Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iY5mFT6HMK4yPAS6gxXVs7urj0Q.roa
File:                     iY5mFT6HMK4yPAS6gxXVs7urj0Q.roa (raw, json)
Hash identifier:          weMlYa6paV4r4MaVnToKsXlBP2izmw5qL8aqN1kcd3s=
Subject key identifier:   89:8E:66:15:3E:87:30:AE:32:3C:04:BA:83:15:D5:B3:BB:AB:8F:44
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018B68C18947B5EC67CDCEA1607AA13C4E3B
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iY5mFT6HMK4yPAS6gxXVs7urj0Q.roa
Signing time:             Wed 25 Oct 2023 21:33:15 +0000
ROA not before:           Wed 25 Oct 2023 21:33:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198448
IP address blocks:        2a10:4646:350::/44 maxlen: 44

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:68:c1:89:47:b5:ec:67:cd:ce:a1:60:7a:a1:3c:4e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Oct 25 21:33:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=898e66153e8730ae323c04ba8315d5b3bbab8f44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:56:f2:e9:90:6c:08:03:df:9c:2e:d2:0b:f7:
                    0b:52:cd:c2:d9:2b:4e:2a:dd:7e:85:51:fd:ad:bc:
                    69:7d:be:66:d7:de:25:4d:22:5e:d5:e0:67:02:0d:
                    a3:75:6b:97:df:e7:cc:fd:d6:3c:f0:ca:47:3b:df:
                    3a:4e:b7:bc:76:38:46:a2:c8:16:86:72:32:5d:b3:
                    52:50:dd:e5:a0:29:ae:9c:cd:26:89:d9:10:11:90:
                    d9:6d:68:a1:3f:bd:17:f2:b6:be:d8:92:2a:36:05:
                    26:e2:c6:7d:14:34:87:75:d2:2d:a3:a8:0c:0e:38:
                    01:5f:8b:3b:25:ee:01:3b:19:d8:5e:01:d8:9f:a9:
                    c5:a8:88:5c:31:45:f6:df:05:75:75:79:fb:89:96:
                    ac:e4:d7:04:4c:8a:f4:43:3c:9e:d8:84:ab:ca:ea:
                    8e:7c:5b:09:60:9c:75:d4:31:4f:b7:57:c2:75:d8:
                    64:3a:46:75:43:11:9d:f5:2a:e7:d9:09:dd:1e:e7:
                    f4:7e:29:74:87:92:9f:e9:e2:ae:96:69:d0:22:11:
                    63:ff:e7:87:e0:9d:bf:b7:f8:ea:77:75:45:79:7b:
                    0a:1b:fb:2d:f6:9a:f4:ab:fd:72:40:a6:45:90:11:
                    bc:be:3e:ff:20:c0:f0:28:8a:3a:30:7d:bd:f6:41:
                    0f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8E:66:15:3E:87:30:AE:32:3C:04:BA:83:15:D5:B3:BB:AB:8F:44
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iY5mFT6HMK4yPAS6gxXVs7urj0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:350::/44

    Signature Algorithm: sha256WithRSAEncryption
         21:b4:16:5a:d1:c5:ee:cd:52:4b:ce:63:db:2a:5e:16:17:af:
         a0:bc:b8:7d:b6:9a:51:23:98:8c:43:ff:f3:97:6c:79:cc:b6:
         ca:45:20:b7:fe:0f:c1:5f:a2:c6:b0:d7:96:db:5d:21:2c:35:
         42:72:5b:c4:3f:c1:fd:9b:87:bb:1e:0a:92:71:38:ce:ed:07:
         dd:34:02:ad:08:2f:fe:7c:d1:a5:68:06:be:9b:5b:bd:29:bf:
         bb:21:1f:44:d8:2f:26:90:7a:45:79:b9:f6:b8:9e:db:36:4f:
         d7:2e:15:7e:b2:7a:5c:ff:8a:a1:bf:e2:4a:2c:44:7d:4f:1d:
         2a:8b:4b:4e:13:fc:56:8c:b8:9f:aa:13:d6:fb:7b:00:8c:ba:
         12:fd:f2:ca:e8:5a:be:b6:96:43:24:8f:e4:fa:2e:c2:17:78:
         db:24:c0:39:3e:ac:ca:c4:7e:83:b6:8b:59:6f:fe:9c:ab:30:
         af:55:65:43:73:6e:4e:9f:18:7b:0e:79:35:06:2a:67:85:a5:
         83:b1:8e:66:60:a0:f4:f8:fb:89:94:b6:a3:d9:4c:0d:97:8b:
         16:63:4e:ee:b3:c9:e7:72:ff:76:37:c2:56:3c:c8:6e:28:5c:
         29:33:84:66:c4:3a:da:10:8d:f4:77:8c:46:ca:13:f6:36:23:
         c0:cb:f3:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYtowYlHtexnzc6hYHqhPE47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjMxMDI1MjEzMzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThlNjYxNTNlODczMGFlMzIzYzA0YmE4MzE1ZDViM2JiYWI4ZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVby6ZBsCAPfnC7SC/cLUs3C2StO
Kt1+hVH9rbxpfb5m194lTSJe1eBnAg2jdWuX3+fM/dY88MpHO986Tre8djhGosgW
hnIyXbNSUN3loCmunM0midkQEZDZbWihP70X8ra+2JIqNgUm4sZ9FDSHddIto6gM
DjgBX4s7Je4BOxnYXgHYn6nFqIhcMUX23wV1dXn7iZas5NcETIr0Qzye2ISryuqO
fFsJYJx11DFPt1fCddhkOkZ1QxGd9Srn2QndHuf0fil0h5Kf6eKulmnQIhFj/+eH
4J2/t/jqd3VFeXsKG/st9pr0q/1yQKZFkBG8vj7/IMDwKIo6MH299kEPNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFImOZhU+hzCuMjwEuoMV1bO7q49EMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvaVk1bUZUNkhNSzR5UEFTNmd4WFZzN3VyajBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgNQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAhtBZa0cXuzVJLzmPbKl4WF6+gvLh9tppRI5iM
Q//zl2x5zLbKRSC3/g/BX6LGsNeW210hLDVCclvEP8H9m4e7HgqScTjO7QfdNAKt
CC/+fNGlaAa+m1u9Kb+7IR9E2C8mkHpFebn2uJ7bNk/XLhV+snpc/4qhv+JKLER9
Tx0qi0tOE/xWjLifqhPW+3sAjLoS/fLK6Fq+tpZDJI/k+i7CF3jbJMA5PqzKxH6D
totZb/6cqzCvVWVDc25Onxh7Dnk1BipnhaWDsY5mYKD0+PuJlLaj2UwNl4sWY07u
s8nncv92N8JWPMhuKFwpM4RmxDraEI30d4xGyhP2NiPAy/Nr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:43 2024 by rpki-client on console-ams.rpki-client.org