Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hlHuLDu7sXPR9JcJiGbMcG09l-c.roa
File:                     hlHuLDu7sXPR9JcJiGbMcG09l-c.roa (raw, json)
Hash identifier:          WmZYcLsbDtxc/ZkvpHwKfZEM4Ld6I6yzf25kwWQm6Zc=
Subject key identifier:   86:51:EE:2C:3B:BB:B1:73:D1:F4:97:09:88:66:CC:70:6D:3D:97:E7
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018B6B06E60F1CE7EAC0B0A241463BC67A83
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hlHuLDu7sXPR9JcJiGbMcG09l-c.roa
Signing time:             Thu 26 Oct 2023 08:08:16 +0000
ROA not before:           Thu 26 Oct 2023 08:08:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     216349
IP address blocks:        2a0f:9ac0::/29 maxlen: 30

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:6b:06:e6:0f:1c:e7:ea:c0:b0:a2:41:46:3b:c6:7a:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Oct 26 08:08:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8651ee2c3bbbb173d1f497098866cc706d3d97e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f5:0e:9a:3a:1a:92:b9:cf:82:70:bc:ee:ce:
                    b1:7a:f3:e1:6f:71:d9:f7:47:e5:8d:fd:63:5b:be:
                    5d:59:f8:28:fd:9b:bc:fa:46:95:2c:16:ca:20:7e:
                    50:2b:35:49:39:f5:80:45:30:af:32:ee:34:e6:86:
                    99:14:21:7a:fb:b8:03:1b:4b:0e:e8:e9:4c:5c:e0:
                    9d:95:ca:56:1c:90:e3:0a:77:92:7c:71:e5:e8:7b:
                    dc:52:a7:82:3f:0c:a4:41:f1:34:90:3b:51:65:1b:
                    1c:b2:24:97:2d:8f:ee:0a:00:e0:36:aa:c9:66:1d:
                    e3:d6:b7:c3:9d:85:42:03:be:e4:1e:0b:39:16:d1:
                    6f:29:4a:74:17:9b:62:d7:4c:1c:db:a0:cf:14:86:
                    41:fe:c0:4d:50:c3:59:5b:28:1e:01:67:0b:d3:e8:
                    9a:dc:30:b2:56:0a:92:22:99:41:93:01:f7:b3:d0:
                    fd:fa:db:4c:79:76:f9:5a:fc:08:0c:17:cb:4a:1f:
                    56:95:bb:f8:31:50:a8:09:d9:ba:6f:07:0f:23:a3:
                    78:99:2d:c4:e0:bb:1a:df:c1:8b:77:bc:ce:1e:8c:
                    d5:30:56:76:d2:b3:d0:3a:f1:89:9d:9d:81:69:62:
                    77:dd:73:19:ba:06:03:06:0a:81:2e:8c:94:c2:d5:
                    92:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:51:EE:2C:3B:BB:B1:73:D1:F4:97:09:88:66:CC:70:6D:3D:97:E7
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hlHuLDu7sXPR9JcJiGbMcG09l-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:1d:c4:e6:4a:de:c7:1b:e2:b2:51:c6:bd:71:8e:d0:45:a8:
         ca:1f:be:cd:56:54:2e:23:b7:c1:cc:9f:68:dd:4f:ba:97:aa:
         2f:1d:4a:d6:76:10:82:b2:39:d6:8d:19:55:eb:48:d2:96:12:
         ff:97:87:fe:97:b5:a3:89:1b:86:7f:e8:f9:e4:93:69:78:b4:
         20:88:30:90:47:76:0c:53:61:22:f9:10:6f:93:97:98:43:0c:
         ed:8d:8d:31:d6:df:4d:2e:5c:d8:1e:00:06:01:73:2e:78:7f:
         5f:ab:9b:7c:f7:e0:c8:d3:ce:a9:7a:79:cf:b9:e0:dd:22:f6:
         45:53:38:0d:d8:c5:93:c5:98:3a:c2:52:e8:c7:3f:59:d6:97:
         92:e2:58:66:92:22:af:81:9d:25:f4:b6:d7:51:3b:1b:87:f6:
         79:8f:92:b7:02:bd:ea:1b:2e:16:c2:55:3f:ce:d5:0d:78:ec:
         cc:1c:26:dc:87:12:99:2f:36:a8:84:50:0b:44:62:69:d9:6a:
         8a:24:65:c5:6e:a2:14:d9:1a:4d:f1:e4:11:6c:f6:a2:fc:c4:
         1f:3e:e5:d1:27:9f:df:07:70:af:86:d7:c3:7d:0c:c3:48:35:
         6f:86:54:b3:7f:b6:b5:56:c9:1f:bd:95:ab:cf:cd:97:b2:6b:
         87:e6:9b:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYtrBuYPHOfqwLCiQUY7xnqDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjMxMDI2MDgwODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjUxZWUyYzNiYmJiMTczZDFmNDk3MDk4ODY2Y2M3MDZkM2Q5N2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfUOmjoakrnPgnC87s6xevPhb3HZ
90fljf1jW75dWfgo/Zu8+kaVLBbKIH5QKzVJOfWARTCvMu405oaZFCF6+7gDG0sO
6OlMXOCdlcpWHJDjCneSfHHl6HvcUqeCPwykQfE0kDtRZRscsiSXLY/uCgDgNqrJ
Zh3j1rfDnYVCA77kHgs5FtFvKUp0F5ti10wc26DPFIZB/sBNUMNZWygeAWcL0+ia
3DCyVgqSIplBkwH3s9D9+ttMeXb5WvwIDBfLSh9Wlbv4MVCoCdm6bwcPI6N4mS3E
4Lsa38GLd7zOHozVMFZ20rPQOvGJnZ2BaWJ33XMZugYDBgqBLoyUwtWSSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIZR7iw7u7Fz0fSXCYhmzHBtPZfnMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvaGxIdUxEdTdzWFBSOUpjSmlHYk1jRzA5bC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+awDAN
BgkqhkiG9w0BAQsFAAOCAQEACR3E5krexxvislHGvXGO0EWoyh++zVZULiO3wcyf
aN1PupeqLx1K1nYQgrI51o0ZVetI0pYS/5eH/pe1o4kbhn/o+eSTaXi0IIgwkEd2
DFNhIvkQb5OXmEMM7Y2NMdbfTS5c2B4ABgFzLnh/X6ubfPfgyNPOqXp5z7ng3SL2
RVM4DdjFk8WYOsJS6Mc/WdaXkuJYZpIir4GdJfS211E7G4f2eY+StwK96hsuFsJV
P87VDXjszBwm3IcSmS82qIRQC0RiadlqiiRlxW6iFNkaTfHkEWz2ovzEHz7l0Sef
3wdwr4bXw30Mw0g1b4ZUs3+2tVbJH72Vq8/Nl7Jrh+abiw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:19 2024 by rpki-client on console-ams.rpki-client.org