Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/k2x976SUFxiFDefWVyDJm9y5ots.roa
File:                     k2x976SUFxiFDefWVyDJm9y5ots.roa (raw, json)
Hash identifier:          aQ1tJmbthP5xBDYdX9ZAHot0TjguYSaaYkL9vi5ve7g=
Subject key identifier:   93:6C:7D:EF:A4:94:17:18:85:0D:E7:D6:57:20:C9:9B:DC:B9:A2:DB
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018ECD18044766C593A4DE83C8C4B4752C95
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/k2x976SUFxiFDefWVyDJm9y5ots.roa
Signing time:             Thu 11 Apr 2024 12:18:06 +0000
ROA not before:           Thu 11 Apr 2024 12:18:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a14:2dc0::/32 maxlen: 32
                          2a14:2dc1::/32 maxlen: 32
                          2a14:2dc2::/32 maxlen: 32
                          2a14:2dc3::/32 maxlen: 32
                          2a14:2dc4::/32 maxlen: 32
                          2a14:2dc5::/32 maxlen: 32
                          2a14:2dc6::/32 maxlen: 32
                          2a14:2dc7::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 11 Jun 2024 15:39:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cd:18:04:47:66:c5:93:a4:de:83:c8:c4:b4:75:2c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 11 12:18:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=936c7defa4941718850de7d65720c99bdcb9a2db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:21:aa:90:f8:73:ae:c3:16:86:ac:3b:c9:62:
                    00:f0:a2:20:f6:e2:69:cf:00:e7:6c:f0:bf:ef:45:
                    c7:95:3a:a3:4d:a9:fa:79:f6:3d:ae:53:ef:21:53:
                    8e:4e:f8:01:e4:63:41:27:8a:fa:db:a3:e4:d1:0d:
                    4e:f3:b3:4e:7d:f2:4c:fe:a6:c9:26:b0:54:e5:1c:
                    14:b8:f3:93:cb:ff:00:f4:e5:a0:99:24:5f:20:3b:
                    0a:f3:d7:4a:62:00:c7:e9:d0:37:cb:45:9e:b6:28:
                    bb:8c:1e:5b:22:6e:99:86:c1:79:6f:44:e8:ea:02:
                    ca:41:6a:e5:08:14:28:d0:28:b4:4e:cb:f2:ae:86:
                    60:6f:23:1a:4e:2f:4b:05:28:e4:0a:43:3f:7f:66:
                    00:c6:a4:f0:96:b4:98:e0:f8:70:a3:0e:b6:8b:13:
                    21:4c:c4:17:32:49:60:c7:ef:97:ac:7e:82:0a:47:
                    4b:2a:e9:7d:a0:35:36:e3:d8:6f:38:bb:f8:e3:5d:
                    4c:a6:6c:f0:77:ca:9d:50:15:24:ce:31:ce:d0:7f:
                    d5:46:73:26:d5:f1:5a:53:79:65:18:36:c7:08:9e:
                    d6:58:cb:6a:d5:9d:ca:32:f6:51:3e:51:1b:0a:25:
                    26:34:0e:f7:19:8c:3a:7d:93:94:c8:46:56:04:49:
                    07:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:6C:7D:EF:A4:94:17:18:85:0D:E7:D6:57:20:C9:9B:DC:B9:A2:DB
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/k2x976SUFxiFDefWVyDJm9y5ots.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:7f:18:71:77:99:41:34:af:b0:e5:02:ca:ad:0e:e4:5f:bf:
         a7:24:05:ae:b7:26:d6:d7:92:f1:15:da:eb:a3:e2:58:b2:2d:
         9b:59:37:c9:94:96:95:ef:45:3c:d5:87:54:55:f5:2d:17:a8:
         bc:40:dc:7d:8d:45:f6:94:ff:51:53:14:7f:d0:9e:c9:57:3b:
         18:18:5c:5c:c3:ec:14:b7:82:dd:27:20:0d:64:37:2b:34:1f:
         91:62:60:b1:81:8e:5e:18:3e:1a:00:72:55:b0:18:55:4c:b7:
         1f:a0:39:39:cd:ab:96:55:6e:df:db:0a:b8:ba:16:78:6d:40:
         28:fa:79:8c:d8:a3:3f:fe:61:3d:3d:05:9c:3f:9f:81:9e:eb:
         b2:3f:1c:80:af:c2:06:58:c8:46:d9:cb:4c:e1:23:d8:42:d2:
         be:d8:6f:c2:ff:e3:44:e0:28:dc:b1:f2:ec:73:1e:30:33:9f:
         ec:1d:38:36:76:3d:4e:ee:14:7c:90:75:a3:3d:34:7f:8e:de:
         16:72:1b:37:a5:6b:10:a6:7e:26:9c:ae:26:bc:00:0f:47:48:
         2e:e6:52:ab:11:b0:80:5f:81:f8:e7:4d:ec:98:ce:14:a3:62:
         c2:6c:6d:2d:09:c9:c7:e2:2a:34:0e:fb:d2:51:4f:7c:df:3f:
         eb:a7:81:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7NGARHZsWTpN6DyMS0dSyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDExMTIxODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzZjN2RlZmE0OTQxNzE4ODUwZGU3ZDY1NzIwYzk5YmRjYjlhMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyGqkPhzrsMWhqw7yWIA8KIg9uJp
zwDnbPC/70XHlTqjTan6efY9rlPvIVOOTvgB5GNBJ4r626Pk0Q1O87NOffJM/qbJ
JrBU5RwUuPOTy/8A9OWgmSRfIDsK89dKYgDH6dA3y0Wetii7jB5bIm6ZhsF5b0To
6gLKQWrlCBQo0Ci0TsvyroZgbyMaTi9LBSjkCkM/f2YAxqTwlrSY4Phwow62ixMh
TMQXMklgx++XrH6CCkdLKul9oDU249hvOLv4411Mpmzwd8qdUBUkzjHO0H/VRnMm
1fFaU3llGDbHCJ7WWMtq1Z3KMvZRPlEbCiUmNA73GYw6fZOUyEZWBEkHbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJNsfe+klBcYhQ3n1lcgyZvcuaLbMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvazJ4OTc2U1VGeGlGRGVmV1Z5REptOXk1b3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQtwDAN
BgkqhkiG9w0BAQsFAAOCAQEAnH8YcXeZQTSvsOUCyq0O5F+/pyQFrrcm1teS8RXa
66PiWLItm1k3yZSWle9FPNWHVFX1LReovEDcfY1F9pT/UVMUf9CeyVc7GBhcXMPs
FLeC3ScgDWQ3KzQfkWJgsYGOXhg+GgByVbAYVUy3H6A5Oc2rllVu39sKuLoWeG1A
KPp5jNijP/5hPT0FnD+fgZ7rsj8cgK/CBljIRtnLTOEj2ELSvthvwv/jROAo3LHy
7HMeMDOf7B04NnY9Tu4UfJB1oz00f47eFnIbN6VrEKZ+JpyuJrwAD0dILuZSqxGw
gF+B+OdN7JjOFKNiwmxtLQnJx+IqNA770lFPfN8/66eBrw==
-----END CERTIFICATE-----
Generated at Tue Jun 11 19:46:37 2024 by rpki-client on console-fra.rpki-client.org