Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/4XP1HD-mquULTvpnrlcrRTQVAiY.roa
File:                     4XP1HD-mquULTvpnrlcrRTQVAiY.roa (raw, json)
Hash identifier:          AWXQl2BWU+JRDqTwUR0Awhiv3KamRERHufTR9H7TZXE=
Subject key identifier:   E1:73:F5:1C:3F:A6:AA:E5:0B:4E:FA:67:AE:57:2B:45:34:15:02:26
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       018E0A152336D952668AB8E93FF5AE7415D2
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/4XP1HD-mquULTvpnrlcrRTQVAiY.roa
Signing time:             Mon 04 Mar 2024 15:29:01 +0000
ROA not before:           Mon 04 Mar 2024 15:29:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a12:cc06::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 23 Apr 2024 18:41:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0a:15:23:36:d9:52:66:8a:b8:e9:3f:f5:ae:74:15:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Mar  4 15:29:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e173f51c3fa6aae50b4efa67ae572b4534150226
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:11:d2:8f:33:53:bd:b5:f7:ad:1f:20:61:72:
                    0e:6f:4d:08:6c:2a:f9:d8:a9:e4:bf:77:68:3a:17:
                    41:12:63:7d:cc:35:0e:0e:02:d1:7d:c4:af:eb:20:
                    4a:bb:51:4a:66:4b:45:a8:9b:f6:53:41:0a:23:e8:
                    ae:ac:4b:7c:c7:1f:e5:1e:e0:c3:f6:b4:cb:f6:8f:
                    02:0d:a3:6e:a8:9f:7a:67:85:65:8d:12:d8:3f:92:
                    78:56:97:8d:01:f2:6b:e9:ec:44:02:71:42:c1:27:
                    a4:49:80:f0:f9:0d:30:9a:ee:de:60:85:2b:1e:7d:
                    d9:d6:c4:e2:48:49:a7:4c:36:6f:40:2e:c4:cf:6c:
                    81:6b:95:f4:f3:fb:c5:fd:b5:f0:ad:4a:7b:3c:c9:
                    c5:38:bb:a0:51:26:11:c0:c6:f8:aa:c6:a7:1c:c7:
                    7c:ec:6b:7a:ee:f2:e9:99:69:c3:51:d2:81:32:be:
                    0a:fd:ef:a2:2c:88:80:99:ef:e8:f7:b5:be:1b:04:
                    4c:86:31:2c:e0:a1:3e:38:63:e7:f1:22:16:d5:9d:
                    63:ae:c5:e0:bb:2c:c0:23:a8:d3:d5:f4:08:90:ce:
                    76:eb:99:80:cc:ba:0c:a8:bd:26:3d:f7:4a:f3:34:
                    20:5a:7b:c0:52:04:2c:40:cc:dc:11:62:fb:2f:a9:
                    24:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:73:F5:1C:3F:A6:AA:E5:0B:4E:FA:67:AE:57:2B:45:34:15:02:26
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/4XP1HD-mquULTvpnrlcrRTQVAiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cc06::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:50:bc:21:94:a4:d5:81:3a:1e:18:8c:63:55:50:f0:57:e2:
         6c:5f:3d:9d:e5:0d:25:ce:20:53:79:c9:32:a7:3d:09:45:85:
         f9:87:d7:a3:fd:c4:c6:37:8a:33:ee:10:83:79:6b:ed:dc:70:
         de:5f:83:93:cb:39:9f:be:c7:0c:c6:4e:7f:4a:9c:dc:4d:92:
         c1:2c:94:62:45:4e:8b:a0:30:b5:59:c2:cb:b3:4c:35:1d:b1:
         ad:e4:5b:dc:29:7e:ca:e6:02:71:f8:f6:d7:c4:b2:f5:15:c1:
         01:4e:54:9e:57:f1:e1:94:7d:9f:db:d5:b0:99:71:56:ac:e3:
         30:3a:43:e2:a0:0b:86:8a:d5:a5:e0:91:0e:23:e4:ae:e0:c7:
         f7:d1:69:f4:a7:4b:f1:71:a7:a2:07:23:ac:b9:c0:29:40:b7:
         cc:3a:d3:ef:a5:3b:b6:9e:d2:df:6e:83:62:b2:4c:12:8e:db:
         05:1e:04:f1:60:ee:d4:09:39:f9:47:90:81:b5:7f:d2:91:24:
         59:e0:f1:16:e4:0b:1c:3e:c0:cc:7b:43:42:e6:d7:95:3d:41:
         27:f9:02:6a:45:bf:4f:68:96:1f:48:2f:38:61:32:64:f8:84:
         1f:48:c7:25:9f:da:c3:dd:74:83:5c:f1:e0:8f:c9:a1:b1:64:
         3a:6e:b9:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4KFSM22VJmirjpP/WudBXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQwMzA0MTUyOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTczZjUxYzNmYTZhYWU1MGI0ZWZhNjdhZTU3MmI0NTM0MTUwMjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxHSjzNTvbX3rR8gYXIOb00IbCr5
2Knkv3doOhdBEmN9zDUODgLRfcSv6yBKu1FKZktFqJv2U0EKI+iurEt8xx/lHuDD
9rTL9o8CDaNuqJ96Z4VljRLYP5J4VpeNAfJr6exEAnFCwSekSYDw+Q0wmu7eYIUr
Hn3Z1sTiSEmnTDZvQC7Ez2yBa5X08/vF/bXwrUp7PMnFOLugUSYRwMb4qsanHMd8
7Gt67vLpmWnDUdKBMr4K/e+iLIiAme/o97W+GwRMhjEs4KE+OGPn8SIW1Z1jrsXg
uyzAI6jT1fQIkM5265mAzLoMqL0mPfdK8zQgWnvAUgQsQMzcEWL7L6kk/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOFz9Rw/pqrlC076Z65XK0U0FQImMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvNFhQMUhELW1xdVVMVHZwbnJsY3JSVFFWQWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLMBjAN
BgkqhkiG9w0BAQsFAAOCAQEAFVC8IZSk1YE6HhiMY1VQ8FfibF89neUNJc4gU3nJ
Mqc9CUWF+YfXo/3ExjeKM+4Qg3lr7dxw3l+Dk8s5n77HDMZOf0qc3E2SwSyUYkVO
i6AwtVnCy7NMNR2xreRb3Cl+yuYCcfj218Sy9RXBAU5Unlfx4ZR9n9vVsJlxVqzj
MDpD4qALhorVpeCRDiPkruDH99Fp9KdL8XGnogcjrLnAKUC3zDrT76U7tp7S326D
YrJMEo7bBR4E8WDu1Ak5+UeQgbV/0pEkWeDxFuQLHD7AzHtDQubXlT1BJ/kCakW/
T2iWH0gvOGEyZPiEH0jHJZ/aw910g1zx4I/JobFkOm65JQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:57 2024 by rpki-client on console-fra.rpki-client.org