Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/O-PNDCBO7aPEHWo2ErHNAbKxaDM.roa
File:                     O-PNDCBO7aPEHWo2ErHNAbKxaDM.roa (raw, json)
Hash identifier:          0aI1y8uZ3h5tCEr3Xll64jSDBU9pkNNTy8sDcU9ojhA=
Subject key identifier:   3B:E3:CD:0C:20:4E:ED:A3:C4:1D:6A:36:12:B1:CD:01:B2:B1:68:33
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018C340AF2D6512E9676C4369B8EA09A1B0D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/O-PNDCBO7aPEHWo2ErHNAbKxaDM.roa
Signing time:             Mon 04 Dec 2023 08:56:21 +0000
ROA not before:           Mon 04 Dec 2023 08:56:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212510
IP address blocks:        2a0c:b641:2c0::/44 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:34:0a:f2:d6:51:2e:96:76:c4:36:9b:8e:a0:9a:1b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Dec  4 08:56:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3be3cd0c204eeda3c41d6a3612b1cd01b2b16833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:60:72:79:e6:f7:eb:b0:7e:b4:2e:00:df:38:
                    2a:8d:db:7d:06:4b:d3:49:fa:5f:51:e4:6f:29:b3:
                    63:80:0f:88:f3:5e:a9:e5:36:ee:b1:ca:77:0a:29:
                    9d:52:8a:d2:b7:05:ac:02:bf:60:9d:d6:7e:67:7b:
                    1e:a7:64:4e:8b:0e:64:28:b4:21:cc:d7:24:68:a3:
                    0f:3e:37:6b:66:a4:a4:e8:e7:52:ca:26:ad:e7:2f:
                    62:de:8a:e1:90:f5:70:5d:28:22:e5:8f:ca:33:d2:
                    e5:2c:c1:91:a4:e3:68:ec:bc:d3:3b:61:2b:12:32:
                    6a:37:43:f1:69:63:96:0f:c8:5a:fa:c4:14:fa:24:
                    43:8e:1c:ab:64:9c:09:e1:57:46:62:c4:a9:e9:3a:
                    ed:d4:34:44:a0:51:61:cd:1e:6f:48:a3:2c:88:cf:
                    cc:67:ed:07:36:c4:61:b5:4c:67:1f:c8:e1:8f:36:
                    56:70:97:87:1a:36:2d:85:f9:35:af:3e:c0:5f:81:
                    2e:19:0e:37:f1:46:a6:9c:44:28:6f:9f:64:2f:ef:
                    aa:f9:7e:ca:98:c7:bb:d1:19:d5:9f:44:29:da:40:
                    2d:f3:0a:bd:f6:85:01:37:39:c9:09:82:7d:f3:95:
                    09:d0:b7:ab:49:61:6a:3c:1d:48:9a:38:b9:56:2d:
                    2e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E3:CD:0C:20:4E:ED:A3:C4:1D:6A:36:12:B1:CD:01:B2:B1:68:33
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/O-PNDCBO7aPEHWo2ErHNAbKxaDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:2c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:0f:3d:f9:0a:3d:5c:64:da:f2:ec:b4:79:aa:62:2a:09:3b:
         ab:29:ca:1b:cc:5c:2b:61:35:70:29:d0:96:21:53:60:61:2f:
         3e:85:59:f6:d7:9a:6e:b0:ec:79:f0:df:be:df:7a:94:6e:10:
         1a:81:f4:1f:86:7e:50:b1:7d:5c:03:d2:c8:da:a0:84:9c:d4:
         70:5a:69:fa:e3:19:23:ce:a3:98:5b:aa:46:1f:17:7e:72:a5:
         01:88:70:5f:ea:19:21:ce:11:14:ba:db:96:3c:b8:bd:ee:5d:
         a6:60:0d:82:e6:d9:55:1e:50:19:78:e2:ee:83:b3:b0:2e:03:
         8d:c7:55:dd:13:f5:93:bf:1d:e8:df:ff:a0:1f:9b:dd:21:2e:
         3e:7a:9d:28:e8:86:cf:3d:3c:06:05:1a:70:ce:3e:f2:0e:d7:
         9e:b6:6b:ad:3d:33:b1:01:6e:d5:5e:21:b7:3e:3e:5e:20:c7:
         0b:9f:13:60:84:00:60:8d:4f:d4:10:23:35:52:d3:56:61:68:
         e0:c3:ab:30:99:c8:89:c2:9a:4a:6e:9e:1c:c1:73:4e:07:72:
         1c:a6:11:62:3a:ad:34:d7:ef:f8:b7:61:55:15:26:a2:3f:4e:
         48:60:5d:72:17:98:aa:7f:08:9a:6b:5c:ba:56:de:49:9c:34:
         aa:28:e5:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYw0CvLWUS6WdsQ2m46gmhsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjMxMjA0MDg1NjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmUzY2QwYzIwNGVlZGEzYzQxZDZhMzYxMmIxY2QwMWIyYjE2ODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGByeeb367B+tC4A3zgqjdt9BkvT
SfpfUeRvKbNjgA+I816p5Tbuscp3CimdUorStwWsAr9gndZ+Z3sep2ROiw5kKLQh
zNckaKMPPjdrZqSk6OdSyiat5y9i3orhkPVwXSgi5Y/KM9LlLMGRpONo7LzTO2Er
EjJqN0PxaWOWD8ha+sQU+iRDjhyrZJwJ4VdGYsSp6Trt1DREoFFhzR5vSKMsiM/M
Z+0HNsRhtUxnH8jhjzZWcJeHGjYthfk1rz7AX4EuGQ438UamnEQob59kL++q+X7K
mMe70RnVn0Qp2kAt8wq99oUBNznJCYJ985UJ0LerSWFqPB1Imji5Vi0uCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDvjzQwgTu2jxB1qNhKxzQGysWgzMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTy1QTkRDQk83YVBFSFdvMkVySE5BYkt4YURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQLA
MA0GCSqGSIb3DQEBCwUAA4IBAQBcDz35Cj1cZNry7LR5qmIqCTurKcobzFwrYTVw
KdCWIVNgYS8+hVn215pusOx58N++33qUbhAagfQfhn5QsX1cA9LI2qCEnNRwWmn6
4xkjzqOYW6pGHxd+cqUBiHBf6hkhzhEUutuWPLi97l2mYA2C5tlVHlAZeOLug7Ow
LgONx1XdE/WTvx3o3/+gH5vdIS4+ep0o6IbPPTwGBRpwzj7yDteetmutPTOxAW7V
XiG3Pj5eIMcLnxNghABgjU/UECM1UtNWYWjgw6swmciJwppKbp4cwXNOB3IcphFi
Oq001+/4t2FVFSaiP05IYF1yF5iqfwiaa1y6Vt5JnDSqKOUT
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:38 2024 by rpki-client on console-ams.rpki-client.org