Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rAFgBfjGDmE_2HGyARygNbKsctI.roa
File:                     rAFgBfjGDmE_2HGyARygNbKsctI.roa (raw, json)
Hash identifier:          alNGzEc/I1ksRJ+usEdXMeoNU+OJu6gMDntcEeqrcl4=
Subject key identifier:   AC:01:60:05:F8:C6:0E:61:3F:D8:71:B2:01:1C:A0:35:B2:AC:72:D2
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018C022497893F4DBC2A73DB6736E17EC7F2
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rAFgBfjGDmE_2HGyARygNbKsctI.roa
Signing time:             Fri 24 Nov 2023 16:23:21 +0000
ROA not before:           Fri 24 Nov 2023 16:23:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     216022
IP address blocks:        2a10:7403::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:02:24:97:89:3f:4d:bc:2a:73:db:67:36:e1:7e:c7:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Nov 24 16:23:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac016005f8c60e613fd871b2011ca035b2ac72d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:78:4c:52:de:67:28:03:1c:c9:58:90:9c:58:
                    61:4d:96:12:3e:e5:6a:4b:df:30:71:b8:0f:1d:df:
                    c4:91:20:5e:4f:bc:b7:cb:6e:60:21:04:c9:0c:13:
                    54:2b:91:ef:0d:ab:d4:7e:f5:09:56:0b:76:eb:af:
                    24:e0:6d:59:af:84:e4:18:01:5e:3d:1f:d5:b5:7c:
                    e8:45:40:a0:8b:f0:73:4d:39:8a:a3:9a:de:a9:b0:
                    5a:2a:a2:da:d5:2b:8e:bf:eb:4b:4c:c1:8b:55:82:
                    45:66:06:e2:5c:9f:d7:6b:5e:1d:ad:ee:b2:ac:70:
                    bb:38:24:d9:73:ab:79:9f:1e:84:7f:03:97:46:19:
                    68:78:a9:9d:3d:f9:a8:11:37:6a:41:2f:a6:19:83:
                    b2:dc:50:9e:e9:b2:5b:15:76:44:3a:9e:52:b6:a8:
                    f3:49:53:a1:97:72:81:c9:62:60:2d:7e:82:ce:bc:
                    44:e4:0d:ae:07:b8:36:fe:f0:ae:f3:40:ad:67:a3:
                    a5:0b:ff:fc:86:0e:27:b9:ca:ec:a0:8c:12:99:5c:
                    0e:e6:0e:d7:2d:47:1d:ca:71:ec:a0:e6:e7:0f:55:
                    c2:97:22:b3:11:59:04:93:6d:84:67:36:e7:2f:06:
                    12:4d:1e:5a:c9:d5:55:0b:a4:8a:59:df:d4:1d:10:
                    08:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:01:60:05:F8:C6:0E:61:3F:D8:71:B2:01:1C:A0:35:B2:AC:72:D2
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rAFgBfjGDmE_2HGyARygNbKsctI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7403::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:b7:39:89:22:0a:4d:80:4c:ad:b2:2a:e0:90:02:a7:cc:24:
         ad:51:ad:39:c8:7e:4c:a8:71:94:3f:2b:0e:be:42:1f:ef:2b:
         b6:bb:23:43:64:1a:df:1c:c6:65:96:d7:be:b6:51:d7:98:87:
         02:2d:b4:ef:39:50:28:07:02:03:fa:f9:d9:65:02:11:1d:91:
         db:1d:4f:7d:1f:c2:ef:ee:b5:55:41:4e:4a:08:20:3d:45:96:
         9a:2d:cd:9e:4d:68:38:eb:0b:20:ae:d5:4f:f2:34:60:f3:48:
         00:0d:55:1e:0f:c9:0f:d8:90:3f:ac:88:a7:00:8e:27:cd:65:
         c7:29:59:9d:bb:5c:8c:bd:b2:22:03:7e:42:26:f3:7c:e4:c1:
         04:34:d0:a0:f0:ec:21:49:98:fc:03:3b:79:ee:4e:dc:61:64:
         52:d7:82:58:04:b3:64:ae:e4:d7:e0:87:26:49:ca:9d:82:69:
         ad:a5:ae:91:bb:ca:bb:71:c8:f6:c2:8e:f9:82:97:e4:cd:9f:
         30:17:b7:78:2d:ce:bc:90:c4:b8:92:84:32:cd:c8:56:a3:85:
         cc:91:bd:6c:f3:b7:a2:0a:80:44:91:b6:a0:a7:50:cf:79:f7:
         6e:aa:f7:39:4c:47:c9:9c:8a:9d:35:d6:b9:a3:c7:63:10:94:
         ab:89:6f:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYwCJJeJP028KnPbZzbhfsfyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMTI0MTYyMzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzAxNjAwNWY4YzYwZTYxM2ZkODcxYjIwMTFjYTAzNWIyYWM3MmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3hMUt5nKAMcyViQnFhhTZYSPuVq
S98wcbgPHd/EkSBeT7y3y25gIQTJDBNUK5HvDavUfvUJVgt2668k4G1Zr4TkGAFe
PR/VtXzoRUCgi/BzTTmKo5reqbBaKqLa1SuOv+tLTMGLVYJFZgbiXJ/Xa14dre6y
rHC7OCTZc6t5nx6EfwOXRhloeKmdPfmoETdqQS+mGYOy3FCe6bJbFXZEOp5Stqjz
SVOhl3KByWJgLX6CzrxE5A2uB7g2/vCu80CtZ6OlC//8hg4nucrsoIwSmVwO5g7X
LUcdynHsoObnD1XClyKzEVkEk22EZzbnLwYSTR5aydVVC6SKWd/UHRAIFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKwBYAX4xg5hP9hxsgEcoDWyrHLSMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvckFGZ0JmakdEbUVfMkhHeUFSeWdOYktzY3RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhB0AzAN
BgkqhkiG9w0BAQsFAAOCAQEAG7c5iSIKTYBMrbIq4JACp8wkrVGtOch+TKhxlD8r
Dr5CH+8rtrsjQ2Qa3xzGZZbXvrZR15iHAi207zlQKAcCA/r52WUCER2R2x1PfR/C
7+61VUFOSgggPUWWmi3Nnk1oOOsLIK7VT/I0YPNIAA1VHg/JD9iQP6yIpwCOJ81l
xylZnbtcjL2yIgN+QibzfOTBBDTQoPDsIUmY/AM7ee5O3GFkUteCWASzZK7k1+CH
JknKnYJpraWukbvKu3HI9sKO+YKX5M2fMBe3eC3OvJDEuJKEMs3IVqOFzJG9bPO3
ogqARJG2oKdQz3n3bqr3OUxHyZyKnTXWuaPHYxCUq4lvBQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org