Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/M2E1l6OeSNXGSV9YnXkFP-4K3OE.roa
File:                     M2E1l6OeSNXGSV9YnXkFP-4K3OE.roa (raw, json)
Hash identifier:          Jker1ckTa+9SXXrDaCzKxWH6a8O0HNLBIpAG4yAfMOI=
Subject key identifier:   33:61:35:97:A3:9E:48:D5:C6:49:5F:58:9D:79:05:3F:EE:0A:DC:E1
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F083D76BE529FE1D134AA1FC3FC682
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/M2E1l6OeSNXGSV9YnXkFP-4K3OE.roa
Signing time:             Wed 07 Feb 2024 05:00:39 +0000
ROA not before:           Wed 07 Feb 2024 05:00:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200516
IP address blocks:        2a0f:b241:132::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 01:36:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:83:d7:6b:e5:29:fe:1d:13:4a:a1:fc:3f:c6:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33613597a39e48d5c6495f589d79053fee0adce1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:41:99:64:07:ba:e6:88:d3:0d:56:8e:99:cd:
                    98:72:78:24:27:da:a3:e6:88:2e:96:d2:a0:2f:df:
                    37:f1:03:aa:8b:7a:d3:f9:7d:4b:d5:84:c0:1d:bf:
                    97:08:20:c2:3f:a4:15:5b:cf:d1:f7:9b:a3:9d:15:
                    37:28:36:63:90:af:87:d5:c2:9c:c0:30:0e:f9:5f:
                    ca:0d:56:cb:c5:11:ba:59:01:ed:75:07:de:21:e2:
                    31:56:aa:1a:f6:a4:f6:80:2f:1f:08:d7:bf:70:f6:
                    35:85:dd:66:b9:61:4d:c2:3f:e4:b3:03:09:63:4b:
                    e9:68:ec:cc:99:11:39:b5:43:53:15:40:78:ca:c0:
                    48:25:11:af:e6:7f:86:a9:b8:cf:c3:cf:46:ee:1e:
                    51:5f:ac:60:47:00:ba:b3:00:6c:e6:b1:2e:07:c3:
                    43:a5:ae:a2:df:eb:0b:fc:8b:7b:2e:8e:19:94:d2:
                    62:f3:9d:bc:6b:e4:45:3b:98:c6:cd:fb:68:6a:e9:
                    0a:90:2a:74:5a:77:50:d0:cf:b7:b6:08:d2:98:6b:
                    6a:b0:88:f9:1b:2d:b5:c3:16:d1:3f:5b:f4:09:0d:
                    be:c9:64:3b:51:e2:43:86:ef:c6:25:84:e8:94:9b:
                    2c:16:43:d2:b8:b1:8e:f7:0f:b3:2c:3e:3e:c3:40:
                    23:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:61:35:97:A3:9E:48:D5:C6:49:5F:58:9D:79:05:3F:EE:0A:DC:E1
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/M2E1l6OeSNXGSV9YnXkFP-4K3OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:132::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:82:31:68:ab:39:19:41:89:8d:3b:52:b4:d5:ef:e7:73:f5:
         a6:18:77:ea:66:82:e1:c6:ed:2c:04:77:b1:bd:5a:f9:79:44:
         60:d5:5b:d7:e0:6e:67:72:ce:29:f0:22:6b:45:93:01:f1:ee:
         6b:42:2e:9f:fa:1f:da:4f:db:e0:5e:d5:58:3f:52:35:46:5b:
         09:b7:69:e0:34:1e:33:a0:bb:f3:e8:cb:c9:e9:e8:76:74:e5:
         76:71:e9:da:6f:2d:b1:7e:b7:e6:af:ce:63:a3:14:67:3f:b3:
         c1:ab:a8:3e:be:97:36:aa:1c:d7:32:68:30:44:18:c8:83:4c:
         c4:dc:5c:22:6c:cc:fa:b6:4f:e1:1e:e4:5c:c5:35:e2:ef:e0:
         6e:89:0a:6c:f2:d8:73:1d:09:f1:20:6f:2e:0d:72:32:a7:b6:
         12:67:74:fd:cb:9a:ec:b3:ee:b8:9a:28:67:74:bd:57:22:85:
         7b:5e:36:d8:f7:e8:fe:e5:fc:76:68:32:4d:2f:12:a8:32:1e:
         43:dc:e7:79:b1:37:ef:da:16:33:de:70:09:b5:da:67:51:17:
         1e:1e:15:40:e5:f4:87:d6:43:54:f8:1a:81:b7:3e:97:fb:8f:
         f2:1a:eb:18:e1:63:2b:49:67:d4:bf:9e:b1:44:f7:bd:c1:f1:
         fa:f9:e8:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8IPXa+Up/h0TSqH8P8aCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYxMzU5N2EzOWU0OGQ1YzY0OTVmNTg5ZDc5MDUzZmVlMGFkY2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUGZZAe65ojTDVaOmc2YcngkJ9qj
5ogultKgL9838QOqi3rT+X1L1YTAHb+XCCDCP6QVW8/R95ujnRU3KDZjkK+H1cKc
wDAO+V/KDVbLxRG6WQHtdQfeIeIxVqoa9qT2gC8fCNe/cPY1hd1muWFNwj/kswMJ
Y0vpaOzMmRE5tUNTFUB4ysBIJRGv5n+GqbjPw89G7h5RX6xgRwC6swBs5rEuB8ND
pa6i3+sL/It7Lo4ZlNJi8528a+RFO5jGzftoaukKkCp0WndQ0M+3tgjSmGtqsIj5
Gy21wxbRP1v0CQ2+yWQ7UeJDhu/GJYTolJssFkPSuLGO9w+zLD4+w0AjgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDNhNZejnkjVxklfWJ15BT/uCtzhMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvTTJFMWw2T2VTTlhHU1Y5WW5Ya0ZQLTRLM09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQEy
MA0GCSqGSIb3DQEBCwUAA4IBAQAygjFoqzkZQYmNO1K01e/nc/WmGHfqZoLhxu0s
BHexvVr5eURg1VvX4G5ncs4p8CJrRZMB8e5rQi6f+h/aT9vgXtVYP1I1RlsJt2ng
NB4zoLvz6MvJ6eh2dOV2cenaby2xfrfmr85joxRnP7PBq6g+vpc2qhzXMmgwRBjI
g0zE3FwibMz6tk/hHuRcxTXi7+BuiQps8thzHQnxIG8uDXIyp7YSZ3T9y5rss+64
mihndL1XIoV7XjbY9+j+5fx2aDJNLxKoMh5D3Od5sTfv2hYz3nAJtdpnURceHhVA
5fSH1kNU+BqBtz6X+4/yGusY4WMrSWfUv56xRPe9wfH6+ehM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:11 2024 by rpki-client on console-fra.rpki-client.org