Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/sFQ5LNP4bP7UlT0IgdKHk-X3nss.roa
File:                     sFQ5LNP4bP7UlT0IgdKHk-X3nss.roa (raw, json)
Hash identifier:          smj0xsX/DoIAbSvqTxlLiRWnDGpGApoSQ0DbR2DZo5o=
Subject key identifier:   B0:54:39:2C:D3:F8:6C:FE:D4:95:3D:08:81:D2:87:93:E5:F7:9E:CB
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       018AA79E162DCDFA8674C943E8F0D72DC70F
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/sFQ5LNP4bP7UlT0IgdKHk-X3nss.roa
Signing time:             Mon 18 Sep 2023 09:27:50 +0000
ROA not before:           Mon 18 Sep 2023 09:27:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1921
IP address blocks:        2a04:2b00:14dd::/48 maxlen: 48
                          2a04:2b00:14ee::/48 maxlen: 48
                          2a04:2b00:14cc::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a7:9e:16:2d:cd:fa:86:74:c9:43:e8:f0:d7:2d:c7:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Sep 18 09:27:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b054392cd3f86cfed4953d0881d28793e5f79ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:65:f3:64:51:bc:0e:ea:64:19:54:af:b7:71:
                    27:1f:2a:41:14:6f:a0:98:c0:8d:1c:46:52:8a:63:
                    81:19:b7:5f:8a:5b:68:65:0a:51:d3:54:86:98:28:
                    22:14:29:92:95:61:d4:07:dd:6a:84:f0:41:53:b4:
                    b0:dd:9d:3b:12:71:08:21:ff:e8:14:ef:89:fc:5d:
                    95:f2:cd:37:81:ac:97:41:aa:93:7c:eb:c0:05:0d:
                    4e:1b:38:7a:bb:84:ef:6c:55:9c:1f:b1:7d:1c:1d:
                    97:30:51:ea:97:53:8a:ea:60:e0:5d:8c:be:d8:02:
                    54:72:26:14:9c:53:46:d5:e7:29:15:4a:ad:a9:31:
                    89:b6:6f:0a:90:20:1c:ee:08:25:cd:cf:3d:79:16:
                    9f:cb:47:d8:8f:cb:65:10:b9:94:ac:98:50:ff:ae:
                    0d:a3:ea:2d:2e:c3:e3:75:db:4f:26:c0:74:6b:63:
                    ae:01:8a:6b:a6:0f:b5:61:a5:6f:8c:de:f5:84:88:
                    71:a0:f8:8c:be:bb:35:1f:68:1e:20:43:4b:95:01:
                    a1:15:00:e5:d3:da:90:9e:8a:93:22:ac:55:86:d6:
                    8b:a4:58:cd:83:44:1b:4a:ba:6e:7b:c0:e9:a4:3f:
                    27:6b:19:29:38:8d:d7:07:75:95:a5:c3:85:3f:4b:
                    a7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:54:39:2C:D3:F8:6C:FE:D4:95:3D:08:81:D2:87:93:E5:F7:9E:CB
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/sFQ5LNP4bP7UlT0IgdKHk-X3nss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b00:14cc::/48
                  2a04:2b00:14dd::/48
                  2a04:2b00:14ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:7f:e2:3f:e9:8a:70:75:ac:a2:65:fd:24:49:e8:05:f2:9e:
         be:bd:0b:ec:5b:83:2a:9c:cb:61:d4:72:e8:7b:1a:28:ad:a4:
         0c:b6:28:f7:71:f0:a6:98:dc:52:65:c4:a2:76:a2:8e:e3:44:
         99:d5:08:68:76:83:11:10:13:30:2b:1f:a8:54:b5:b5:19:d6:
         0d:92:ea:92:f5:eb:e4:22:50:69:44:47:33:02:e3:5d:ac:28:
         be:04:4f:52:da:51:c1:81:e1:5c:fb:2f:c2:c1:f0:df:1f:3c:
         a2:77:17:e4:e7:f9:ac:64:33:cd:d5:44:e4:13:f2:7d:1f:9d:
         a5:b6:a5:9e:8d:4c:7a:40:88:d5:c1:9f:6b:65:d6:5d:2b:d0:
         27:ba:a5:36:a0:b1:87:10:07:1a:0d:6b:d3:60:37:2d:57:5e:
         a3:67:e6:0c:55:e3:25:59:00:31:03:3b:5d:77:4b:84:c2:87:
         74:3b:f7:2d:b1:71:85:fe:0d:93:a0:d5:7b:1b:9e:ee:17:19:
         37:bd:cc:ad:29:14:5c:10:73:a4:9d:1b:dd:f0:51:9c:f7:03:
         fa:f5:05:e5:1c:4a:75:9c:7a:3c:8f:c0:47:22:f0:d3:ca:6c:
         b7:5a:b0:25:c0:9a:0e:4e:16:4e:29:83:7c:b0:ad:1e:fb:e8:
         24:12:4d:34
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYqnnhYtzfqGdMlD6PDXLccPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjMwOTE4MDkyNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDU0MzkyY2QzZjg2Y2ZlZDQ5NTNkMDg4MWQyODc5M2U1Zjc5ZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGXzZFG8DupkGVSvt3EnHypBFG+g
mMCNHEZSimOBGbdfiltoZQpR01SGmCgiFCmSlWHUB91qhPBBU7Sw3Z07EnEIIf/o
FO+J/F2V8s03gayXQaqTfOvABQ1OGzh6u4TvbFWcH7F9HB2XMFHql1OK6mDgXYy+
2AJUciYUnFNG1ecpFUqtqTGJtm8KkCAc7gglzc89eRafy0fYj8tlELmUrJhQ/64N
o+otLsPjddtPJsB0a2OuAYprpg+1YaVvjN71hIhxoPiMvrs1H2geIENLlQGhFQDl
09qQnoqTIqxVhtaLpFjNg0QbSrpue8DppD8naxkpOI3XB3WVpcOFP0unywIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLBUOSzT+Gz+1JU9CIHSh5Pl957LMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvc0ZRNUxOUDRiUDdVbFQwSWdkS0hrLVgzbnNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgQrABTM
AwcAKgQrABTdAwcAKgQrABTuMA0GCSqGSIb3DQEBCwUAA4IBAQA+f+I/6Ypwdayi
Zf0kSegF8p6+vQvsW4MqnMth1HLoexooraQMtij3cfCmmNxSZcSidqKO40SZ1Qho
doMREBMwKx+oVLW1GdYNkuqS9evkIlBpREczAuNdrCi+BE9S2lHBgeFc+y/CwfDf
Hzyidxfk5/msZDPN1UTkE/J9H52ltqWejUx6QIjVwZ9rZdZdK9AnuqU2oLGHEAca
DWvTYDctV16jZ+YMVeMlWQAxAztdd0uEwod0O/ctsXGF/g2ToNV7G57uFxk3vcyt
KRRcEHOknRvd8FGc9wP69QXlHEp1nHo8j8BHIvDTymy3WrAlwJoOThZOKYN8sK0e
++gkEk00
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:46 2024 by rpki-client on console-fra.rpki-client.org