Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ppi3W9vjTmj7rVlYNxh3sff1GV0.roa
File:                     ppi3W9vjTmj7rVlYNxh3sff1GV0.roa (raw, json)
Hash identifier:          uCCcNjUhLAO2kyZOdbTq6iwZNFDOhrpEKj89akePmMg=
Subject key identifier:   A6:98:B7:5B:DB:E3:4E:68:FB:AD:59:58:37:18:77:B1:F7:F5:19:5D
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       0189DB93B6FDA963A0A66F963DE85F7AA900
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ppi3W9vjTmj7rVlYNxh3sff1GV0.roa
Signing time:             Wed 09 Aug 2023 18:33:58 +0000
ROA not before:           Wed 09 Aug 2023 18:33:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211027
IP address blocks:        2a09:3d00::/29 maxlen: 36
                          2a11:b80::/29 maxlen: 36
                          2a0f:cc81::/32 maxlen: 32
                          2a09:b680::/29 maxlen: 36
                          2a0d:5ec0::/29 maxlen: 36
                          2a11:780::/29 maxlen: 36
                          2a11:200:2000::/36 maxlen: 36
                          2a10:c340:7000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Tue 17 Oct 2023 05:08:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:db:93:b6:fd:a9:63:a0:a6:6f:96:3d:e8:5f:7a:a9:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Aug  9 18:33:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a698b75bdbe34e68fbad5958371877b1f7f5195d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b0:86:03:44:1b:af:ba:c7:63:6b:f5:e8:4e:
                    99:f8:5a:55:d1:22:7f:c7:48:f5:14:4b:f2:96:1e:
                    84:37:e3:15:44:4f:9b:7f:4c:ae:26:45:2f:79:7e:
                    48:c9:4f:d6:23:32:6b:0b:07:9e:88:1e:6a:92:9b:
                    9f:47:fb:b5:8b:cc:25:19:82:e2:ce:66:03:7d:4a:
                    12:97:61:d8:c0:ee:41:e4:26:7f:65:4c:ee:51:bd:
                    f6:c2:42:1e:df:61:d9:df:ab:92:fa:f7:1f:5f:48:
                    de:61:e3:b5:84:5a:fc:8c:0c:34:e1:b5:0a:8f:03:
                    57:38:b2:1d:19:50:5e:e5:e0:e4:11:69:2d:0b:72:
                    5f:ac:d0:26:d9:3d:6d:af:07:ad:44:48:dc:8e:0a:
                    25:39:93:c8:03:4a:16:6c:10:5f:50:fa:c6:aa:5d:
                    38:5e:71:6a:e7:29:cd:f8:c6:02:d6:07:e9:26:0d:
                    a0:7f:2b:51:1b:d4:c3:c6:bd:bb:28:3e:42:5f:0b:
                    a2:cc:5c:51:22:73:33:84:a9:98:be:2e:79:42:6c:
                    60:7e:06:3c:fb:5c:d7:b5:8a:83:4c:6a:ce:f9:6a:
                    52:d2:11:6b:37:17:31:59:22:76:7e:25:1b:44:83:
                    5f:6c:35:a1:83:69:a7:99:fa:69:80:f8:79:91:d5:
                    15:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:98:B7:5B:DB:E3:4E:68:FB:AD:59:58:37:18:77:B1:F7:F5:19:5D
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ppi3W9vjTmj7rVlYNxh3sff1GV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3d00::/29
                  2a09:b680::/29
                  2a0d:5ec0::/29
                  2a0f:cc81::/32
                  2a10:c340:7000::/36
                  2a11:200:2000::/36
                  2a11:780::/29
                  2a11:b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:b2:f2:38:19:dd:9d:be:cd:60:6f:59:b3:c1:51:64:60:c6:
         19:95:4f:1f:83:f9:52:a6:c6:25:ba:b3:14:e2:72:b1:62:7a:
         03:1d:85:47:37:46:a5:4a:58:11:6f:51:25:55:4b:81:a6:f8:
         03:b6:70:b6:76:9a:75:7e:54:12:a3:b3:fa:af:73:d8:66:2d:
         4b:b2:3e:48:c9:6a:2e:02:8d:3c:f1:09:2e:0b:10:01:2b:c7:
         7f:75:52:f6:5e:6a:44:4f:90:29:9c:89:cd:af:00:e3:8c:82:
         50:3d:52:e5:9f:6e:25:a4:4d:e3:1a:cd:48:0e:16:e2:4a:14:
         6d:b5:81:5a:90:10:7b:bb:22:39:26:31:fe:e5:1b:95:60:9b:
         25:7a:6b:2a:c7:1f:b2:11:dd:e0:5c:52:2d:99:02:2c:4d:2f:
         8a:9d:b7:67:02:c7:a4:07:ac:56:d3:42:13:f6:85:2c:40:d4:
         29:6f:e2:ba:57:5a:91:34:6e:10:ca:78:1d:23:ad:19:3b:c4:
         7e:29:39:68:a1:93:07:54:4f:5f:61:d9:f8:ad:09:6e:57:3f:
         0e:da:21:b4:32:0f:58:26:78:5f:bb:ca:bc:23:5e:7d:a1:f9:
         6d:a9:b0:93:1a:d2:44:12:53:d0:92:b3:99:be:9d:fe:55:63:
         73:d2:28:ac
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYnbk7b9qWOgpm+WPehfeqkAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjMwODA5MTgzMzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk4Yjc1YmRiZTM0ZTY4ZmJhZDU5NTgzNzE4NzdiMWY3ZjUxOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLCGA0Qbr7rHY2v16E6Z+FpV0SJ/
x0j1FEvylh6EN+MVRE+bf0yuJkUveX5IyU/WIzJrCweeiB5qkpufR/u1i8wlGYLi
zmYDfUoSl2HYwO5B5CZ/ZUzuUb32wkIe32HZ36uS+vcfX0jeYeO1hFr8jAw04bUK
jwNXOLIdGVBe5eDkEWktC3JfrNAm2T1trwetREjcjgolOZPIA0oWbBBfUPrGql04
XnFq5ynN+MYC1gfpJg2gfytRG9TDxr27KD5CXwuizFxRInMzhKmYvi55QmxgfgY8
+1zXtYqDTGrO+WpS0hFrNxcxWSJ2fiUbRINfbDWhg2mnmfppgPh5kdUVuwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFKaYt1vb405o+61ZWDcYd7H39RldMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvcHBpM1c5dmpUbWo3clZsWU54aDNzZmYxR1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAAjA6AwUDKgk9AAMF
AyoJtoADBQMqDV7AAwUAKg/MgQMGBCoQw0BwAwYEKhECACADBQMqEQeAAwUDKhEL
gDANBgkqhkiG9w0BAQsFAAOCAQEAM7LyOBndnb7NYG9Zs8FRZGDGGZVPH4P5UqbG
JbqzFOJysWJ6Ax2FRzdGpUpYEW9RJVVLgab4A7ZwtnaadX5UEqOz+q9z2GYtS7I+
SMlqLgKNPPEJLgsQASvHf3VS9l5qRE+QKZyJza8A44yCUD1S5Z9uJaRN4xrNSA4W
4koUbbWBWpAQe7siOSYx/uUblWCbJXprKscfshHd4FxSLZkCLE0vip23ZwLHpAes
VtNCE/aFLEDUKW/iuldakTRuEMp4HSOtGTvEfik5aKGTB1RPX2HZ+K0Jblc/Dtoh
tDIPWCZ4X7vKvCNefaH5bamwkxrSRBJT0JKzmb6d/lVjc9IorA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:59 2024 by rpki-client on console-ams.rpki-client.org