Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/67acmJpAqoVjJuUIRNNCG4Sqjjw.roa
File:                     67acmJpAqoVjJuUIRNNCG4Sqjjw.roa (raw, json)
Hash identifier:          kF35uOfxxENyaBmbUummUgrkK5Z1R42WzJM8vdJlpVs=
Subject key identifier:   EB:B6:9C:98:9A:40:AA:85:63:26:E5:08:44:D3:42:1B:84:AA:8E:3C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CE3CA337F37EFD80B50D5EB492AF3BB94
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/67acmJpAqoVjJuUIRNNCG4Sqjjw.roa
Signing time:             Sun 07 Jan 2024 11:58:48 +0000
ROA not before:           Sun 07 Jan 2024 11:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197469
IP address blocks:        2a0e:97c0:b50::/44 maxlen: 48
                          2a0e:97c0:b50::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 16 Jan 2024 15:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e3:ca:33:7f:37:ef:d8:0b:50:d5:eb:49:2a:f3:bb:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  7 11:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebb69c989a40aa856326e50844d3421b84aa8e3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:34:e7:0e:6c:cc:50:58:a1:46:fb:6e:e1:6a:
                    d7:fb:17:49:53:b1:e9:d9:88:6b:2d:a5:9a:fb:0a:
                    da:10:b3:c7:d2:07:3e:75:4c:cf:72:20:af:2f:d4:
                    73:70:81:ca:3e:e0:28:43:aa:c1:07:72:99:7d:2e:
                    cb:52:0f:6b:14:96:16:a0:53:cf:1c:c2:3c:df:d9:
                    a0:df:da:6a:44:2a:2b:a7:b4:2c:46:fb:b1:14:1a:
                    99:06:90:0f:96:c4:b7:08:f2:f2:60:da:06:00:02:
                    a9:09:9d:d1:30:7b:c3:b0:9f:9a:53:cd:c6:f8:d9:
                    2b:75:9c:7b:ff:cb:0e:b1:e4:9d:df:1f:94:cc:33:
                    8d:bb:34:29:24:78:7f:ff:a8:e2:92:6b:88:fc:27:
                    d6:5e:c0:00:89:14:cd:ec:f6:7d:fd:a4:f0:57:43:
                    c2:f9:e7:4a:66:de:30:9e:59:9b:01:8b:cb:e6:a5:
                    71:8d:7a:c0:37:3c:4a:d2:29:04:74:20:5a:ee:2d:
                    86:0a:9a:20:34:94:d4:ca:9f:59:df:89:96:02:7b:
                    7c:60:b7:18:c9:c9:02:6f:88:c8:61:0b:55:14:76:
                    9b:83:7d:c3:a8:09:76:dd:9c:0f:65:03:94:35:74:
                    18:67:9c:d1:1b:6e:f6:bf:b1:57:42:a6:5d:09:fd:
                    21:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:B6:9C:98:9A:40:AA:85:63:26:E5:08:44:D3:42:1B:84:AA:8E:3C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/67acmJpAqoVjJuUIRNNCG4Sqjjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b50::/44

    Signature Algorithm: sha256WithRSAEncryption
         a1:37:72:40:45:2a:17:56:8d:d8:3b:8b:9c:ac:f1:6e:c0:97:
         b5:ba:8e:fe:85:3d:07:7b:62:b5:6c:93:bb:77:3c:f3:d0:e9:
         1e:a4:26:25:52:63:04:90:17:93:55:8b:a4:a8:16:5f:59:fc:
         f5:11:26:9c:ad:a2:f1:3b:b9:37:fb:97:0a:f4:69:4c:0c:9f:
         e3:a4:ba:72:32:6a:a0:8e:26:ce:36:7d:ef:b9:a4:07:16:0c:
         bc:a6:c0:a4:72:90:6e:50:e5:be:10:de:17:48:89:0a:53:0e:
         d2:f1:0d:4d:15:c5:70:34:c5:d2:3c:f6:d7:e0:6e:d8:bf:63:
         1b:60:4d:2b:cf:d6:09:ee:0d:d0:61:c6:bb:d7:db:b0:1e:ed:
         eb:f3:b5:83:6c:1e:56:65:f5:07:19:0b:d7:38:07:a9:ca:0a:
         a8:32:9c:b0:57:1b:e3:1e:4e:b8:04:f0:9d:10:2c:e3:89:60:
         2b:08:8d:be:c0:aa:ca:08:df:d1:22:0d:94:87:e6:9a:85:e0:
         29:2f:8a:e8:5c:8b:49:15:d3:08:0c:d0:6f:fd:54:be:92:2e:
         1d:c2:dc:3b:39:a2:25:d3:40:fd:79:4f:72:e7:f2:74:29:14:
         f4:58:84:58:6c:4f:03:9f:98:95:9b:0f:b4:42:fb:e1:3d:38:
         63:b8:b0:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzjyjN/N+/YC1DV60kq87uUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTA3MTE1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmI2OWM5ODlhNDBhYTg1NjMyNmU1MDg0NGQzNDIxYjg0YWE4ZTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDTnDmzMUFihRvtu4WrX+xdJU7Hp
2YhrLaWa+wraELPH0gc+dUzPciCvL9RzcIHKPuAoQ6rBB3KZfS7LUg9rFJYWoFPP
HMI839mg39pqRCorp7QsRvuxFBqZBpAPlsS3CPLyYNoGAAKpCZ3RMHvDsJ+aU83G
+NkrdZx7/8sOseSd3x+UzDONuzQpJHh//6jikmuI/CfWXsAAiRTN7PZ9/aTwV0PC
+edKZt4wnlmbAYvL5qVxjXrANzxK0ikEdCBa7i2GCpogNJTUyp9Z34mWAnt8YLcY
yckCb4jIYQtVFHabg33DqAl23ZwPZQOUNXQYZ5zRG272v7FXQqZdCf0h8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOu2nJiaQKqFYyblCETTQhuEqo48MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNjdhY21KcEFxb1ZqSnVVSVJOTkNHNFNxamp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAtQ
MA0GCSqGSIb3DQEBCwUAA4IBAQChN3JARSoXVo3YO4ucrPFuwJe1uo7+hT0He2K1
bJO7dzzz0OkepCYlUmMEkBeTVYukqBZfWfz1ESacraLxO7k3+5cK9GlMDJ/jpLpy
MmqgjibONn3vuaQHFgy8psCkcpBuUOW+EN4XSIkKUw7S8Q1NFcVwNMXSPPbX4G7Y
v2MbYE0rz9YJ7g3QYca719uwHu3r87WDbB5WZfUHGQvXOAepygqoMpywVxvjHk64
BPCdECzjiWArCI2+wKrKCN/RIg2Uh+aaheApL4roXItJFdMIDNBv/VS+ki4dwtw7
OaIl00D9eU9y5/J0KRT0WIRYbE8Dn5iVmw+0QvvhPThjuLBK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:22 2024 by rpki-client on console-fra.rpki-client.org