Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/21YDVGYRyXgHoIWEeQZApWjPa9k.roa
File:                     21YDVGYRyXgHoIWEeQZApWjPa9k.roa (raw, json)
Hash identifier:          3K5INUBooMPSJhF914r6tB3DlNJt8tBfOi3klcIAJ3E=
Subject key identifier:   DB:56:03:54:66:11:C9:78:07:A0:85:84:79:06:40:A5:68:CF:6B:D9
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F0B705632EE60DAC7D1C12B8235050
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/21YDVGYRyXgHoIWEeQZApWjPa9k.roa
Signing time:             Wed 07 Feb 2024 05:00:52 +0000
ROA not before:           Wed 07 Feb 2024 05:00:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215843
IP address blocks:        2a0f:b241:e8::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 01:36:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:b7:05:63:2e:e6:0d:ac:7d:1c:12:b8:23:50:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db5603546611c97807a08584790640a568cf6bd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1e:12:e9:f8:81:4a:78:c4:2d:bf:d1:df:c3:
                    5a:19:f5:82:8a:63:db:92:de:9c:21:f2:61:1f:d5:
                    72:f5:48:2a:39:b1:0e:27:8f:f6:04:52:0e:fd:c3:
                    42:37:02:62:51:c6:7f:f6:58:94:8b:2f:ac:de:74:
                    9f:79:d1:f4:a2:81:75:c6:a4:ab:fb:2f:01:b0:ff:
                    31:4e:29:79:80:ea:a8:8f:ad:17:7b:29:8b:e0:03:
                    9f:f3:98:22:45:12:a1:36:67:f5:45:4b:b4:23:1b:
                    17:47:95:70:79:48:2b:ed:7d:e6:c5:40:d6:da:77:
                    b1:16:3d:64:26:8b:7a:5b:d1:ee:77:64:54:99:c3:
                    76:fe:f6:9f:95:2b:71:2c:d9:92:56:5f:b0:65:f0:
                    7d:cd:09:a8:71:61:c6:f3:20:90:60:f5:81:a1:6c:
                    27:3a:99:51:c5:b1:35:67:ce:97:53:58:7e:57:a7:
                    7d:c0:82:63:eb:e0:38:f0:19:db:79:64:6a:e7:a2:
                    f0:d6:5f:52:31:f6:82:fd:42:51:dc:a6:cb:97:aa:
                    21:d1:ba:a4:c7:b6:c3:1c:82:33:9e:d1:37:24:a3:
                    f7:d0:32:87:bd:7b:0c:be:61:3f:b9:70:b0:cf:df:
                    ef:d2:bb:6a:a8:4a:25:04:07:dc:4d:7a:1b:88:c2:
                    f0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:56:03:54:66:11:C9:78:07:A0:85:84:79:06:40:A5:68:CF:6B:D9
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/21YDVGYRyXgHoIWEeQZApWjPa9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:96:41:7f:4c:8a:e5:6a:b0:24:92:47:9c:8d:a9:4b:54:12:
         ec:c4:5f:f6:ab:05:d3:1c:42:d6:de:12:24:2d:bd:bb:11:39:
         ce:cc:ad:63:d5:87:ac:55:4b:7e:e1:7b:7f:92:11:eb:4a:08:
         79:73:0d:7f:29:00:9f:f7:29:b8:98:38:cd:c1:86:9d:92:41:
         7a:38:aa:09:e3:42:51:64:2f:fb:56:33:82:45:42:40:74:69:
         f7:3c:a4:76:6b:59:2d:b1:75:27:b4:bc:74:23:be:01:da:11:
         d5:7a:ed:29:4b:a3:8a:0a:85:c4:c9:ea:7f:c3:02:13:9a:f1:
         73:a2:8b:86:a2:85:c6:84:87:71:27:be:0d:4e:60:e2:08:11:
         84:79:f6:38:2e:5b:15:9c:3c:12:4c:0b:96:73:ee:60:48:f2:
         45:40:7b:03:bb:3a:cb:0c:ca:9b:00:fb:66:5f:f1:b2:25:8c:
         a8:e4:6f:15:4f:2e:b6:44:3d:df:19:8e:56:20:ee:91:bd:33:
         f1:57:62:21:79:c8:eb:dc:5d:b0:d6:96:59:db:94:7a:e7:2d:
         86:8b:65:c6:67:a0:c9:87:02:95:0b:e1:38:8c:0e:50:f6:c0:
         ca:46:7b:6d:df:40:a0:1e:3b:17:4c:90:e8:dc:a6:40:be:d3:
         4e:46:be:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8LcFYy7mDax9HBK4I1BQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjU2MDM1NDY2MTFjOTc4MDdhMDg1ODQ3OTA2NDBhNTY4Y2Y2YmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsx4S6fiBSnjELb/R38NaGfWCimPb
kt6cIfJhH9Vy9UgqObEOJ4/2BFIO/cNCNwJiUcZ/9liUiy+s3nSfedH0ooF1xqSr
+y8BsP8xTil5gOqoj60XeymL4AOf85giRRKhNmf1RUu0IxsXR5VweUgr7X3mxUDW
2nexFj1kJot6W9Hud2RUmcN2/vaflStxLNmSVl+wZfB9zQmocWHG8yCQYPWBoWwn
OplRxbE1Z86XU1h+V6d9wIJj6+A48BnbeWRq56Lw1l9SMfaC/UJR3KbLl6oh0bqk
x7bDHIIzntE3JKP30DKHvXsMvmE/uXCwz9/v0rtqqEolBAfcTXobiMLwzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNtWA1RmEcl4B6CFhHkGQKVoz2vZMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvMjFZRFZHWVJ5WGdIb0lXRWVRWkFwV2pQYTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQDo
MA0GCSqGSIb3DQEBCwUAA4IBAQBIlkF/TIrlarAkkkecjalLVBLsxF/2qwXTHELW
3hIkLb27ETnOzK1j1YesVUt+4Xt/khHrSgh5cw1/KQCf9ym4mDjNwYadkkF6OKoJ
40JRZC/7VjOCRUJAdGn3PKR2a1ktsXUntLx0I74B2hHVeu0pS6OKCoXEyep/wwIT
mvFzoouGooXGhIdxJ74NTmDiCBGEefY4LlsVnDwSTAuWc+5gSPJFQHsDuzrLDMqb
APtmX/GyJYyo5G8VTy62RD3fGY5WIO6RvTPxV2Ihecjr3F2w1pZZ25R65y2Gi2XG
Z6DJhwKVC+E4jA5Q9sDKRntt30CgHjsXTJDo3KZAvtNORr7/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:10 2024 by rpki-client on console-fra.rpki-client.org