Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/B4bX8KAzFa_YQpbZrndpdSgBkCg.roa
File:                     B4bX8KAzFa_YQpbZrndpdSgBkCg.roa (raw, json)
Hash identifier:          uw0Ed6mWYenLA5EWSMGW9hBiFKPwN352L3DJC/nENO0=
Subject key identifier:   07:86:D7:F0:A0:33:15:AF:D8:42:96:D9:AE:77:69:75:28:01:90:28
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7DA8739AF38D7ACFEF8BF9829A763B33
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/B4bX8KAzFa_YQpbZrndpdSgBkCg.roa
Signing time:             Tue 06 Feb 2024 09:03:27 +0000
ROA not before:           Tue 06 Feb 2024 09:03:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205848
IP address blocks:        2a0f:b241:9::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:a8:73:9a:f3:8d:7a:cf:ef:8b:f9:82:9a:76:3b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 09:03:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0786d7f0a03315afd84296d9ae77697528019028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e9:b0:a3:81:82:ca:8b:2c:f9:fd:63:4d:d3:
                    c3:fa:19:82:e5:78:df:c4:e7:9d:a0:64:0b:4e:22:
                    ba:82:0b:34:2c:34:fc:90:58:63:74:40:5e:a6:a4:
                    b8:7f:22:19:f5:0d:11:21:37:ff:06:85:f7:12:0e:
                    43:4b:b4:73:9d:fc:f9:3a:c1:db:d5:4d:38:98:e3:
                    bd:46:79:ae:3d:ac:8d:a4:f8:45:6d:4b:d2:8f:ae:
                    f5:24:25:af:e1:d8:90:2b:20:c3:2d:f5:2d:8a:d2:
                    b0:27:de:2a:72:64:b8:ac:fd:ee:d8:d7:06:cb:e3:
                    c6:08:7f:fa:14:70:49:46:1a:7b:d7:dd:c7:a6:11:
                    ce:c2:fa:c7:5b:2d:74:99:70:7f:42:2f:d2:6d:c7:
                    23:c7:a0:a8:f8:c2:56:b0:a6:a8:97:da:2a:f0:40:
                    ae:ee:57:ae:6b:70:f6:b6:bb:07:03:e6:7d:57:36:
                    8e:f4:aa:f0:78:3a:68:44:18:ef:d7:20:ef:70:00:
                    51:8b:5b:27:7a:45:e1:9c:41:9f:9d:e8:ea:e8:de:
                    19:1b:80:6e:75:d4:b2:54:2c:f3:87:4f:ab:22:f7:
                    aa:9d:ad:9b:2a:2e:89:6f:e7:37:c9:99:6b:e6:e9:
                    94:d7:b4:3e:f2:2c:d0:4d:48:03:7c:fd:96:ae:49:
                    03:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:86:D7:F0:A0:33:15:AF:D8:42:96:D9:AE:77:69:75:28:01:90:28
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/B4bX8KAzFa_YQpbZrndpdSgBkCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:7d:d3:e9:da:26:8c:bd:44:39:90:54:5e:8a:9d:e1:ba:7a:
         c7:53:13:c9:88:40:27:ed:1b:10:21:41:89:5b:96:12:90:31:
         33:39:51:41:11:25:9e:5c:00:18:e1:2d:13:9b:a3:cb:7f:d1:
         57:36:72:e9:cf:6e:53:df:c6:c2:81:4f:16:b9:f0:5e:c0:d3:
         8c:84:45:55:84:23:d9:c1:0c:44:86:e4:70:34:05:b5:8e:de:
         31:6f:7f:20:af:2b:78:57:52:84:6f:4f:11:95:18:9c:e8:09:
         72:e2:c5:39:ac:63:1b:e7:d7:99:20:47:91:cb:14:ca:58:28:
         dd:ca:89:38:40:e6:07:49:4d:7b:58:c4:e5:aa:60:7b:7e:1f:
         dd:b3:67:02:af:83:a9:ce:f7:be:03:21:b0:e0:30:40:b5:f1:
         5c:95:6d:01:3d:7d:12:11:ee:06:bd:b9:c8:3b:c1:a2:be:9e:
         e7:3d:e8:2c:a7:64:72:40:46:fb:0f:f1:b3:85:fa:1d:91:77:
         56:36:23:0f:90:c0:0e:aa:a0:83:49:3e:ed:ad:6a:de:ac:26:
         1f:89:28:71:f2:7d:a4:b6:2b:3a:f9:19:13:9e:aa:c6:eb:11:
         eb:55:91:1d:17:4a:8d:79:25:09:31:f4:b6:d6:57:5b:65:a4:
         de:ce:bf:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY19qHOa8416z++L+YKadjszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MDkwMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzg2ZDdmMGEwMzMxNWFmZDg0Mjk2ZDlhZTc3Njk3NTI4MDE5MDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiumwo4GCyoss+f1jTdPD+hmC5Xjf
xOedoGQLTiK6ggs0LDT8kFhjdEBepqS4fyIZ9Q0RITf/BoX3Eg5DS7Rznfz5OsHb
1U04mOO9RnmuPayNpPhFbUvSj671JCWv4diQKyDDLfUtitKwJ94qcmS4rP3u2NcG
y+PGCH/6FHBJRhp7193HphHOwvrHWy10mXB/Qi/Sbccjx6Co+MJWsKaol9oq8ECu
7leua3D2trsHA+Z9VzaO9KrweDpoRBjv1yDvcABRi1snekXhnEGfnejq6N4ZG4Bu
ddSyVCzzh0+rIveqna2bKi6Jb+c3yZlr5umU17Q+8izQTUgDfP2WrkkD9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAeG1/CgMxWv2EKW2a53aXUoAZAoMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvQjRiWDhLQXpGYV9ZUXBiWnJuZHBkU2dCa0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBEfdPp2iaMvUQ5kFReip3hunrHUxPJiEAn7RsQ
IUGJW5YSkDEzOVFBESWeXAAY4S0Tm6PLf9FXNnLpz25T38bCgU8WufBewNOMhEVV
hCPZwQxEhuRwNAW1jt4xb38gryt4V1KEb08RlRic6Aly4sU5rGMb59eZIEeRyxTK
WCjdyok4QOYHSU17WMTlqmB7fh/ds2cCr4Opzve+AyGw4DBAtfFclW0BPX0SEe4G
vbnIO8Givp7nPegsp2RyQEb7D/GzhfodkXdWNiMPkMAOqqCDST7trWrerCYfiShx
8n2ktis6+RkTnqrG6xHrVZEdF0qNeSUJMfS21ldbZaTezr/8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:10 2024 by rpki-client on console-fra.rpki-client.org