Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kSB-2dMsDQcz1thEklj-R8a7Ub0.roa
File:                     kSB-2dMsDQcz1thEklj-R8a7Ub0.roa (raw, json)
Hash identifier:          QIREdC0tevh2DOt2aBvHHl331zjfk9+h4zt01nOC2ck=
Subject key identifier:   91:20:7E:D9:D3:2C:0D:07:33:D6:D8:44:92:58:FE:47:C6:BB:51:BD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018570E7E4D5B1FDF172DDA92547C74213FF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kSB-2dMsDQcz1thEklj-R8a7Ub0.roa
Signing time:             Mon 02 Jan 2023 05:15:23 +0000
ROA not before:           Mon 02 Jan 2023 05:15:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210320
IP address blocks:        2a0e:b107:18c0::/48 maxlen: 48
                          2a0e:b107:18c8::/48 maxlen: 48
                          2a0e:b107:18c5::/48 maxlen: 48
                          2a0e:b107:18c2::/48 maxlen: 48
                          2a0e:b107:18c7::/48 maxlen: 48
                          2a0e:b107:18c4::/48 maxlen: 48
                          2a0e:b107:18c1::/48 maxlen: 48
                          2a0e:b107:18c9::/48 maxlen: 48
                          2a0e:b107:18c6::/48 maxlen: 48
                          2a0e:b107:18c3::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 23 Jan 2023 10:50:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:e4:d5:b1:fd:f1:72:dd:a9:25:47:c7:42:13:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 05:15:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91207ed9d32c0d0733d6d8449258fe47c6bb51bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:51:b2:41:fe:47:4f:8e:7a:31:0c:40:12:1e:
                    2c:3a:6b:af:b5:c9:30:93:aa:5d:ff:dd:11:ca:28:
                    28:88:a3:29:9d:84:75:57:db:3f:69:2f:9a:f4:cf:
                    a9:8c:c4:5b:c4:68:da:5f:7c:97:b3:65:8f:8d:e0:
                    c1:61:b4:2c:6c:16:57:b1:b5:3b:ea:4f:c0:2a:e9:
                    97:5a:01:08:ff:08:8b:c9:f5:3a:1a:6b:88:82:0b:
                    cd:a8:d5:fc:b6:55:38:73:1a:44:98:4b:ba:37:9b:
                    15:e0:7e:1b:05:ed:e4:d8:d6:dd:a9:c3:ea:14:e1:
                    17:0a:07:b9:c7:be:a3:cd:ea:7f:3a:13:58:d0:d0:
                    51:49:c5:99:7a:0d:0a:ae:39:e4:3e:30:3a:52:62:
                    9c:80:3a:f1:54:64:57:14:00:06:5a:ef:67:1c:4f:
                    1a:7c:97:f7:9c:c5:2e:13:bf:28:3c:66:cc:be:d3:
                    04:1b:e8:8c:34:e3:27:02:48:17:1c:1a:49:ac:4b:
                    7f:99:04:18:32:ff:26:23:fa:32:c7:bb:af:cb:62:
                    60:ec:cf:88:9a:0f:ed:6f:e6:bb:34:19:87:bf:99:
                    e3:06:2e:bf:43:08:31:40:76:5a:61:e0:18:33:b3:
                    1e:61:d9:06:13:a1:d8:d6:eb:37:2d:34:1b:4d:cf:
                    86:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:20:7E:D9:D3:2C:0D:07:33:D6:D8:44:92:58:FE:47:C6:BB:51:BD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kSB-2dMsDQcz1thEklj-R8a7Ub0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:18c0::-2a0e:b107:18c9:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         41:e6:64:ef:0d:39:77:81:80:f4:55:53:94:12:4b:b8:b8:99:
         f6:32:23:e4:cc:09:15:c7:68:c0:57:bf:4f:19:31:aa:c0:c9:
         31:9f:c0:70:5a:0a:c2:ed:75:6a:23:c4:71:a1:16:7f:03:ae:
         f7:96:3b:9d:51:df:d9:74:fa:a8:52:7c:f6:c1:64:f5:30:c9:
         36:8c:85:bd:51:12:39:84:f1:7d:3c:81:41:a7:4e:64:eb:d6:
         79:12:fe:bf:77:b8:1b:e7:09:fb:12:e8:69:6c:2d:bc:d9:85:
         c7:40:01:95:81:75:c5:41:5b:db:ab:07:6d:9a:b2:77:b5:d5:
         dd:c6:86:c2:b4:86:c3:ff:72:c1:45:f1:5e:95:33:97:d2:1a:
         94:22:2e:95:6c:04:1a:39:d8:cc:11:4d:34:e6:c4:ff:d8:85:
         62:dc:d4:c8:15:dc:de:32:94:57:11:ef:8e:d9:6f:aa:d9:4e:
         89:93:83:c7:7f:35:ca:12:a7:12:f6:86:79:4d:09:1d:91:ae:
         51:89:2c:2f:a2:66:7d:7d:3e:90:4f:dd:30:b7:f8:81:00:1f:
         74:fa:e4:eb:d4:dd:a0:a5:21:d4:fc:79:47:b2:a2:38:35:62:
         31:b5:52:20:36:a0:8d:8b:cf:03:8b:37:6f:12:ca:63:b4:b0:
         fa:c5:fe:90
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVw5+TVsf3xct2pJUfHQhP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMDUxNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTIwN2VkOWQzMmMwZDA3MzNkNmQ4NDQ5MjU4ZmU0N2M2YmI1MWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFGyQf5HT456MQxAEh4sOmuvtckw
k6pd/90RyigoiKMpnYR1V9s/aS+a9M+pjMRbxGjaX3yXs2WPjeDBYbQsbBZXsbU7
6k/AKumXWgEI/wiLyfU6GmuIggvNqNX8tlU4cxpEmEu6N5sV4H4bBe3k2NbdqcPq
FOEXCge5x76jzep/OhNY0NBRScWZeg0KrjnkPjA6UmKcgDrxVGRXFAAGWu9nHE8a
fJf3nMUuE78oPGbMvtMEG+iMNOMnAkgXHBpJrEt/mQQYMv8mI/oyx7uvy2Jg7M+I
mg/tb+a7NBmHv5njBi6/QwgxQHZaYeAYM7MeYdkGE6HY1us3LTQbTc+G6QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJEgftnTLA0HM9bYRJJY/kfGu1G9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEva1NCLTJkTXNEUWN6MXRoRWtsai1SOGE3VWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwYqDrEH
GMADBwEqDrEHGMgwDQYJKoZIhvcNAQELBQADggEBAEHmZO8NOXeBgPRVU5QSS7i4
mfYyI+TMCRXHaMBXv08ZMarAyTGfwHBaCsLtdWojxHGhFn8DrveWO51R39l0+qhS
fPbBZPUwyTaMhb1REjmE8X08gUGnTmTr1nkS/r93uBvnCfsS6GlsLbzZhcdAAZWB
dcVBW9urB22asne11d3GhsK0hsP/csFF8V6VM5fSGpQiLpVsBBo52MwRTTTmxP/Y
hWLc1MgV3N4ylFcR747Zb6rZTomTg8d/NcoSpxL2hnlNCR2RrlGJLC+iZn19PpBP
3TC3+IEAH3T65OvU3aClIdT8eUeyojg1YjG1UiA2oI2LzwOLN28SymO0sPrF/pA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:11 2024 by rpki-client on console-ams.rpki-client.org