Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/1NUW-zmWYDxcnk65DQgR90o8cgs.roa
File:                     1NUW-zmWYDxcnk65DQgR90o8cgs.roa (raw, json)
Hash identifier:          dZ4bkiouaZxU7q5bp5v8D8NEsWRqYNW5rru24o7rVPY=
Subject key identifier:   D4:D5:16:FB:39:96:60:3C:5C:9E:4E:B9:0D:08:11:F7:4A:3C:72:0B
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7FA7211F1C5770C20824804969BFA855
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/1NUW-zmWYDxcnk65DQgR90o8cgs.roa
Signing time:             Tue 06 Feb 2024 18:21:15 +0000
ROA not before:           Tue 06 Feb 2024 18:21:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198383
IP address blocks:        2a0f:b241:79::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:a7:21:1f:1c:57:70:c2:08:24:80:49:69:bf:a8:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:21:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4d516fb3996603c5c9e4eb90d0811f74a3c720b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4c:40:54:b1:a8:74:ef:71:1f:30:44:7f:7e:
                    1c:39:fe:be:fd:d0:94:01:24:01:93:ab:af:f2:82:
                    d2:9a:9b:60:e7:bd:41:89:38:b5:2f:19:01:b5:80:
                    d3:9a:30:77:33:0e:51:7d:44:3a:c7:15:6f:14:92:
                    72:8c:f2:5b:28:8f:8d:51:9a:aa:b1:5b:4c:7a:3a:
                    c9:4c:31:c7:79:95:3e:a7:87:8a:49:cf:b3:48:03:
                    2b:1c:5c:7b:ac:35:73:79:20:64:db:a8:0d:b7:ef:
                    f4:7d:7c:ee:e5:8e:6b:09:66:b3:ee:86:63:81:e6:
                    f1:94:74:ba:6f:2a:2c:c2:d9:ff:18:e0:92:68:19:
                    b4:9a:3d:3a:75:ad:59:ec:87:15:7a:8f:09:3f:78:
                    0d:69:5d:57:eb:6b:6b:cb:65:c6:9f:18:b3:a3:4d:
                    9a:f2:05:d3:37:25:f8:0f:41:3b:e7:e1:27:1e:c7:
                    8f:c6:ad:15:58:d7:43:11:f9:75:fe:45:48:d1:6b:
                    8f:15:69:c5:e5:5d:52:23:5b:ea:c5:d4:2c:4d:65:
                    b3:83:e7:a3:30:66:d9:c6:74:2c:2a:17:e1:33:5c:
                    f0:7e:a0:14:2e:77:ca:ec:de:92:7f:49:e4:2d:d6:
                    f0:b0:0c:a7:db:85:05:93:f9:13:4b:cb:c9:82:bc:
                    82:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D5:16:FB:39:96:60:3C:5C:9E:4E:B9:0D:08:11:F7:4A:3C:72:0B
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/1NUW-zmWYDxcnk65DQgR90o8cgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:79::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:6a:d1:47:51:93:6e:50:f7:ed:7a:6f:2d:dd:c7:12:22:50:
         2e:ba:8d:0a:f9:94:e0:10:d2:7f:02:3b:03:d0:b2:41:31:c3:
         32:14:dd:2a:d5:c4:55:18:40:91:19:62:e8:9f:4b:d1:53:6f:
         98:32:d9:e7:1a:fc:79:7e:51:7a:a2:27:48:ed:f0:e5:4f:37:
         f3:d0:8c:9f:30:67:70:4c:b9:39:93:73:43:58:f2:8b:53:02:
         d0:3d:e9:bc:8f:1d:5c:32:4d:a2:8f:17:5c:ac:55:f0:0c:c3:
         28:72:a4:70:d7:04:ab:21:9a:71:fd:21:0e:fc:e3:e7:bd:fa:
         cb:7e:77:1a:69:3d:ec:6e:85:0a:19:ba:8a:00:e6:b2:24:56:
         a8:6a:b6:ad:97:5a:51:fb:55:66:9a:75:f3:98:f5:2c:6d:72:
         49:fc:23:11:b5:0a:46:7e:17:54:0b:4a:d2:44:f2:c0:24:09:
         67:3e:4a:96:2a:a5:84:01:36:ae:46:35:f2:cb:10:96:06:f4:
         e1:1c:90:1f:3c:a6:38:c9:8a:b0:e1:71:e3:13:8c:fa:37:53:
         b3:6c:05:be:0a:b8:1f:e2:75:37:dc:90:17:57:2a:e9:80:42:
         70:eb:e9:f9:11:04:74:f1:6d:6f:de:70:bb:23:c7:7b:36:bf:
         d1:86:26:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/pyEfHFdwwggkgElpv6hVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgyMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGQ1MTZmYjM5OTY2MDNjNWM5ZTRlYjkwZDA4MTFmNzRhM2M3MjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoExAVLGodO9xHzBEf34cOf6+/dCU
ASQBk6uv8oLSmptg571BiTi1LxkBtYDTmjB3Mw5RfUQ6xxVvFJJyjPJbKI+NUZqq
sVtMejrJTDHHeZU+p4eKSc+zSAMrHFx7rDVzeSBk26gNt+/0fXzu5Y5rCWaz7oZj
gebxlHS6byoswtn/GOCSaBm0mj06da1Z7IcVeo8JP3gNaV1X62try2XGnxizo02a
8gXTNyX4D0E75+EnHsePxq0VWNdDEfl1/kVI0WuPFWnF5V1SI1vqxdQsTWWzg+ej
MGbZxnQsKhfhM1zwfqAULnfK7N6Sf0nkLdbwsAyn24UFk/kTS8vJgryC0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNTVFvs5lmA8XJ5OuQ0IEfdKPHILMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvMU5VVy16bVdZRHhjbms2NURRZ1I5MG84Y2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQB5
MA0GCSqGSIb3DQEBCwUAA4IBAQAfatFHUZNuUPftem8t3ccSIlAuuo0K+ZTgENJ/
AjsD0LJBMcMyFN0q1cRVGECRGWLon0vRU2+YMtnnGvx5flF6oidI7fDlTzfz0Iyf
MGdwTLk5k3NDWPKLUwLQPem8jx1cMk2ijxdcrFXwDMMocqRw1wSrIZpx/SEO/OPn
vfrLfncaaT3sboUKGbqKAOayJFaoaratl1pR+1VmmnXzmPUsbXJJ/CMRtQpGfhdU
C0rSRPLAJAlnPkqWKqWEATauRjXyyxCWBvThHJAfPKY4yYqw4XHjE4z6N1OzbAW+
Crgf4nU33JAXVyrpgEJw6+n5EQR08W1v3nC7I8d7Nr/RhiZE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:07 2024 by rpki-client on console-ams.rpki-client.org