Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/x-QP9qupyoNBk3_6GonCfI5nR4k.roa
File:                     x-QP9qupyoNBk3_6GonCfI5nR4k.roa (raw, json)
Hash identifier:          7tAJG6fRfqhz/pYZjk0dMs21lNCSAt+8kTsevokse3Q=
Subject key identifier:   C7:E4:0F:F6:AB:A9:CA:83:41:93:7F:FA:1A:89:C2:7C:8E:67:47:89
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       01856F42F2E97DB5C258E90CE0E74285F52E
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/x-QP9qupyoNBk3_6GonCfI5nR4k.roa
Signing time:             Sun 01 Jan 2023 21:35:36 +0000
ROA not before:           Sun 01 Jan 2023 21:35:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213033
IP address blocks:        2a0e:8f02:f003::/48 maxlen: 48
                          2a0e:8f02:20e0::/44 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:32:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:42:f2:e9:7d:b5:c2:58:e9:0c:e0:e7:42:85:f5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 21:35:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c7e40ff6aba9ca8341937ffa1a89c27c8e674789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0c:7c:81:e5:4b:22:a6:e1:89:b7:f8:17:36:
                    f3:e6:24:d9:20:98:fa:76:a2:5a:b9:27:07:5c:17:
                    d1:8e:99:46:60:f8:70:48:e8:48:1f:0b:aa:3f:94:
                    90:35:05:b8:54:07:06:07:17:a9:e1:5d:14:58:04:
                    f3:69:19:07:8d:29:cb:41:93:c9:ed:53:75:5d:df:
                    a6:cd:35:88:e1:0e:64:6d:48:08:a0:93:29:86:18:
                    80:86:b9:6b:18:36:ec:ee:e7:49:60:eb:ba:59:1c:
                    af:75:aa:00:b6:f7:3d:69:99:c6:f2:ba:ac:2b:55:
                    7d:2f:c1:ed:e1:3a:f8:4d:59:68:e8:b1:71:11:c9:
                    d3:0f:d7:4f:00:94:9d:d5:76:03:1c:20:2f:0a:05:
                    f1:64:bc:25:dc:49:cc:84:2e:de:6c:0a:05:83:87:
                    e8:11:55:05:e0:ec:9f:03:50:06:a4:cf:94:c4:d3:
                    b7:1f:0e:4a:3f:ad:8a:b1:03:c0:4e:7f:ab:93:22:
                    25:28:5d:65:99:36:65:a6:45:8c:15:19:1d:77:b6:
                    0a:ab:86:ef:dd:6e:b0:ee:b8:c2:ba:e1:b4:94:7e:
                    f2:dd:95:35:da:a0:a6:71:37:2b:9e:3a:6e:a3:c1:
                    ce:6e:6b:93:06:75:02:b1:95:f5:5c:d6:2c:28:2c:
                    01:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E4:0F:F6:AB:A9:CA:83:41:93:7F:FA:1A:89:C2:7C:8E:67:47:89
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/x-QP9qupyoNBk3_6GonCfI5nR4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:20e0::/44
                  2a0e:8f02:f003::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:62:61:1e:04:a3:07:72:89:a9:e5:64:a9:ac:81:3d:31:9f:
         f6:c8:07:f0:b1:c1:c5:ec:fe:a6:d4:37:dd:c6:78:65:a8:53:
         a7:fd:c8:74:63:91:7e:8b:2d:b4:9b:f2:b9:50:34:4f:5f:a9:
         54:25:66:27:16:4a:59:04:17:39:b7:36:1a:ea:ab:24:ef:ad:
         1f:bf:97:db:10:25:27:fb:eb:28:7c:b1:fb:ea:88:46:52:0a:
         b5:dd:be:4a:e5:84:8e:87:42:59:b9:22:c5:43:a0:56:3c:42:
         80:8f:47:46:88:18:28:aa:11:41:43:8c:7e:22:c3:c8:bd:18:
         f8:20:fb:7e:27:b7:bd:fb:36:2a:f8:ae:a7:2a:1c:ae:70:55:
         3e:ca:91:b8:b9:ef:d8:28:3e:9d:bc:fe:35:b9:6d:d8:8f:31:
         79:bd:a6:43:ef:61:64:b8:c8:e1:48:7a:ea:f6:62:10:74:9e:
         e1:9b:ab:d9:65:36:a2:d6:52:77:4e:2e:8f:f9:c3:0f:c0:96:
         87:00:90:bd:5f:c0:7d:f9:5b:4a:ab:92:67:b8:08:b5:94:13:
         1e:66:ab:9a:ff:d7:44:53:21:c6:bf:33:b8:9d:b8:5c:1e:04:
         54:ee:21:25:75:d2:c6:dd:05:fc:98:58:cd:60:dc:cd:b9:3f:
         a2:0e:67:45
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVvQvLpfbXCWOkM4OdChfUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjMwMTAxMjEzNTM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2U0MGZmNmFiYTljYTgzNDE5MzdmZmExYTg5YzI3YzhlNjc0Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgx8geVLIqbhibf4Fzbz5iTZIJj6
dqJauScHXBfRjplGYPhwSOhIHwuqP5SQNQW4VAcGBxep4V0UWATzaRkHjSnLQZPJ
7VN1Xd+mzTWI4Q5kbUgIoJMphhiAhrlrGDbs7udJYOu6WRyvdaoAtvc9aZnG8rqs
K1V9L8Ht4Tr4TVlo6LFxEcnTD9dPAJSd1XYDHCAvCgXxZLwl3EnMhC7ebAoFg4fo
EVUF4OyfA1AGpM+UxNO3Hw5KP62KsQPATn+rkyIlKF1lmTZlpkWMFRkdd7YKq4bv
3W6w7rjCuuG0lH7y3ZU12qCmcTcrnjpuo8HObmuTBnUCsZX1XNYsKCwBUwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMfkD/arqcqDQZN/+hqJwnyOZ0eJMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEveC1RUDlxdXB5b05CazNfNkdvbkNmSTVuUjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6PAiDg
AwcAKg6PAvADMA0GCSqGSIb3DQEBCwUAA4IBAQCmYmEeBKMHcomp5WSprIE9MZ/2
yAfwscHF7P6m1DfdxnhlqFOn/ch0Y5F+iy20m/K5UDRPX6lUJWYnFkpZBBc5tzYa
6qsk760fv5fbECUn++sofLH76ohGUgq13b5K5YSOh0JZuSLFQ6BWPEKAj0dGiBgo
qhFBQ4x+IsPIvRj4IPt+J7e9+zYq+K6nKhyucFU+ypG4ue/YKD6dvP41uW3YjzF5
vaZD72FkuMjhSHrq9mIQdJ7hm6vZZTai1lJ3Ti6P+cMPwJaHAJC9X8B9+VtKq5Jn
uAi1lBMeZqua/9dEUyHGvzO4nbhcHgRU7iElddLG3QX8mFjNYNzNuT+iDmdF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:41 2024 by rpki-client on console-fra.rpki-client.org