Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/Ag12A8lV_aRse_thduwYb7mBBa4.roa
File:                     Ag12A8lV_aRse_thduwYb7mBBa4.roa (raw, json)
Hash identifier:          P1i57gKCu5Sf9Z3bIjjncpYh56H0J019uTOcLfuNENE=
Subject key identifier:   02:0D:76:03:C9:55:FD:A4:6C:7B:FB:61:76:EC:18:6F:B9:81:05:AE
Certificate issuer:       /CN=18f4ee88584d6dfd9e3aa9bc201c50f44e353d9c
Certificate serial:       018CC3490C718115BC31BFFAF74C14E33177
Authority key identifier: 18:F4:EE:88:58:4D:6D:FD:9E:3A:A9:BC:20:1C:50:F4:4E:35:3D:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GPTuiFhNbf2eOqm8IBxQ9E41PZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/Ag12A8lV_aRse_thduwYb7mBBa4.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:678:a90::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 21 Jun 2024 04:25:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0c:71:81:15:bc:31:bf:fa:f7:4c:14:e3:31:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18f4ee88584d6dfd9e3aa9bc201c50f44e353d9c
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=020d7603c955fda46c7bfb6176ec186fb98105ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:23:1a:6c:64:6b:62:55:a7:47:dc:4a:3f:e9:
                    a2:86:64:cb:ae:9f:06:73:e9:57:29:9f:fc:6c:93:
                    df:c3:56:84:cf:c9:a8:50:f7:ef:ea:32:5d:fa:7f:
                    c6:f1:fa:86:3b:60:d0:17:b4:83:54:73:2a:ef:bc:
                    a2:74:9a:3a:c3:47:fa:a7:b3:65:e8:a2:d5:a2:6d:
                    b5:f0:0b:a8:60:bf:7f:b8:84:a0:c5:fc:70:55:d8:
                    88:e9:ad:1a:0c:4b:ff:2a:2c:ca:67:42:5b:77:b5:
                    b2:d8:d0:67:17:e5:db:e8:61:30:6f:6d:36:34:b6:
                    d1:2c:31:6c:30:f3:e3:e9:de:a7:1b:20:4c:20:49:
                    65:a1:d5:31:6e:c5:8e:80:0a:17:f7:e0:3d:56:02:
                    43:57:41:51:0a:2d:ae:0f:b8:f1:ef:bb:2c:9a:24:
                    93:9a:ea:23:e0:5e:97:f4:46:50:f7:5f:aa:87:5d:
                    34:9c:02:3c:7e:47:fe:8e:3e:2a:23:3f:b6:76:08:
                    c4:ea:bb:42:d8:19:0c:69:f8:a6:e5:b3:84:fe:18:
                    a6:5e:dd:7c:02:46:a4:75:e8:de:f3:b8:ec:45:59:
                    f9:53:7a:c5:b3:75:0e:61:e2:35:10:3c:7c:1f:2b:
                    35:4f:7c:9a:54:70:81:fa:d4:26:f9:d1:2f:27:d6:
                    65:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:0D:76:03:C9:55:FD:A4:6C:7B:FB:61:76:EC:18:6F:B9:81:05:AE
            X509v3 Authority Key Identifier:
                keyid:18:F4:EE:88:58:4D:6D:FD:9E:3A:A9:BC:20:1C:50:F4:4E:35:3D:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GPTuiFhNbf2eOqm8IBxQ9E41PZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/Ag12A8lV_aRse_thduwYb7mBBa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/GPTuiFhNbf2eOqm8IBxQ9E41PZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a90::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:5f:72:d9:27:92:7d:30:e0:07:cc:6a:6d:d9:19:37:60:0b:
         0e:5b:68:41:b6:5d:58:18:aa:9e:0d:bb:69:85:13:2b:ae:dc:
         64:8a:17:1f:69:c8:eb:e1:72:80:ca:a1:15:38:99:62:89:38:
         29:62:65:69:79:b0:d4:a2:e4:33:25:de:91:5f:5a:62:55:07:
         ba:8e:f7:aa:e6:df:d3:5a:7f:b5:36:73:d5:53:a2:bd:9f:a5:
         24:44:90:db:b4:3b:ab:b5:5e:76:2b:0a:82:42:40:c7:c2:5d:
         ad:04:e8:30:fe:6f:dc:4e:4e:1c:c4:c6:7f:91:c3:b9:db:c6:
         1e:a7:13:50:9f:e2:3d:56:6e:a7:83:23:19:16:dd:1f:b2:9d:
         1c:f0:06:ed:0e:bb:20:5e:28:05:b2:f2:f5:3d:ba:4e:fd:da:
         10:45:6d:09:e9:4e:1f:6a:8a:6f:d8:73:9c:a6:ad:63:b9:5c:
         64:28:be:c3:d1:f2:be:8d:a3:bf:30:c4:20:fd:7b:0f:6b:49:
         95:16:47:cd:f2:e0:c9:e4:f4:9a:09:3c:f9:fe:92:cb:5c:02:
         5b:7b:44:85:2f:72:9d:b7:a3:d2:b0:6b:8d:49:5a:8f:be:1e:
         27:f8:7e:47:fe:66:b1:e9:67:1f:89:77:c2:6c:eb:0f:44:e9:
         22:41:1d:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSQxxgRW8Mb/690wU4zF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZjRlZTg4NTg0ZDZkZmQ5ZTNhYTliYzIwMWM1MGY0NGUz
NTNkOWMwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjBkNzYwM2M5NTVmZGE0NmM3YmZiNjE3NmVjMTg2ZmI5ODEwNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiMabGRrYlWnR9xKP+mihmTLrp8G
c+lXKZ/8bJPfw1aEz8moUPfv6jJd+n/G8fqGO2DQF7SDVHMq77yidJo6w0f6p7Nl
6KLVom218AuoYL9/uISgxfxwVdiI6a0aDEv/KizKZ0Jbd7Wy2NBnF+Xb6GEwb202
NLbRLDFsMPPj6d6nGyBMIEllodUxbsWOgAoX9+A9VgJDV0FRCi2uD7jx77ssmiST
muoj4F6X9EZQ91+qh100nAI8fkf+jj4qIz+2dgjE6rtC2BkMafim5bOE/himXt18
Akakdeje87jsRVn5U3rFs3UOYeI1EDx8Hys1T3yaVHCB+tQm+dEvJ9ZlowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAINdgPJVf2kbHv7YXbsGG+5gQWuMB8GA1UdIwQY
MBaAFBj07ohYTW39njqpvCAcUPRONT2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1BUdWlGaE5iZjJlT3FtOElCeFE5RTQxUFp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC85ZjhmYmUtYjJlOC00NzJkLTllYmMt
MGI5ODg1ODYzZWJmLzEvQWcxMkE4bFZfYVJzZV90aGR1d1liN21CQmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC85ZjhmYmUtYjJlOC00NzJkLTllYmMtMGI5ODg1ODYzZWJm
LzEvR1BUdWlGaE5iZjJlT3FtOElCeFE5RTQxUFp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAJX3LZJ5J9MOAHzGpt2Rk3YAsOW2hBtl1YGKqe
DbtphRMrrtxkihcfacjr4XKAyqEVOJliiTgpYmVpebDUouQzJd6RX1piVQe6jveq
5t/TWn+1NnPVU6K9n6UkRJDbtDurtV52KwqCQkDHwl2tBOgw/m/cTk4cxMZ/kcO5
28YepxNQn+I9Vm6ngyMZFt0fsp0c8AbtDrsgXigFsvL1PbpO/doQRW0J6U4faopv
2HOcpq1juVxkKL7D0fK+jaO/MMQg/XsPa0mVFkfN8uDJ5PSaCTz5/pLLXAJbe0SF
L3Kdt6PSsGuNSVqPvh4n+H5H/max6WcfiXfCbOsPROkiQR2G
-----END CERTIFICATE-----
Generated at Fri Jun 21 06:43:18 2024 by rpki-client on console-fra.rpki-client.org