Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/IeOzgE1y_JnwOwK3oFxWckZYaes.roa
File:                     IeOzgE1y_JnwOwK3oFxWckZYaes.roa (raw, json)
Hash identifier:          W6Am8OjfC5Pv2xnObfZYXBtYtmjr2MIBbDb+MRY/yr0=
Subject key identifier:   21:E3:B3:80:4D:72:FC:99:F0:3B:02:B7:A0:5C:56:72:46:58:69:EB
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018C25E60881CDD99727B0C7CB0C4CC00095
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/IeOzgE1y_JnwOwK3oFxWckZYaes.roa
Signing time:             Fri 01 Dec 2023 15:01:21 +0000
ROA not before:           Fri 01 Dec 2023 15:01:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     328711
IP address blocks:        2a12:8fc6:c27a::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:25:e6:08:81:cd:d9:97:27:b0:c7:cb:0c:4c:c0:00:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Dec  1 15:01:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=21e3b3804d72fc99f03b02b7a05c5672465869eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d0:87:cb:5b:c8:2e:40:fa:3f:5a:65:a0:c0:
                    6e:b8:74:4d:e9:2b:0c:d3:e2:64:6d:76:2a:bd:ef:
                    a1:d7:6d:e2:bc:64:a6:0a:3e:00:c7:a7:cf:66:ec:
                    ac:86:a1:96:86:9e:0e:19:a3:ed:4b:d2:ef:5f:20:
                    96:ae:46:0f:9a:65:12:b6:47:b9:df:c9:b7:1f:09:
                    4b:8b:94:0e:9e:33:20:d3:17:95:d3:ff:4d:19:23:
                    c4:d7:46:b3:68:c4:18:39:85:2f:ae:0f:77:2f:5e:
                    e8:02:13:f5:21:08:e4:34:66:79:b2:8e:12:e6:8a:
                    16:34:9c:51:44:17:de:8b:59:36:27:b1:ad:61:08:
                    a1:3d:b1:b1:72:0f:fa:5b:80:e0:84:ea:8d:01:89:
                    16:b4:8a:e3:0d:70:62:c6:62:15:5d:3e:0a:f3:2e:
                    36:0e:b2:6c:9c:28:04:73:e7:bb:50:b4:e8:82:3a:
                    57:3d:10:24:69:b7:0d:be:73:70:16:7b:82:50:50:
                    c1:69:df:84:24:49:db:b3:9d:d7:f9:2d:50:af:c5:
                    87:a4:3f:35:8a:9f:39:55:19:7c:86:6e:a4:3f:36:
                    cd:c3:d5:13:8c:42:01:d0:11:b7:c9:64:32:71:e5:
                    6e:f3:fe:b5:a9:e6:84:ea:00:9d:30:ee:d1:dd:c1:
                    ed:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E3:B3:80:4D:72:FC:99:F0:3B:02:B7:A0:5C:56:72:46:58:69:EB
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/IeOzgE1y_JnwOwK3oFxWckZYaes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8fc6:c27a::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:a9:15:35:c2:98:2c:69:c5:c0:9f:54:9e:48:27:4d:d2:67:
         80:46:d4:96:53:68:8c:f5:3e:ae:f0:0a:88:1f:20:a2:be:50:
         8e:fb:d6:ec:f4:8e:e0:32:fb:59:72:9f:78:22:3a:df:cc:84:
         51:e6:eb:e9:a3:53:d5:7a:f3:3a:92:1a:c4:4d:28:d7:47:a3:
         9a:e9:9c:86:3b:0a:0a:fc:dc:fb:fd:f8:77:a0:0f:c2:ad:8e:
         45:80:b5:11:c1:de:00:10:0e:71:2c:eb:d1:8e:23:73:21:22:
         b1:e0:2b:c7:cf:fe:3b:d9:3c:e9:04:5d:93:47:bd:dc:d8:c2:
         dc:11:d6:d8:9d:8c:26:b7:fe:5e:de:d5:da:eb:61:bf:31:c6:
         43:66:ec:72:c5:63:d0:da:1d:b7:58:be:2e:98:85:85:13:a4:
         18:9d:5e:aa:45:f1:b5:b9:e7:cc:e9:da:5d:ea:71:bc:77:ea:
         60:60:89:8c:37:eb:70:ab:1a:7c:10:5b:80:2f:ed:0b:b6:5e:
         0b:87:bc:c1:d9:6e:ee:39:99:a1:c9:5d:2a:e1:0c:93:38:30:
         57:8a:70:1d:f2:2d:b3:ce:ff:25:83:b4:4f:2e:0b:ba:b1:ba:
         91:30:09:95:7f:f8:70:30:a0:16:e0:a6:0f:16:03:74:bd:28:
         6e:c6:b3:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYwl5giBzdmXJ7DHywxMwACVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjMxMjAxMTUwMTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWUzYjM4MDRkNzJmYzk5ZjAzYjAyYjdhMDVjNTY3MjQ2NTg2OWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitCHy1vILkD6P1ploMBuuHRN6SsM
0+JkbXYqve+h123ivGSmCj4Ax6fPZuyshqGWhp4OGaPtS9LvXyCWrkYPmmUStke5
38m3HwlLi5QOnjMg0xeV0/9NGSPE10azaMQYOYUvrg93L17oAhP1IQjkNGZ5so4S
5ooWNJxRRBfei1k2J7GtYQihPbGxcg/6W4DghOqNAYkWtIrjDXBixmIVXT4K8y42
DrJsnCgEc+e7ULTogjpXPRAkabcNvnNwFnuCUFDBad+EJEnbs53X+S1Qr8WHpD81
ip85VRl8hm6kPzbNw9UTjEIB0BG3yWQyceVu8/61qeaE6gCdMO7R3cHthQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCHjs4BNcvyZ8DsCt6BcVnJGWGnrMB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEvSWVPemdFMXlfSm53T3dLM29GeFdja1pZYWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKPxsJ6
MA0GCSqGSIb3DQEBCwUAA4IBAQCRqRU1wpgsacXAn1SeSCdN0meARtSWU2iM9T6u
8AqIHyCivlCO+9bs9I7gMvtZcp94IjrfzIRR5uvpo1PVevM6khrETSjXR6Oa6ZyG
OwoK/Nz7/fh3oA/CrY5FgLURwd4AEA5xLOvRjiNzISKx4CvHz/472TzpBF2TR73c
2MLcEdbYnYwmt/5e3tXa62G/McZDZuxyxWPQ2h23WL4umIWFE6QYnV6qRfG1uefM
6dpd6nG8d+pgYImMN+twqxp8EFuAL+0Ltl4Lh7zB2W7uOZmhyV0q4QyTODBXinAd
8i2zzv8lg7RPLgu6sbqRMAmVf/hwMKAW4KYPFgN0vShuxrMU
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:04 2024 by rpki-client on console-ams.rpki-client.org