Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1zpNFOmvjYZc_rIG07VyEaI7ass.roa
File:                     1zpNFOmvjYZc_rIG07VyEaI7ass.roa (raw, json)
Hash identifier:          OXCy1TzDqUtxsWTGcPH6EeKctmaiZ9Y7EH1qZyzUjkk=
Subject key identifier:   D7:3A:4D:14:E9:AF:8D:86:5C:FE:B2:06:D3:B5:72:11:A2:3B:6A:CB
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018F0C2789AAF387A780E02985C29E8F242D
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1zpNFOmvjYZc_rIG07VyEaI7ass.roa
Signing time:             Tue 23 Apr 2024 18:11:08 +0000
ROA not before:           Tue 23 Apr 2024 18:11:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215158
IP address blocks:        2a11:1c80::/29 maxlen: 29
                          2a11:e8c0::/29 maxlen: 29
                          2a11:ea80::/29 maxlen: 29
                          2a11:ff40::/29 maxlen: 29
                          2a12:1040::/29 maxlen: 29
                          2a12:2e80::/29 maxlen: 29
                          2a12:3c00::/29 maxlen: 29
                          2a12:8580::/29 maxlen: 29
                          2a12:8a00::/29 maxlen: 29
                          2a12:9300::/29 maxlen: 29
                          2a12:d080::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 24 Apr 2024 13:44:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:27:89:aa:f3:87:a7:80:e0:29:85:c2:9e:8f:24:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 23 18:11:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d73a4d14e9af8d865cfeb206d3b57211a23b6acb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:ae:87:a7:a6:2c:0b:ea:d7:a6:0b:3e:97:
                    f4:1b:47:27:78:b1:d8:c0:ff:58:16:f6:d0:d1:c8:
                    9b:76:21:7e:aa:40:81:ce:33:97:21:fd:8c:9a:6e:
                    d6:11:1a:aa:49:8a:70:9b:ad:06:04:ac:52:6d:e9:
                    95:63:75:0a:31:3e:cf:12:7a:e7:a7:50:41:39:9d:
                    d7:33:b4:7f:25:23:02:04:8a:4f:a2:be:3e:42:83:
                    e5:6a:8b:81:4b:a5:b9:2b:53:c6:8e:56:68:7d:6a:
                    30:a5:71:cd:af:61:47:12:64:bd:73:0e:14:7b:43:
                    b6:6b:be:28:b5:a6:72:62:65:a5:9c:e7:b4:9f:53:
                    97:be:0f:d7:ce:2d:aa:4a:33:e3:f9:45:a4:5d:68:
                    b1:f8:35:bc:b6:98:89:49:be:86:29:dd:8b:bb:64:
                    db:f2:f4:a3:4e:39:d4:90:ad:19:8b:7e:a8:60:64:
                    03:b1:3f:6e:ee:ff:41:6d:db:51:83:78:cc:27:44:
                    24:c5:3f:40:78:3d:26:ea:c1:6f:14:3a:77:3c:b6:
                    d5:be:93:66:a3:61:01:16:75:49:5f:1c:c6:3a:f4:
                    2c:97:43:a3:62:03:49:b9:98:0e:d3:6a:ca:5e:e9:
                    e7:3b:72:63:00:50:53:92:bd:70:2d:40:d0:2d:e2:
                    18:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:3A:4D:14:E9:AF:8D:86:5C:FE:B2:06:D3:B5:72:11:A2:3B:6A:CB
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1zpNFOmvjYZc_rIG07VyEaI7ass.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1c80::/29
                  2a11:e8c0::/29
                  2a11:ea80::/29
                  2a11:ff40::/29
                  2a12:1040::/29
                  2a12:2e80::/29
                  2a12:3c00::/29
                  2a12:8580::/29
                  2a12:8a00::/29
                  2a12:9300::/29
                  2a12:d080::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:61:34:c9:3f:fe:11:58:15:73:97:20:28:88:1b:df:44:e2:
         76:92:32:46:95:95:d8:b1:40:e7:ea:4f:c1:1b:96:2b:87:6b:
         6f:a9:25:a5:86:e4:5a:9d:0a:24:e0:9e:6e:02:41:70:d0:0f:
         6b:8a:87:ba:76:da:c0:1e:df:79:03:b1:71:92:8b:4c:98:c1:
         0d:6c:c4:b5:90:71:e1:b4:2f:97:1b:01:ab:bf:08:20:b8:ab:
         86:c7:71:48:5f:16:62:80:96:c5:ad:40:84:78:c0:b5:6d:9e:
         d5:03:5c:e4:08:66:43:6f:66:e8:e9:60:55:15:53:59:0b:cd:
         ce:9b:88:f5:39:a5:7b:db:43:4e:f1:9b:28:18:5a:5c:9a:48:
         46:73:cf:f0:32:55:e0:43:4b:19:54:87:51:65:d7:f2:ea:a2:
         98:39:49:11:49:2f:3e:64:4e:94:a5:33:f8:b3:23:1b:98:42:
         77:9a:7c:25:ad:44:56:b2:f5:db:cf:52:16:7e:2a:d9:f2:05:
         45:75:81:81:e4:c7:4a:af:9d:ea:a9:c4:47:8b:55:02:42:9e:
         ea:1f:1e:89:00:67:69:09:e6:8c:78:8b:c5:63:fe:30:73:8c:
         31:44:5a:3e:da:ca:c4:8b:c5:83:e8:7f:46:f4:d0:fc:d5:50:
         f1:49:8f:24
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY8MJ4mq84engOAphcKejyQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDIzMTgxMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzNhNGQxNGU5YWY4ZDg2NWNmZWIyMDZkM2I1NzIxMWEyM2I2YWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0euh6emLAvq16YLPpf0G0cneLHY
wP9YFvbQ0cibdiF+qkCBzjOXIf2Mmm7WERqqSYpwm60GBKxSbemVY3UKMT7PEnrn
p1BBOZ3XM7R/JSMCBIpPor4+QoPlaouBS6W5K1PGjlZofWowpXHNr2FHEmS9cw4U
e0O2a74otaZyYmWlnOe0n1OXvg/Xzi2qSjPj+UWkXWix+DW8tpiJSb6GKd2Lu2Tb
8vSjTjnUkK0Zi36oYGQDsT9u7v9BbdtRg3jMJ0QkxT9AeD0m6sFvFDp3PLbVvpNm
o2EBFnVJXxzGOvQsl0OjYgNJuZgO02rKXunnO3JjAFBTkr1wLUDQLeIYSQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFNc6TRTpr42GXP6yBtO1chGiO2rLMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvMXpwTkZPbXZqWVpjX3JJRzA3VnlFYUk3YXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKhEcgAMF
AyoR6MADBQMqEeqAAwUDKhH/QAMFAyoSEEADBQMqEi6AAwUDKhI8AAMFAyoShYAD
BQMqEooAAwUDKhKTAAMFAyoS0IAwDQYJKoZIhvcNAQELBQADggEBABFhNMk//hFY
FXOXICiIG99E4naSMkaVldixQOfqT8EbliuHa2+pJaWG5FqdCiTgnm4CQXDQD2uK
h7p22sAe33kDsXGSi0yYwQ1sxLWQceG0L5cbAau/CCC4q4bHcUhfFmKAlsWtQIR4
wLVtntUDXOQIZkNvZujpYFUVU1kLzc6biPU5pXvbQ07xmygYWlyaSEZzz/AyVeBD
SxlUh1Fl1/Lqopg5SRFJLz5kTpSlM/izIxuYQneafCWtRFay9dvPUhZ+KtnyBUV1
gYHkx0qvneqpxEeLVQJCnuofHokAZ2kJ5ox4i8Vj/jBzjDFEWj7aysSLxYPof0b0
0PzVUPFJjyQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:08 2024 by rpki-client on console-fra.rpki-client.org