Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xhcYAZi0HMMNvUo72x23xHdqK30.roa
File:                     xhcYAZi0HMMNvUo72x23xHdqK30.roa (raw, json)
Hash identifier:          s/BKj1iGapGIgIQDW/d7w3vbK5FZ5c3k8X+RkRvVAFM=
Subject key identifier:   C6:17:18:01:98:B4:1C:C3:0D:BD:4A:3B:DB:1D:B7:C4:77:6A:2B:7D
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       0185707971050A6877407E0D0275D5FEBE70
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xhcYAZi0HMMNvUo72x23xHdqK30.roa
Signing time:             Mon 02 Jan 2023 03:14:44 +0000
ROA not before:           Mon 02 Jan 2023 03:14:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51699
IP address blocks:        2a05:4741:6::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:79:71:05:0a:68:77:40:7e:0d:02:75:d5:fe:be:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 03:14:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c617180198b41cc30dbd4a3bdb1db7c4776a2b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f8:b9:14:3b:c8:71:4b:cb:51:e9:63:ca:3e:
                    f7:c2:29:1a:11:7b:c8:fe:0a:e9:56:7d:72:d0:67:
                    3a:0a:ec:6e:99:2a:81:a9:a1:e3:ce:12:3f:c7:71:
                    76:a4:30:fc:e5:34:c6:8a:a1:d9:68:bb:cf:53:bf:
                    b5:46:55:6f:cc:30:25:a6:df:c0:74:68:d4:ff:84:
                    58:57:f8:b6:19:92:5a:bd:c1:c8:be:4d:a2:52:0f:
                    46:df:1a:34:3a:9b:ab:8d:c4:04:99:42:fc:ee:32:
                    02:c6:8e:73:6b:b5:7c:77:35:d7:f2:a0:47:4e:de:
                    f1:3b:44:d9:75:32:86:bf:01:8d:0b:2b:82:d3:e7:
                    90:d9:b9:b9:a6:a2:92:35:ab:ac:2c:00:2e:74:5c:
                    94:06:67:78:17:a0:fe:94:58:fc:fd:f9:d9:f9:2d:
                    f7:51:af:c1:e6:c1:38:61:80:14:54:c9:3f:a4:b9:
                    51:2e:be:09:d9:6d:b0:16:07:35:26:8f:75:61:89:
                    21:67:22:c5:10:17:43:a8:ce:5d:d4:83:d1:27:1c:
                    45:b3:56:f8:cf:58:65:05:a7:cc:6b:88:0a:93:a2:
                    7e:1d:46:e1:3c:3e:f0:bb:10:cc:be:ed:6d:0b:52:
                    dd:0a:67:99:b5:06:4d:34:45:da:58:3b:2f:81:e2:
                    8e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:17:18:01:98:B4:1C:C3:0D:BD:4A:3B:DB:1D:B7:C4:77:6A:2B:7D
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xhcYAZi0HMMNvUo72x23xHdqK30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4741:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:4e:e0:b4:f7:a7:04:09:84:7d:80:e2:80:01:d1:66:df:a0:
         c3:98:cd:a6:9b:5a:9b:ed:26:8f:4b:0d:68:31:0e:5b:4e:f6:
         7d:3c:96:43:2c:b7:de:7c:51:d6:c3:48:9e:a0:3a:92:4c:c8:
         7c:a6:a8:12:e5:19:0e:e4:97:ba:34:56:cb:35:96:42:85:e3:
         2a:a2:08:53:22:fc:6f:d6:38:18:6e:30:8a:27:2a:c9:ab:04:
         6b:28:11:31:f7:a7:47:4e:b0:33:7c:14:6b:17:0f:42:e6:a1:
         7c:21:f8:fb:5c:90:0a:5d:3f:52:a3:30:02:56:d0:5c:49:39:
         3f:e0:90:6c:6a:e9:db:dd:d3:69:27:2e:4e:f0:14:c9:a0:7a:
         ed:f9:2b:2b:39:1c:bb:c0:2e:0e:31:17:0a:1d:4e:b9:4c:69:
         8e:f8:1f:bd:fb:15:d0:f7:9b:a9:27:f2:4e:49:79:54:9a:76:
         70:0f:9e:8d:4d:9e:0c:8e:cc:0f:a0:f1:e5:71:c3:a7:ff:5b:
         a2:73:7c:d4:21:27:08:6c:ff:1e:ab:a1:8a:7c:e2:42:6d:51:
         14:91:04:1d:ea:fc:f1:c8:56:83:df:19:0c:e3:55:65:eb:bd:
         67:9d:34:8d:b3:b5:2b:94:d0:87:cf:be:28:81:c5:1e:d0:62:
         55:5d:b0:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVweXEFCmh3QH4NAnXV/r5wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjMwMTAyMDMxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE3MTgwMTk4YjQxY2MzMGRiZDRhM2JkYjFkYjdjNDc3NmEyYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPi5FDvIcUvLUeljyj73wikaEXvI
/grpVn1y0Gc6CuxumSqBqaHjzhI/x3F2pDD85TTGiqHZaLvPU7+1RlVvzDAlpt/A
dGjU/4RYV/i2GZJavcHIvk2iUg9G3xo0OpurjcQEmUL87jICxo5za7V8dzXX8qBH
Tt7xO0TZdTKGvwGNCyuC0+eQ2bm5pqKSNausLAAudFyUBmd4F6D+lFj8/fnZ+S33
Ua/B5sE4YYAUVMk/pLlRLr4J2W2wFgc1Jo91YYkhZyLFEBdDqM5d1IPRJxxFs1b4
z1hlBafMa4gKk6J+HUbhPD7wuxDMvu1tC1LdCmeZtQZNNEXaWDsvgeKO3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMYXGAGYtBzDDb1KO9sdt8R3ait9MB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEveGhjWUFaaTBITU1OdlVvNzJ4MjN4SGRxSzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVHQQAG
MA0GCSqGSIb3DQEBCwUAA4IBAQC0TuC096cECYR9gOKAAdFm36DDmM2mm1qb7SaP
Sw1oMQ5bTvZ9PJZDLLfefFHWw0ieoDqSTMh8pqgS5RkO5Je6NFbLNZZCheMqoghT
Ivxv1jgYbjCKJyrJqwRrKBEx96dHTrAzfBRrFw9C5qF8Ifj7XJAKXT9SozACVtBc
STk/4JBsaunb3dNpJy5O8BTJoHrt+SsrORy7wC4OMRcKHU65TGmO+B+9+xXQ95up
J/JOSXlUmnZwD56NTZ4MjswPoPHlccOn/1uic3zUIScIbP8eq6GKfOJCbVEUkQQd
6vzxyFaD3xkM41Vl671nnTSNs7UrlNCHz74ogcUe0GJVXbCD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:53 2024 by rpki-client on console-fra.rpki-client.org