Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/x1kBM37Fajwg-GRvJRJ0b2qcEXY.roa
File:                     x1kBM37Fajwg-GRvJRJ0b2qcEXY.roa (raw, json)
Hash identifier:          xRzfKdzbxRYFFaw/k7bstH9AF55jc3nOET4fOWpNZjA=
Subject key identifier:   C7:59:01:33:7E:C5:6A:3C:20:F8:64:6F:25:12:74:6F:6A:9C:11:76
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018CC86FC45B62FE33A7F627D9B1CAF24586
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/x1kBM37Fajwg-GRvJRJ0b2qcEXY.roa
Signing time:             Tue 02 Jan 2024 04:30:17 +0000
ROA not before:           Tue 02 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:4bc7::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 22 Apr 2024 14:04:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c4:5b:62:fe:33:a7:f6:27:d9:b1:ca:f2:45:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c75901337ec56a3c20f8646f2512746f6a9c1176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:08:00:48:28:d8:73:fb:69:94:ad:77:84:6c:
                    20:33:4c:82:17:16:4e:7b:5b:5a:6f:52:d4:6e:0b:
                    7b:cf:60:87:6d:b0:95:89:b5:b1:04:a3:2c:a9:b1:
                    85:ca:04:10:3d:50:46:c6:84:f0:bd:78:18:77:ad:
                    ef:1e:07:ed:60:0c:14:c2:be:14:aa:9b:bd:58:54:
                    62:d7:6b:40:ad:1f:6f:0a:fd:85:d4:da:63:c1:61:
                    93:eb:6b:6b:8f:4b:f5:65:d4:84:2a:0c:a6:26:5f:
                    4d:df:85:25:df:7c:df:cd:dd:0b:5d:64:27:10:43:
                    d4:7a:b9:2b:84:59:96:70:47:f1:51:b0:bd:4d:41:
                    f9:4f:4f:42:0f:42:ee:72:f0:3e:f3:43:97:29:b4:
                    d8:1e:af:ec:2a:eb:b7:9f:f6:3e:1e:54:ae:0b:2a:
                    68:29:06:37:99:19:e8:06:85:f2:0e:d4:7f:b5:34:
                    12:80:58:7a:c2:be:db:7b:1c:22:17:90:59:85:40:
                    67:1f:e2:7e:a5:50:8b:72:39:3c:11:77:00:37:f2:
                    b5:12:68:cc:ba:0e:6d:55:09:97:a6:1d:19:2d:85:
                    f7:f3:41:01:0e:fc:c6:98:02:f0:5b:27:88:b3:a9:
                    19:d4:84:1b:c5:bf:4e:9e:9a:fe:6c:f5:14:0a:af:
                    f7:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:59:01:33:7E:C5:6A:3C:20:F8:64:6F:25:12:74:6F:6A:9C:11:76
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/x1kBM37Fajwg-GRvJRJ0b2qcEXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4bc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:ba:0a:f3:41:93:c1:67:87:a8:91:ba:7d:d1:cc:0b:7a:64:
         74:04:cb:e3:cb:b4:43:aa:33:10:b0:7d:70:73:b9:0a:4e:bb:
         e2:37:68:92:95:a1:4d:97:49:de:d5:2a:ad:9a:60:1e:f2:e6:
         91:39:26:2c:70:5c:b1:5f:87:bc:18:c3:2f:2c:5c:cf:61:25:
         7d:cf:9d:53:f9:88:d6:16:76:e3:32:eb:24:18:bb:6d:d2:a7:
         85:ac:b2:86:e6:bd:2e:e5:11:d2:77:97:99:ad:fc:9b:57:bd:
         14:a3:83:18:b6:ab:6d:ad:43:56:b6:c8:18:97:52:4c:94:4c:
         b6:6e:b5:6d:f1:a6:27:aa:f3:f8:c9:b6:65:de:1d:fc:66:e3:
         9d:73:61:b7:90:06:00:38:a6:62:24:f5:36:67:c0:ae:0a:a6:
         ff:ae:3f:e6:b7:6f:44:2e:78:c8:28:a5:17:2b:a4:a3:2e:a9:
         ad:9a:cd:62:67:be:7a:a9:03:81:e3:d8:80:b1:87:4b:1e:a2:
         1a:be:d9:83:3d:87:b8:01:6c:62:95:d3:75:07:77:5b:48:7b:
         11:ca:60:28:81:b3:09:cf:41:e3:38:d3:6a:3d:84:ad:4a:d1:
         79:47:3b:f8:22:18:fe:36:b3:c6:94:ae:20:99:ce:f6:09:5f:
         a2:00:ed:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb8RbYv4zp/Yn2bHK8kWGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMTAyMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzU5MDEzMzdlYzU2YTNjMjBmODY0NmYyNTEyNzQ2ZjZhOWMxMTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAgASCjYc/tplK13hGwgM0yCFxZO
e1tab1LUbgt7z2CHbbCVibWxBKMsqbGFygQQPVBGxoTwvXgYd63vHgftYAwUwr4U
qpu9WFRi12tArR9vCv2F1NpjwWGT62trj0v1ZdSEKgymJl9N34Ul33zfzd0LXWQn
EEPUerkrhFmWcEfxUbC9TUH5T09CD0LucvA+80OXKbTYHq/sKuu3n/Y+HlSuCypo
KQY3mRnoBoXyDtR/tTQSgFh6wr7bexwiF5BZhUBnH+J+pVCLcjk8EXcAN/K1EmjM
ug5tVQmXph0ZLYX380EBDvzGmALwWyeIs6kZ1IQbxb9Onpr+bPUUCq/3PwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMdZATN+xWo8IPhkbyUSdG9qnBF2MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEveDFrQk0zN0ZhandnLUdSdkpSSjBiMnFjRVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5LxzAN
BgkqhkiG9w0BAQsFAAOCAQEAHLoK80GTwWeHqJG6fdHMC3pkdATL48u0Q6ozELB9
cHO5Ck674jdokpWhTZdJ3tUqrZpgHvLmkTkmLHBcsV+HvBjDLyxcz2Elfc+dU/mI
1hZ24zLrJBi7bdKnhayyhua9LuUR0neXma38m1e9FKODGLarba1DVrbIGJdSTJRM
tm61bfGmJ6rz+Mm2Zd4d/GbjnXNht5AGADimYiT1NmfArgqm/64/5rdvRC54yCil
Fyukoy6prZrNYme+eqkDgePYgLGHSx6iGr7Zgz2HuAFsYpXTdQd3W0h7EcpgKIGz
Cc9B4zjTaj2ErUrReUc7+CIY/jazxpSuIJnO9glfogDtKQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org