Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/I4qOnN_dbapJ6XBaSMR5DHWMKWM.roa
File:                     I4qOnN_dbapJ6XBaSMR5DHWMKWM.roa (raw, json)
Hash identifier:          1RZ9iRnXPDYvbY7/trU3/M3NwHuxi0NDlb3Xqz7Ry6I=
Subject key identifier:   23:8A:8E:9C:DF:DD:6D:AA:49:E9:70:5A:48:C4:79:0C:75:8C:29:63
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F08858673A75DF90154818BDC1463E
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/I4qOnN_dbapJ6XBaSMR5DHWMKWM.roa
Signing time:             Wed 07 Feb 2024 05:00:40 +0000
ROA not before:           Wed 07 Feb 2024 05:00:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200969
IP address blocks:        2a0f:b241:db::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 01:36:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:88:58:67:3a:75:df:90:15:48:18:bd:c1:46:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=238a8e9cdfdd6daa49e9705a48c4790c758c2963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f0:66:55:81:c2:a0:d3:39:d1:ba:0c:c2:e1:
                    df:84:59:98:9e:a8:35:11:dc:d2:92:f9:e3:1e:2c:
                    29:d0:9c:27:09:e9:f4:3d:88:c2:e0:e1:da:83:5e:
                    4f:75:d0:35:8f:5a:51:ea:59:1c:eb:73:24:e5:f3:
                    f8:f0:66:56:64:9f:74:ac:a7:1d:93:8d:12:a8:60:
                    21:1b:99:0a:0b:cf:36:a0:de:90:c7:9b:56:ed:56:
                    cd:29:94:f3:0d:5b:31:1c:a3:ab:d5:81:7e:5f:ad:
                    3e:99:0d:b0:ad:ab:82:9a:24:06:40:20:66:2d:b6:
                    49:65:ce:b4:2b:c0:05:5b:d5:09:92:15:41:22:9f:
                    b4:33:2c:04:e1:5a:20:e0:34:ad:bb:65:69:23:b6:
                    bb:50:d4:9c:de:e5:78:19:6b:b4:24:a2:ab:c8:8a:
                    0c:32:42:2b:3f:0f:59:81:5a:1e:8a:92:5f:aa:0a:
                    fc:05:7f:75:d7:fd:17:4e:36:e7:42:ce:31:e1:db:
                    48:7b:67:0a:38:06:57:0d:1f:ed:fb:1f:df:fb:79:
                    ab:9f:27:41:c4:5b:80:31:ca:b9:5e:a3:93:f0:70:
                    a3:80:79:0b:c9:27:4a:5e:b5:b0:e2:19:cf:d7:8d:
                    aa:7d:f3:e7:08:ed:24:e5:e1:29:4d:cb:4d:87:7c:
                    3d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:8A:8E:9C:DF:DD:6D:AA:49:E9:70:5A:48:C4:79:0C:75:8C:29:63
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/I4qOnN_dbapJ6XBaSMR5DHWMKWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:db::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:95:d5:8c:c1:3f:49:24:d7:81:4b:e1:2b:a5:96:3c:34:da:
         a3:b4:3c:c1:16:fa:8a:d0:42:db:fb:8c:94:d7:f2:d9:e2:6b:
         36:b0:a9:a0:d2:03:1d:47:7f:f2:11:2b:fc:2c:93:c4:70:d1:
         6b:e8:f5:b6:9d:69:97:b7:f6:75:9e:9e:7b:96:d8:e1:2b:a5:
         79:1f:ba:df:dd:40:b0:fe:77:f9:56:6a:d9:60:b4:2b:c5:62:
         5d:bb:02:3c:c3:cd:43:0f:51:1e:9b:20:22:c7:ef:83:17:f3:
         33:fa:c7:9f:5b:f5:59:f0:a3:92:a0:3c:77:7a:e0:a6:27:eb:
         3f:60:54:4a:c5:0c:06:88:23:ee:56:fb:28:42:4c:1d:e7:70:
         09:90:ab:4c:0d:e8:c5:eb:3f:c9:28:12:29:8b:b4:41:30:40:
         a3:2f:1c:73:c0:ee:f4:25:db:7a:27:42:d0:56:c4:13:00:28:
         34:26:13:7f:9b:28:ea:b7:fd:68:64:cd:97:22:ed:62:48:5d:
         60:a7:d6:e3:03:4f:af:a4:ae:52:99:ab:13:1f:67:18:9e:49:
         72:45:ff:80:5f:26:6d:5b:4d:57:20:23:f4:cf:a9:93:0d:f7:
         27:0e:20:3d:91:d4:bd:a5:00:9d:dd:e4:ba:77:d2:c2:a9:d2:
         d0:08:d7:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8IhYZzp135AVSBi9wUY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzhhOGU5Y2RmZGQ2ZGFhNDllOTcwNWE0OGM0NzkwYzc1OGMyOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvBmVYHCoNM50boMwuHfhFmYnqg1
EdzSkvnjHiwp0JwnCen0PYjC4OHag15PddA1j1pR6lkc63Mk5fP48GZWZJ90rKcd
k40SqGAhG5kKC882oN6Qx5tW7VbNKZTzDVsxHKOr1YF+X60+mQ2wrauCmiQGQCBm
LbZJZc60K8AFW9UJkhVBIp+0MywE4Vog4DStu2VpI7a7UNSc3uV4GWu0JKKryIoM
MkIrPw9ZgVoeipJfqgr8BX911/0XTjbnQs4x4dtIe2cKOAZXDR/t+x/f+3mrnydB
xFuAMcq5XqOT8HCjgHkLySdKXrWw4hnP142qffPnCO0k5eEpTctNh3w9yQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCOKjpzf3W2qSelwWkjEeQx1jCljMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvSTRxT25OX2RiYXBKNlhCYVNNUjVESFdNS1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQDb
MA0GCSqGSIb3DQEBCwUAA4IBAQAGldWMwT9JJNeBS+ErpZY8NNqjtDzBFvqK0ELb
+4yU1/LZ4ms2sKmg0gMdR3/yESv8LJPEcNFr6PW2nWmXt/Z1np57ltjhK6V5H7rf
3UCw/nf5VmrZYLQrxWJduwI8w81DD1EemyAix++DF/Mz+sefW/VZ8KOSoDx3euCm
J+s/YFRKxQwGiCPuVvsoQkwd53AJkKtMDejF6z/JKBIpi7RBMECjLxxzwO70Jdt6
J0LQVsQTACg0JhN/myjqt/1oZM2XIu1iSF1gp9bjA0+vpK5SmasTH2cYnklyRf+A
XyZtW01XICP0z6mTDfcnDiA9kdS9pQCd3eS6d9LCqdLQCNdP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:11 2024 by rpki-client on console-fra.rpki-client.org