Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/AHOE5v--nmtnwy0wModBPQM8O3U.roa
File:                     AHOE5v--nmtnwy0wModBPQM8O3U.roa (raw, json)
Hash identifier:          s2POupPp4fjHKQQqaON6FhE2yLEzAWNTqzj6rrK1C/g=
Subject key identifier:   00:73:84:E6:FF:BE:9E:6B:67:C3:2D:30:32:87:41:3D:03:3C:3B:75
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7FB88AF688952E8EA825C3970A601DE5
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/AHOE5v--nmtnwy0wModBPQM8O3U.roa
Signing time:             Tue 06 Feb 2024 18:40:17 +0000
ROA not before:           Tue 06 Feb 2024 18:40:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215563
IP address blocks:        2a0f:b241:14e::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:b8:8a:f6:88:95:2e:8e:a8:25:c3:97:0a:60:1d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:40:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=007384e6ffbe9e6b67c32d303287413d033c3b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:86:ae:53:2b:33:2c:bb:a8:eb:2a:26:c7:d9:
                    2b:98:2a:20:f1:ab:13:f0:f0:85:c7:5d:6e:1d:94:
                    ac:a5:61:9a:c4:40:68:b4:52:d2:c0:28:cf:2a:af:
                    81:52:c5:d8:42:d8:5d:66:01:c6:65:45:71:3a:ec:
                    91:05:ea:f6:84:15:74:19:74:a6:d2:85:be:e6:04:
                    13:27:b9:64:3a:d8:24:80:8a:de:e5:5f:ad:0d:06:
                    1b:d5:35:e7:5e:25:10:e9:f5:1d:b3:ff:60:fa:d4:
                    fc:15:4d:f5:2e:e0:f7:87:0d:f2:24:89:5e:d5:51:
                    df:0b:73:4b:bd:9c:c9:a4:a7:86:f9:fe:3a:de:ae:
                    af:97:e5:89:7f:cf:4f:f7:28:42:ab:95:06:9b:56:
                    d6:55:63:af:1a:e8:cc:aa:63:90:48:8c:20:41:eb:
                    f7:18:56:f2:5c:44:8d:b3:fb:ca:5e:df:84:58:4e:
                    77:01:bc:8f:89:02:83:a4:1b:8b:db:e7:f9:27:0a:
                    39:01:63:e8:5a:d9:9e:95:06:0a:ef:5f:1b:4f:39:
                    c3:b4:88:5e:82:6a:7a:37:10:e3:30:73:47:46:40:
                    2a:40:1f:0c:46:5b:ab:78:a5:03:50:eb:ca:1f:63:
                    8e:9f:aa:83:78:79:2b:1c:75:b9:c0:6a:56:59:bd:
                    0f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:73:84:E6:FF:BE:9E:6B:67:C3:2D:30:32:87:41:3D:03:3C:3B:75
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/AHOE5v--nmtnwy0wModBPQM8O3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:14e::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:a7:40:8d:5e:92:f9:90:6f:dc:0b:7c:4a:8c:a3:51:3a:f7:
         49:25:fc:f7:d3:d7:13:68:e7:9a:e0:32:08:e6:43:46:b2:f4:
         b2:66:65:20:d7:ee:b2:b6:5d:e1:28:09:47:92:19:fa:6c:93:
         d8:c0:6a:c1:bf:eb:cc:ea:76:74:a4:39:f5:d7:c1:38:fc:ab:
         80:fc:6e:21:e1:c4:fe:b3:83:02:c4:3c:b1:bf:2b:b4:2d:b5:
         0c:22:9e:85:b2:79:b2:25:fa:0a:22:ba:8f:02:e2:32:2e:3d:
         c0:b1:3a:59:af:10:d4:f8:68:a2:56:4c:ca:0c:c5:50:a4:fd:
         fa:66:c9:f2:09:d5:32:5c:0a:a1:7f:8b:71:ad:08:7e:87:8b:
         47:c3:ee:09:43:f7:49:a3:b8:b6:b4:32:a2:47:4d:6e:f9:5d:
         73:e2:f3:7c:c8:bd:7f:c9:47:9c:d8:8d:99:89:7d:93:ef:79:
         5c:9d:49:2e:e8:fd:18:f6:e5:53:92:48:54:32:83:d7:fa:48:
         67:c4:c5:d6:c7:dd:15:d6:a6:0d:e2:1b:cb:08:9e:30:36:ca:
         92:39:87:9a:cb:f1:91:7e:11:55:91:d2:84:ba:c7:b3:5e:dc:
         86:20:c0:74:fb:f7:86:45:40:03:0b:e0:23:f2:0c:a5:59:df:
         b3:3f:2f:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/uIr2iJUujqglw5cKYB3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTg0MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDczODRlNmZmYmU5ZTZiNjdjMzJkMzAzMjg3NDEzZDAzM2MzYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4auUyszLLuo6yomx9krmCog8asT
8PCFx11uHZSspWGaxEBotFLSwCjPKq+BUsXYQthdZgHGZUVxOuyRBer2hBV0GXSm
0oW+5gQTJ7lkOtgkgIre5V+tDQYb1TXnXiUQ6fUds/9g+tT8FU31LuD3hw3yJIle
1VHfC3NLvZzJpKeG+f463q6vl+WJf89P9yhCq5UGm1bWVWOvGujMqmOQSIwgQev3
GFbyXESNs/vKXt+EWE53AbyPiQKDpBuL2+f5Jwo5AWPoWtmelQYK718bTznDtIhe
gmp6NxDjMHNHRkAqQB8MRlureKUDUOvKH2OOn6qDeHkrHHW5wGpWWb0PFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFABzhOb/vp5rZ8MtMDKHQT0DPDt1MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvQUhPRTV2LS1ubXRud3kwd01vZEJQUU04TzNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQFO
MA0GCSqGSIb3DQEBCwUAA4IBAQATp0CNXpL5kG/cC3xKjKNROvdJJfz309cTaOea
4DII5kNGsvSyZmUg1+6ytl3hKAlHkhn6bJPYwGrBv+vM6nZ0pDn118E4/KuA/G4h
4cT+s4MCxDyxvyu0LbUMIp6FsnmyJfoKIrqPAuIyLj3AsTpZrxDU+GiiVkzKDMVQ
pP36ZsnyCdUyXAqhf4txrQh+h4tHw+4JQ/dJo7i2tDKiR01u+V1z4vN8yL1/yUec
2I2ZiX2T73lcnUku6P0Y9uVTkkhUMoPX+khnxMXWx90V1qYN4hvLCJ4wNsqSOYea
y/GRfhFVkdKEusezXtyGIMB0+/eGRUADC+Aj8gylWd+zPy+/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:07 2024 by rpki-client on console-ams.rpki-client.org