Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/6ZG6QqEHM6_DLOsj1f0dmrcJsbI.roa
File:                     6ZG6QqEHM6_DLOsj1f0dmrcJsbI.roa (raw, json)
Hash identifier:          guGnzjTr4kZr04k99zBKhvz0Rx1lbr0KwoXx4BMgNDw=
Subject key identifier:   E9:91:BA:42:A1:07:33:AF:C3:2C:EB:23:D5:FD:1D:9A:B7:09:B1:B2
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7D8A0CC6D2A0EBB2C67D1E0767872B17
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/6ZG6QqEHM6_DLOsj1f0dmrcJsbI.roa
Signing time:             Tue 06 Feb 2024 08:30:15 +0000
ROA not before:           Tue 06 Feb 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207738
IP address blocks:        2a0f:b241:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:8a:0c:c6:d2:a0:eb:b2:c6:7d:1e:07:67:87:2b:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e991ba42a10733afc32ceb23d5fd1d9ab709b1b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:39:a0:de:be:0b:46:28:06:94:27:e4:04:81:
                    5a:be:87:4d:2a:2e:e5:c9:75:c2:b4:16:91:87:83:
                    96:6a:71:41:87:85:19:a6:1f:37:e1:16:b4:0d:1b:
                    d7:fd:6e:3d:be:3f:f4:a9:13:5f:5e:5c:d1:b9:51:
                    b1:44:99:74:c2:5b:cc:53:e6:d2:51:aa:1b:ad:dc:
                    cf:8e:49:c4:67:f9:f0:23:7c:24:10:25:1b:61:00:
                    b1:ad:a8:ee:32:56:ad:44:55:bc:ef:07:82:27:43:
                    24:b1:f7:6f:ea:a3:df:a7:43:b6:88:a0:c4:86:11:
                    64:1f:89:1d:de:0e:e9:28:d6:9f:5c:db:cf:82:35:
                    8d:39:6e:2d:de:4e:a8:4a:28:0e:b0:29:6b:0d:76:
                    e9:1e:d7:59:45:fe:57:a5:a8:f1:98:0d:80:f7:b4:
                    da:ea:dc:f5:ad:c4:eb:06:9a:40:a9:d4:1f:73:5d:
                    45:5a:59:d2:03:8d:b7:88:b3:d4:38:dc:90:9a:d8:
                    7c:da:7a:e5:77:0d:e1:f0:7a:08:7f:8f:03:d0:10:
                    2b:5c:2b:00:b9:80:23:8f:6f:cc:48:bf:bf:8e:e3:
                    0f:39:15:20:76:4e:f3:ea:54:de:57:41:3b:f4:65:
                    3d:44:bf:49:79:d6:d4:f2:e2:5e:9a:04:c5:9f:3c:
                    f1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:91:BA:42:A1:07:33:AF:C3:2C:EB:23:D5:FD:1D:9A:B7:09:B1:B2
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/6ZG6QqEHM6_DLOsj1f0dmrcJsbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:1b:33:42:5f:da:52:be:9e:14:ba:25:03:4a:51:fb:8c:4a:
         8f:f1:fa:97:dd:b3:8e:ad:7d:52:8f:38:c7:d4:ce:66:96:94:
         04:18:c2:ae:f4:c4:28:c5:a6:a8:93:89:a0:28:9e:9a:a3:ee:
         17:1c:9a:de:dd:36:4f:89:9a:8c:74:13:6a:2f:c4:d8:32:a2:
         c7:48:3f:89:0b:0d:9c:a7:54:34:ca:d8:98:e9:12:61:41:7e:
         5b:0f:86:6a:bc:a1:9d:0c:00:5b:5a:f5:1d:66:ef:36:51:a8:
         6e:86:85:d4:78:e8:42:48:6b:02:c9:b9:e5:3d:eb:b3:a0:93:
         a1:32:8a:cd:84:cb:5a:14:c9:cf:6b:63:21:3f:ef:91:de:23:
         b4:e5:f8:41:61:96:fa:2d:b9:35:3d:03:76:4e:23:e7:31:77:
         e6:16:bd:5a:49:1e:cc:9e:46:82:8f:47:1c:7d:2c:dd:06:89:
         54:84:ba:0d:e9:0a:74:37:51:e8:04:bc:9c:8e:9f:95:6e:09:
         25:65:ad:5a:ca:79:a7:05:6d:6b:1a:f2:de:6b:38:56:bc:ec:
         4e:06:e6:b1:17:67:1d:c8:19:9a:5f:91:72:60:af:56:5d:b1:
         89:19:ac:8c:e4:fe:6e:23:ca:3e:c1:51:03:9b:c5:ff:16:54:
         79:37:1e:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY19igzG0qDrssZ9HgdnhysXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTkxYmE0MmExMDczM2FmYzMyY2ViMjNkNWZkMWQ5YWI3MDliMWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzmg3r4LRigGlCfkBIFavodNKi7l
yXXCtBaRh4OWanFBh4UZph834Ra0DRvX/W49vj/0qRNfXlzRuVGxRJl0wlvMU+bS
UaobrdzPjknEZ/nwI3wkECUbYQCxrajuMlatRFW87weCJ0Mksfdv6qPfp0O2iKDE
hhFkH4kd3g7pKNafXNvPgjWNOW4t3k6oSigOsClrDXbpHtdZRf5XpajxmA2A97Ta
6tz1rcTrBppAqdQfc11FWlnSA423iLPUONyQmth82nrldw3h8HoIf48D0BArXCsA
uYAjj2/MSL+/juMPORUgdk7z6lTeV0E79GU9RL9JedbU8uJemgTFnzzxMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOmRukKhBzOvwyzrI9X9HZq3CbGyMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvNlpHNlFxRUhNNl9ETE9zajFmMGRtcmNKc2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAH
MA0GCSqGSIb3DQEBCwUAA4IBAQARGzNCX9pSvp4UuiUDSlH7jEqP8fqX3bOOrX1S
jzjH1M5mlpQEGMKu9MQoxaaok4mgKJ6ao+4XHJre3TZPiZqMdBNqL8TYMqLHSD+J
Cw2cp1Q0ytiY6RJhQX5bD4ZqvKGdDABbWvUdZu82UahuhoXUeOhCSGsCybnlPeuz
oJOhMorNhMtaFMnPa2MhP++R3iO05fhBYZb6Lbk1PQN2TiPnMXfmFr1aSR7MnkaC
j0ccfSzdBolUhLoN6Qp0N1HoBLycjp+VbgklZa1aynmnBW1rGvLeazhWvOxOBuax
F2cdyBmaX5FyYK9WXbGJGayM5P5uI8o+wVEDm8X/FlR5Nx4F
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:10 2024 by rpki-client on console-fra.rpki-client.org