Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/caf034-cbe2-4d2d-a02b-5d34704b7c88/1/zZgb3AGKx_YflAEpi54KSx09Z4s.roa
File:                     zZgb3AGKx_YflAEpi54KSx09Z4s.roa (raw, json)
Hash identifier:          1qiTSkdLcsyeDnQJx+GJjBmT8FDWYscJe58I7lSgwTI=
Subject key identifier:   CD:98:1B:DC:01:8A:C7:F6:1F:94:01:29:8B:9E:0A:4B:1D:3D:67:8B
Certificate issuer:       /CN=bd2a5a06b9b43fcea188541d30c6dc3430aaf392
Certificate serial:       018570C2CD5D8B4FF566C9A3224040F70327
Authority key identifier: BD:2A:5A:06:B9:B4:3F:CE:A1:88:54:1D:30:C6:DC:34:30:AA:F3:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vSpaBrm0P86hiFQdMMbcNDCq85I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/caf034-cbe2-4d2d-a02b-5d34704b7c88/1/zZgb3AGKx_YflAEpi54KSx09Z4s.roa
Signing time:             Mon 02 Jan 2023 04:34:52 +0000
ROA not before:           Mon 02 Jan 2023 04:34:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205969
IP address blocks:        2001:67c:12f4::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:c2:cd:5d:8b:4f:f5:66:c9:a3:22:40:40:f7:03:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd2a5a06b9b43fcea188541d30c6dc3430aaf392
        Validity
            Not Before: Jan  2 04:34:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cd981bdc018ac7f61f9401298b9e0a4b1d3d678b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:84:a2:e3:32:02:e2:ef:05:32:ca:a1:37:8d:
                    74:42:73:e5:b0:d5:36:ed:7d:ed:a1:38:4e:43:3f:
                    f4:7f:09:e9:62:cc:b6:a5:85:5e:d7:fe:65:a3:b2:
                    aa:e7:34:e8:a1:11:b6:91:c6:a1:10:3e:76:57:30:
                    81:25:4b:46:b8:86:76:e0:ad:4d:b2:3a:34:7d:01:
                    b1:4b:35:cf:3e:9c:4b:5f:5e:f1:1b:e6:e7:e2:b8:
                    1d:1a:1f:7b:35:8a:8b:55:0b:a1:63:6a:f6:d5:60:
                    fd:1a:a6:21:6c:22:a2:dd:52:73:66:1c:c7:05:38:
                    f1:8f:25:9a:ca:4e:be:ec:49:77:34:a0:17:e2:a9:
                    ea:b6:ab:6d:6c:35:54:e6:83:ef:67:02:5a:bf:fd:
                    e9:31:16:c7:d2:87:fb:77:47:36:e3:87:f9:32:93:
                    63:5d:b4:ac:9f:d2:5f:53:59:4b:2b:63:aa:a7:15:
                    36:ba:a7:c1:8a:44:d5:43:44:43:96:b9:6a:ae:0e:
                    52:d7:25:9c:e9:2f:69:4a:ae:1b:ac:45:1b:c7:3c:
                    e0:94:63:a9:25:76:14:a5:41:32:5a:a6:fd:4c:9e:
                    48:49:72:dc:ed:bc:61:2a:fe:85:57:6c:6d:68:c2:
                    5a:62:df:cf:06:0c:93:02:21:f4:e5:e9:38:34:c6:
                    60:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:98:1B:DC:01:8A:C7:F6:1F:94:01:29:8B:9E:0A:4B:1D:3D:67:8B
            X509v3 Authority Key Identifier:
                keyid:BD:2A:5A:06:B9:B4:3F:CE:A1:88:54:1D:30:C6:DC:34:30:AA:F3:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vSpaBrm0P86hiFQdMMbcNDCq85I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/caf034-cbe2-4d2d-a02b-5d34704b7c88/1/zZgb3AGKx_YflAEpi54KSx09Z4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/caf034-cbe2-4d2d-a02b-5d34704b7c88/1/vSpaBrm0P86hiFQdMMbcNDCq85I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:12f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:98:c7:07:05:ff:76:11:28:5c:5b:ad:8c:ea:b0:6d:f3:a2:
         19:13:62:c0:5a:7b:22:63:9b:66:77:43:dc:56:a8:6c:ed:95:
         e3:d1:48:b1:81:c2:12:23:95:44:d2:70:a6:6d:e5:64:da:27:
         ee:6b:24:d4:d6:d3:3e:a3:b1:0e:42:3a:26:6a:75:e7:50:6d:
         c8:97:e5:70:e9:eb:7b:38:ea:18:58:82:ef:0b:3c:c5:1b:49:
         d1:19:32:15:ab:a3:ad:ff:94:70:d6:68:0a:4a:ec:9a:69:a6:
         cd:95:bc:5c:5e:49:cf:ba:9a:ac:a0:e7:02:61:e4:1f:a9:e0:
         22:28:15:f6:62:76:b8:f2:2b:2b:58:a2:b2:e3:69:c8:23:e6:
         99:56:88:75:4c:21:d0:bc:1d:81:07:97:3b:44:d4:48:f0:fc:
         a9:df:dd:f3:21:43:9e:0a:ff:e7:3a:de:7e:98:1f:1d:8b:e1:
         ed:93:53:f1:c3:14:0f:89:cc:8c:05:0d:94:34:16:07:c5:1e:
         29:f7:10:86:ae:a2:5f:f9:6c:68:06:27:d7:07:53:e4:86:41:
         c3:4c:f6:ea:4e:a2:ec:e3:2d:ed:c4:28:06:16:10:b8:a8:d2:
         0e:1c:f9:99:01:b6:e3:3f:b2:e9:36:eb:df:bc:b0:a8:d6:38:
         34:75:49:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVwws1di0/1ZsmjIkBA9wMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMmE1YTA2YjliNDNmY2VhMTg4NTQxZDMwYzZkYzM0MzBh
YWYzOTIwHhcNMjMwMTAyMDQzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDk4MWJkYzAxOGFjN2Y2MWY5NDAxMjk4YjllMGE0YjFkM2Q2NzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4Si4zIC4u8FMsqhN410QnPlsNU2
7X3toThOQz/0fwnpYsy2pYVe1/5lo7Kq5zTooRG2kcahED52VzCBJUtGuIZ24K1N
sjo0fQGxSzXPPpxLX17xG+bn4rgdGh97NYqLVQuhY2r21WD9GqYhbCKi3VJzZhzH
BTjxjyWayk6+7El3NKAX4qnqtqttbDVU5oPvZwJav/3pMRbH0of7d0c244f5MpNj
XbSsn9JfU1lLK2OqpxU2uqfBikTVQ0RDlrlqrg5S1yWc6S9pSq4brEUbxzzglGOp
JXYUpUEyWqb9TJ5ISXLc7bxhKv6FV2xtaMJaYt/PBgyTAiH05ek4NMZgbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM2YG9wBisf2H5QBKYueCksdPWeLMB8GA1UdIwQY
MBaAFL0qWga5tD/OoYhUHTDG3DQwqvOSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlNwYUJybTBQODZoaUZRZE1NYmNORENxODVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jYWYwMzQtY2JlMi00ZDJkLWEwMmIt
NWQzNDcwNGI3Yzg4LzEvelpnYjNBR0t4X1lmbEFFcGk1NEtTeDA5WjRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jYWYwMzQtY2JlMi00ZDJkLWEwMmItNWQzNDcwNGI3Yzg4
LzEvdlNwYUJybTBQODZoaUZRZE1NYmNORENxODVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBL0
MA0GCSqGSIb3DQEBCwUAA4IBAQA7mMcHBf92EShcW62M6rBt86IZE2LAWnsiY5tm
d0PcVqhs7ZXj0UixgcISI5VE0nCmbeVk2ifuayTU1tM+o7EOQjomanXnUG3Il+Vw
6et7OOoYWILvCzzFG0nRGTIVq6Ot/5Rw1mgKSuyaaabNlbxcXknPupqsoOcCYeQf
qeAiKBX2Yna48isrWKKy42nII+aZVoh1TCHQvB2BB5c7RNRI8Pyp393zIUOeCv/n
Ot5+mB8di+Htk1PxwxQPicyMBQ2UNBYHxR4p9xCGrqJf+WxoBifXB1PkhkHDTPbq
TqLs4y3txCgGFhC4qNIOHPmZAbbjP7LpNuvfvLCo1jg0dUkE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:32 2024 by rpki-client on console-fra.rpki-client.org