Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/i0FoX24Q2gJl7mHGHg0FWjjlwIw.roa
File:                     i0FoX24Q2gJl7mHGHg0FWjjlwIw.roa (raw, json)
Hash identifier:          R0tycp/CdgJpA48H/7fSUD2sXCVTQaI63lIj4wcvFxs=
Subject key identifier:   8B:41:68:5F:6E:10:DA:02:65:EE:61:C6:1E:0D:05:5A:38:E5:C0:8C
Certificate issuer:       /CN=2f0342e0d23ef7e06b1dff5cc6ee4fa17af8bd98
Certificate serial:       01856C25AC6026E88E60CF3A56E813F57130
Authority key identifier: 2F:03:42:E0:D2:3E:F7:E0:6B:1D:FF:5C:C6:EE:4F:A1:7A:F8:BD:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LwNC4NI-9-BrHf9cxu5PoXr4vZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/i0FoX24Q2gJl7mHGHg0FWjjlwIw.roa
Signing time:             Sun 01 Jan 2023 07:04:46 +0000
ROA not before:           Sun 01 Jan 2023 07:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     4002
IP address blocks:        2a02:970:2006::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:25:ac:60:26:e8:8e:60:cf:3a:56:e8:13:f5:71:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f0342e0d23ef7e06b1dff5cc6ee4fa17af8bd98
        Validity
            Not Before: Jan  1 07:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b41685f6e10da0265ee61c61e0d055a38e5c08c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:48:c2:7c:45:b1:43:20:ab:b5:5c:a8:d3:b3:
                    6e:75:4d:7c:ae:7e:3a:4d:23:90:c3:c4:e2:0f:dd:
                    a4:a1:ef:36:7f:35:9f:c9:8d:99:d2:e4:e4:f9:a1:
                    cd:dd:bf:ce:08:ea:6d:78:ed:10:f7:bf:94:8b:a6:
                    36:2a:1a:9c:56:95:d8:c4:5b:db:89:cb:48:f0:51:
                    7b:6f:20:4e:89:92:67:e8:88:48:18:4e:0d:a9:e6:
                    f3:06:b4:08:b2:75:86:e8:90:ec:d4:81:2b:28:1f:
                    4f:fc:ff:29:b2:55:89:6c:52:b2:80:ec:00:b2:93:
                    17:5e:fd:2a:8f:79:41:ad:b3:48:03:8c:80:90:e7:
                    1d:50:cb:6d:4c:8b:46:04:09:20:75:28:7e:a8:c9:
                    45:08:76:2c:f1:fe:04:4b:8b:a4:a5:c0:b2:61:30:
                    8a:73:63:19:0c:35:f6:d6:1c:fe:05:ca:55:24:d9:
                    c7:a1:89:50:d6:7d:1e:38:fc:21:65:96:34:33:6e:
                    05:18:6b:3f:fd:3d:06:1e:4d:db:93:19:c9:e6:f7:
                    4c:5e:d2:f5:dd:93:a5:b5:fa:b2:03:d4:58:6c:f3:
                    d4:fe:ac:d7:63:a0:c9:05:96:de:10:d4:f9:63:92:
                    4b:ad:99:af:45:f1:3f:bd:d2:ca:68:28:ed:ec:45:
                    d1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:41:68:5F:6E:10:DA:02:65:EE:61:C6:1E:0D:05:5A:38:E5:C0:8C
            X509v3 Authority Key Identifier:
                keyid:2F:03:42:E0:D2:3E:F7:E0:6B:1D:FF:5C:C6:EE:4F:A1:7A:F8:BD:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LwNC4NI-9-BrHf9cxu5PoXr4vZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/i0FoX24Q2gJl7mHGHg0FWjjlwIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/LwNC4NI-9-BrHf9cxu5PoXr4vZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:970:2006::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:32:2c:ee:82:9f:4f:70:c3:3b:f8:c7:1e:8b:5c:c0:ff:bb:
         12:38:00:85:69:f7:94:b2:b1:14:13:1b:86:b2:cc:45:7d:3c:
         5e:41:54:74:a8:56:7d:bb:d5:67:d7:b4:ca:7d:39:ea:4c:c4:
         c4:bd:7b:74:fc:c2:13:c9:3c:1d:2a:6b:a4:a4:36:6a:d4:51:
         61:7d:10:98:e8:f6:8c:ac:d6:6d:ec:7e:1d:c6:2d:7b:e6:b9:
         61:bd:db:88:7d:28:fc:f7:53:18:4b:a9:53:71:1f:1d:20:59:
         b6:88:2f:48:ae:79:98:6d:1b:38:4f:67:c8:02:48:03:7f:2b:
         0c:33:d0:5d:c3:46:83:57:b2:ac:f6:39:d3:a6:09:f8:5d:4b:
         e5:a0:e7:b5:f8:9e:01:05:ca:41:a5:b4:71:6a:25:1b:fd:44:
         18:65:2f:a7:2f:d2:6d:b0:2b:8e:73:5c:3e:22:bc:29:b2:24:
         23:15:89:b5:c5:35:07:df:75:bb:28:51:53:61:c6:b8:a9:d1:
         7e:36:9d:23:55:47:cd:6f:0d:59:69:fc:9c:cc:5e:49:05:15:
         8c:a5:1d:11:cc:26:3e:52:0e:bf:52:20:33:47:a5:ea:da:d7:
         3b:b0:69:2e:2c:8b:37:2a:a7:6b:e3:fe:1f:41:da:5d:e9:02:
         0e:4d:3e:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVsJaxgJuiOYM86VugT9XEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMDM0MmUwZDIzZWY3ZTA2YjFkZmY1Y2M2ZWU0ZmExN2Fm
OGJkOTgwHhcNMjMwMTAxMDcwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjQxNjg1ZjZlMTBkYTAyNjVlZTYxYzYxZTBkMDU1YTM4ZTVjMDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkjCfEWxQyCrtVyo07NudU18rn46
TSOQw8TiD92koe82fzWfyY2Z0uTk+aHN3b/OCOpteO0Q97+Ui6Y2KhqcVpXYxFvb
ictI8FF7byBOiZJn6IhIGE4NqebzBrQIsnWG6JDs1IErKB9P/P8pslWJbFKygOwA
spMXXv0qj3lBrbNIA4yAkOcdUMttTItGBAkgdSh+qMlFCHYs8f4ES4ukpcCyYTCK
c2MZDDX21hz+BcpVJNnHoYlQ1n0eOPwhZZY0M24FGGs//T0GHk3bkxnJ5vdMXtL1
3ZOltfqyA9RYbPPU/qzXY6DJBZbeENT5Y5JLrZmvRfE/vdLKaCjt7EXRTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFItBaF9uENoCZe5hxh4NBVo45cCMMB8GA1UdIwQY
MBaAFC8DQuDSPvfgax3/XMbuT6F6+L2YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHdOQzROSS05LUJySGY5Y3h1NVBvWHI0dlpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9kMWZkNDgtOTE2Yi00ZDgzLTk2Y2Mt
YzkxMGFmOTNlNDI2LzEvaTBGb1gyNFEyZ0psN21IR0hnMEZXampsd0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9kMWZkNDgtOTE2Yi00ZDgzLTk2Y2MtYzkxMGFmOTNlNDI2
LzEvTHdOQzROSS05LUJySGY5Y3h1NVBvWHI0dlpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIJcCAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBhMizugp9PcMM7+Mcei1zA/7sSOACFafeUsrEU
ExuGssxFfTxeQVR0qFZ9u9Vn17TKfTnqTMTEvXt0/MITyTwdKmukpDZq1FFhfRCY
6PaMrNZt7H4dxi175rlhvduIfSj891MYS6lTcR8dIFm2iC9IrnmYbRs4T2fIAkgD
fysMM9Bdw0aDV7Ks9jnTpgn4XUvloOe1+J4BBcpBpbRxaiUb/UQYZS+nL9JtsCuO
c1w+IrwpsiQjFYm1xTUH33W7KFFTYca4qdF+Np0jVUfNbw1ZafyczF5JBRWMpR0R
zCY+Ug6/UiAzR6Xq2tc7sGkuLIs3Kqdr4/4fQdpd6QIOTT7m
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:17 2024 by rpki-client on console-ams.rpki-client.org