Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/kSriy3JTlWteSdAVP3Sthov7QmU.roa
File:                     kSriy3JTlWteSdAVP3Sthov7QmU.roa (raw, json)
Hash identifier:          fqQ5gYn3g13weTgqa+q69dDUQtBZTZXKkE6jtuR/zak=
Subject key identifier:   91:2A:E2:CB:72:53:95:6B:5E:49:D0:15:3F:74:AD:86:8B:FB:42:65
Certificate issuer:       /CN=4c1b0c40969080957fccee1fb8a3fb4bb38bf5dc
Certificate serial:       018D11278BA6817132DFC2D67C0CFD25FBD9
Authority key identifier: 4C:1B:0C:40:96:90:80:95:7F:CC:EE:1F:B8:A3:FB:4B:B3:8B:F5:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBsMQJaQgJV_zO4fuKP7S7OL9dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/kSriy3JTlWteSdAVP3Sthov7QmU.roa
Signing time:             Tue 16 Jan 2024 07:23:40 +0000
ROA not before:           Tue 16 Jan 2024 07:23:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        2a04:2ec0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 17 Jan 2024 08:54:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:11:27:8b:a6:81:71:32:df:c2:d6:7c:0c:fd:25:fb:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c1b0c40969080957fccee1fb8a3fb4bb38bf5dc
        Validity
            Not Before: Jan 16 07:23:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=912ae2cb7253956b5e49d0153f74ad868bfb4265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:42:8a:f0:78:f7:40:53:e1:e4:02:90:9b:fa:
                    22:24:2f:2d:68:f1:c7:0b:b8:e6:ae:88:21:ca:2b:
                    4d:7b:09:b5:31:0a:bb:79:dd:00:75:e0:59:de:9b:
                    2f:9b:e1:67:6d:b1:39:26:8b:ca:46:28:0d:09:51:
                    ad:f4:f4:17:d9:2a:e8:92:10:64:73:e7:33:97:c8:
                    b7:37:6a:0d:29:3f:f8:5f:08:4d:d8:42:9e:38:0d:
                    73:1e:cd:d6:74:1d:ef:13:04:71:df:00:3f:d5:29:
                    8c:0a:30:2b:3d:14:88:ae:82:b7:6d:77:ad:83:a1:
                    b0:54:d1:31:46:9e:bf:2b:bd:a6:63:4c:f9:8b:69:
                    e1:41:04:15:4e:e5:8c:8a:bb:1d:4d:91:76:db:81:
                    62:30:61:26:18:96:65:6b:9a:dd:e0:09:b7:de:52:
                    98:c8:8f:de:8c:3f:e0:43:cc:4d:78:27:d2:2f:8a:
                    5b:34:0c:8c:51:df:84:b2:30:1e:0b:ed:a9:30:1f:
                    cd:23:f2:61:f8:44:9e:b2:d9:74:92:a5:9d:76:1e:
                    90:87:5a:87:e4:da:ab:b2:ff:80:23:38:a8:90:cc:
                    79:bb:b3:7b:61:b1:8a:28:c5:3a:f9:92:21:ae:09:
                    40:bc:85:8a:ec:9c:9b:07:dd:2b:b0:11:9a:96:5c:
                    58:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:2A:E2:CB:72:53:95:6B:5E:49:D0:15:3F:74:AD:86:8B:FB:42:65
            X509v3 Authority Key Identifier:
                keyid:4C:1B:0C:40:96:90:80:95:7F:CC:EE:1F:B8:A3:FB:4B:B3:8B:F5:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBsMQJaQgJV_zO4fuKP7S7OL9dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/kSriy3JTlWteSdAVP3Sthov7QmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/TBsMQJaQgJV_zO4fuKP7S7OL9dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:5b:0d:ac:67:31:3b:92:44:92:0f:40:1c:19:dd:ab:fd:4a:
         f8:24:fc:b9:38:51:05:1d:b8:19:f5:ea:72:17:6d:35:a7:7c:
         06:af:cd:e4:0a:3e:0a:a4:75:58:15:a0:39:e8:47:24:c5:0c:
         d1:95:30:c4:fc:f3:62:9d:10:d1:fe:d3:93:01:10:96:c6:8d:
         1a:88:18:87:35:0b:98:e1:42:3c:06:aa:cb:59:6d:a9:fb:30:
         51:18:79:f4:58:58:59:0b:1b:d5:85:25:4b:ef:ca:2b:dd:4c:
         4b:1a:9f:b2:15:ea:59:2e:8e:2c:dd:98:7d:5c:90:95:e3:83:
         9e:fa:7f:d7:cd:72:3e:ea:d6:1c:82:23:13:b6:b5:0d:fd:b3:
         2c:ac:8f:a8:60:ef:f0:72:12:bd:57:80:2c:29:f0:47:af:71:
         82:97:fd:6e:33:c9:86:e8:41:98:22:71:60:64:3d:1e:20:11:
         25:6c:bd:f9:4c:c4:f7:ed:01:38:b5:34:92:f8:62:75:70:28:
         1f:40:92:fe:a1:94:af:22:5f:58:17:e3:7e:d7:f9:d0:74:46:
         a8:fb:cc:8d:f0:6f:0d:d1:6b:f3:6d:08:6d:76:2d:3e:0e:d0:
         17:93:86:8f:15:8e:8f:10:29:23:da:63:ad:70:78:86:04:2a:
         44:f2:eb:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0RJ4umgXEy38LWfAz9JfvZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMWIwYzQwOTY5MDgwOTU3ZmNjZWUxZmI4YTNmYjRiYjM4
YmY1ZGMwHhcNMjQwMTE2MDcyMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTJhZTJjYjcyNTM5NTZiNWU0OWQwMTUzZjc0YWQ4NjhiZmI0MjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUKK8Hj3QFPh5AKQm/oiJC8taPHH
C7jmroghyitNewm1MQq7ed0AdeBZ3psvm+FnbbE5JovKRigNCVGt9PQX2SrokhBk
c+czl8i3N2oNKT/4XwhN2EKeOA1zHs3WdB3vEwRx3wA/1SmMCjArPRSIroK3bXet
g6GwVNExRp6/K72mY0z5i2nhQQQVTuWMirsdTZF224FiMGEmGJZla5rd4Am33lKY
yI/ejD/gQ8xNeCfSL4pbNAyMUd+EsjAeC+2pMB/NI/Jh+ESestl0kqWddh6Qh1qH
5Nqrsv+AIziokMx5u7N7YbGKKMU6+ZIhrglAvIWK7JybB90rsBGallxYqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJEq4styU5VrXknQFT90rYaL+0JlMB8GA1UdIwQY
MBaAFEwbDECWkICVf8zuH7ij+0uzi/XcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJzTVFKYVFnSlZfek80ZnVLUDdTN09MOWR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9lZTI5YTYtNjkxZC00YjBjLWFkNjMt
OTRjODI1NGJkM2I3LzEva1NyaXkzSlRsV3RlU2RBVlAzU3Rob3Y3UW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9lZTI5YTYtNjkxZC00YjBjLWFkNjMtOTRjODI1NGJkM2I3
LzEvVEJzTVFKYVFnSlZfek80ZnVLUDdTN09MOWR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgQuwDAN
BgkqhkiG9w0BAQsFAAOCAQEAAlsNrGcxO5JEkg9AHBndq/1K+CT8uThRBR24GfXq
chdtNad8Bq/N5Ao+CqR1WBWgOehHJMUM0ZUwxPzzYp0Q0f7TkwEQlsaNGogYhzUL
mOFCPAaqy1ltqfswURh59FhYWQsb1YUlS+/KK91MSxqfshXqWS6OLN2YfVyQleOD
nvp/181yPurWHIIjE7a1Df2zLKyPqGDv8HISvVeALCnwR69xgpf9bjPJhuhBmCJx
YGQ9HiARJWy9+UzE9+0BOLU0kvhidXAoH0CS/qGUryJfWBfjftf50HRGqPvMjfBv
DdFr820IbXYtPg7QF5OGjxWOjxApI9pjrXB4hgQqRPLriQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:34 2024 by rpki-client on console-fra.rpki-client.org