Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/O5KMfMxrIt0rMibpe3acvqgd8hc.roa
File:                     O5KMfMxrIt0rMibpe3acvqgd8hc.roa (raw, json)
Hash identifier:          q+cTFT/0DqqSwsXX1qdWHQo/M/BnAMtZ6eVCiuzanH0=
Subject key identifier:   3B:92:8C:7C:CC:6B:22:DD:2B:32:26:E9:7B:76:9C:BE:A8:1D:F2:17
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018BA009C334E283F8A9FD9F37E6D57FB676
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/O5KMfMxrIt0rMibpe3acvqgd8hc.roa
Signing time:             Sun 05 Nov 2023 15:11:16 +0000
ROA not before:           Sun 05 Nov 2023 15:11:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     216155
IP address blocks:        2a10:4646:3c0::/44 maxlen: 44

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a0:09:c3:34:e2:83:f8:a9:fd:9f:37:e6:d5:7f:b6:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Nov  5 15:11:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b928c7ccc6b22dd2b3226e97b769cbea81df217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3b:2a:de:f8:f3:8c:9e:72:46:06:63:b4:8c:
                    de:b7:20:b6:3a:ad:3d:15:3d:6c:a1:1f:bd:db:96:
                    77:89:39:d9:01:37:65:86:6d:ea:b3:f3:04:a4:8d:
                    1b:0d:da:80:4b:cd:c1:a1:5a:5a:7a:5c:9d:9e:2a:
                    e8:7d:9d:c1:4b:86:78:6f:c3:c6:67:8a:b2:23:a3:
                    9e:20:32:ab:a0:83:f5:bc:e0:f7:14:65:9c:97:49:
                    85:a2:5d:cf:c9:38:d4:5c:73:13:da:17:34:c5:cb:
                    26:c2:0d:b3:1f:69:96:da:21:ee:2f:89:9a:c1:b9:
                    7d:28:7f:bf:f6:21:a6:b5:ad:6c:48:f8:cb:76:50:
                    ea:16:e4:19:a9:ef:a8:dc:d2:17:f6:ca:3f:3f:e0:
                    3d:31:83:73:04:96:e2:75:68:a5:f9:48:bd:83:f1:
                    21:49:e6:f1:ee:e8:07:e1:4b:2b:fc:fc:ad:a8:33:
                    dd:4f:dc:ba:ea:75:8c:34:32:07:7e:d8:d9:61:4b:
                    e0:c8:48:50:7b:f7:a8:63:d2:e0:a0:9a:e7:1c:28:
                    fa:9c:18:64:fb:76:c4:f3:f2:68:98:af:e5:ac:c4:
                    cc:f6:26:1a:f7:53:89:2b:ea:a0:73:7b:6a:c1:63:
                    a5:b7:91:16:e8:f8:a6:38:bb:b3:f2:88:b1:2a:30:
                    e6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:92:8C:7C:CC:6B:22:DD:2B:32:26:E9:7B:76:9C:BE:A8:1D:F2:17
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/O5KMfMxrIt0rMibpe3acvqgd8hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:3c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2d:c4:a8:e8:e5:6b:3c:2c:77:a0:24:9f:0e:07:5f:c5:b0:74:
         82:41:d2:65:0c:e8:27:ef:de:0e:8f:78:d7:d7:d7:38:d5:df:
         fa:ab:0d:03:7b:63:36:2d:df:7a:a6:8e:0c:6b:31:57:aa:20:
         62:3a:9d:b8:a4:ee:ae:da:20:d6:e0:4d:85:87:a6:b3:33:92:
         2d:89:d0:6c:7a:24:58:90:98:c4:7e:ac:bf:60:fb:27:fc:de:
         84:72:92:a7:59:ab:62:4e:f5:c2:3b:e1:b0:2e:dc:f3:44:27:
         ca:8c:40:87:6e:f8:d4:63:c6:72:69:d0:3f:f1:60:e4:a2:43:
         e8:47:cb:fe:08:df:b4:14:01:8f:ed:78:f5:61:e8:20:e6:f7:
         a2:7d:e1:42:54:45:66:30:36:b8:35:3a:34:ef:08:eb:1c:eb:
         c8:55:9b:e4:ed:3c:5d:69:c8:8c:db:b2:ad:35:1a:d2:1e:a8:
         e2:03:6a:05:14:e8:cc:91:c0:83:ff:fc:f6:c2:bd:39:4f:46:
         4b:48:41:9f:91:36:08:9a:59:96:ac:f8:80:1e:21:90:ef:9d:
         66:bc:13:d4:44:6b:f1:d9:04:29:3d:b3:4d:b0:d5:8f:e2:74:
         af:e7:1d:01:e3:e9:7c:b0:b5:99:af:56:32:b5:75:26:a5:1f:
         02:14:93:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYugCcM04oP4qf2fN+bVf7Z2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjMxMTA1MTUxMTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjkyOGM3Y2NjNmIyMmRkMmIzMjI2ZTk3Yjc2OWNiZWE4MWRmMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDsq3vjzjJ5yRgZjtIzetyC2Oq09
FT1soR+925Z3iTnZATdlhm3qs/MEpI0bDdqAS83BoVpaelydnirofZ3BS4Z4b8PG
Z4qyI6OeIDKroIP1vOD3FGWcl0mFol3PyTjUXHMT2hc0xcsmwg2zH2mW2iHuL4ma
wbl9KH+/9iGmta1sSPjLdlDqFuQZqe+o3NIX9so/P+A9MYNzBJbidWil+Ui9g/Eh
Sebx7ugH4Usr/PytqDPdT9y66nWMNDIHftjZYUvgyEhQe/eoY9LgoJrnHCj6nBhk
+3bE8/JomK/lrMTM9iYa91OJK+qgc3tqwWOlt5EW6PimOLuz8oixKjDmrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDuSjHzMayLdKzIm6Xt2nL6oHfIXMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvTzVLTWZNeHJJdDByTWlicGUzYWN2cWdkOGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgPA
MA0GCSqGSIb3DQEBCwUAA4IBAQAtxKjo5Ws8LHegJJ8OB1/FsHSCQdJlDOgn794O
j3jX19c41d/6qw0De2M2Ld96po4MazFXqiBiOp24pO6u2iDW4E2Fh6azM5ItidBs
eiRYkJjEfqy/YPsn/N6EcpKnWatiTvXCO+GwLtzzRCfKjECHbvjUY8ZyadA/8WDk
okPoR8v+CN+0FAGP7Xj1Yegg5veifeFCVEVmMDa4NTo07wjrHOvIVZvk7TxdaciM
27KtNRrSHqjiA2oFFOjMkcCD//z2wr05T0ZLSEGfkTYImlmWrPiAHiGQ751mvBPU
RGvx2QQpPbNNsNWP4nSv5x0B4+l8sLWZr1YytXUmpR8CFJMA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:05 2024 by rpki-client on console-fra.rpki-client.org