Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/R_wPLIg9nh1WTZcqy84dEtENdOk.roa
File:                     R_wPLIg9nh1WTZcqy84dEtENdOk.roa (raw, json)
Hash identifier:          XmXuW7FEB8I63HUSCDUU5/dgrb9uNOPHweNMlYz/khw=
Subject key identifier:   47:FC:0F:2C:88:3D:9E:1D:56:4D:97:2A:CB:CE:1D:12:D1:0D:74:E9
Certificate issuer:       /CN=a9f2fdea263b79fce11389052b0cd940995c6dfe
Certificate serial:       01857295A9A025CFCA09FB4BDC54EBC54F2B
Authority key identifier: A9:F2:FD:EA:26:3B:79:FC:E1:13:89:05:2B:0C:D9:40:99:5C:6D:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qfL96iY7efzhE4kFKwzZQJlcbf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/R_wPLIg9nh1WTZcqy84dEtENdOk.roa
Signing time:             Mon 02 Jan 2023 13:04:48 +0000
ROA not before:           Mon 02 Jan 2023 13:04:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        2a12:d8c6::/32 maxlen: 32
                          2a12:d8c4::/32 maxlen: 32
                          2a12:d8c3::/32 maxlen: 32
                          2a12:d8c7::/32 maxlen: 32
                          2a12:d8c2::/32 maxlen: 32
                          2a12:d8c5::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:95:a9:a0:25:cf:ca:09:fb:4b:dc:54:eb:c5:4f:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9f2fdea263b79fce11389052b0cd940995c6dfe
        Validity
            Not Before: Jan  2 13:04:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=47fc0f2c883d9e1d564d972acbce1d12d10d74e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8c:3f:60:72:48:53:b1:07:6a:ba:1c:da:9d:
                    00:e7:ae:13:00:bf:19:a9:ce:1d:eb:45:bd:77:58:
                    1b:8c:f0:53:68:db:78:f2:e6:6e:ca:be:91:50:0b:
                    79:99:ae:dc:ff:1c:94:6e:51:6e:1d:3f:1c:c5:52:
                    10:61:51:a9:50:a5:33:64:c8:b7:50:1f:0d:4f:cd:
                    c5:26:2e:ea:c5:df:9c:83:01:fa:b0:a4:6c:46:63:
                    41:9f:4a:51:30:16:c5:cf:00:bc:25:ed:40:2a:0f:
                    05:48:df:8b:93:e4:f3:2c:58:88:24:e8:ab:67:5d:
                    50:1c:04:a0:1e:43:fc:5d:a4:8b:19:94:f9:b5:44:
                    3b:12:e4:fb:38:ae:a3:ae:ed:3d:49:6b:f0:86:04:
                    07:90:51:88:92:28:0c:a7:11:ee:0f:42:58:bf:a2:
                    42:40:8e:5f:e3:2a:19:e3:6c:d8:dc:55:c5:8d:9b:
                    ce:a4:b5:0f:46:b7:f8:32:24:0c:7d:6e:a8:67:e9:
                    ee:03:99:49:05:9b:f5:3b:7d:3b:80:e0:6d:fa:56:
                    cc:88:30:6e:92:d5:d1:82:d6:14:fd:e2:d2:30:03:
                    79:dc:eb:c0:2f:e4:34:73:79:ca:ca:27:d3:35:e6:
                    0a:83:76:de:32:d9:86:0e:6b:b9:b2:a5:51:b7:79:
                    53:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:FC:0F:2C:88:3D:9E:1D:56:4D:97:2A:CB:CE:1D:12:D1:0D:74:E9
            X509v3 Authority Key Identifier:
                keyid:A9:F2:FD:EA:26:3B:79:FC:E1:13:89:05:2B:0C:D9:40:99:5C:6D:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qfL96iY7efzhE4kFKwzZQJlcbf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/R_wPLIg9nh1WTZcqy84dEtENdOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/qfL96iY7efzhE4kFKwzZQJlcbf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:d8c2::-2a12:d8c7:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4f:92:ff:4f:71:08:a6:1e:7d:e1:58:ac:af:32:66:17:1a:03:
         8e:5c:4d:ba:1c:45:3c:a9:e4:a5:32:52:50:42:b5:98:2f:27:
         6e:21:c1:aa:33:60:48:5a:b0:e3:52:fb:60:46:e1:8d:f2:ec:
         76:f4:da:17:1c:dc:2a:f2:42:0b:4e:8a:08:9b:be:ea:f7:56:
         45:73:49:00:5e:fe:8b:75:19:e7:65:8b:ec:06:af:00:b2:73:
         2c:bd:65:e7:62:d3:ed:fd:ca:62:f9:27:a0:46:a9:12:3e:4d:
         9a:1d:f1:31:16:47:e9:87:25:fa:7e:08:5e:39:4c:a8:8a:83:
         e2:c5:69:4d:e6:39:f4:01:15:74:3e:33:23:cf:c2:20:73:52:
         15:c8:2d:89:61:24:61:8a:b4:25:b5:3d:9d:c6:09:df:35:0e:
         60:bb:a7:73:a1:12:6d:83:b4:85:1e:02:26:38:d8:7a:78:93:
         a1:82:92:0c:fb:04:42:eb:af:65:c4:90:55:c7:96:56:5d:1b:
         85:d6:09:09:4c:eb:c3:bb:38:49:ed:a5:a0:f2:8e:72:02:e4:
         dc:6d:d7:30:70:34:01:22:05:00:8d:ad:4d:3a:92:35:cc:bd:
         8c:39:48:b2:47:b0:ef:c8:0e:ef:2e:18:03:22:eb:3a:10:db:
         f9:d7:f9:71
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYVylamgJc/KCftL3FTrxU8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZjJmZGVhMjYzYjc5ZmNlMTEzODkwNTJiMGNkOTQwOTk1
YzZkZmUwHhcNMjMwMTAyMTMwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2ZjMGYyYzg4M2Q5ZTFkNTY0ZDk3MmFjYmNlMWQxMmQxMGQ3NGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIw/YHJIU7EHaroc2p0A564TAL8Z
qc4d60W9d1gbjPBTaNt48uZuyr6RUAt5ma7c/xyUblFuHT8cxVIQYVGpUKUzZMi3
UB8NT83FJi7qxd+cgwH6sKRsRmNBn0pRMBbFzwC8Je1AKg8FSN+Lk+TzLFiIJOir
Z11QHASgHkP8XaSLGZT5tUQ7EuT7OK6jru09SWvwhgQHkFGIkigMpxHuD0JYv6JC
QI5f4yoZ42zY3FXFjZvOpLUPRrf4MiQMfW6oZ+nuA5lJBZv1O307gOBt+lbMiDBu
ktXRgtYU/eLSMAN53OvAL+Q0c3nKyifTNeYKg3beMtmGDmu5sqVRt3lTbQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFEf8DyyIPZ4dVk2XKsvOHRLRDXTpMB8GA1UdIwQY
MBaAFKny/eomO3n84ROJBSsM2UCZXG3+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWZMOTZpWTdlZnpoRTRrRkt3elpRSmxjYmY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My81M2ZmNjItYzFhZC00MjQ0LWI5MWEt
ZjhhZmZlZjExMmQ4LzEvUl93UExJZzluaDFXVFpjcXk4NGRFdEVOZE9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My81M2ZmNjItYzFhZC00MjQ0LWI5MWEtZjhhZmZlZjExMmQ4
LzEvcWZMOTZpWTdlZnpoRTRrRkt3elpRSmxjYmY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQEqEtjC
AwUDKhLYwDANBgkqhkiG9w0BAQsFAAOCAQEAT5L/T3EIph594VisrzJmFxoDjlxN
uhxFPKnkpTJSUEK1mC8nbiHBqjNgSFqw41L7YEbhjfLsdvTaFxzcKvJCC06KCJu+
6vdWRXNJAF7+i3UZ52WL7AavALJzLL1l52LT7f3KYvknoEapEj5Nmh3xMRZH6Ycl
+n4IXjlMqIqD4sVpTeY59AEVdD4zI8/CIHNSFcgtiWEkYYq0JbU9ncYJ3zUOYLun
c6ESbYO0hR4CJjjYeniToYKSDPsEQuuvZcSQVceWVl0bhdYJCUzrw7s4Se2loPKO
cgLk3G3XMHA0ASIFAI2tTTqSNcy9jDlIskew78gO7y4YAyLrOhDb+df5cQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:16 2024 by rpki-client on console-fra.rpki-client.org