Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/sToB-kLYLb3peUadugpmBZE9yKw.roa
File:                     sToB-kLYLb3peUadugpmBZE9yKw.roa (raw, json)
Hash identifier:          2soLsdiTb6rIAPMPkjT7s9OpKe5Lw0GB3N4+OGaLPlY=
Subject key identifier:   B1:3A:01:FA:42:D8:2D:BD:E9:79:46:9D:BA:0A:66:05:91:3D:C8:AC
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       01856CF87FB41E40BF9F9B7E730B4859AF4F
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/sToB-kLYLb3peUadugpmBZE9yKw.roa
Signing time:             Sun 01 Jan 2023 10:55:03 +0000
ROA not before:           Sun 01 Jan 2023 10:55:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213021
IP address blocks:        2a07:22c1:c100::/40 maxlen: 40

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:30:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:f8:7f:b4:1e:40:bf:9f:9b:7e:73:0b:48:59:af:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 10:55:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b13a01fa42d82dbde979469dba0a6605913dc8ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:05:89:e3:e8:e7:b2:f4:59:f7:25:a1:95:c7:
                    69:77:a5:8a:ce:81:7d:20:92:a9:a0:dc:dd:3d:a8:
                    c5:d7:55:00:d6:65:e6:70:47:2d:33:f7:56:3b:a2:
                    15:61:bb:a1:03:fc:46:d7:40:69:37:6c:82:0f:8f:
                    fe:7f:f2:74:1c:f4:d1:8e:fd:1d:bf:85:ba:40:a5:
                    f9:c5:6b:53:6e:9b:7d:c9:70:44:ef:c1:f6:16:5d:
                    b4:51:84:d2:6b:0f:25:f3:82:f2:d7:e7:4d:ab:d5:
                    0c:76:64:4c:a3:4e:2a:7f:ff:55:af:08:d0:69:fc:
                    78:3c:32:a3:e8:b7:32:2f:66:8f:16:02:78:36:42:
                    3d:94:92:28:e1:50:e8:83:c0:c8:b7:75:d2:14:16:
                    40:55:5c:82:2b:55:a9:99:58:a2:74:86:3c:27:87:
                    f1:92:e7:57:51:72:09:2c:27:2f:6d:ab:c3:c0:84:
                    49:30:8e:35:33:66:ad:e0:01:28:c8:ab:81:1f:6e:
                    be:80:42:d4:37:ce:77:16:e5:58:7e:ae:86:0c:43:
                    b7:d1:e3:51:50:f0:28:7e:f0:f0:e9:eb:8b:14:33:
                    70:73:82:86:11:73:cd:3c:2c:36:c1:ce:5b:d3:41:
                    c9:b5:a0:e8:f0:42:f3:d8:a7:e4:f2:aa:46:9c:41:
                    4a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:3A:01:FA:42:D8:2D:BD:E9:79:46:9D:BA:0A:66:05:91:3D:C8:AC
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/sToB-kLYLb3peUadugpmBZE9yKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:c100::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:29:d2:c6:a8:2e:cc:50:6f:54:6a:37:a4:c7:3f:25:7a:66:
         a3:63:12:94:34:86:75:7a:29:64:a1:0c:2f:34:1d:9b:80:fa:
         17:28:8c:fc:64:08:e8:34:56:ec:a7:4a:75:60:15:98:bb:fb:
         56:80:e2:91:e7:99:93:d9:65:3d:d1:de:4b:1c:4e:c5:60:12:
         88:fd:55:ad:33:5d:11:6b:87:e7:c6:ea:b6:b3:07:c0:fc:1f:
         cb:58:8b:81:fd:31:7c:a7:1e:a8:fb:39:b6:77:f5:92:d6:c3:
         d9:a0:78:68:5e:14:92:13:b9:b8:2e:db:58:e4:e2:2a:9e:26:
         62:f2:bd:01:50:87:89:7c:78:c3:3d:61:92:ba:a7:99:31:1f:
         fa:49:7c:a6:35:8d:1a:d3:50:aa:8d:e1:cb:92:b4:7b:df:22:
         ac:23:3f:db:d8:d5:1e:8e:c4:1f:ad:a4:ff:8f:bc:e6:a7:4c:
         d4:62:c6:05:3e:a1:be:1a:2f:b4:1c:d9:b6:e1:c2:55:2f:b4:
         71:fb:e3:82:b2:a3:04:0e:e2:c1:1f:1e:a5:35:ab:52:1d:fe:
         fb:84:6c:62:5f:46:99:89:b9:0f:9e:65:c3:9e:92:7a:28:c5:
         0d:bf:ae:45:e9:74:a7:6b:c4:05:eb:c7:9e:11:ef:cd:4f:21:
         89:5b:85:f0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVs+H+0HkC/n5t+cwtIWa9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjMwMTAxMTA1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTNhMDFmYTQyZDgyZGJkZTk3OTQ2OWRiYTBhNjYwNTkxM2RjOGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQWJ4+jnsvRZ9yWhlcdpd6WKzoF9
IJKpoNzdPajF11UA1mXmcEctM/dWO6IVYbuhA/xG10BpN2yCD4/+f/J0HPTRjv0d
v4W6QKX5xWtTbpt9yXBE78H2Fl20UYTSaw8l84Ly1+dNq9UMdmRMo04qf/9VrwjQ
afx4PDKj6LcyL2aPFgJ4NkI9lJIo4VDog8DIt3XSFBZAVVyCK1WpmViidIY8J4fx
kudXUXIJLCcvbavDwIRJMI41M2at4AEoyKuBH26+gELUN853FuVYfq6GDEO30eNR
UPAofvDw6euLFDNwc4KGEXPNPCw2wc5b00HJtaDo8ELz2Kfk8qpGnEFKLQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLE6AfpC2C296XlGnboKZgWRPcisMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvc1RvQi1rTFlMYjNwZVVhZHVncG1CWkU5eUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgciwcEw
DQYJKoZIhvcNAQELBQADggEBAC4p0saoLsxQb1RqN6THPyV6ZqNjEpQ0hnV6KWSh
DC80HZuA+hcojPxkCOg0VuynSnVgFZi7+1aA4pHnmZPZZT3R3kscTsVgEoj9Va0z
XRFrh+fG6razB8D8H8tYi4H9MXynHqj7ObZ39ZLWw9mgeGheFJITubgu21jk4iqe
JmLyvQFQh4l8eMM9YZK6p5kxH/pJfKY1jRrTUKqN4cuStHvfIqwjP9vY1R6OxB+t
pP+PvOanTNRixgU+ob4aL7Qc2bbhwlUvtHH744KyowQO4sEfHqU1q1Id/vuEbGJf
RpmJuQ+eZcOeknooxQ2/rkXpdKdrxAXrx54R781PIYlbhfA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:48 2024 by rpki-client on console-fra.rpki-client.org