Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/AjlFJ3A636Zr1TUELpRBuSuQpIU.roa
File:                     AjlFJ3A636Zr1TUELpRBuSuQpIU.roa (raw, json)
Hash identifier:          7VP5aZmclqX2dEJJBpDWsE3bT68pdhhQ3qAkGqXZv6U=
Subject key identifier:   02:39:45:27:70:3A:DF:A6:6B:D5:35:04:2E:94:41:B9:2B:90:A4:85
Certificate issuer:       /CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
Certificate serial:       01856F14D3F4627B594C069F3BB7F2530179
Authority key identifier: 73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/AjlFJ3A636Zr1TUELpRBuSuQpIU.roa
Signing time:             Sun 01 Jan 2023 20:45:14 +0000
ROA not before:           Sun 01 Jan 2023 20:45:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41051
IP address blocks:        2a01:20e::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:30:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:14:d3:f4:62:7b:59:4c:06:9f:3b:b7:f2:53:01:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
        Validity
            Not Before: Jan  1 20:45:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=02394527703adfa66bd535042e9441b92b90a485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:86:89:4d:b3:e3:e0:b2:33:95:bc:e8:7a:65:
                    d4:f1:f8:7b:0d:a8:12:45:05:d9:ad:1c:1e:2a:9b:
                    f6:bf:d9:4a:3e:13:14:b3:26:21:8f:50:11:73:55:
                    da:01:67:67:35:1c:f4:62:cd:eb:9a:97:7e:06:e6:
                    4f:50:ba:78:7f:2c:06:1e:93:2e:11:9a:5d:ef:2d:
                    62:15:63:69:2d:13:50:4b:7e:70:04:60:8d:78:09:
                    04:71:3c:74:2b:a9:77:bb:80:d1:4a:6d:7b:eb:50:
                    af:f3:af:c6:e7:15:57:aa:d8:28:a0:64:74:e3:df:
                    fd:cd:7b:c0:8b:fd:e6:ae:fa:0c:ac:b3:b9:31:6d:
                    ea:e0:1c:ce:e8:c1:bd:bf:1a:c9:bb:b6:b9:03:17:
                    67:2c:7e:6c:bc:3a:b5:6c:0a:cc:3c:32:02:9b:69:
                    62:00:07:a8:0a:a7:98:6a:13:13:90:f5:63:4b:da:
                    e4:d7:9d:c5:de:b5:90:4d:be:a3:d8:02:08:9d:4e:
                    00:65:05:3f:02:ce:e1:1e:bd:3f:74:b0:cc:57:d2:
                    73:c0:fc:4d:d7:c9:e0:ee:14:e7:c5:19:ea:a9:5c:
                    2b:ab:8c:66:e9:a0:c6:9f:1e:cc:0b:24:4d:de:1d:
                    45:3f:56:79:41:fd:02:dc:74:d0:d2:a4:a8:2d:ff:
                    25:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:39:45:27:70:3A:DF:A6:6B:D5:35:04:2E:94:41:B9:2B:90:A4:85
            X509v3 Authority Key Identifier:
                keyid:73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/AjlFJ3A636Zr1TUELpRBuSuQpIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:20e::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:d0:5f:28:a9:c1:2f:86:23:67:af:5b:38:fb:d1:04:49:fd:
         ab:b5:e9:e4:05:e4:80:09:70:84:ca:65:10:3c:3e:68:e5:51:
         2f:76:65:4a:90:5f:9b:09:9b:e8:44:4d:ea:16:40:b8:d8:73:
         fd:d7:02:f5:01:ff:9f:10:a4:76:6b:62:19:2a:ab:8d:e4:11:
         11:22:f0:86:43:4b:e4:4c:b4:d6:81:50:0d:b3:d8:0e:cb:d8:
         ed:7d:88:f3:cf:8c:34:86:3b:44:b0:bf:ba:6a:be:88:ff:40:
         ff:8f:08:19:a6:8a:16:03:19:d3:17:18:a3:53:4d:6e:94:7c:
         9d:f0:ca:8e:9d:25:a8:1a:50:f8:ee:05:0e:43:0d:ef:74:78:
         c7:a1:f2:64:58:53:a3:32:2c:04:20:3a:c6:fe:af:06:9f:11:
         1d:d6:c5:2e:ef:93:64:fc:aa:25:82:97:37:cf:8a:be:84:24:
         82:15:dc:24:e5:7d:02:73:bf:52:e9:6c:e9:32:fb:81:45:7a:
         7b:55:80:9f:75:37:8c:77:da:81:db:e0:9e:25:94:8e:f4:90:
         02:bd:f4:89:77:18:52:fc:7c:60:50:f0:44:15:96:54:d7:74:
         23:d4:eb:d0:7d:38:28:27:ca:f4:50:0f:ea:13:13:aa:3e:86:
         cf:b6:08:d0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVvFNP0YntZTAafO7fyUwF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOTc1ZDVkYTlkYThhMDc0YjMzZmJjYjVjMDlkNTAzYTNi
NDQzYTEwHhcNMjMwMTAxMjA0NTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjM5NDUyNzcwM2FkZmE2NmJkNTM1MDQyZTk0NDFiOTJiOTBhNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYaJTbPj4LIzlbzoemXU8fh7DagS
RQXZrRweKpv2v9lKPhMUsyYhj1ARc1XaAWdnNRz0Ys3rmpd+BuZPULp4fywGHpMu
EZpd7y1iFWNpLRNQS35wBGCNeAkEcTx0K6l3u4DRSm1761Cv86/G5xVXqtgooGR0
49/9zXvAi/3mrvoMrLO5MW3q4BzO6MG9vxrJu7a5AxdnLH5svDq1bArMPDICm2li
AAeoCqeYahMTkPVjS9rk153F3rWQTb6j2AIInU4AZQU/As7hHr0/dLDMV9JzwPxN
18ng7hTnxRnqqVwrq4xm6aDGnx7MCyRN3h1FP1Z5Qf0C3HTQ0qSoLf8lDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAI5RSdwOt+ma9U1BC6UQbkrkKSFMB8GA1UdIwQY
MBaAFHOXXV2p2ooHSzP7y1wJ1QOjtEOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYt
OWU4MGQwZDg3YzJkLzEvQWpsRkozQTYzNlpyMVRVRUxwUkJ1U3VRcElVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYtOWU4MGQwZDg3YzJk
LzEvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgECDjAN
BgkqhkiG9w0BAQsFAAOCAQEALNBfKKnBL4YjZ69bOPvRBEn9q7Xp5AXkgAlwhMpl
EDw+aOVRL3ZlSpBfmwmb6ERN6hZAuNhz/dcC9QH/nxCkdmtiGSqrjeQRESLwhkNL
5Ey01oFQDbPYDsvY7X2I88+MNIY7RLC/umq+iP9A/48IGaaKFgMZ0xcYo1NNbpR8
nfDKjp0lqBpQ+O4FDkMN73R4x6HyZFhTozIsBCA6xv6vBp8RHdbFLu+TZPyqJYKX
N8+KvoQkghXcJOV9AnO/Uuls6TL7gUV6e1WAn3U3jHfagdvgniWUjvSQAr30iXcY
Uvx8YFDwRBWWVNd0I9Tr0H04KCfK9FAP6hMTqj6Gz7YI0A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:55 2024 by rpki-client on console-ams.rpki-client.org