Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/42Jrr3AEWIapxJ1ekBe9_Ydc6_o.roa
File:                     42Jrr3AEWIapxJ1ekBe9_Ydc6_o.roa (raw, json)
Hash identifier:          abr2Z0bbD9dsZLCSI3NYNzX/SXY5Foz6qbI7VPoNz5I=
Subject key identifier:   E3:62:6B:AF:70:04:58:86:A9:C4:9D:5E:90:17:BD:FD:87:5C:EB:FA
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7F8D8364DA09251072D68BB35235D8A8
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/42Jrr3AEWIapxJ1ekBe9_Ydc6_o.roa
Signing time:             Tue 06 Feb 2024 17:53:17 +0000
ROA not before:           Tue 06 Feb 2024 17:53:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215862
IP address blocks:        2a0f:b241:24::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:8d:83:64:da:09:25:10:72:d6:8b:b3:52:35:d8:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 17:53:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3626baf70045886a9c49d5e9017bdfd875cebfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ba:0a:ee:1c:fd:36:b2:d6:a7:36:43:ea:35:
                    9e:9e:ae:46:73:53:e0:84:fb:c2:4d:cd:1c:ec:73:
                    64:ab:59:38:e0:72:42:1a:cf:7c:04:8e:f8:5e:2a:
                    07:ac:e3:50:12:d9:e5:a6:54:79:38:3e:ea:32:2e:
                    67:f9:4a:26:4a:4d:a4:77:68:e3:1b:2c:6f:ba:2e:
                    05:ab:6e:b0:a5:ec:19:26:fd:56:86:00:8a:6d:69:
                    5e:b8:d7:33:ce:20:5d:80:21:c3:f1:70:fe:fa:87:
                    f9:bd:19:b9:5a:79:05:5b:76:8d:75:d8:e8:7e:1d:
                    b9:e1:35:f9:40:e8:40:5f:72:db:7b:b1:7f:37:76:
                    2d:cb:be:e2:df:f7:15:7c:d9:8a:f1:cf:b7:05:20:
                    c5:fb:94:97:ae:72:3d:dc:00:d9:d3:96:33:6e:47:
                    4a:09:32:04:bd:3f:b1:bf:a0:b5:36:ac:1b:03:cd:
                    d2:cc:a8:28:a2:e1:55:2b:e5:ef:08:06:85:57:fa:
                    6a:fc:2c:8d:35:f4:47:7c:eb:a7:07:fb:c6:f9:15:
                    19:13:0d:5f:8a:0d:c2:68:86:40:f6:4e:dc:d0:f8:
                    3b:37:a8:e0:fd:56:9d:36:05:fe:09:d7:51:dd:2b:
                    6f:bd:76:fa:e6:3c:2f:6e:af:dd:db:a7:eb:d4:c1:
                    f6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:62:6B:AF:70:04:58:86:A9:C4:9D:5E:90:17:BD:FD:87:5C:EB:FA
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/42Jrr3AEWIapxJ1ekBe9_Ydc6_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:d7:9d:89:9b:86:92:07:75:02:e8:ab:85:f0:79:98:85:3c:
         6c:fc:32:0b:36:32:0a:1c:c1:4f:de:4e:d0:6f:1f:89:36:4d:
         07:1a:24:bb:cb:17:96:57:a9:12:ae:4c:14:dc:ac:3e:9e:3a:
         c9:37:71:c6:4e:d8:88:16:31:f5:36:33:c6:b9:11:ef:fb:4a:
         9b:7e:c7:a7:33:8f:2b:73:1d:fd:48:d5:06:22:b7:d5:fe:ac:
         36:e2:7a:dd:73:2c:31:bf:54:b4:a8:6f:c7:6d:b1:90:83:6f:
         a8:19:97:1e:97:0f:d8:47:5a:d6:20:b9:d3:63:82:fc:d5:14:
         6c:ee:b3:c2:f5:86:51:5c:42:b2:14:2d:9a:4d:0d:9e:0d:20:
         99:af:f1:a2:9c:15:35:b8:39:cf:c9:48:69:3c:63:97:64:85:
         be:11:a8:d9:87:3a:ec:1e:92:0d:92:75:a0:57:f9:ef:4b:70:
         0b:a4:b7:b0:81:6d:2e:e1:37:4f:de:48:9e:89:67:6c:96:a1:
         67:ab:4d:2f:42:6f:14:43:29:0a:1c:03:97:09:ad:f4:00:c2:
         18:a2:0a:12:7f:b7:f7:6e:2d:3c:92:3e:61:f6:25:b6:c2:11:
         8f:28:7f:91:7f:ff:88:9f:b2:b1:33:b2:74:64:09:b8:e2:4a:
         7c:7b:1c:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/jYNk2gklEHLWi7NSNdioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTc1MzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYyNmJhZjcwMDQ1ODg2YTljNDlkNWU5MDE3YmRmZDg3NWNlYmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqroK7hz9NrLWpzZD6jWenq5Gc1Pg
hPvCTc0c7HNkq1k44HJCGs98BI74XioHrONQEtnlplR5OD7qMi5n+UomSk2kd2jj
Gyxvui4Fq26wpewZJv1WhgCKbWleuNczziBdgCHD8XD++of5vRm5WnkFW3aNddjo
fh254TX5QOhAX3Lbe7F/N3Yty77i3/cVfNmK8c+3BSDF+5SXrnI93ADZ05YzbkdK
CTIEvT+xv6C1NqwbA83SzKgoouFVK+XvCAaFV/pq/CyNNfRHfOunB/vG+RUZEw1f
ig3CaIZA9k7c0Pg7N6jg/VadNgX+CddR3StvvXb65jwvbq/d26fr1MH2DwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFONia69wBFiGqcSdXpAXvf2HXOv6MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvNDJKcnIzQUVXSWFweEoxZWtCZTlfWWRjNl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAk
MA0GCSqGSIb3DQEBCwUAA4IBAQBD152Jm4aSB3UC6KuF8HmYhTxs/DILNjIKHMFP
3k7Qbx+JNk0HGiS7yxeWV6kSrkwU3Kw+njrJN3HGTtiIFjH1NjPGuRHv+0qbfsen
M48rcx39SNUGIrfV/qw24nrdcywxv1S0qG/HbbGQg2+oGZcelw/YR1rWILnTY4L8
1RRs7rPC9YZRXEKyFC2aTQ2eDSCZr/GinBU1uDnPyUhpPGOXZIW+EajZhzrsHpIN
knWgV/nvS3ALpLewgW0u4TdP3kieiWdslqFnq00vQm8UQykKHAOXCa30AMIYogoS
f7f3bi08kj5h9iW2whGPKH+Rf/+In7KxM7J0ZAm44kp8exzh
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:07 2024 by rpki-client on console-ams.rpki-client.org