8e:50:1a:
         87:39:be:c6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVswXUfjpRiIxUudFHNhOOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YmQ2ZDhlYmI4MjQwNGQ1NzA5MzUxYmMyMzI5YTBlZTQz
YTlhNDMwHhcNMjMwMTAxMDk1NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjEyMGUxYjc1ZTc2MzE4MDgyYjM2MDM1OWZkYzhkNDRmYWZkZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8zqcWY+hYvTSYJBmAML2hOOPTPiX
enDCJmJeMoYpFsjciRU+uvAH1zoqAGqUlZ7kYoRTG5cSnVnpy2VFBeQoX8Ng0J5u
/0648n+zp1FTV95i+lDoWW28hh6oZPND9XifpLcYtbmxgC44LZUXWs2Zub9502uo
NR1VAS8E5c9okF5bBe/N456PS02YRTibdI6NfM9lQIO4IYi7pVcw27Ujv6PV3UBf
sERbXj7SxZ5Qhh2BnLQPwlK18jZITQ9noXtx/oTKgfvLiXjiHyh7DXeqG+EYQvlk
xM95CoP+473ljyvMTiZJR6bpLU90WhsCNjVgAoSzkM8dStwYe8lNjj+0lQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBISDht152MYCCs2A1n9yNRPr9/aMB8GA1UdIwQY
MBaAFDi9bY67gkBNVwk1G8Iymg7kOppDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUt
OGM5NTM5ZjQ0NGM2LzEvRWhJT0czWG5ZeGdJS3pZRFdmM0kxRS12MzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUtOGM5NTM5ZjQ0NGM2
LzEvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgeuwDAN
BgkqhkiG9w0BAQsFAAOCAQEAeMp3zzox+pHSMnqPCcslj76pW5T5qRcKv+AHD2cI
Wf0hOv1R0uFIkn4fChZ1lAJLJUfqeclf6QvhruflGnKq4y+R42UPIr+N+xVfbzeO
lRmhq1mtN5116lgEw2ph5kan1CiGW6tD5uAVLqweaIipbpOG1BEeh/JKR9qr316R
Wa2pkP/Aa+OxCAdswRMDS2OczbiA+7rQOFcA8AG/mRp41ow9YZvGIFvM0/iuHJdU
lYzNEShighRHuy++Cviyp+lfQ2wekYJc8X3/GBHrzclIEn4dD0FBzCoQDjJytMZe
DGez3Sww9OihnAXgDra5iT1SJUoT4iMnYtIfjlAahzm+xg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:31 2024 by rpki-client on console-fra.rpki-client.org