Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/64gWQpd9m9VoowlGe1FaqFn91CQ.roa
File:                     64gWQpd9m9VoowlGe1FaqFn91CQ.roa (raw, json)
Hash identifier:          8KAw3iglglCA8cR9CEO8kzSn90DK8w6tv3wcdD2PXDA=
Subject key identifier:   EB:88:16:42:97:7D:9B:D5:68:A3:09:46:7B:51:5A:A8:59:FD:D4:24
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7F95C1AE0EF9DBCC3FA3E575FE46D66D
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/64gWQpd9m9VoowlGe1FaqFn91CQ.roa
Signing time:             Tue 06 Feb 2024 18:02:17 +0000
ROA not before:           Tue 06 Feb 2024 18:02:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211431
IP address blocks:        2a0f:b241:47::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:95:c1:ae:0e:f9:db:cc:3f:a3:e5:75:fe:46:d6:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:02:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb881642977d9bd568a309467b515aa859fdd424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f8:7d:78:a9:64:ae:b3:79:2c:6e:09:6e:c6:
                    09:dc:51:24:9a:30:31:70:e9:99:64:40:65:64:4f:
                    75:3c:d1:c4:b2:cc:28:01:6a:1e:b6:e5:3c:1a:c3:
                    5c:41:7f:5b:94:bf:64:33:92:56:c2:f6:b0:d0:87:
                    9e:7e:6e:f8:73:71:44:5a:f7:b1:5c:e4:a6:5a:80:
                    b2:cc:95:f6:9a:e0:95:de:91:ad:86:2f:18:1e:9b:
                    c0:44:29:84:1d:24:29:5f:5c:d2:77:0f:d8:24:93:
                    fb:2f:b1:9c:10:74:fe:0c:13:08:ed:49:bf:e5:85:
                    57:fc:83:62:f2:b1:5f:a6:dd:1f:a0:8f:32:20:a6:
                    09:0e:7c:1f:f1:d7:27:69:2b:71:d5:f7:69:4d:57:
                    57:cc:b7:c2:5e:40:47:ca:9b:8f:3a:6c:31:b6:09:
                    c4:70:e6:bd:6f:d4:6c:80:3e:a2:0f:54:7c:50:9e:
                    66:53:3a:f7:39:a6:61:4a:58:b6:8b:c9:a7:4b:be:
                    77:f6:b0:3a:16:5d:0a:57:82:9a:f7:9f:ac:c5:a8:
                    ce:be:1c:5d:de:6b:d9:ad:16:7c:8b:5d:39:72:92:
                    56:e2:c5:41:40:00:f4:a3:ff:e6:55:71:be:70:5d:
                    ba:42:4a:27:51:2b:44:e6:2c:12:01:fc:71:c4:9b:
                    f3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:88:16:42:97:7D:9B:D5:68:A3:09:46:7B:51:5A:A8:59:FD:D4:24
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/64gWQpd9m9VoowlGe1FaqFn91CQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:47::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:4d:e0:34:73:10:2c:dc:a0:21:fb:cd:6b:03:62:71:52:83:
         c3:7e:c4:5d:d2:fa:ff:bd:bc:e9:71:02:b9:fa:92:d4:bf:b2:
         7e:f6:53:a2:6e:02:0d:61:21:02:ce:dd:c3:00:40:8e:8e:da:
         3a:bb:ed:fa:82:3c:af:8c:06:bc:7f:80:05:aa:2c:a5:21:d6:
         1c:c0:07:7c:e3:5c:44:96:93:e6:f2:7a:d9:a3:cc:1f:e6:38:
         be:d7:04:aa:fb:2e:68:49:29:9d:01:2c:3f:f9:aa:87:f0:0a:
         f8:d8:9d:01:03:22:87:db:39:78:d9:5f:a6:2f:7a:87:85:64:
         a0:05:d6:87:31:bf:25:d3:3b:59:35:a5:3c:aa:70:6b:02:8c:
         22:1b:1b:6c:91:33:3a:0f:de:b3:50:aa:da:35:71:00:be:5d:
         64:b1:e5:d8:50:4e:fa:55:08:6f:76:16:61:18:01:d2:f6:f7:
         72:af:e1:3e:e1:25:2a:bf:47:44:32:80:d1:c4:c8:ea:61:dc:
         d9:66:69:0f:1f:32:4f:e7:50:e3:e3:cd:2b:9d:20:19:7b:00:
         f2:c3:84:f4:5a:ff:51:a8:2e:c7:3a:40:a9:5d:60:99:c2:cd:
         e1:ed:bb:fa:b4:4a:00:14:0d:02:3e:a5:59:9a:40:8f:d1:76:
         b8:fb:fd:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/lcGuDvnbzD+j5XX+RtZtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgwMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjg4MTY0Mjk3N2Q5YmQ1NjhhMzA5NDY3YjUxNWFhODU5ZmRkNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPh9eKlkrrN5LG4JbsYJ3FEkmjAx
cOmZZEBlZE91PNHEsswoAWoetuU8GsNcQX9blL9kM5JWwvaw0Ieefm74c3FEWvex
XOSmWoCyzJX2muCV3pGthi8YHpvARCmEHSQpX1zSdw/YJJP7L7GcEHT+DBMI7Um/
5YVX/INi8rFfpt0foI8yIKYJDnwf8dcnaStx1fdpTVdXzLfCXkBHypuPOmwxtgnE
cOa9b9RsgD6iD1R8UJ5mUzr3OaZhSli2i8mnS7539rA6Fl0KV4Ka95+sxajOvhxd
3mvZrRZ8i105cpJW4sVBQAD0o//mVXG+cF26QkonUStE5iwSAfxxxJvzaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOuIFkKXfZvVaKMJRntRWqhZ/dQkMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvNjRnV1FwZDltOVZvb3dsR2UxRmFxRm45MUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQBH
MA0GCSqGSIb3DQEBCwUAA4IBAQAlTeA0cxAs3KAh+81rA2JxUoPDfsRd0vr/vbzp
cQK5+pLUv7J+9lOibgINYSECzt3DAECOjto6u+36gjyvjAa8f4AFqiylIdYcwAd8
41xElpPm8nrZo8wf5ji+1wSq+y5oSSmdASw/+aqH8Ar42J0BAyKH2zl42V+mL3qH
hWSgBdaHMb8l0ztZNaU8qnBrAowiGxtskTM6D96zUKraNXEAvl1kseXYUE76VQhv
dhZhGAHS9vdyr+E+4SUqv0dEMoDRxMjqYdzZZmkPHzJP51Dj480rnSAZewDyw4T0
Wv9RqC7HOkCpXWCZws3h7bv6tEoAFA0CPqVZmkCP0Xa4+/3t
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:07 2024 by rpki-client on console-ams.rpki-client.org