Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/xhkDXqh3az6SzoYOJdXhi_4zpNc.roa
File:                     xhkDXqh3az6SzoYOJdXhi_4zpNc.roa (raw, json)
Hash identifier:          MCmpopxTZaJwd+BreN200uP7jl8fiMqj7Zip4AhIrFc=
Subject key identifier:   C6:19:03:5E:A8:77:6B:3E:92:CE:86:0E:25:D5:E1:8B:FE:33:A4:D7
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       01856FF01BB5DFB6B4EB5D87ABD7CC8E0BB4
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/xhkDXqh3az6SzoYOJdXhi_4zpNc.roa
Signing time:             Mon 02 Jan 2023 00:44:44 +0000
ROA not before:           Mon 02 Jan 2023 00:44:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     139238
IP address blocks:        2a09:b280:ccce::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:f0:1b:b5:df:b6:b4:eb:5d:87:ab:d7:cc:8e:0b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  2 00:44:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c619035ea8776b3e92ce860e25d5e18bfe33a4d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3e:1b:29:35:28:b2:c8:01:85:cd:10:05:39:
                    ee:0f:09:40:41:4f:c9:36:e8:6d:47:9e:1b:7b:a7:
                    8f:7d:e5:0f:ee:e3:88:23:c3:64:27:b1:63:b9:60:
                    a0:dd:5e:b1:6f:86:d9:c8:73:c3:11:8f:3c:e8:80:
                    0a:2f:a0:90:38:66:c3:b2:6d:d7:84:5b:ad:02:b5:
                    3f:83:8c:87:aa:9c:96:b9:5f:42:63:4e:1f:e1:d6:
                    61:1a:21:20:b2:ca:72:ea:14:7f:6f:44:74:4e:e2:
                    64:fc:1e:f0:7f:3d:a3:e4:88:7c:94:79:1e:b5:28:
                    ae:55:14:09:ae:68:10:a6:80:71:a7:73:39:6d:21:
                    e5:c2:a2:cd:ad:c3:64:52:67:f6:71:e7:a8:9b:77:
                    61:f1:e3:76:f9:5a:ba:88:96:83:70:aa:5f:18:50:
                    28:7d:87:fa:bf:fd:46:47:a6:33:ec:5b:58:1f:e5:
                    00:32:8d:60:65:f6:73:8a:fb:3e:bb:71:72:e1:b8:
                    d7:99:71:db:3e:1a:3f:a6:2d:18:0e:58:91:66:f5:
                    20:c6:7a:31:67:37:a3:a4:32:38:67:c4:1d:eb:4f:
                    3e:07:f3:ca:4b:45:75:8c:00:c9:ce:8f:65:30:09:
                    20:fd:e8:68:39:54:8f:7f:1c:ce:7d:eb:3a:5f:53:
                    4f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:19:03:5E:A8:77:6B:3E:92:CE:86:0E:25:D5:E1:8B:FE:33:A4:D7
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/xhkDXqh3az6SzoYOJdXhi_4zpNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:b280:ccce::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:f5:93:bd:bb:d2:19:ef:25:8a:c7:b0:ad:43:59:b6:2f:ca:
         94:7f:21:47:5a:7d:b5:e6:c8:5c:3a:a6:f4:cd:8a:77:7f:93:
         d9:4c:31:82:23:bc:99:ba:95:c4:1d:9e:91:ce:9f:6a:10:3d:
         a4:8a:f4:47:be:07:62:8d:18:1c:c8:4a:26:c1:1f:ed:ab:03:
         18:3c:ab:25:71:7f:7f:bd:24:fb:dd:5d:18:71:54:27:d9:ab:
         40:63:62:fc:86:e4:1f:68:97:0b:b6:18:d9:c0:01:0a:2f:7d:
         7b:f7:81:14:fa:72:66:18:11:04:2b:25:20:9e:17:99:df:31:
         20:e5:92:a0:68:2e:6c:e6:60:9e:44:8b:84:80:a6:e9:db:01:
         4d:9b:98:8f:87:5e:29:e4:7d:6c:be:06:48:40:af:27:27:45:
         1c:10:b3:77:4e:0a:7a:8b:fd:aa:af:1b:f0:b7:85:a2:b9:40:
         79:9f:5c:01:aa:58:52:f0:fc:cd:04:40:b7:33:38:52:8c:d6:
         5b:22:3b:3e:f4:40:3a:6e:19:c8:7d:e0:c0:02:0d:2a:0c:8e:
         7b:f4:f3:9e:25:2a:7c:fb:9a:b3:41:e7:75:a8:47:86:8c:46:
         96:c4:f5:4c:fa:2a:f1:53:39:54:99:30:83:4a:e4:74:75:4b:
         e9:fe:02:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVv8Bu137a0612Hq9fMjgu0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjMwMTAyMDA0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE5MDM1ZWE4Nzc2YjNlOTJjZTg2MGUyNWQ1ZTE4YmZlMzNhNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1z4bKTUossgBhc0QBTnuDwlAQU/J
NuhtR54be6ePfeUP7uOII8NkJ7FjuWCg3V6xb4bZyHPDEY886IAKL6CQOGbDsm3X
hFutArU/g4yHqpyWuV9CY04f4dZhGiEgsspy6hR/b0R0TuJk/B7wfz2j5Ih8lHke
tSiuVRQJrmgQpoBxp3M5bSHlwqLNrcNkUmf2ceeom3dh8eN2+Vq6iJaDcKpfGFAo
fYf6v/1GR6Yz7FtYH+UAMo1gZfZzivs+u3Fy4bjXmXHbPho/pi0YDliRZvUgxnox
ZzejpDI4Z8Qd608+B/PKS0V1jADJzo9lMAkg/ehoOVSPfxzOfes6X1NPcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMYZA16od2s+ks6GDiXV4Yv+M6TXMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEveGhrRFhxaDNhejZTem9ZT0pkWGhpXzR6cE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmygMzO
MA0GCSqGSIb3DQEBCwUAA4IBAQAD9ZO9u9IZ7yWKx7CtQ1m2L8qUfyFHWn215shc
Oqb0zYp3f5PZTDGCI7yZupXEHZ6Rzp9qED2kivRHvgdijRgcyEomwR/tqwMYPKsl
cX9/vST73V0YcVQn2atAY2L8huQfaJcLthjZwAEKL31794EU+nJmGBEEKyUgnheZ
3zEg5ZKgaC5s5mCeRIuEgKbp2wFNm5iPh14p5H1svgZIQK8nJ0UcELN3Tgp6i/2q
rxvwt4WiuUB5n1wBqlhS8PzNBEC3MzhSjNZbIjs+9EA6bhnIfeDAAg0qDI579POe
JSp8+5qzQed1qEeGjEaWxPVM+irxUzlUmTCDSuR0dUvp/gJ5
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:19 2024 by rpki-client on console-ams.rpki-client.org