Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/bRRrHSByaOZb9vXvgXkcKncCDCw.roa
File:                     bRRrHSByaOZb9vXvgXkcKncCDCw.roa (raw, json)
Hash identifier:          WxHYvRmXbq9LOU7KNnK1XCvoUo/NJg6P0Opljf8j7Zg=
Subject key identifier:   6D:14:6B:1D:20:72:68:E6:5B:F6:F5:EF:81:79:1C:2A:77:02:0C:2C
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       018E3CF9F62FCBAF0A0B1481901920AAB0D9
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/bRRrHSByaOZb9vXvgXkcKncCDCw.roa
Signing time:             Thu 14 Mar 2024 12:39:58 +0000
ROA not before:           Thu 14 Mar 2024 12:39:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207137
IP address blocks:        2a13:240::/48 maxlen: 48
                          2a13:240:1::/48 maxlen: 48
                          2a13:240:2::/48 maxlen: 48
                          2a13:240:3::/48 maxlen: 48
                          2a13:240:4::/48 maxlen: 48
                          2a13:240:5::/48 maxlen: 48
                          2a13:240:6::/48 maxlen: 48
                          2a13:240:7::/48 maxlen: 48
                          2a13:240:8::/48 maxlen: 48
                          2a13:240:9::/48 maxlen: 48
                          2a13:240:4200::/40 maxlen: 40
                          2a13:240:4300::/40 maxlen: 40
                          2a13:240:4400::/40 maxlen: 40
                          2a13:240:4500::/40 maxlen: 40
                          2a13:240:4600::/40 maxlen: 40
                          2a13:240:4700::/40 maxlen: 40
                          2a13:240:4800::/40 maxlen: 40

Validation:               Failed, certificate revoked on Fri 14 Jun 2024 07:07:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3c:f9:f6:2f:cb:af:0a:0b:14:81:90:19:20:aa:b0:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Mar 14 12:39:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d146b1d207268e65bf6f5ef81791c2a77020c2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b4:eb:8f:39:d2:41:dc:e4:f0:c2:03:b7:41:
                    a3:b8:8d:69:28:97:59:4a:cc:e3:cc:56:53:4c:81:
                    c9:ce:88:12:95:ca:e0:f3:b5:0d:45:77:6d:8c:c7:
                    74:7a:4f:df:a1:65:53:19:55:10:e1:f4:d1:a1:bb:
                    83:53:a7:75:93:01:93:d1:f0:da:b2:24:c9:57:e3:
                    d9:74:8b:66:3f:db:b3:5f:2d:18:29:3c:34:bb:27:
                    7d:af:74:76:c5:de:00:93:60:68:92:8c:e8:bb:6d:
                    96:e3:0c:55:92:55:27:44:67:da:fc:a9:3c:85:b8:
                    d8:9c:df:72:34:a8:e5:f1:d5:d7:82:a0:4f:26:bf:
                    f3:3a:2e:6f:3d:57:02:9a:ee:de:8f:78:7e:90:ea:
                    a0:47:bf:30:0b:a3:06:09:1e:4c:2d:c2:58:00:ba:
                    db:74:65:53:33:1c:61:a5:f1:5b:0e:76:13:a4:ce:
                    d5:11:1f:e0:9c:8d:9c:47:a1:91:c0:84:5b:17:3e:
                    56:04:3e:95:90:31:d6:13:9d:41:da:ac:b4:dc:59:
                    84:af:44:fc:e9:11:6c:25:76:12:0e:e1:20:a9:73:
                    ac:97:93:8f:38:80:dd:50:dc:4d:78:31:8c:8d:db:
                    e8:28:45:6b:f6:d0:f9:e6:22:2d:99:0f:4c:e0:a8:
                    99:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:14:6B:1D:20:72:68:E6:5B:F6:F5:EF:81:79:1C:2A:77:02:0C:2C
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/bRRrHSByaOZb9vXvgXkcKncCDCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240::-2a13:240:9:ffff:ffff:ffff:ffff:ffff
                  2a13:240:4200::-2a13:240:48ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         6b:30:c7:c2:7b:f7:31:5f:50:8d:3e:72:40:e1:73:1c:1c:93:
         6c:21:81:0a:a3:41:21:5e:cc:c7:6f:0b:e1:66:4a:74:e8:ce:
         96:6f:e4:32:32:00:d5:19:48:08:ee:64:9c:22:5d:66:cb:26:
         4d:f3:3e:dd:f1:34:e8:26:4a:5a:7f:37:b7:52:6e:7f:db:64:
         c3:96:7a:44:af:50:a1:e5:ec:65:a4:8d:21:8d:d7:c7:c1:ad:
         7d:4b:ca:e4:eb:1c:89:67:34:41:a0:38:f9:4b:0d:c8:32:2a:
         48:0f:36:a0:39:95:51:d7:31:b4:34:1b:2c:e7:0f:86:4d:18:
         39:00:3b:b4:18:d6:84:39:26:dd:aa:c2:83:30:00:b0:89:9b:
         29:21:1a:20:ad:c8:b4:8a:c4:84:72:ec:27:9f:d6:91:bc:4b:
         49:34:50:85:d8:27:df:b1:9e:36:c2:ac:8c:92:88:cd:50:bb:
         85:fc:77:7f:16:ff:18:66:a5:aa:30:83:08:4b:09:54:eb:94:
         ce:31:43:0b:f5:fa:28:2b:35:67:07:72:48:0f:c8:39:7c:c9:
         0a:77:12:b5:bc:0c:72:a4:f7:a9:80:6b:3e:f1:45:85:b0:86:
         57:4c:e5:82:16:e3:6e:e5:2e:4c:7e:f0:b7:ca:fa:23:79:d3:
         e8:7d:bc:34
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY48+fYvy68KCxSBkBkgqrDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjQwMzE0MTIzOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDE0NmIxZDIwNzI2OGU2NWJmNmY1ZWY4MTc5MWMyYTc3MDIwYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbTrjznSQdzk8MIDt0GjuI1pKJdZ
SszjzFZTTIHJzogSlcrg87UNRXdtjMd0ek/foWVTGVUQ4fTRobuDU6d1kwGT0fDa
siTJV+PZdItmP9uzXy0YKTw0uyd9r3R2xd4Ak2Bokozou22W4wxVklUnRGfa/Kk8
hbjYnN9yNKjl8dXXgqBPJr/zOi5vPVcCmu7ej3h+kOqgR78wC6MGCR5MLcJYALrb
dGVTMxxhpfFbDnYTpM7VER/gnI2cR6GRwIRbFz5WBD6VkDHWE51B2qy03FmEr0T8
6RFsJXYSDuEgqXOsl5OPOIDdUNxNeDGMjdvoKEVr9tD55iItmQ9M4KiZ+wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFG0Uax0gcmjmW/b174F5HCp3AgwsMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvYlJSckhTQnlhT1piOXZYdmdYa2NLbmNDREN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkMBADBQYqEwJA
AwcBKhMCQAAIMBADBgEqEwJAQgMGACoTAkBIMA0GCSqGSIb3DQEBCwUAA4IBAQBr
MMfCe/cxX1CNPnJA4XMcHJNsIYEKo0EhXszHbwvhZkp06M6Wb+QyMgDVGUgI7mSc
Il1myyZN8z7d8TToJkpafze3Um5/22TDlnpEr1Ch5exlpI0hjdfHwa19S8rk6xyJ
ZzRBoDj5Sw3IMipIDzagOZVR1zG0NBss5w+GTRg5ADu0GNaEOSbdqsKDMACwiZsp
IRogrci0isSEcuwnn9aRvEtJNFCF2CffsZ42wqyMkojNULuF/Hd/Fv8YZqWqMIMI
SwlU65TOMUML9fooKzVnB3JID8g5fMkKdxK1vAxypPepgGs+8UWFsIZXTOWCFuNu
5S5MfvC3yvojedPofbw0
-----END CERTIFICATE-----