Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/s640UJFfo-99cX0Y6En7Y3orSpQ.roa
File:                     s640UJFfo-99cX0Y6En7Y3orSpQ.roa (raw, json)
Hash identifier:          zXrrv8BVqsq0boh/qQkafftxbJAAPxXzmQPnM6ukdd4=
Subject key identifier:   B3:AE:34:50:91:5F:A3:EF:7D:71:7D:18:E8:49:FB:63:7A:2B:4A:94
Certificate issuer:       /CN=c6f53c03d2f4e7f07a81ea903ecef01d68c68137
Certificate serial:       018A8405D7FD30DA2208F6E1F4CD8D8FBF86
Authority key identifier: C6:F5:3C:03:D2:F4:E7:F0:7A:81:EA:90:3E:CE:F0:1D:68:C6:81:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xvU8A9L05_B6geqQPs7wHWjGgTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/s640UJFfo-99cX0Y6En7Y3orSpQ.roa
Signing time:             Mon 11 Sep 2023 11:34:50 +0000
ROA not before:           Mon 11 Sep 2023 11:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212996
IP address blocks:        2a13:d8c0::/32 maxlen: 32
                          2a13:d8c6::/32 maxlen: 32
                          2a13:d8c5::/32 maxlen: 32
                          2a13:d8c2::/32 maxlen: 32
                          2a13:d8c1::/32 maxlen: 32
                          2a13:d8c3::/32 maxlen: 32
                          2a13:d8c4::/32 maxlen: 32
                          2a13:d8c7::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:84:05:d7:fd:30:da:22:08:f6:e1:f4:cd:8d:8f:bf:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6f53c03d2f4e7f07a81ea903ecef01d68c68137
        Validity
            Not Before: Sep 11 11:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b3ae3450915fa3ef7d717d18e849fb637a2b4a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:54:c6:fe:89:ec:84:51:25:62:92:42:17:af:
                    4c:c6:b0:bc:f7:05:0e:b9:13:1b:91:70:9b:c4:94:
                    b5:3a:03:3d:9e:bb:d4:d3:5c:9a:0f:95:f6:5c:24:
                    1d:dc:61:6b:67:6a:7a:d9:88:45:8e:e1:2f:6b:60:
                    20:8a:1a:85:33:5d:3e:53:23:fb:72:93:78:bf:65:
                    9a:38:ec:e0:5b:45:e3:c8:60:25:b3:17:3b:43:ca:
                    61:12:1a:d9:42:78:4d:95:2a:ab:47:d7:ca:b9:85:
                    5e:d6:94:75:5d:1f:8c:be:ce:ad:69:a4:ff:49:b3:
                    e1:0e:22:a4:eb:23:5d:41:09:e9:a8:9a:43:50:90:
                    7f:94:e2:f8:d1:74:d9:36:1d:4b:c6:d8:d6:a8:31:
                    79:dd:97:6a:47:0b:0f:03:46:3b:0e:8d:83:4d:54:
                    c2:a1:89:01:49:09:3a:24:bc:1a:f0:9e:08:c9:81:
                    f4:6f:89:6c:9c:d2:e9:ae:36:e7:46:ff:ba:87:78:
                    4b:ae:9a:e8:85:47:6d:a9:31:27:7a:2d:4d:e7:15:
                    ae:a5:a7:84:74:9f:48:63:b2:24:18:d0:6d:f1:99:
                    33:59:72:3e:6e:b7:55:9c:99:f7:dc:fd:d3:41:ef:
                    6e:c1:d4:fa:4f:91:0b:75:23:a0:9a:c1:2b:19:58:
                    c6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:AE:34:50:91:5F:A3:EF:7D:71:7D:18:E8:49:FB:63:7A:2B:4A:94
            X509v3 Authority Key Identifier:
                keyid:C6:F5:3C:03:D2:F4:E7:F0:7A:81:EA:90:3E:CE:F0:1D:68:C6:81:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xvU8A9L05_B6geqQPs7wHWjGgTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/s640UJFfo-99cX0Y6En7Y3orSpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/3c227c-4706-4787-9a07-90ea3729c574/1/xvU8A9L05_B6geqQPs7wHWjGgTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:c7:6c:d6:77:66:98:d1:a3:e5:6a:f7:2f:8d:0f:ca:6b:c1:
         10:5c:e3:93:a4:c3:a7:a6:ce:49:06:87:57:99:34:5d:41:70:
         7b:5c:a4:cc:0f:32:4f:8e:5f:49:92:c9:6f:55:9d:29:76:b6:
         30:6c:67:6b:2c:70:56:e3:cf:f8:b1:14:d7:ee:35:5a:60:6c:
         e2:fd:9e:0f:6a:42:1f:2b:33:e9:ec:ed:e2:77:48:03:14:6f:
         e5:be:c2:42:39:96:f9:b6:08:9d:fd:cf:a3:40:e2:02:f7:e0:
         a0:06:1e:72:ec:de:85:7b:96:e7:56:ce:a1:78:b3:a9:c6:5c:
         0c:fa:7e:0a:5c:87:36:0f:58:ed:de:26:ad:c3:98:4a:9d:52:
         21:f6:e1:2a:ef:0a:63:d0:94:ad:ea:94:1e:aa:42:e2:86:a4:
         37:e3:98:62:6d:b2:a2:4a:b4:a3:b6:68:eb:d3:0a:34:95:ea:
         d7:43:dc:4f:b2:38:f6:45:51:9f:d3:de:5e:33:bf:93:b3:69:
         18:81:83:63:46:a9:46:b5:99:a3:50:5f:f0:1a:73:46:a8:be:
         21:f4:04:17:83:2e:22:f9:f3:86:76:b4:38:5a:fd:29:13:4c:
         1d:49:e8:ab:8b:32:ae:ee:8a:4a:32:7e:17:98:68:e5:76:dc:
         2c:15:0b:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYqEBdf9MNoiCPbh9M2Nj7+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZjUzYzAzZDJmNGU3ZjA3YTgxZWE5MDNlY2VmMDFkNjhj
NjgxMzcwHhcNMjMwOTExMTEzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2FlMzQ1MDkxNWZhM2VmN2Q3MTdkMThlODQ5ZmI2MzdhMmI0YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVTG/onshFElYpJCF69MxrC89wUO
uRMbkXCbxJS1OgM9nrvU01yaD5X2XCQd3GFrZ2p62YhFjuEva2AgihqFM10+UyP7
cpN4v2WaOOzgW0XjyGAlsxc7Q8phEhrZQnhNlSqrR9fKuYVe1pR1XR+Mvs6taaT/
SbPhDiKk6yNdQQnpqJpDUJB/lOL40XTZNh1LxtjWqDF53ZdqRwsPA0Y7Do2DTVTC
oYkBSQk6JLwa8J4IyYH0b4lsnNLprjbnRv+6h3hLrprohUdtqTEnei1N5xWupaeE
dJ9IY7IkGNBt8ZkzWXI+brdVnJn33P3TQe9uwdT6T5ELdSOgmsErGVjGkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLOuNFCRX6PvfXF9GOhJ+2N6K0qUMB8GA1UdIwQY
MBaAFMb1PAPS9OfweoHqkD7O8B1oxoE3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHZVOEE5TDA1X0I2Z2VxUVBzN3dIV2pHZ1RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8zYzIyN2MtNDcwNi00Nzg3LTlhMDct
OTBlYTM3MjljNTc0LzEvczY0MFVKRmZvLTk5Y1gwWTZFbjdZM29yU3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8zYzIyN2MtNDcwNi00Nzg3LTlhMDctOTBlYTM3MjljNTc0
LzEveHZVOEE5TDA1X0I2Z2VxUVBzN3dIV2pHZ1RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPYwDAN
BgkqhkiG9w0BAQsFAAOCAQEAjsds1ndmmNGj5Wr3L40PymvBEFzjk6TDp6bOSQaH
V5k0XUFwe1ykzA8yT45fSZLJb1WdKXa2MGxnayxwVuPP+LEU1+41WmBs4v2eD2pC
Hysz6ezt4ndIAxRv5b7CQjmW+bYInf3Po0DiAvfgoAYecuzehXuW51bOoXizqcZc
DPp+ClyHNg9Y7d4mrcOYSp1SIfbhKu8KY9CUreqUHqpC4oakN+OYYm2yokq0o7Zo
69MKNJXq10PcT7I49kVRn9PeXjO/k7NpGIGDY0apRrWZo1Bf8BpzRqi+IfQEF4Mu
Ivnzhna0OFr9KRNMHUnoq4syru6KSjJ+F5ho5XbcLBULJQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:22 2024 by rpki-client on console-ams.rpki-client.org