Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/TcnvXXfuLk2k6k3NGGy97myLCu8.roa
File:                     TcnvXXfuLk2k6k3NGGy97myLCu8.roa (raw, json)
Hash identifier:          WxBTtkn4QzpGD6COHxIkXUV59zwVSGeGSmfjOfhRyQs=
Subject key identifier:   4D:C9:EF:5D:77:EE:2E:4D:A4:EA:4D:CD:18:6C:BD:EE:6C:8B:0A:EF
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       01857227FC2A7869A32F793CFF803D434157
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/TcnvXXfuLk2k6k3NGGy97myLCu8.roa
Signing time:             Mon 02 Jan 2023 11:05:01 +0000
ROA not before:           Mon 02 Jan 2023 11:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210864
IP address blocks:        2a10:4646:a0::/44 maxlen: 44

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:27:fc:2a:78:69:a3:2f:79:3c:ff:80:3d:43:41:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 11:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4dc9ef5d77ee2e4da4ea4dcd186cbdee6c8b0aef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e5:17:6b:82:84:1a:fc:94:b8:b0:e8:1a:3d:
                    89:21:47:a2:e0:7b:51:b1:e9:eb:e2:60:77:97:21:
                    b9:93:52:a5:81:2a:df:b6:c8:cc:2a:a4:a7:8f:f3:
                    06:4c:9f:07:ac:cd:a0:d8:97:b1:ad:9a:05:9e:a5:
                    2d:fe:63:63:9e:d7:ec:8d:c0:9b:88:73:22:25:27:
                    5b:6b:5f:4e:c8:b9:89:64:e6:76:00:84:5c:51:da:
                    bf:59:4f:7f:9f:65:1e:fb:24:da:1b:6e:c5:ca:f9:
                    a1:5f:36:8f:e8:ee:a4:ce:ef:f3:83:ac:45:16:9b:
                    d9:da:e0:d2:74:26:3a:a5:de:ba:e4:1e:0b:1c:30:
                    c6:79:81:2f:59:c3:79:c6:e9:ab:af:19:b4:99:af:
                    2d:99:a3:c4:86:09:4d:95:3a:6d:01:58:b7:26:42:
                    3f:7c:52:61:e2:54:bd:ef:1a:c0:65:a4:d3:6b:14:
                    ea:d2:0a:c8:41:76:f3:42:fe:c6:1d:06:cf:b7:68:
                    f8:65:08:e2:96:79:50:ba:b4:16:3b:3a:1e:23:ce:
                    21:1a:a6:ff:9f:6f:3c:56:33:1c:87:a5:3e:61:56:
                    cb:33:f6:a2:ed:d1:81:fa:9d:b5:e3:f1:2d:b8:5c:
                    36:3d:e6:63:9f:f6:14:eb:38:f5:34:89:2b:00:45:
                    d6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C9:EF:5D:77:EE:2E:4D:A4:EA:4D:CD:18:6C:BD:EE:6C:8B:0A:EF
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/TcnvXXfuLk2k6k3NGGy97myLCu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         d3:6a:89:1f:d0:db:ce:3a:2f:35:7c:0f:d3:f8:8c:46:ae:60:
         b6:08:15:39:39:c7:da:e0:f4:53:77:35:48:4a:2d:06:ae:16:
         9d:3c:41:b9:1f:4b:c0:6b:8a:81:ee:f6:f2:df:2e:b9:69:d9:
         a3:5d:01:01:c8:34:23:f2:f2:89:ea:7c:9f:d5:4b:3a:11:31:
         e6:31:33:29:8e:f7:a6:9a:c3:3b:e8:fb:b4:12:4a:00:3a:16:
         c7:21:8f:81:4e:72:80:ef:e0:42:e9:07:cb:40:c1:e1:e4:bc:
         58:f1:7b:8f:88:ac:2d:89:02:4e:9e:63:92:f9:e2:66:31:8d:
         04:2b:88:59:93:4d:a7:84:03:3c:0a:ad:c4:7c:d3:82:8e:e2:
         2a:57:27:6f:9f:91:6e:f6:79:9d:00:93:c6:dd:8c:ef:22:0b:
         d2:dc:51:94:2f:6e:38:6b:b3:d7:05:f7:0b:b0:0e:66:6b:1d:
         62:f1:06:7c:61:02:ce:2b:55:de:a6:cb:31:ff:29:b8:2e:ea:
         ef:77:81:e3:44:fb:8a:d7:6a:93:f3:ce:86:35:e8:80:b8:d6:
         a1:7f:7a:8c:89:97:d5:b3:4b:9e:0e:e4:53:1a:7c:0c:61:bf:
         71:58:2f:dd:6f:5d:c9:f5:d7:68:13:d8:fa:5c:80:61:ed:37:
         1d:63:77:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVyJ/wqeGmjL3k8/4A9Q0FXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjMwMTAyMTEwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGM5ZWY1ZDc3ZWUyZTRkYTRlYTRkY2QxODZjYmRlZTZjOGIwYWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieUXa4KEGvyUuLDoGj2JIUei4HtR
senr4mB3lyG5k1KlgSrftsjMKqSnj/MGTJ8HrM2g2JexrZoFnqUt/mNjntfsjcCb
iHMiJSdba19OyLmJZOZ2AIRcUdq/WU9/n2Ue+yTaG27FyvmhXzaP6O6kzu/zg6xF
FpvZ2uDSdCY6pd665B4LHDDGeYEvWcN5xumrrxm0ma8tmaPEhglNlTptAVi3JkI/
fFJh4lS97xrAZaTTaxTq0grIQXbzQv7GHQbPt2j4ZQjilnlQurQWOzoeI84hGqb/
n288VjMch6U+YVbLM/ai7dGB+p214/EtuFw2PeZjn/YU6zj1NIkrAEXWxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE3J71137i5NpOpNzRhsve5siwrvMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvVGNudlhYZnVMazJrNmszTkdHeTk3bXlMQ3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgCg
MA0GCSqGSIb3DQEBCwUAA4IBAQDTaokf0NvOOi81fA/T+IxGrmC2CBU5Ocfa4PRT
dzVISi0GrhadPEG5H0vAa4qB7vby3y65admjXQEByDQj8vKJ6nyf1Us6ETHmMTMp
jvemmsM76Pu0EkoAOhbHIY+BTnKA7+BC6QfLQMHh5LxY8XuPiKwtiQJOnmOS+eJm
MY0EK4hZk02nhAM8Cq3EfNOCjuIqVydvn5Fu9nmdAJPG3YzvIgvS3FGUL244a7PX
BfcLsA5max1i8QZ8YQLOK1Xepssx/ym4Lurvd4HjRPuK12qT886GNeiAuNahf3qM
iZfVs0ueDuRTGnwMYb9xWC/db13J9ddoE9j6XIBh7TcdY3dT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:05 2024 by rpki-client on console-fra.rpki-client.org