Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/z9-F9DpPprs3-kKw7E_yi4LPkoA.roa
File:                     z9-F9DpPprs3-kKw7E_yi4LPkoA.roa (raw, json)
Hash identifier:          MQXL49dV8xHr5UjHJd7baWiPIE+e0yuhhvv6QXV/s1s=
Subject key identifier:   CF:DF:85:F4:3A:4F:A6:BB:37:FA:42:B0:EC:4F:F2:8B:82:CF:92:80
Certificate issuer:       /CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
Certificate serial:       0185713A01E4AB7483460BC50404737E654E
Authority key identifier: DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/z9-F9DpPprs3-kKw7E_yi4LPkoA.roa
Signing time:             Mon 02 Jan 2023 06:45:05 +0000
ROA not before:           Mon 02 Jan 2023 06:45:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48642
IP address blocks:        213.109.48.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:35:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:3a:01:e4:ab:74:83:46:0b:c5:04:04:73:7e:65:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
        Validity
            Not Before: Jan  2 06:45:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cfdf85f43a4fa6bb37fa42b0ec4ff28b82cf9280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d2:0c:cd:25:31:38:df:14:e3:5e:d0:e9:ca:
                    bb:87:ee:8c:24:6f:2d:fb:32:2b:f8:85:3c:7b:cd:
                    5a:b1:c6:c3:2f:54:05:ef:fc:1f:00:17:c4:4e:45:
                    aa:81:5c:39:d2:e9:0a:3d:ae:64:fb:f4:3f:e0:e7:
                    cf:40:19:af:83:6f:c8:81:a0:c9:00:b6:b5:8e:25:
                    b5:8f:73:f8:f5:9e:28:25:af:6c:ee:d8:74:db:98:
                    91:3f:bf:97:f7:fb:fc:e3:d6:7f:31:23:05:01:44:
                    d0:95:9f:cd:18:a6:3d:8e:3c:ab:98:4c:35:ad:c2:
                    fe:ed:f9:49:5b:70:db:af:cf:5f:98:6e:74:0d:6a:
                    df:ef:af:c6:f4:34:f2:57:d9:44:d3:2c:f9:38:d0:
                    9f:ea:75:96:49:2a:56:2d:a1:be:ee:cb:65:82:4e:
                    23:c8:de:b8:64:b0:3e:e7:f2:29:ec:19:7c:b7:da:
                    03:6c:1e:d9:ea:08:9e:b6:59:93:f4:9b:68:c9:ba:
                    de:87:98:2e:a1:39:02:79:66:40:11:ad:e3:c3:f2:
                    2c:2d:24:6e:92:f1:66:e5:6d:cb:0c:30:ef:55:e9:
                    a0:ff:6e:78:cc:38:e0:8f:b0:0c:a5:4f:cc:3a:9f:
                    de:39:14:a7:2a:3e:1c:e2:96:16:1e:93:77:17:81:
                    0f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:DF:85:F4:3A:4F:A6:BB:37:FA:42:B0:EC:4F:F2:8B:82:CF:92:80
            X509v3 Authority Key Identifier:
                keyid:DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/z9-F9DpPprs3-kKw7E_yi4LPkoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6f:ca:b9:65:2c:9c:f7:ee:4e:e7:38:9b:44:87:f6:a6:36:e2:
         43:20:7f:53:fc:44:9d:69:20:92:89:04:8d:2a:73:c3:72:3d:
         ac:26:26:86:d1:20:ec:e7:9a:bb:81:f3:26:61:5e:f1:9d:32:
         ec:2e:90:70:e1:c7:28:fa:3a:0b:9e:3a:3f:2d:98:74:6b:4b:
         12:2b:60:52:fe:52:99:d8:d1:8d:43:80:b3:9b:30:7a:09:8e:
         9d:e1:1f:8b:97:65:17:78:fa:3e:0f:4b:e8:16:7b:65:41:9e:
         af:f8:c4:bc:0d:9e:1e:cc:b5:7e:9a:92:94:9f:6e:6e:87:e3:
         a1:01:3f:ac:5e:fd:e3:2a:0f:18:4f:8d:3f:69:1e:2f:b4:c0:
         82:52:82:6a:72:00:e6:32:44:c0:30:10:6c:23:56:ff:eb:80:
         bb:ae:27:b0:61:cc:ba:1d:74:35:b1:b7:5b:ab:65:b2:23:ba:
         6e:82:a4:04:fd:20:3b:36:b7:1d:f8:cf:6d:a8:24:b7:4d:99:
         7a:b2:ff:de:eb:da:dd:6a:98:fd:a7:4e:57:ab:58:0a:30:f1:
         1e:2b:8d:b9:d3:eb:55:6c:e9:ba:bc:50:34:d3:f1:a9:27:e7:
         1a:fe:06:67:6a:31:06:89:76:31:d7:53:0a:cf:1f:9f:26:47:
         09:94:de:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxOgHkq3SDRgvFBARzfmVOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNzI1YzRkMDk1M2U3ZWNmNDZmMzdlMTRmY2ExNGZkMDlh
MTJkMTYwHhcNMjMwMTAyMDY0NTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmRmODVmNDNhNGZhNmJiMzdmYTQyYjBlYzRmZjI4YjgyY2Y5MjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtIMzSUxON8U417Q6cq7h+6MJG8t
+zIr+IU8e81ascbDL1QF7/wfABfETkWqgVw50ukKPa5k+/Q/4OfPQBmvg2/IgaDJ
ALa1jiW1j3P49Z4oJa9s7th025iRP7+X9/v849Z/MSMFAUTQlZ/NGKY9jjyrmEw1
rcL+7flJW3Dbr89fmG50DWrf76/G9DTyV9lE0yz5ONCf6nWWSSpWLaG+7stlgk4j
yN64ZLA+5/Ip7Bl8t9oDbB7Z6gietlmT9Jtoybreh5guoTkCeWZAEa3jw/IsLSRu
kvFm5W3LDDDvVemg/254zDjgj7AMpU/MOp/eORSnKj4c4pYWHpN3F4EP8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/fhfQ6T6a7N/pCsOxP8ouCz5KAMB8GA1UdIwQY
MBaAFN1yXE0JU+fs9G834U/KFP0JoS0WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYt
OGYyMGNiNzM0NDg4LzEvejktRjlEcFBwcnMzLWtLdzdFX3lpNExQa29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYtOGYyMGNiNzM0NDg4
LzEvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1W0wMA0G
CSqGSIb3DQEBCwUAA4IBAQBvyrllLJz37k7nOJtEh/amNuJDIH9T/ESdaSCSiQSN
KnPDcj2sJiaG0SDs55q7gfMmYV7xnTLsLpBw4cco+joLnjo/LZh0a0sSK2BS/lKZ
2NGNQ4CzmzB6CY6d4R+Ll2UXePo+D0voFntlQZ6v+MS8DZ4ezLV+mpKUn25uh+Oh
AT+sXv3jKg8YT40/aR4vtMCCUoJqcgDmMkTAMBBsI1b/64C7riewYcy6HXQ1sbdb
q2WyI7pugqQE/SA7Nrcd+M9tqCS3TZl6sv/e69rdapj9p05Xq1gKMPEeK4250+tV
bOm6vFA00/GpJ+ca/gZnajEGiXYx11MKzx+fJkcJlN5r
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:50 2024 by rpki-client on console-ams.rpki-client.org