Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NgCuIrSx1ZwbtGfbVp4chX8EDKE.roa
File:                     NgCuIrSx1ZwbtGfbVp4chX8EDKE.roa (raw, json)
Hash identifier:          zK/N8irz9LcvX3z9x0TEWN6oxNC6xr+3byXTv//pElg=
Subject key identifier:   36:00:AE:22:B4:B1:D5:9C:1B:B4:67:DB:56:9E:1C:85:7F:04:0C:A1
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018570FBCE28C9377CD22DADE4F6EC73F782
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NgCuIrSx1ZwbtGfbVp4chX8EDKE.roa
Signing time:             Mon 02 Jan 2023 05:37:08 +0000
ROA not before:           Mon 02 Jan 2023 05:37:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208602
IP address blocks:        2a09:e1c1:effe::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:ce:28:c9:37:7c:d2:2d:ad:e4:f6:ec:73:f7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  2 05:37:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3600ae22b4b1d59c1bb467db569e1c857f040ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e5:62:f4:dc:c7:25:8b:7d:d0:09:05:7c:f8:
                    2b:f3:75:da:0e:4c:4b:f6:aa:22:3b:62:14:e8:73:
                    92:80:df:d3:22:c5:dc:85:88:54:fd:b1:e0:c3:2a:
                    d8:6f:4b:84:96:9f:8f:47:a4:7a:3d:7f:a7:7e:ad:
                    cc:28:9c:68:bc:26:56:05:65:dc:44:c9:9b:a2:b3:
                    0c:f9:b6:15:2c:0d:ab:6b:63:3b:c7:8b:d9:5c:dd:
                    7b:de:2b:10:10:3d:24:e3:26:89:5e:59:52:d8:aa:
                    32:53:7a:87:c9:0f:55:d2:4e:00:2a:a3:f2:f2:48:
                    dd:97:41:ce:84:08:26:4e:94:ea:bb:c2:4a:b1:91:
                    88:d8:52:1f:c7:3c:43:74:0d:d5:54:4e:d0:e4:3d:
                    d2:18:75:8f:9a:d8:2c:eb:cf:64:e3:64:37:3a:04:
                    de:1a:e4:3f:92:56:0e:33:56:cf:c0:a6:32:eb:e0:
                    e6:06:95:a1:8b:96:72:20:47:30:53:a0:39:4e:a0:
                    0c:5e:7e:08:f3:42:93:60:f4:a1:08:ff:6a:1b:a4:
                    74:2e:5b:8d:f3:b0:8b:01:ff:44:c1:0b:28:30:b4:
                    b7:46:cf:2b:ea:89:d8:b9:a3:59:31:29:30:7a:e6:
                    89:76:25:e8:94:87:39:94:70:34:86:1e:11:f1:14:
                    61:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:00:AE:22:B4:B1:D5:9C:1B:B4:67:DB:56:9E:1C:85:7F:04:0C:A1
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NgCuIrSx1ZwbtGfbVp4chX8EDKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:effe::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:ea:de:34:8d:ba:e2:2d:f8:a7:c6:57:f5:32:cc:62:b2:69:
         9d:28:b8:17:e4:b0:ff:4c:a1:5c:53:8b:ba:d2:c4:2a:25:7d:
         a9:7d:2e:8c:56:bd:03:b7:45:68:b4:96:0b:4b:3d:9a:a3:d7:
         15:2d:e5:6b:11:2b:f7:e2:3a:fc:d7:12:92:df:24:08:97:6c:
         c6:fb:6e:49:79:96:a0:85:60:d3:7c:db:83:42:6c:ae:2d:84:
         ef:6f:78:12:1d:6b:ae:9c:15:97:3f:24:13:f8:29:3a:45:0b:
         76:cb:40:32:12:e6:f1:2b:97:a2:f6:b3:e5:0d:6d:6f:22:b5:
         ab:8d:7f:9a:ad:14:cf:2e:3f:b0:f3:97:24:37:5b:04:59:ae:
         98:ec:50:0f:bd:97:9b:d5:fb:af:cb:2a:e6:cc:c9:8e:5f:56:
         f7:90:d6:bb:08:38:bc:dc:d4:7d:95:6b:fb:2f:db:6b:79:f8:
         7d:a4:11:08:fc:ee:f5:58:02:21:24:a5:98:af:b2:34:bd:9f:
         db:75:49:57:61:dd:f1:aa:17:3c:f2:20:e7:13:98:21:35:d8:
         98:42:7f:f1:5e:98:17:82:7d:f8:ce:e3:4c:b3:51:b7:45:1b:
         73:97:d8:bb:5d:8c:29:05:18:a5:10:0c:8a:4e:4d:49:c6:68:
         52:f0:ad:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVw+84oyTd80i2t5Pbsc/eCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjMwMTAyMDUzNzA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjAwYWUyMmI0YjFkNTljMWJiNDY3ZGI1NjllMWM4NTdmMDQwY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOVi9NzHJYt90AkFfPgr83XaDkxL
9qoiO2IU6HOSgN/TIsXchYhU/bHgwyrYb0uElp+PR6R6PX+nfq3MKJxovCZWBWXc
RMmborMM+bYVLA2ra2M7x4vZXN173isQED0k4yaJXllS2KoyU3qHyQ9V0k4AKqPy
8kjdl0HOhAgmTpTqu8JKsZGI2FIfxzxDdA3VVE7Q5D3SGHWPmtgs689k42Q3OgTe
GuQ/klYOM1bPwKYy6+DmBpWhi5ZyIEcwU6A5TqAMXn4I80KTYPShCP9qG6R0LluN
87CLAf9EwQsoMLS3Rs8r6onYuaNZMSkweuaJdiXolIc5lHA0hh4R8RRhAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDYAriK0sdWcG7Rn21aeHIV/BAyhMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvTmdDdUlyU3gxWndidEdmYlZwNGNoWDhFREtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnhwe/+
MA0GCSqGSIb3DQEBCwUAA4IBAQA06t40jbriLfinxlf1MsxismmdKLgX5LD/TKFc
U4u60sQqJX2pfS6MVr0Dt0VotJYLSz2ao9cVLeVrESv34jr81xKS3yQIl2zG+25J
eZaghWDTfNuDQmyuLYTvb3gSHWuunBWXPyQT+Ck6RQt2y0AyEubxK5ei9rPlDW1v
IrWrjX+arRTPLj+w85ckN1sEWa6Y7FAPvZeb1fuvyyrmzMmOX1b3kNa7CDi83NR9
lWv7L9trefh9pBEI/O71WAIhJKWYr7I0vZ/bdUlXYd3xqhc88iDnE5ghNdiYQn/x
XpgXgn34zuNMs1G3RRtzl9i7XYwpBRilEAyKTk1JxmhS8K3R
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:31 2024 by rpki-client on console-ams.rpki-client.org