Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3e0IUZF4I2lSALSKJCmCh9zfUj0.roa
File:                     3e0IUZF4I2lSALSKJCmCh9zfUj0.roa (raw, json)
Hash identifier:          yGPM58bD+Rrg29HcP9tEmVngWv7r7NOwPunpo6kKNNk=
Subject key identifier:   DD:ED:08:51:91:78:23:69:52:00:B4:8A:24:29:82:87:DC:DF:52:3D
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F083B0ED18BEF20973CF2C81EBFA00
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3e0IUZF4I2lSALSKJCmCh9zfUj0.roa
Signing time:             Wed 07 Feb 2024 05:00:39 +0000
ROA not before:           Wed 07 Feb 2024 05:00:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200502
IP address blocks:        2a0f:b241:131::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 01:36:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:83:b0:ed:18:be:f2:09:73:cf:2c:81:eb:fa:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dded0851917823695200b48a24298287dcdf523d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:84:28:e2:a9:30:ae:c0:cb:0a:0b:c5:8d:2e:
                    40:e1:26:d3:96:07:3d:10:9d:b4:28:a1:3e:1a:c6:
                    0c:51:92:56:fa:68:88:fe:4f:ab:e8:46:0e:bb:f6:
                    c6:66:9b:ca:da:81:72:aa:63:86:e1:e9:b3:1f:4d:
                    b9:3d:e0:48:d9:91:94:4e:37:1b:92:66:4e:02:b5:
                    9f:18:96:9c:6f:e5:05:7b:d3:50:ad:86:7a:30:1a:
                    4a:ae:fa:b2:d5:25:e7:f7:a9:c5:3e:44:a7:40:c6:
                    8a:41:27:dc:de:82:c0:e8:30:9b:e7:bc:1a:ca:4d:
                    4a:bc:f6:b3:04:30:d2:d0:5c:0a:a3:49:78:62:da:
                    a0:5d:ad:d5:ad:f0:98:68:4c:ee:60:dd:cd:32:8a:
                    5b:b6:de:a6:31:8a:2d:b8:1f:c0:65:ae:6c:b8:99:
                    bb:cf:a7:68:bc:a8:4f:21:dc:d5:46:17:1e:ff:cf:
                    bd:ac:c4:68:1f:8a:40:6f:b1:c4:c8:87:52:7b:77:
                    2a:d0:62:51:68:82:bc:50:b2:cf:bd:25:b4:68:de:
                    0f:83:72:72:ff:d6:58:af:ff:47:0a:e1:62:56:eb:
                    77:df:50:65:8a:80:fc:e6:0d:9a:71:06:03:f2:81:
                    1d:6e:d1:cd:c7:51:76:30:f8:88:c5:63:a4:d3:df:
                    dd:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:ED:08:51:91:78:23:69:52:00:B4:8A:24:29:82:87:DC:DF:52:3D
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3e0IUZF4I2lSALSKJCmCh9zfUj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:131::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:d1:52:94:38:34:8f:a2:e2:e9:42:20:19:cf:7f:e2:d4:c7:
         26:0a:c8:32:4c:3b:c5:7d:3a:b1:9f:d6:3c:e7:65:b4:71:31:
         49:74:eb:35:96:91:e6:8e:8a:0d:35:cf:b9:ea:00:b5:4e:f8:
         a1:5a:a3:c6:96:a0:22:c7:8e:2d:41:ce:45:33:1a:c9:d3:b9:
         f0:6f:96:40:45:2a:97:c0:b1:43:cc:dc:10:8b:a2:7e:50:e3:
         26:9d:99:a0:99:48:79:d5:75:ec:fb:99:31:59:eb:e1:67:1c:
         bd:a2:d7:87:d2:08:e7:f6:ca:6b:d4:84:27:03:f0:90:02:64:
         2a:bb:a0:55:80:68:cc:64:bf:e4:79:13:8c:f7:ce:de:3f:73:
         b8:59:e2:b5:75:e2:b8:7f:8a:6b:25:41:f8:d3:d4:f3:5e:02:
         c0:6c:3d:10:ff:c7:40:62:8c:44:7b:18:a5:98:38:2d:01:34:
         8a:fc:2f:88:e4:43:16:18:be:06:44:7d:c1:9a:ca:73:00:44:
         a1:18:3c:47:52:d1:c4:6e:e0:ca:1d:a0:9d:83:c5:06:f6:b9:
         bd:55:c7:57:63:b1:86:ae:da:77:09:68:d6:fe:18:06:24:75:
         07:97:c3:ac:67:0b:cc:ec:82:af:a0:72:de:92:ac:32:40:0e:
         40:6e:5d:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8IOw7Ri+8glzzyyB6/oAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGVkMDg1MTkxNzgyMzY5NTIwMGI0OGEyNDI5ODI4N2RjZGY1MjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIQo4qkwrsDLCgvFjS5A4SbTlgc9
EJ20KKE+GsYMUZJW+miI/k+r6EYOu/bGZpvK2oFyqmOG4emzH025PeBI2ZGUTjcb
kmZOArWfGJacb+UFe9NQrYZ6MBpKrvqy1SXn96nFPkSnQMaKQSfc3oLA6DCb57wa
yk1KvPazBDDS0FwKo0l4YtqgXa3VrfCYaEzuYN3NMopbtt6mMYotuB/AZa5suJm7
z6dovKhPIdzVRhce/8+9rMRoH4pAb7HEyIdSe3cq0GJRaIK8ULLPvSW0aN4Pg3Jy
/9ZYr/9HCuFiVut331BlioD85g2acQYD8oEdbtHNx1F2MPiIxWOk09/dxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN3tCFGReCNpUgC0iiQpgofc31I9MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvM2UwSVVaRjRJMmxTQUxTS0pDbUNoOXpmVWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQEx
MA0GCSqGSIb3DQEBCwUAA4IBAQAy0VKUODSPouLpQiAZz3/i1McmCsgyTDvFfTqx
n9Y852W0cTFJdOs1lpHmjooNNc+56gC1TvihWqPGlqAix44tQc5FMxrJ07nwb5ZA
RSqXwLFDzNwQi6J+UOMmnZmgmUh51XXs+5kxWevhZxy9oteH0gjn9spr1IQnA/CQ
AmQqu6BVgGjMZL/keROM987eP3O4WeK1deK4f4prJUH409TzXgLAbD0Q/8dAYoxE
exilmDgtATSK/C+I5EMWGL4GRH3BmspzAEShGDxHUtHEbuDKHaCdg8UG9rm9VcdX
Y7GGrtp3CWjW/hgGJHUHl8OsZwvM7IKvoHLekqwyQA5Abl2H
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:10 2024 by rpki-client on console-fra.rpki-client.org