Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/8Q8KuGzJNOL71mzvtJsWtu8DhRk.roa
File:                     8Q8KuGzJNOL71mzvtJsWtu8DhRk.roa (raw, json)
Hash identifier:          eDaOtxG8rAV6nhqrX7wgfmKONBLBeBntms+13avMgeM=
Subject key identifier:   F1:0F:0A:B8:6C:C9:34:E2:FB:D6:6C:EF:B4:9B:16:B6:EF:03:85:19
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F0BCED233D4FDD44F50FFD2150F756
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/8Q8KuGzJNOL71mzvtJsWtu8DhRk.roa
Signing time:             Wed 07 Feb 2024 05:00:54 +0000
ROA not before:           Wed 07 Feb 2024 05:00:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216089
IP address blocks:        2a0f:b241:108::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 01:36:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:bc:ed:23:3d:4f:dd:44:f5:0f:fd:21:50:f7:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f10f0ab86cc934e2fbd66cefb49b16b6ef038519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:84:ed:77:20:c1:76:49:9c:92:d8:51:4d:03:
                    ff:ed:b6:d3:4a:1e:89:ec:f4:8e:7a:26:5f:24:6a:
                    36:8c:4f:76:bb:e1:7d:32:b7:cd:3e:08:8c:7a:d0:
                    cb:29:ee:26:4c:b3:a4:40:8a:cb:d2:62:36:a5:75:
                    9c:a9:a7:6e:d3:f8:8f:fa:7a:f1:df:c7:72:2b:b3:
                    c4:0a:32:a9:2d:71:00:d2:6d:d4:08:f1:7b:a5:69:
                    8a:4d:3f:76:5c:83:d6:8f:07:40:d8:89:df:2c:b0:
                    a0:64:c5:75:96:8e:06:54:db:ee:92:90:92:5e:46:
                    c5:2d:24:e2:67:01:a2:aa:b8:00:70:ee:84:d5:1d:
                    71:97:1b:d4:85:e9:3d:dc:53:0c:93:7b:57:6e:cc:
                    af:39:3c:d1:41:70:6b:a7:39:0b:63:80:54:ef:c7:
                    9b:6e:bf:aa:6d:fa:4f:bf:a3:41:db:50:cf:49:75:
                    7c:0c:00:be:ee:f2:39:ad:cf:6d:1d:70:86:e5:e4:
                    fa:2e:84:4e:02:5f:0b:1f:32:46:0c:b8:1b:a0:dd:
                    eb:27:9c:ed:30:eb:8c:4d:be:41:0e:a6:dd:b3:cb:
                    f1:95:fd:23:1e:35:65:53:73:be:79:37:52:76:c5:
                    e6:47:7d:22:39:4d:f0:ff:b0:2e:0e:9e:de:9b:25:
                    e9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:0F:0A:B8:6C:C9:34:E2:FB:D6:6C:EF:B4:9B:16:B6:EF:03:85:19
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/8Q8KuGzJNOL71mzvtJsWtu8DhRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:bc:c9:dd:96:3d:59:09:7d:1f:23:fd:49:a9:48:4e:e8:53:
         e1:6d:95:3d:f6:91:83:ff:91:a3:47:8b:6c:f9:c1:e4:eb:8a:
         02:b4:1d:a5:09:44:c6:65:3c:1c:bb:95:a7:70:2a:2c:e7:06:
         68:db:c7:46:71:3b:53:fc:e3:4a:58:15:4b:30:b3:17:b0:93:
         04:16:02:d6:ad:3c:b5:f9:1b:77:c6:cd:53:3f:bf:05:e6:aa:
         d2:23:6c:ef:be:36:27:32:26:8c:58:ba:4b:79:43:cf:be:82:
         8d:53:f9:2f:25:3f:8f:fe:9f:c7:d9:72:f7:93:fa:c3:18:d5:
         ac:9e:c9:84:2b:31:82:ea:6a:48:fb:e6:d9:ad:b0:aa:ff:8e:
         58:97:6a:3a:94:41:a3:5c:23:7e:2c:ff:c6:57:59:c3:d7:68:
         80:98:3d:4e:18:01:2d:5e:b7:de:f8:87:65:d7:a3:fe:2b:87:
         34:11:27:dd:fa:44:4b:62:57:8f:30:2d:5c:44:21:b4:ea:e4:
         72:d1:e2:2e:5e:7c:90:47:50:e7:11:18:0c:75:20:ec:98:d0:
         9f:a3:14:bf:8d:83:a6:5a:fc:0b:0f:3f:9c:75:8f:5f:df:45:
         7d:41:70:e3:b5:0e:ed:56:12:62:7d:df:03:cc:08:7d:9f:47:
         43:12:ba:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8LztIz1P3UT1D/0hUPdWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTBmMGFiODZjYzkzNGUyZmJkNjZjZWZiNDliMTZiNmVmMDM4NTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoTtdyDBdkmckthRTQP/7bbTSh6J
7PSOeiZfJGo2jE92u+F9MrfNPgiMetDLKe4mTLOkQIrL0mI2pXWcqadu0/iP+nrx
38dyK7PECjKpLXEA0m3UCPF7pWmKTT92XIPWjwdA2InfLLCgZMV1lo4GVNvukpCS
XkbFLSTiZwGiqrgAcO6E1R1xlxvUhek93FMMk3tXbsyvOTzRQXBrpzkLY4BU78eb
br+qbfpPv6NB21DPSXV8DAC+7vI5rc9tHXCG5eT6LoROAl8LHzJGDLgboN3rJ5zt
MOuMTb5BDqbds8vxlf0jHjVlU3O+eTdSdsXmR30iOU3w/7AuDp7emyXp3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPEPCrhsyTTi+9Zs77SbFrbvA4UZMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvOFE4S3VHekpOT0w3MW16dnRKc1d0dThEaFJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQEI
MA0GCSqGSIb3DQEBCwUAA4IBAQBvvMndlj1ZCX0fI/1JqUhO6FPhbZU99pGD/5Gj
R4ts+cHk64oCtB2lCUTGZTwcu5WncCos5wZo28dGcTtT/ONKWBVLMLMXsJMEFgLW
rTy1+Rt3xs1TP78F5qrSI2zvvjYnMiaMWLpLeUPPvoKNU/kvJT+P/p/H2XL3k/rD
GNWsnsmEKzGC6mpI++bZrbCq/45Yl2o6lEGjXCN+LP/GV1nD12iAmD1OGAEtXrfe
+Idl16P+K4c0ESfd+kRLYlePMC1cRCG06uRy0eIuXnyQR1DnERgMdSDsmNCfoxS/
jYOmWvwLDz+cdY9f30V9QXDjtQ7tVhJifd8DzAh9n0dDErow
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:07 2024 by rpki-client on console-ams.rpki-client.org