Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/3U8VXDdEd137KQANTBo1_xG99c0.roa
File:                     3U8VXDdEd137KQANTBo1_xG99c0.roa (raw, json)
Hash identifier:          HaUMsyvvTOIpT/pC78Y0BvEzNosgpHm4AwEVghsL8do=
Subject key identifier:   DD:4F:15:5C:37:44:77:5D:FB:29:00:0D:4C:1A:35:FF:11:BD:F5:CD
Certificate issuer:       /CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
Certificate serial:       018CC801C54C00E1AEDA32B6F148D930593B
Authority key identifier: A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/3U8VXDdEd137KQANTBo1_xG99c0.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57450
IP address blocks:        2a13:1500:3b0::/44 maxlen: 48

Validation:               Failed, certificate revoked on Thu 10 Oct 2024 20:06:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c5:4c:00:e1:ae:da:32:b6:f1:48:d9:30:59:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd4f155c3744775dfb29000d4c1a35ff11bdf5cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:50:10:34:8b:34:70:a8:a4:28:21:f1:72:4e:
                    92:a5:40:a4:ff:d9:9b:65:c3:76:76:b3:6a:c4:97:
                    59:fc:59:d8:f8:ab:fd:06:71:af:ca:a5:53:c9:92:
                    dd:24:a3:a4:30:7f:87:45:40:7e:d6:8a:fc:ac:53:
                    86:b9:60:a8:f3:bf:0a:90:81:93:a1:ac:0b:b7:79:
                    91:b2:36:a6:2d:fa:55:30:91:76:86:49:c4:5b:ca:
                    8a:7f:1a:04:a6:6b:7d:90:19:0e:47:7d:92:97:67:
                    8a:0f:e3:c0:eb:2d:d6:6b:89:17:17:5c:1b:83:cb:
                    6d:c2:25:e4:65:34:9a:1d:65:f6:25:d1:81:96:a5:
                    d7:a4:06:97:ae:72:b8:85:0c:f9:48:59:62:2f:ef:
                    b4:c0:af:4f:69:e2:28:26:42:73:97:a8:ec:f9:c0:
                    b7:bd:9b:bd:ea:b9:07:76:45:23:ab:d4:64:15:53:
                    ab:22:d9:66:f7:15:70:aa:34:6b:95:f4:96:7c:26:
                    48:c7:fe:4e:34:a9:06:57:7b:4f:30:94:21:4e:d6:
                    46:9f:d9:99:08:0c:ab:18:96:51:24:df:d8:84:1a:
                    98:a6:75:50:8b:01:e4:6e:21:62:25:86:65:6e:a8:
                    fd:92:ec:76:1e:0c:f0:2a:dc:e1:11:2f:d3:92:47:
                    d8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:4F:15:5C:37:44:77:5D:FB:29:00:0D:4C:1A:35:FF:11:BD:F5:CD
            X509v3 Authority Key Identifier:
                keyid:A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/3U8VXDdEd137KQANTBo1_xG99c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1500:3b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         aa:20:2d:e2:8b:1a:e3:8b:be:51:30:f6:24:1b:e1:0b:94:32:
         aa:48:a9:f9:71:3e:ef:b8:92:7b:0e:54:34:c4:43:71:da:20:
         04:75:40:e0:fc:55:89:4f:77:b7:46:0f:33:92:06:4b:5f:47:
         98:f0:a1:37:3b:03:56:80:5e:4f:36:84:4c:0b:03:02:6c:fa:
         c4:0b:40:f9:11:ff:3c:0b:73:a8:f0:a8:f7:9b:f4:09:3c:1a:
         4a:47:df:ac:14:94:12:70:a8:ab:26:c1:05:3b:3e:55:76:11:
         6e:2d:09:fd:2d:72:4a:a1:f1:e7:4c:15:39:fb:a0:c3:66:ca:
         4e:08:b8:b9:ce:79:5e:52:9c:a9:a9:cd:57:0b:d5:0d:19:f5:
         e8:70:f3:ac:e5:19:6a:a4:40:7d:ed:52:5d:4d:de:cf:3b:9c:
         d1:45:e1:95:56:9b:b8:92:90:26:d5:1f:a0:0e:7e:bd:18:58:
         0e:be:11:fc:41:b9:ad:17:49:54:23:4a:e6:7f:7c:04:59:fc:
         bc:6a:cd:37:69:c2:1a:1a:b6:82:c7:89:4d:4b:d0:be:51:3a:
         a6:0b:17:f6:93:63:44:ae:56:69:71:fa:11:78:28:95:e6:65:
         ea:e2:67:40:5c:a1:6c:9a:4b:a8:2f:7c:e5:31:89:2c:41:1b:
         f3:cf:23:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAcVMAOGu2jK28UjZMFk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzOGIxNzZhN2Q5MmU1MDFlZWRhZWY2YzYwZThjZTNhNjhk
NzUyMjQwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRmMTU1YzM3NDQ3NzVkZmIyOTAwMGQ0YzFhMzVmZjExYmRmNWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VAQNIs0cKikKCHxck6SpUCk/9mb
ZcN2drNqxJdZ/FnY+Kv9BnGvyqVTyZLdJKOkMH+HRUB+1or8rFOGuWCo878KkIGT
oawLt3mRsjamLfpVMJF2hknEW8qKfxoEpmt9kBkOR32Sl2eKD+PA6y3Wa4kXF1wb
g8ttwiXkZTSaHWX2JdGBlqXXpAaXrnK4hQz5SFliL++0wK9PaeIoJkJzl6js+cC3
vZu96rkHdkUjq9RkFVOrItlm9xVwqjRrlfSWfCZIx/5ONKkGV3tPMJQhTtZGn9mZ
CAyrGJZRJN/YhBqYpnVQiwHkbiFiJYZlbqj9kux2HgzwKtzhES/TkkfYVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN1PFVw3RHdd+ykADUwaNf8RvfXNMB8GA1UdIwQY
MBaAFKOLF2p9kuUB7trvbGDozjpo11IkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTIt
ZWZlNzljMjU0ZTI1LzEvM1U4VlhEZEVkMTM3S1FBTlRCbzFfeEc5OWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTItZWZlNzljMjU0ZTI1
LzEvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMVAAOw
MA0GCSqGSIb3DQEBCwUAA4IBAQCqIC3iixrji75RMPYkG+ELlDKqSKn5cT7vuJJ7
DlQ0xENx2iAEdUDg/FWJT3e3Rg8zkgZLX0eY8KE3OwNWgF5PNoRMCwMCbPrEC0D5
Ef88C3Oo8Kj3m/QJPBpKR9+sFJQScKirJsEFOz5VdhFuLQn9LXJKofHnTBU5+6DD
ZspOCLi5znleUpypqc1XC9UNGfXocPOs5RlqpEB97VJdTd7PO5zRReGVVpu4kpAm
1R+gDn69GFgOvhH8QbmtF0lUI0rmf3wEWfy8as03acIaGraCx4lNS9C+UTqmCxf2
k2NErlZpcfoReCiV5mXq4mdAXKFsmkuoL3zlMYksQRvzzyPe
-----END CERTIFICATE-----
Generated at Thu Oct 10 22:45:50 2024 by rpki-client on console-ams.rpki-client.org