Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/2hlrBlr4nojd423EU-OdE5razQA.roa
File:                     2hlrBlr4nojd423EU-OdE5razQA.roa (raw, json)
Hash identifier:          0s7SYnLCJvihgIOSs6e6lFxeGJVJjuOZaCPV0fNRMfE=
Subject key identifier:   DA:19:6B:06:5A:F8:9E:88:DD:E3:6D:C4:53:E3:9D:13:9A:DA:CD:00
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       0191312C7D1C3DBF3D9413BAFEDD5795C675
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/2hlrBlr4nojd423EU-OdE5razQA.roa
Signing time:             Thu 08 Aug 2024 08:48:04 +0000
ROA not before:           Thu 08 Aug 2024 08:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214770
IP address blocks:        2001:67c:e9c::/48 maxlen: 48
                          2001:67c:ea0::/48 maxlen: 48
                          2001:67c:ea4::/48 maxlen: 48
                          2001:67c:ea8::/48 maxlen: 48
                          2a01:e900::/40 maxlen: 48

Validation:               Failed, certificate revoked on Tue 13 Aug 2024 09:53:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:31:2c:7d:1c:3d:bf:3d:94:13:ba:fe:dd:57:95:c6:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Aug  8 08:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da196b065af89e88dde36dc453e39d139adacd00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a7:e8:f2:5b:01:bf:fc:ad:8b:c8:cc:bb:13:
                    6d:a5:b3:f5:a9:37:69:10:75:42:8f:5d:88:9a:f0:
                    81:b2:56:3b:a5:45:b0:0a:44:bb:9e:55:3c:a6:6d:
                    df:bf:a5:a6:1d:3c:8f:ad:03:96:2f:53:16:cb:33:
                    1f:0a:1c:2c:bb:ab:69:19:9d:b6:1a:8a:dc:38:3e:
                    ae:62:5c:82:74:08:a6:cc:90:9e:cf:a1:5c:29:70:
                    05:15:28:5c:e7:d2:f2:79:db:23:91:76:ad:3b:f8:
                    01:99:5c:66:25:99:c4:eb:b7:4a:f2:f1:3a:b6:ac:
                    a5:83:98:ee:af:b2:ce:07:82:9a:2e:1b:e0:c4:40:
                    52:ab:3c:6a:5d:1d:cc:a7:c0:2e:bd:ff:08:3d:51:
                    b7:f0:92:90:b3:05:ec:0c:4b:d4:8d:3f:30:64:f0:
                    c2:51:71:54:d9:7c:1f:db:fb:72:2b:6b:dc:19:75:
                    c6:f2:4f:20:4f:2d:96:97:67:d0:de:b3:c1:a0:5c:
                    fb:ff:54:20:1e:df:a3:a8:d3:78:1d:b4:d4:e6:64:
                    47:f4:26:da:da:b5:c9:d4:f0:23:42:5e:43:82:82:
                    07:62:8c:99:98:c4:e3:ff:22:4e:b6:6c:86:ca:0c:
                    82:0a:f6:31:e9:ca:5f:83:7b:7e:e7:1d:3e:31:bf:
                    19:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:19:6B:06:5A:F8:9E:88:DD:E3:6D:C4:53:E3:9D:13:9A:DA:CD:00
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/2hlrBlr4nojd423EU-OdE5razQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e9c::/48
                  2001:67c:ea0::/48
                  2001:67c:ea4::/48
                  2001:67c:ea8::/48
                  2a01:e900::/40

    Signature Algorithm: sha256WithRSAEncryption
         2c:a3:01:aa:27:76:22:2b:f7:17:f2:ca:6d:9b:03:72:64:7e:
         24:aa:c5:eb:96:49:be:ba:8d:b3:da:cd:20:0d:4e:c9:6a:c0:
         ba:b6:d8:16:05:fe:cd:cb:8a:41:9a:c8:c9:ce:f7:f6:41:58:
         c0:7f:79:e3:04:e0:36:47:01:4a:50:3c:c5:c4:c8:24:52:5a:
         f8:02:41:e7:1a:8f:67:11:d0:0a:01:1b:c3:6d:34:fa:a9:f5:
         d1:ff:f8:42:17:fa:77:21:06:f6:06:91:3b:96:70:11:ae:b4:
         0c:0f:46:09:c0:d1:40:a3:5d:3d:89:26:b4:c2:ff:56:3a:04:
         7c:6a:e9:94:4d:b8:36:ca:b2:aa:f2:b5:87:bc:69:9c:42:17:
         91:f8:09:80:e6:88:95:22:a0:cb:cf:86:d0:51:6e:19:57:15:
         ed:2c:c9:23:e4:77:1c:4b:4e:68:bf:3d:ce:fd:4d:26:5a:bb:
         1f:f7:c7:77:e4:41:99:83:29:c4:4d:5d:a1:2c:0a:87:a8:9f:
         ed:f8:fb:2d:85:03:ee:e9:5b:93:4f:0c:1e:ec:31:77:cb:a9:
         6f:93:c0:8a:34:28:d2:93:c9:da:bc:75:57:0b:03:40:c5:ea:
         ed:f5:7b:92:15:30:50:b9:f1:34:8b:61:d5:6e:56:26:c3:4a:
         56:d8:f3:f4
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZExLH0cPb89lBO6/t1XlcZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjQwODA4MDg0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTE5NmIwNjVhZjg5ZTg4ZGRlMzZkYzQ1M2UzOWQxMzlhZGFjZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKfo8lsBv/yti8jMuxNtpbP1qTdp
EHVCj12ImvCBslY7pUWwCkS7nlU8pm3fv6WmHTyPrQOWL1MWyzMfChwsu6tpGZ22
GorcOD6uYlyCdAimzJCez6FcKXAFFShc59LyedsjkXatO/gBmVxmJZnE67dK8vE6
tqylg5jur7LOB4KaLhvgxEBSqzxqXR3Mp8Auvf8IPVG38JKQswXsDEvUjT8wZPDC
UXFU2Xwf2/tyK2vcGXXG8k8gTy2Wl2fQ3rPBoFz7/1QgHt+jqNN4HbTU5mRH9Cba
2rXJ1PAjQl5DgoIHYoyZmMTj/yJOtmyGygyCCvYx6cpfg3t+5x0+Mb8ZuQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFNoZawZa+J6I3eNtxFPjnROa2s0AMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvMmhsckJscjRub2pkNDIzRVUtT2RFNXJhelFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAAjAsAwcAIAEGfA6c
AwcAIAEGfA6gAwcAIAEGfA6kAwcAIAEGfA6oAwYAKgHpAAAwDQYJKoZIhvcNAQEL
BQADggEBACyjAaondiIr9xfyym2bA3JkfiSqxeuWSb66jbPazSANTslqwLq22BYF
/s3LikGayMnO9/ZBWMB/eeME4DZHAUpQPMXEyCRSWvgCQecaj2cR0AoBG8NtNPqp
9dH/+EIX+nchBvYGkTuWcBGutAwPRgnA0UCjXT2JJrTC/1Y6BHxq6ZRNuDbKsqry
tYe8aZxCF5H4CYDmiJUioMvPhtBRbhlXFe0sySPkdxxLTmi/Pc79TSZaux/3x3fk
QZmDKcRNXaEsCoeon+34+y2FA+7pW5NPDB7sMXfLqW+TwIo0KNKTydq8dVcLA0DF
6u31e5IVMFC58TSLYdVuVibDSlbY8/Q=
-----END CERTIFICATE-----
Generated at Tue Aug 13 13:15:28 2024 by rpki-client on console-fra.rpki-client.org