Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3jzgMKqMN59uNHz3LERHHrFWS4c.roa
File:                     3jzgMKqMN59uNHz3LERHHrFWS4c.roa (raw, json)
Hash identifier:          kpnBbvVcXmXGE8td1snzMrb3FO1SZqmOXVH5WsLFurU=
Subject key identifier:   DE:3C:E0:30:AA:8C:37:9F:6E:34:7C:F7:2C:44:47:1E:B1:56:4B:87
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7FACA58766E7AB7AE148E275D920CA93
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3jzgMKqMN59uNHz3LERHHrFWS4c.roa
Signing time:             Tue 06 Feb 2024 18:27:17 +0000
ROA not before:           Tue 06 Feb 2024 18:27:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211407
IP address blocks:        2a0f:b241:fd::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:ac:a5:87:66:e7:ab:7a:e1:48:e2:75:d9:20:ca:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:27:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de3ce030aa8c379f6e347cf72c44471eb1564b87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4c:33:a1:ec:07:07:c0:c0:9f:8d:e3:23:af:
                    30:07:bc:16:e2:fa:7d:ba:e1:b0:80:1c:9e:7d:86:
                    02:fe:91:06:a3:d7:39:82:76:c2:76:47:f6:77:4c:
                    d6:3a:86:57:c6:e6:21:cf:a1:20:ef:6c:9a:89:d5:
                    2a:d3:54:bc:fd:57:f9:fa:c1:42:9a:d0:1c:1a:81:
                    f6:5e:c2:63:09:38:a0:04:40:54:99:07:38:73:56:
                    f8:06:d3:6d:49:4f:c5:3e:04:37:ca:83:71:bb:72:
                    37:c1:d5:2b:4b:39:ab:86:e9:2f:e7:60:e9:90:e2:
                    a6:fa:26:d1:11:54:14:39:21:07:16:7c:b4:31:e9:
                    29:cb:79:0e:70:96:4f:2e:b6:be:38:c2:0b:df:4a:
                    6a:28:bb:90:11:5b:c4:2b:d6:bb:19:0a:9b:32:bc:
                    f2:b7:37:3f:80:03:2f:c6:d0:8a:e5:de:b1:aa:b3:
                    3d:8b:bf:8c:34:30:5a:05:e9:1a:bd:eb:72:8e:c2:
                    6d:d7:75:55:e2:84:65:74:5a:d6:78:43:21:8b:97:
                    6b:f3:6b:5c:61:0c:ba:fc:9a:45:7e:ab:4d:a5:9a:
                    b2:6e:b6:23:d3:4f:89:6d:85:58:78:e4:e3:c6:b7:
                    07:9b:e7:77:83:ed:12:fa:1a:da:18:c9:25:80:d6:
                    d4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:3C:E0:30:AA:8C:37:9F:6E:34:7C:F7:2C:44:47:1E:B1:56:4B:87
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3jzgMKqMN59uNHz3LERHHrFWS4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:fd::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:96:d1:fb:af:97:b4:b7:84:fd:33:61:5d:be:03:63:50:42:
         29:f9:e4:8b:61:b7:b7:e0:17:9f:09:ce:55:00:38:68:b3:ad:
         8f:0f:79:06:22:9c:2f:9b:72:cf:94:0c:bb:b2:7f:a9:c8:2e:
         1a:23:f5:a9:ed:1a:9a:5a:8d:73:d3:4b:61:c5:4d:5c:95:d6:
         10:73:b5:3d:ce:49:26:40:f5:d0:b3:8d:54:f8:70:c2:c8:f5:
         ac:79:2e:60:e1:78:17:83:f8:8f:d7:e0:8a:91:18:6b:d4:2c:
         7c:ee:43:c6:6d:ad:90:68:d9:15:6a:39:f8:48:b5:92:a2:eb:
         19:c2:2b:92:08:1c:aa:c4:eb:2e:bc:35:a6:75:f5:a8:bf:e5:
         9e:9f:4c:ea:f1:d5:0e:f4:8e:4e:f4:ea:c2:b4:fb:c7:ef:50:
         be:54:4f:43:13:8b:e0:3c:59:96:cf:fe:e9:61:bf:4b:fa:91:
         f7:a4:91:3a:03:6a:d7:2b:25:53:a8:5b:1d:1e:f4:30:8e:00:
         17:ff:e6:02:81:e4:bd:09:3d:a3:1e:c8:7d:a0:3c:f0:69:bf:
         b5:2d:24:07:23:fa:a0:95:12:ab:f1:ed:a0:69:6a:ca:61:64:
         49:58:e7:4a:2f:2e:e7:65:4c:06:be:d8:77:57:16:6a:8f:9a:
         e8:ed:84:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/rKWHZuereuFI4nXZIMqTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgyNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTNjZTAzMGFhOGMzNzlmNmUzNDdjZjcyYzQ0NDcxZWIxNTY0Yjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0wzoewHB8DAn43jI68wB7wW4vp9
uuGwgByefYYC/pEGo9c5gnbCdkf2d0zWOoZXxuYhz6Eg72yaidUq01S8/Vf5+sFC
mtAcGoH2XsJjCTigBEBUmQc4c1b4BtNtSU/FPgQ3yoNxu3I3wdUrSzmrhukv52Dp
kOKm+ibREVQUOSEHFny0Mekpy3kOcJZPLra+OMIL30pqKLuQEVvEK9a7GQqbMrzy
tzc/gAMvxtCK5d6xqrM9i7+MNDBaBekavetyjsJt13VV4oRldFrWeEMhi5dr82tc
YQy6/JpFfqtNpZqybrYj00+JbYVYeOTjxrcHm+d3g+0S+hraGMklgNbUyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN484DCqjDefbjR89yxERx6xVkuHMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvM2p6Z01LcU1ONTl1Tkh6M0xFUkhIckZXUzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQD9
MA0GCSqGSIb3DQEBCwUAA4IBAQBCltH7r5e0t4T9M2FdvgNjUEIp+eSLYbe34Bef
Cc5VADhos62PD3kGIpwvm3LPlAy7sn+pyC4aI/Wp7RqaWo1z00thxU1cldYQc7U9
zkkmQPXQs41U+HDCyPWseS5g4XgXg/iP1+CKkRhr1Cx87kPGba2QaNkVajn4SLWS
ousZwiuSCByqxOsuvDWmdfWov+Wen0zq8dUO9I5O9OrCtPvH71C+VE9DE4vgPFmW
z/7pYb9L+pH3pJE6A2rXKyVTqFsdHvQwjgAX/+YCgeS9CT2jHsh9oDzwab+1LSQH
I/qglRKr8e2gaWrKYWRJWOdKLy7nZUwGvth3VxZqj5ro7YSP
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:07 2024 by rpki-client on console-ams.rpki-client.org