Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/6dqoAKG8XVr37hU0gmWp_j-hzXM.roa
File:                     6dqoAKG8XVr37hU0gmWp_j-hzXM.roa (raw, json)
Hash identifier:          g13e556gr8ERW4ede0mFO0AJFyDaILQlgav8taJOr9Q=
Subject key identifier:   E9:DA:A8:00:A1:BC:5D:5A:F7:EE:15:34:82:65:A9:FE:3F:A1:CD:73
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7FA9DFF5A8C66A81D6AA950221459EAF
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/6dqoAKG8XVr37hU0gmWp_j-hzXM.roa
Signing time:             Tue 06 Feb 2024 18:24:15 +0000
ROA not before:           Tue 06 Feb 2024 18:24:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200581
IP address blocks:        2a0f:b241:c3::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:a9:df:f5:a8:c6:6a:81:d6:aa:95:02:21:45:9e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:24:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9daa800a1bc5d5af7ee15348265a9fe3fa1cd73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8d:1c:2c:ac:5e:5b:65:99:d0:32:46:41:38:
                    19:1c:76:18:ce:2e:13:06:09:30:36:a5:fe:90:12:
                    c0:67:a3:a0:f6:08:ab:3a:d9:af:d4:dd:3d:45:87:
                    05:b3:51:58:59:9e:f3:2a:87:84:a5:c0:22:c3:8a:
                    7a:d5:fc:12:74:30:6c:33:ff:d8:7c:72:c5:47:70:
                    a6:ec:7c:ce:49:0f:1f:bb:ce:7b:b0:10:46:b9:6c:
                    62:16:f3:f8:60:55:61:82:1a:bd:a7:88:59:3e:7f:
                    86:18:0d:d2:11:82:6a:83:64:3b:1b:3d:6d:18:56:
                    cf:f4:b4:a1:b1:2d:3a:cb:84:89:8e:d1:bc:97:cd:
                    b0:4f:49:5d:8f:da:c4:b6:b1:a8:1c:db:10:d0:ce:
                    15:6c:55:38:69:26:47:7e:41:33:1b:1f:55:d5:8a:
                    23:dc:a7:3c:71:d1:a3:f2:0d:4a:89:53:e1:95:74:
                    cf:12:07:59:1c:a9:92:51:65:d8:0f:80:f7:9f:1b:
                    a5:4f:68:82:1a:e7:c0:6f:92:e0:63:3d:a8:2c:8a:
                    70:12:f3:c2:f4:18:f4:4b:e1:41:2c:bf:ab:74:aa:
                    69:f3:ca:24:71:9e:9b:26:95:f5:b7:fe:27:83:25:
                    28:0b:07:d6:60:1c:e5:e6:0d:86:cd:33:6b:cc:e7:
                    3d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:DA:A8:00:A1:BC:5D:5A:F7:EE:15:34:82:65:A9:FE:3F:A1:CD:73
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/6dqoAKG8XVr37hU0gmWp_j-hzXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:c3::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:f9:68:19:14:a1:0b:06:b6:e3:5e:f4:18:99:27:8f:71:5a:
         78:4e:b1:d4:ab:9a:70:da:b7:37:48:ae:a7:f3:00:56:f6:03:
         0e:3f:61:b7:7f:e2:7a:38:c0:99:dd:92:57:57:cc:89:42:a4:
         e0:28:a5:ab:50:7d:a4:a1:45:d2:3f:d1:c6:69:77:90:c3:96:
         82:7b:80:7e:ed:80:b0:89:93:4a:94:e5:8b:76:62:65:91:56:
         c0:d7:9e:3b:e6:d1:68:54:b9:4b:52:e8:bf:bf:ed:1d:9a:99:
         5a:8a:48:a8:45:d8:80:29:02:3e:38:7c:46:f5:d0:89:b5:2f:
         bf:ab:4d:5f:ed:80:56:f1:ba:80:a8:82:88:6d:af:1c:6c:65:
         60:bd:0d:5d:35:61:33:ae:dd:e1:6e:20:cc:8e:df:45:ef:69:
         25:3f:8f:fc:eb:cf:01:50:d1:71:d7:87:74:b9:2d:80:ad:98:
         1e:88:18:e8:d7:cc:b8:10:9c:d8:9c:0d:0c:59:b0:bc:51:40:
         38:12:bf:b8:94:7d:08:d5:18:64:27:a2:42:ed:07:a6:f1:d4:
         b2:57:c4:15:2f:f6:83:6c:54:42:1b:b0:84:ab:72:6e:bd:47:
         c8:52:2b:31:3e:d9:fd:4b:0f:e6:ab:55:00:b1:cc:db:be:21:
         a6:d2:14:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/qd/1qMZqgdaqlQIhRZ6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgyNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWRhYTgwMGExYmM1ZDVhZjdlZTE1MzQ4MjY1YTlmZTNmYTFjZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY0cLKxeW2WZ0DJGQTgZHHYYzi4T
BgkwNqX+kBLAZ6Og9girOtmv1N09RYcFs1FYWZ7zKoeEpcAiw4p61fwSdDBsM//Y
fHLFR3Cm7HzOSQ8fu857sBBGuWxiFvP4YFVhghq9p4hZPn+GGA3SEYJqg2Q7Gz1t
GFbP9LShsS06y4SJjtG8l82wT0ldj9rEtrGoHNsQ0M4VbFU4aSZHfkEzGx9V1Yoj
3Kc8cdGj8g1KiVPhlXTPEgdZHKmSUWXYD4D3nxulT2iCGufAb5LgYz2oLIpwEvPC
9Bj0S+FBLL+rdKpp88okcZ6bJpX1t/4ngyUoCwfWYBzl5g2GzTNrzOc9QQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOnaqAChvF1a9+4VNIJlqf4/oc1zMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvNmRxb0FLRzhYVnIzN2hVMGdtV3Bfai1oelhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQDD
MA0GCSqGSIb3DQEBCwUAA4IBAQBc+WgZFKELBrbjXvQYmSePcVp4TrHUq5pw2rc3
SK6n8wBW9gMOP2G3f+J6OMCZ3ZJXV8yJQqTgKKWrUH2koUXSP9HGaXeQw5aCe4B+
7YCwiZNKlOWLdmJlkVbA15475tFoVLlLUui/v+0dmplaikioRdiAKQI+OHxG9dCJ
tS+/q01f7YBW8bqAqIKIba8cbGVgvQ1dNWEzrt3hbiDMjt9F72klP4/8688BUNFx
14d0uS2ArZgeiBjo18y4EJzYnA0MWbC8UUA4Er+4lH0I1RhkJ6JC7Qem8dSyV8QV
L/aDbFRCG7CEq3JuvUfIUisxPtn9Sw/mq1UAsczbviGm0hS6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:10 2024 by rpki-client on console-fra.rpki-client.org