Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/FhiHGj6sFWUtC1grYJ2euc824hA.roa
File:                     FhiHGj6sFWUtC1grYJ2euc824hA.roa (raw, json)
Hash identifier:          eKs9EHSjWgbfIeLsem68m7UGfU17sPQe9HAgdIKmOlc=
Subject key identifier:   16:18:87:1A:3E:AC:15:65:2D:0B:58:2B:60:9D:9E:B9:CF:36:E2:10
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D7F94948DE91C2F5992FFC05724807C91
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/FhiHGj6sFWUtC1grYJ2euc824hA.roa
Signing time:             Tue 06 Feb 2024 18:01:00 +0000
ROA not before:           Tue 06 Feb 2024 18:01:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204742
IP address blocks:        2a0f:b241:38::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 07 Feb 2024 04:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:94:94:8d:e9:1c:2f:59:92:ff:c0:57:24:80:7c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  6 18:01:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1618871a3eac15652d0b582b609d9eb9cf36e210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:09:d9:2c:2e:52:3f:e9:e1:ba:a8:a1:a2:46:
                    73:c2:cb:f8:06:75:cb:6b:16:0c:6b:5a:e7:82:b5:
                    f1:f5:2b:1e:95:c1:5f:3b:97:b1:a3:25:d6:82:98:
                    ac:ba:96:93:22:6b:9b:99:21:99:1b:49:22:22:e9:
                    34:9a:01:5f:e7:8c:77:9f:00:38:2f:e2:38:93:84:
                    b6:db:e2:3a:fc:f1:04:e9:fb:6f:b9:3f:c3:e8:c8:
                    65:f3:3d:e4:b9:e2:79:05:54:67:9a:80:ee:3a:7c:
                    29:0d:06:d3:3b:bc:00:38:d1:9b:e6:9d:55:1d:42:
                    cc:e1:d9:f0:21:75:3d:0e:ea:42:b9:32:05:76:35:
                    3a:dd:80:63:97:ca:7a:a7:86:28:cc:2e:9b:70:82:
                    3b:3c:94:80:32:b3:f7:ce:54:30:a7:3c:ad:4e:2b:
                    78:90:e5:2d:b4:c8:0e:af:14:7c:2c:f2:7e:02:0d:
                    e2:52:5b:4f:3e:15:1a:4a:9d:4e:69:2d:d0:db:82:
                    17:60:7f:a6:b1:88:9f:f2:1a:e9:59:ea:ed:07:d9:
                    f7:8a:2a:d7:c8:e2:2d:0b:5e:54:d0:a0:9e:7c:58:
                    f5:fe:16:1f:7f:4d:ee:f8:af:35:61:4d:a4:77:8e:
                    f0:2c:fb:a3:a2:11:1c:f9:28:71:08:9f:cf:ac:cf:
                    21:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:18:87:1A:3E:AC:15:65:2D:0B:58:2B:60:9D:9E:B9:CF:36:E2:10
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/FhiHGj6sFWUtC1grYJ2euc824hA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:38::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:29:ee:8a:c2:85:35:bc:e2:c2:34:0f:cb:9e:ff:8c:83:78:
         9f:8d:b8:93:34:59:db:00:8c:cf:5f:b5:24:4c:5f:9b:59:d7:
         07:a8:ab:bf:ba:96:a3:2c:7f:7b:37:95:34:1a:ac:73:d4:93:
         e3:2e:24:94:df:fa:d6:29:50:27:06:3d:16:42:b4:08:e5:34:
         f8:3f:27:a9:a3:bf:2a:2c:dd:4b:b2:b4:20:2d:3b:39:4b:86:
         36:df:4c:da:4e:4b:52:58:48:e0:af:5a:9c:94:db:b1:5b:35:
         2b:5c:a3:b2:e1:5b:8e:57:13:8c:47:28:d0:f7:18:99:2a:cf:
         98:3f:33:4b:22:de:14:82:61:f1:03:f9:11:be:6b:7f:87:2d:
         b0:ae:6a:cd:2d:d1:6e:92:55:ab:81:32:85:4f:0f:38:95:bd:
         1c:69:7e:70:1a:98:17:b8:0f:7a:53:42:f6:e6:a1:dd:60:47:
         67:35:9f:34:ec:6a:cd:7e:d2:b6:42:f8:14:38:1d:ee:70:c9:
         2d:93:a2:3a:3f:80:a0:a3:46:53:43:1d:9c:86:2f:89:9b:83:
         9c:7e:bb:ea:ed:de:c1:45:90:f2:a7:32:3e:49:31:ba:34:5b:
         ff:7c:45:d7:bc:49:98:17:c8:ba:df:2f:0b:79:8c:66:09:2e:
         1a:11:05:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/lJSN6RwvWZL/wFckgHyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgwMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjE4ODcxYTNlYWMxNTY1MmQwYjU4MmI2MDlkOWViOWNmMzZlMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wnZLC5SP+nhuqihokZzwsv4BnXL
axYMa1rngrXx9SselcFfO5exoyXWgpisupaTImubmSGZG0kiIuk0mgFf54x3nwA4
L+I4k4S22+I6/PEE6ftvuT/D6Mhl8z3kueJ5BVRnmoDuOnwpDQbTO7wAONGb5p1V
HULM4dnwIXU9DupCuTIFdjU63YBjl8p6p4YozC6bcII7PJSAMrP3zlQwpzytTit4
kOUttMgOrxR8LPJ+Ag3iUltPPhUaSp1OaS3Q24IXYH+msYif8hrpWertB9n3iirX
yOItC15U0KCefFj1/hYff03u+K81YU2kd47wLPujohEc+ShxCJ/PrM8hFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBYYhxo+rBVlLQtYK2CdnrnPNuIQMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvRmhpSEdqNnNGV1V0QzFncllKMmV1YzgyNGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQA4
MA0GCSqGSIb3DQEBCwUAA4IBAQBkKe6KwoU1vOLCNA/Lnv+Mg3ifjbiTNFnbAIzP
X7UkTF+bWdcHqKu/upajLH97N5U0Gqxz1JPjLiSU3/rWKVAnBj0WQrQI5TT4Pyep
o78qLN1LsrQgLTs5S4Y230zaTktSWEjgr1qclNuxWzUrXKOy4VuOVxOMRyjQ9xiZ
Ks+YPzNLIt4UgmHxA/kRvmt/hy2wrmrNLdFuklWrgTKFTw84lb0caX5wGpgXuA96
U0L25qHdYEdnNZ807GrNftK2QvgUOB3ucMktk6I6P4Cgo0ZTQx2chi+Jm4Ocfrvq
7d7BRZDypzI+STG6NFv/fEXXvEmYF8i63y8LeYxmCS4aEQWN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:08 2024 by rpki-client on console-ams.rpki-client.org